CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...) NOT-FOR-US: Linaro/OP-TEE OP-TEE CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...) {DSA-4948-1 DLA-2720-1} - aspell 0.60.8-3 (bug #991307) NOTE: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462 CVE-2019-25050 (netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow i ...) - gdal 3.1.0+dfsg-1 [buster] - gdal (Minor issue) [stretch] - gdal (Vulnerable code not present) NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml NOTE: https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a (v3.1.0RC1) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156 CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_pr ...) - libressl (bug #754513) CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...) - libressl (bug #754513) CVE-2019-25047 (Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) ...) NOT-FOR-US: Greenbone Security Assistant CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11 ...) NOT-FOR-US: Cerberus FTP Server Enterprise CVE-2019-25045 (An issue was discovered in the Linux kernel before 5.0.19. The XFRM su ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 CVE-2019-25044 (The block subsystem in the Linux kernel before 5.2 has a use-after-fre ...) - linux (Vulnerable code only between 5.2-rc3 and 5.2-rc4) CVE-2019-25043 (ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as dem ...) - modsecurity 3.0.4-1 [buster] - modsecurity (Minor issue) NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2566 NOTE: https://github.com/SpiderLabs/ModSecurity/commit/9cac167fafd180902c2aa5dc6141aae874127199 CVE-2019-25042 (** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/6c3a0b54ed8ace93d5b5ca7b8078dc87e75cd640 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25041 (** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25040 (** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a comp ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25039 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a si ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25038 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a si ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25037 (** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and de ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/d2eb78e871153f22332d30c6647f3815148f21e5 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25036 (** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and de ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/f5e06689d193619c57c33270c83f5e40781a261d NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25035 (** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in s ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/fa23ee8f31ba9a018c720ea822faaee639dc7a9c NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25034 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldn ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/a3545867fcdec50307c776ce0af28d07046a52dd NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25033 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25032 (** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25031 (** DISPUTED ** Unbound before 1.9.5 allows configuration injection in ...) {DLA-2652-1} - unbound 1.9.6-1 (unimportant) [stretch] - unbound (No longer supported, see DSA 4694) NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587 NOTE: Not deemed an exploitable vulnerability by upstream CVE-2019-25030 (In Versa Director, Versa Analytics and VOS, Passwords are not hashed u ...) NOT-FOR-US: Versa CVE-2019-25029 (In Versa Director, the command injection is an attack in which the goa ...) NOT-FOR-US: Versa CVE-2019-25028 (Missing variable sanitization in Grid component in com.vaadin:vaadin-s ...) NOT-FOR-US: Vaadin CVE-2019-25027 (Missing output sanitization in default RouteNotFoundError view in com. ...) NOT-FOR-US: Vaadin CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...) {DLA-2658-1} - redmine 4.0.6-1 CVE-2019-25025 (The activerecord-session_store (aka Active Record Session Store) compo ...) - ruby-activerecord-session-store [stretch] - ruby-activerecord-session-store (No reverse dependencies) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1935724 NOTE: https://github.com/rails/activerecord-session_store/pull/151 CVE-2019-10102 (JetBrains Ktor framework (created using the Kotlin IDE template) versi ...) NOT-FOR-US: JetBrains Ktor CVE-2019-25024 (OpenRepeater (ORP) before 2.2 allows unauthenticated command injection ...) NOT-FOR-US: OpenRepeater (ORP) CVE-2019-25023 (An issue was discovered in Scytl sVote 2.1. Because the IP address fro ...) NOT-FOR-US: Scytl sVote CVE-2019-25022 (An issue was discovered in Scytl sVote 2.1. An attacker can inject cod ...) NOT-FOR-US: Scytl sVote CVE-2019-25021 (An issue was discovered in Scytl sVote 2.1. Due to the implementation ...) NOT-FOR-US: Scytl sVote CVE-2019-25020 (An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest AP ...) NOT-FOR-US: Scytl sVote CVE-2019-25019 (LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant m ...) - limesurvey (bug #472802) CVE-2019-25018 (In the rcp client in MIT krb5-appl through 1.0.3, malicious servers co ...) - krb5-appl NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1131109 CVE-2019-25017 (An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to ...) - krb5-appl NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1131109 CVE-2019-25016 (In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly in ...) - doas (Fixed with initial upload to Debian) NOTE: Introduced in: https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168 (v6.6) NOTE: Fixed by: https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d (v6.8.1) NOTE: https://github.com/Duncaen/OpenDoas/issues/45 CVE-2019-25015 (LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafte ...) NOT-FOR-US: LuCI in OpenWrt CVE-2019-25014 (A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go ge ...) NOT-FOR-US: Istio CVE-2019-25013 (The iconv feature in the GNU C Library (aka glibc or libc6) through 2. ...) - glibc 2.31-9 (bug #979273) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue; can be fixed in next update) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24973 NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b CVE-2019-25012 (The Webform Report project 7.x-1.x-dev for Drupal allows remote attack ...) NOT-FOR-US: Webform Report project for Drupal CVE-2019-25011 (NetBox through 2.6.2 allows an Authenticated User to conduct an XSS at ...) NOT-FOR-US: NetBox CVE-2019-25010 (An issue was discovered in the failure crate through 2019-11-13 for Ru ...) - rust-failure [bullseye] - rust-failure (Minor issue, unmaintained/deprecated upstream) [buster] - rust-failure (Minor issue, unmaintained/deprecated upstream) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0036.html CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for Rust. The ...) - rust-http (bug #988945) [buster] - rust-http (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0034.html NOTE: https://github.com/hyperium/http/commit/82d53dbdfdb1ffbeb0323200a0bbd30b5f895fa7 NOTE: https://github.com/hyperium/http/commit/8ffe094df1431321d450860cc56a22dd53175f5e CVE-2019-25008 REJECTED CVE-2019-25007 (An issue was discovered in the streebog crate before 0.8.0 for Rust. T ...) NOT-FOR-US: streebog rust crate CVE-2019-25006 (An issue was discovered in the streebog crate before 0.8.0 for Rust. T ...) NOT-FOR-US: streebog rust crate CVE-2019-25005 (An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ...) NOT-FOR-US: Rust chacha20 CVE-2019-25004 (An issue was discovered in the flatbuffers crate before 0.6.1 for Rust ...) NOT-FOR-US: flatbuffers rust crate CVE-2019-25003 (An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rus ...) NOT-FOR-US: libsecp256k1 rust crate CVE-2019-25002 (An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust ...) NOT-FOR-US: sodiumoxide rust crate CVE-2019-25001 (An issue was discovered in the serde_cbor crate before 0.10.2 for Rust ...) - rust-serde-cbor (Fixed before initial upload to Debian) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0025.html CVE-2019-20934 (An issue was discovered in the Linux kernel before 5.2.6. On NUMA syst ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.189-1 NOTE: https://git.kernel.org/linus/16d51a590a8ce3befb1308e0e7ab77f3b661af33 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1913 CVE-2019-20933 (InfluxDB before 1.7.6 has an authentication bypass vulnerability in th ...) {DSA-4823-1 DLA-2501-1} - influxdb 1.6.7~rc0-1 (bug #978087) NOTE: https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0 NOTE: https://github.com/influxdata/influxdb/issues/12927 CVE-2019-20932 RESERVED CVE-2019-20931 RESERVED CVE-2019-20930 RESERVED CVE-2019-20929 RESERVED CVE-2019-20928 RESERVED CVE-2019-20927 RESERVED CVE-2019-20926 RESERVED CVE-2019-20925 (An unauthenticated client can trigger denial of service by issuing spe ...) - mongodb [stretch] - mongodb (Vulnerable code introduced later) NOTE: https://jira.mongodb.org/browse/SERVER-43751 NOTE: https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8 (3.4.24, AGPL) NOTE: Introduced by: https://github.com/mongodb/mongo/commit/91800fc61913358350b658406065c5d893d2ba2c (v3.3.11) CVE-2019-20924 (A user authorized to perform database queries may trigger denial of se ...) - mongodb [stretch] - mongodb (Vulnerable code introduced later) NOTE: https://jira.mongodb.org/browse/SERVER-44377 NOTE: https://github.com/mongodb/mongo/commit/e4338fa6e876e61e47f68e7f573ead7bcfbd06fc (v4.2.2, SSPL) NOTE: Introduced by: https://github.com/mongodb/mongo/commit/34a1ce6a681e2637d3c29a49a9412efe63821178 (v4.1.9) CVE-2019-20923 (A user authorized to perform database queries may trigger denial of se ...) - mongodb [stretch] - mongodb (Vulnerable code introduced later) NOTE: https://jira.mongodb.org/browse/SERVER-39481 NOTE: https://github.com/mongodb/mongo/commit/c9dd94ca1a571f9d145eaa9029d8ce905a86f933 (v4.0.7, SSPL) NOTE: Introduced by: https://github.com/mongodb/mongo/commit/1c629fb3e0cfdf218a6cdb20882806e3b7dd9e9c (v3.7.1) CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...) - node-handlebars (Introduced in 4.4.4 and fixed in 4.4.5, no vulnerable version uploaded) - libjs-handlebars (Introduced in 4.4.4 and fixed in 4.4.5, no vulnerable version uploaded) NOTE: https://github.com/handlebars-lang/handlebars.js/issues/1579 NOTE: https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388 NOTE: https://www.npmjs.com/advisories/1300 CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It d ...) NOT-FOR-US: bootstrap-select CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ...) - node-handlebars 3:4.5.3-1 [buster] - node-handlebars 3:4.1.0-1+deb10u3 - libjs-handlebars [stretch] - libjs-handlebars (Only reverse depends was diaspora which not in stretch and too intrusive to backport) NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478 NOTE: https://www.npmjs.com/advisories/1316 NOTE: https://www.npmjs.com/advisories/1324 CVE-2019-20919 (An issue was discovered in the DBI module before 1.643 for Perl. The h ...) {DLA-2386-1} - libdbi-perl 1.643-1 [buster] - libdbi-perl 1.642-1+deb10u1 NOTE: https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence module ...) - inspircd (Only affected 3.0.0 and 3.0.1) NOTE: https://docs.inspircd.org/security/2019-01/ NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0) NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0) CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...) {DSA-4764-1 DLA-2375-1} - inspircd 3.3.0-1 NOTE: https://docs.inspircd.org/security/2019-02/ NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2) NOTE: https://github.com/inspircd/inspircd/commit/8745660fcdac7c1b80c94cfc0ff60928cd4dd4b7 (v3) CVE-2019-20916 (The pip package before 19.2 for Python allows Directory Traversal when ...) {DLA-2370-1} - python-pip 20.0.2-1 [buster] - python-pip (Minor issue) NOTE: https://github.com/pypa/pip/issues/6413 NOTE: https://github.com/pypa/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace (19.2) CVE-2019-20915 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20914 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...) - libredwg (bug #595191) CVE-2019-20913 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20912 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20911 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20910 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) - libredwg (bug #595191) CVE-2019-20909 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...) - libredwg (bug #595191) CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Linux ker ...) - linux 5.2.6-1 [buster] - linux 4.19.132-1 [stretch] - linux (securelevel included but not supported) NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1 NOTE: Fixed by: https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...) {DLA-2456-1 DLA-2337-1} - python3.9 3.9.0~b5-1 (low) - python3.8 3.8.5-1 (low) - python3.7 (low) [buster] - python3.7 3.7.3-2+deb10u2 - python3.5 (low) - python2.7 2.7.18-2 (low; bug #970099) [buster] - python2.7 (Minor issue) [stretch] - python2.7 (Minor issue, can be fixed in next DLA) NOTE: https://bugs.python.org/issue39017 NOTE: https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 (master) NOTE: https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d (3.9-branch) NOTE: https://github.com/python/cpython/commit/c55479556db015f48fc8bbca17f64d3e65598559 (3.8-branch) NOTE: https://github.com/python/cpython/commit/79c6b602efc9a906c8496f3d5f4d54c54b48fa06 (3.7-branch) NOTE: https://github.com/python/cpython/commit/47a2955589bdb1a114d271496ff803ad73f954b8 (3.6-branch) NOTE: https://github.com/python/cpython/pull/21454 CVE-2019-20906 RESERVED CVE-2019-20905 RESERVED CVE-2019-20904 RESERVED CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before version ...) NOT-FOR-US: Atlassian CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a disabled user f ...) NOT-FOR-US: Atlassian CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from version ...) NOT-FOR-US: Atlassian CVE-2019-20900 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20899 (The Gadget API in Atlassian Jira Server and Data Center in affected ve ...) NOT-FOR-US: Atlassian CVE-2019-20898 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20897 (The avatar upload feature in affected versions of Atlassian Jira Serve ...) NOT-FOR-US: Atlassian CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...) NOT-FOR-US: WebChess CVE-2019-20895 RESERVED CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions to proce ...) NOT-FOR-US: Traefik CVE-2019-20893 (An issue was discovered in Activision Infinity Ward Call of Duty Moder ...) NOT-FOR-US: Activision CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateRefer ...) - net-snmp 5.8+dfsg-3 (bug #963713) [buster] - net-snmp (Vulnerable code introduced later) [stretch] - net-snmp (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/4 NOTE: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027 NOTE: https://github.com/net-snmp/net-snmp/commit/92ccd5a82a019fbfa835cc8ab2294cf0ca48c8f2 NOTE: https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6 NOTE: https://github.com/net-snmp/net-snmp/commit/7384a8b550d4ed4a00e41b72229cfcc124926b06 NOTE: https://github.com/net-snmp/net-snmp/commit/39381c4d20dd8042870c28ae3b0c16291e50b705 NOTE: https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9 NOTE: https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3 NOTE: Extra patches to address memory leaks: NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3 NOTE: Introduced in https://github.com/net-snmp/net-snmp/compare/1a0dbe19bf2787bb5bea913f210a9a5eb4c0c80c...e207b8113260fd7d84df0ebdb66925ab70da29b2 (5.8-dev) CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...) NOT-FOR-US: WooCommerce CVE-2019-20890 (An issue was discovered in Mattermost Server before 5.7. It allows a b ...) - mattermost-server (bug #823556) CVE-2019-20889 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...) - mattermost-server (bug #823556) CVE-2019-20888 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...) - mattermost-server (bug #823556) CVE-2019-20887 (An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5. ...) - mattermost-server (bug #823556) CVE-2019-20886 (An issue was discovered in Mattermost Server before 5.8.0. The first u ...) - mattermost-server (bug #823556) CVE-2019-20885 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...) - mattermost-server (bug #823556) CVE-2019-20884 (An issue was discovered in Mattermost Server before 5.8.0. It allows a ...) - mattermost-server (bug #823556) CVE-2019-20883 (An issue was discovered in Mattermost Server before 5.8.0, when Town S ...) - mattermost-server (bug #823556) CVE-2019-20882 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...) - mattermost-server (bug #823556) CVE-2019-20881 (An issue was discovered in Mattermost Server before 5.8.0. It mishandl ...) - mattermost-server (bug #823556) CVE-2019-20880 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...) - mattermost-server (bug #823556) CVE-2019-20879 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...) - mattermost-server (bug #823556) CVE-2019-20878 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20877 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20876 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20875 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20874 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20873 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20872 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20871 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) - mattermost-server (bug #823556) CVE-2019-20870 (An issue was discovered in Mattermost Server before 5.10.0. An attacke ...) - mattermost-server (bug #823556) CVE-2019-20869 (An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8 ...) - mattermost-server (bug #823556) CVE-2019-20868 (An issue was discovered in Mattermost Server before 5.11.0. Invite IDs ...) - mattermost-server (bug #823556) CVE-2019-20867 (An issue was discovered in Mattermost Server before 5.11.0. An attacke ...) - mattermost-server (bug #823556) CVE-2019-20866 (An issue was discovered in Mattermost Server before 5.12.0. Use of a P ...) - mattermost-server (bug #823556) CVE-2019-20865 (An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5. ...) - mattermost-server (bug #823556) CVE-2019-20864 (An issue was discovered in Mattermost Plugins before 5.13.0. The GitHu ...) NOT-FOR-US: Mattermost CVE-2019-20863 (An issue was discovered in Mattermost Server before 5.13.0. Incoming w ...) - mattermost-server (bug #823556) CVE-2019-20862 (An issue was discovered in Mattermost Server before 5.13.0. Non-member ...) - mattermost-server (bug #823556) CVE-2019-20861 (An issue was discovered in Mattermost Desktop App before 4.2.2. It all ...) - mattermost-desktop (bug #831861) CVE-2019-20860 (An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5. ...) - mattermost-server (bug #823556) CVE-2019-20859 (An issue was discovered in Mattermost Server before 5.15.0. Login acce ...) - mattermost-server (bug #823556) CVE-2019-20858 (An issue was discovered in Mattermost Server before 5.15.0. It allows ...) - mattermost-server (bug #823556) CVE-2019-20857 (An issue was discovered in Mattermost Server before 5.16.0. It allows ...) - mattermost-server (bug #823556) CVE-2019-20856 (An issue was discovered in Mattermost Desktop App before 4.3.0 on macO ...) - mattermost-desktop (bug #831861) CVE-2019-20855 (An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5. ...) - mattermost-server (bug #823556) CVE-2019-20854 (An issue was discovered in Mattermost Server before 5.17.0. It allows ...) - mattermost-server (bug #823556) CVE-2019-20853 (An issue was discovered in Mattermost Packages before 5.16.3. A Drople ...) NOT-FOR-US: Mattermost CVE-2019-20852 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local ...) NOT-FOR-US: Mattermost CVE-2019-20851 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. An at ...) NOT-FOR-US: Mattermost CVE-2019-20850 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. A vie ...) NOT-FOR-US: Mattermost CVE-2019-20849 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cooki ...) NOT-FOR-US: Mattermost CVE-2019-20848 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Q ...) NOT-FOR-US: Mattermost CVE-2019-20847 (An issue was discovered in Mattermost Server before 5.18.0. An attacke ...) - mattermost-server (bug #823556) CVE-2019-20846 (An issue was discovered in Mattermost Server before 5.18.0. It has wea ...) - mattermost-server (bug #823556) CVE-2019-20845 (An issue was discovered in Mattermost Server before 5.18.0. It allows ...) - mattermost-server (bug #823556) CVE-2019-20844 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) - mattermost-server (bug #823556) CVE-2019-20843 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) - mattermost-server (bug #823556) CVE-2019-20842 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) - mattermost-server (bug #823556) CVE-2019-20841 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) - mattermost-server (bug #823556) CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws ...) - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Vulnerable code not present) [stretch] - libvncserver (Vulnerable code not present) [jessie] - libvncserver (Vulnerable code not present) NOTE: https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76 NOTE: Vulnerable code is introduced with the fix for CVE-2017-18922. CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1 CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...) - pcre3 (unimportant) NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 (8.43) NOTE: Only an issue when UTF support disabled CVE-2019-20837 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20836 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20835 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20834 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows s ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20833 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mish ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20832 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homo ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20831 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...) NOT-FOR-US: Foxit Reader CVE-2019-20830 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20829 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20828 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20827 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...) NOT-FOR-US: Foxit Reader CVE-2019-20826 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...) NOT-FOR-US: Foxit Reader CVE-2019-20825 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20824 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NU ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20823 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a bu ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20822 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...) NOT-FOR-US: Foxit Reader CVE-2019-20821 (An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a N ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20820 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20819 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20818 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20817 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) NOT-FOR-US: Foxit Reader CVE-2019-20816 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20815 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows s ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20814 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows m ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20813 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-20812 (An issue was discovered in the Linux kernel before 5.4.7. The prb_calc ...) - linux 5.4.8-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/b43d1f9f7067c6759b1051e8ecb84e82cef569fe CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_ ...) {DSA-4698-1 DLA-2242-1} - linux 4.19.37-1 [jessie] - linux 3.16.72-1 NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e CVE-2019-20810 (go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux ...) {DLA-2323-1} - linux 5.6.7-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983 CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...) NOT-FOR-US: Compound Finance Compound Price Oracle CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA imp ...) - qemu 1:4.2-1 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 (v4.2.0-rc0) CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode ...) - vim 2:8.1.2136-1 [buster] - vim (Minor issue) [stretch] - vim (Minor issue) [jessie] - vim (Minor issue) NOTE: https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...) {DSA-4698-1 DLA-2242-1} - linux 5.2.6-1 [buster] - linux 4.19.118-1 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/2e7682ebfc750177a4944eeb56e97a3f05734528 CVE-2019-20805 (p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ...) - upx-ucl 3.96-1 (unimportant) NOTE: https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010 NOTE: https://github.com/upx/upx/issues/317 CVE-2019-20804 (Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/th ...) NOT-FOR-US: Gila CMS CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcat ...) NOT-FOR-US: Gila CMS CVE-2019-20802 (An issue was discovered in the Readdle Documents app before 6.9.7 for ...) NOT-FOR-US: Readdle Documents CVE-2019-20801 (An issue was discovered in the Readdle Documents app before 6.9.7 for ...) NOT-FOR-US: Readdle Documents CVE-2019-20800 (In Cherokee through 1.2.104, remote attackers can trigger an out-of-bo ...) - cherokee CVE-2019-20799 (In Cherokee through 1.2.104, multiple memory corruption errors may be ...) - cherokee CVE-2019-20798 (An XSS issue was discovered in handler_server_info.c in Cherokee throu ...) - cherokee CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer ...) - prboom-plus 2:2.5.1.7um+git82-1 (bug #961031) [buster] - prboom-plus (Minor issue) [stretch] - prboom-plus (Minor issue) [jessie] - prboom-plus (games are not supported) NOTE: https://logicaltrust.net/blog/2019/10/prboom1.html NOTE: https://sourceforge.net/p/prboom-plus/bugs/252/ NOTE: https://sourceforge.net/p/prboom-plus/bugs/253/ CVE-2019-20796 RESERVED CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ...) - iproute2 5.2.0-1 [buster] - iproute2 (Minor issue) [stretch] - iproute2 (Vulnerable code introduced later) [jessie] - iproute2 (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 (v5.1.0) NOTE: Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0) CVE-2019-20794 (An issue was discovered in the Linux kernel 4.18 through 5.6.11 when u ...) - linux [bullseye] - linux (Minor issue, revisit when fixed upstream) [buster] - linux (Minor issue, revisit when fixed upstream) NOTE: https://sourceforge.net/p/fuse/mailman/message/36598753/ CVE-2019-20793 RESERVED CVE-2019-20792 (OpenSC before 0.20.0 has a double free in coolkey_free_private_data be ...) - opensc 0.20.0-1 (low) [buster] - opensc (Minor issue) [stretch] - opensc (Coolkey driver added in 0.17.0) [jessie] - opensc (Minor issue but can be worth fixing later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208 NOTE: https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4 CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...) NOT-FOR-US: OpenThread CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...) - opendmarc 1.4.0~beta1+dfsg-4 (bug #977766) [buster] - opendmarc (Minor issue) [stretch] - opendmarc (Minor issue) NOTE: https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816 NOTE: https://sourceforge.net/p/opendmarc/tickets/235/ NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf NOTE: Issue is disputed upstream and considered "work as designed" (wontfix) NOTE: https://github.com/trusteddomainproject/OpenDMARC/blob/develop/SECURITY/CVE-2019-20790 NOTE: Upstream reconsidering position: NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/158 CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...) NOT-FOR-US: Croogo CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...) {DLA-2146-1} - libvncserver 0.9.12+dfsg-9 (bug #954163) [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4 NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...) NOTE: Duplicate of CVE-2019-10877 CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...) NOT-FOR-US: Pion DTLS CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 8.0 and 8 ...) NOT-FOR-US: LG mobile devices CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20781 (An issue was discovered in LG Bridge before April 2019 on Windows. DLL ...) NOT-FOR-US: LG Bridge CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20778 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20777 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20776 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20775 (An issue was discovered on LG mobile devices with Android OS 9.0 (Qual ...) NOT-FOR-US: LG mobile devices CVE-2019-20774 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20773 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20772 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20771 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2019-20770 (An issue was discovered on LG mobile devices with Android OS 9.0 softw ...) NOT-FOR-US: LG mobile devices CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG P ...) NOT-FOR-US: LG PC Suite CVE-2019-20768 (ServiceNow IT Service Management Kingston through Patch 14-1, London t ...) NOT-FOR-US: ServiceNow IT Service Management Kingston CVE-2019-20767 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20766 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2019-20765 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2019-20764 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2019-20763 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) NOT-FOR-US: Netgear CVE-2019-20762 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20761 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2019-20760 (NETGEAR R9000 devices before 1.0.4.26 are affected by authentication b ...) NOT-FOR-US: Netgear CVE-2019-20759 (NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS. ...) NOT-FOR-US: Netgear CVE-2019-20758 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...) NOT-FOR-US: Netgear CVE-2019-20757 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...) NOT-FOR-US: Netgear CVE-2019-20756 (Certain NETGEAR devices are affected by reflected XSS. This affects EX ...) NOT-FOR-US: Netgear CVE-2019-20755 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20754 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20753 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20752 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2019-20751 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20750 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2019-20749 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2019-20748 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20747 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20746 (Certain NETGEAR devices are affected by reflected XSS. This affects D3 ...) NOT-FOR-US: Netgear CVE-2019-20745 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20744 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...) NOT-FOR-US: Netgear CVE-2019-20743 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. ...) NOT-FOR-US: Netgear CVE-2019-20742 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. ...) NOT-FOR-US: Netgear CVE-2019-20741 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...) NOT-FOR-US: Netgear CVE-2019-20740 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20739 (NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overf ...) NOT-FOR-US: Netgear CVE-2019-20738 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...) NOT-FOR-US: Netgear CVE-2019-20737 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20736 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20735 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20734 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2019-20733 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20732 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20731 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20730 (Certain NETGEAR devices are affected by SQL injection. This affects D3 ...) NOT-FOR-US: Netgear CVE-2019-20729 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2019-20728 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20727 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20726 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20725 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20724 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20723 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20722 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20721 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2019-20720 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2019-20719 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20718 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20717 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2019-20716 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20715 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2019-20714 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) NOT-FOR-US: Netgear CVE-2019-20713 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20712 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20711 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20710 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20709 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20708 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20707 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20706 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20705 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20704 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20703 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20702 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20701 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20700 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20699 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2019-20698 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20697 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20696 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20695 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20694 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20693 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2019-20692 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20691 (Certain NETGEAR devices are affected by CSRF. This affects D3600 befor ...) NOT-FOR-US: Netgear CVE-2019-20690 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2019-20689 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20688 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20687 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2019-20686 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2019-20685 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20684 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20683 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20682 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20681 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2019-20680 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20679 (NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of acce ...) NOT-FOR-US: Netgear CVE-2019-20678 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20677 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20676 (Certain NETGEAR devices are affected by lack of access control at the ...) NOT-FOR-US: Netgear CVE-2019-20675 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20674 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20673 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20672 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20671 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20670 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20669 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20668 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20667 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20666 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20665 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20664 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20663 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20662 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20661 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20660 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) NOT-FOR-US: Netgear CVE-2019-20659 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20658 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2019-20657 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2019-20656 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) NOT-FOR-US: Netgear CVE-2019-20655 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20654 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2019-20653 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2019-20652 (NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of s ...) NOT-FOR-US: Netgear CVE-2019-20651 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2019-20650 (Certain NETGEAR devices are affected by denial of service. This affect ...) NOT-FOR-US: Netgear CVE-2019-20649 (NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure o ...) NOT-FOR-US: Netgear CVE-2019-20648 (NETGEAR RN42400 devices before 6.10.2 are affected by incorrect config ...) NOT-FOR-US: Netgear CVE-2019-20647 (NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of servic ...) NOT-FOR-US: Netgear CVE-2019-20646 (NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of ad ...) NOT-FOR-US: Netgear CVE-2019-20645 (NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. ...) NOT-FOR-US: Netgear CVE-2019-20644 (NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. ...) NOT-FOR-US: Netgear CVE-2019-20643 (NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of se ...) NOT-FOR-US: Netgear CVE-2019-20642 (NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication b ...) NOT-FOR-US: Netgear CVE-2019-20641 (NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access c ...) NOT-FOR-US: Netgear CVE-2019-20640 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2019-20639 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) NOT-FOR-US: Netgear CVE-2019-20638 (NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure o ...) NOT-FOR-US: Netgear CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6 ...) - varnish 6.4.0-1 (bug #956305) [buster] - varnish (Minor issue) [stretch] - varnish (Minor issue) [jessie] - varnish (Vulnerability introduced later, PoC not leaking) NOTE: http://varnish-cache.org/security/VSV00004.html#vsv00004 NOTE: https://github.com/varnishcache/varnish-cache/commit/bd7b3d6d47ccbb5e1747126f8e2a297f38e56b8c (6.x fix) NOTE: https://github.com/varnishcache/varnish-cache/commit/0c9c38513bdb7730ac886eba7563f2d87894d734 (test case / reproducer) NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0) NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0) CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...) {DLA-2241-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/cb222aed03d798fc074be55e59d9a112338ee784 CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the ability to ...) NOT-FOR-US: codeBeamer CVE-2019-20634 (An issue was discovered in Proofpoint Email Protection through 2019-09 ...) NOT-FOR-US: Proofpoint Email Protection CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vul ...) - patch (Incomplete fix for CVE-2018-6952 not applied) NOTE: https://savannah.gnu.org/bugs/index.php?56683 CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/issues/1271 CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/issues/1270 CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/issues/1268 CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 NOTE: https://github.com/gpac/gpac/issues/1264 CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 NOTE: https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8 NOTE: https://github.com/gpac/gpac/issues/1269 CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...) NOT-FOR-US: AutoUpdater.NET CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...) NOT-FOR-US: Honda HR-V 2017 vehicles CVE-2019-20625 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20624 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20623 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20622 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20621 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20620 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20619 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20618 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20617 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20616 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20615 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20614 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20613 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20612 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20611 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20610 (An issue was discovered on Samsung mobile devices with N(7.X) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20609 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20608 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20607 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20606 (An issue was discovered on Samsung mobile devices with any (before May ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20605 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20604 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20603 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20602 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20601 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20600 (An issue was discovered on Samsung mobile devices with O(8.0) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20599 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20598 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20597 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20596 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20595 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20594 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20593 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20592 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20591 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20590 (An issue was discovered on Samsung mobile devices with O(8.x) (Qualcom ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20589 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20588 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20587 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20586 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20585 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20584 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20583 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20582 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20581 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20580 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20579 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20578 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20577 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20576 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20575 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20574 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20573 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20572 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20571 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20570 (An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20569 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20568 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20567 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20566 (An issue was discovered on Samsung mobile devices with any (before Sep ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20565 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20564 (An issue was discovered on Samsung mobile devices with any (before Oct ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20563 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20562 (An issue was discovered on Samsung mobile devices with P(9.0) (with TE ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20561 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20560 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20559 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20558 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20557 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20556 (An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20555 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20554 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20553 (An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20552 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20551 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20550 (An issue was discovered on Samsung mobile devices with O(8.x) (release ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20549 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20548 (An issue was discovered on Samsung mobile devices with P(9.0) devices ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20547 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20546 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20545 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20544 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20543 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20542 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20541 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20540 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20539 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20538 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20537 (An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20536 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20535 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20534 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20533 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20532 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20531 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20530 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12 ...) NOT-FOR-US: Frappe Framework CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20527 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20526 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20525 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20524 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner param ...) NOT-FOR-US: ilchCMS CVE-2019-20523 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name paramet ...) NOT-FOR-US: ilchCMS CVE-2019-20522 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link paramet ...) NOT-FOR-US: ilchCMS CVE-2019-20521 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI ...) NOT-FOR-US: ERPNext CVE-2019-20520 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/meth ...) NOT-FOR-US: ERPNext CVE-2019-20519 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ UR ...) NOT-FOR-US: ERPNext CVE-2019-20518 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ ...) NOT-FOR-US: ERPNext CVE-2019-20517 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ ...) NOT-FOR-US: ERPNext CVE-2019-20516 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ UR ...) NOT-FOR-US: ERPNext CVE-2019-20515 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresse ...) NOT-FOR-US: ERPNext CVE-2019-20514 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ ...) NOT-FOR-US: ERPNext CVE-2019-20513 (Open edX Ironwood.1 allows support/certificates?user= reflected XSS. ...) NOT-FOR-US: Open edX Ironwood.1 CVE-2019-20512 (Open edX Ironwood.1 allows support/certificates?course_id= reflected X ...) NOT-FOR-US: Open edX Ironwood.1 CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection. ...) NOT-FOR-US: ERPNext CVE-2019-20510 REJECTED CVE-2019-20509 REJECTED CVE-2019-20508 RESERVED CVE-2019-20507 RESERVED CVE-2019-20506 RESERVED CVE-2019-20505 RESERVED CVE-2019-20504 (service/krashrpt.php in Quest KACE K1000 Systems Management Appliance ...) NOT-FOR-US: Quest KACE CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...) {DSA-4645-1 DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - libusrsctp 0.9.3.0+20200312-1 (bug #953270) [buster] - libusrsctp (Minor issue) - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 NOTE: https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 CVE-2019-20502 (An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer ...) NOT-FOR-US: EFS Easy Chat Server CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...) NOT-FOR-US: D-Link CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...) NOT-FOR-US: D-Link CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...) NOT-FOR-US: D-Link CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the ...) NOT-FOR-US: cPanel CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...) NOT-FOR-US: cPanel CVE-2019-20496 (cPanel before 82.0.18 allows attackers to conduct arbitrary chown oper ...) NOT-FOR-US: cPanel CVE-2019-20495 (cPanel before 82.0.18 allows attackers to read an arbitrary database v ...) NOT-FOR-US: cPanel CVE-2019-20494 (In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable ...) NOT-FOR-US: cPanel CVE-2019-20493 (cPanel before 82.0.18 allows self-XSS because JSON string escaping is ...) NOT-FOR-US: cPanel CVE-2019-20492 (cPanel before 82.0.18 allows authentication bypass because of misparsi ...) NOT-FOR-US: cPanel CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...) NOT-FOR-US: cPanel CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because webmail use ...) NOT-FOR-US: cPanel CVE-2019-20489 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web ...) NOT-FOR-US: Netgear CVE-2019-20488 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...) NOT-FOR-US: Netgear CVE-2019-20487 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...) NOT-FOR-US: Netgear CVE-2019-20486 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...) NOT-FOR-US: Netgear CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...) - libvirt 6.0.0-2 (low; bug #953078) [buster] - libvirt (Minor issue) [stretch] - libvirt (Minor issue) [jessie] - libvirt (Vulnerable code not present) NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1) CVE-2019-20484 (An issue was discovered in Viki Vera 4.9.1.26180. A user without acces ...) NOT-FOR-US: Viki Vera CVE-2019-20483 (An issue was discovered in Viki Vera 4.9.1.26180. An attacker could se ...) NOT-FOR-US: Viki Vera CVE-2019-20482 RESERVED CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Fun ...) NOT-FOR-US: MIELE XGW 3000 ZigBee Gateway CVE-2019-20480 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website vis ...) NOT-FOR-US: MIELE XGW 3000 ZigBee Gateway CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...) {DLA-2298-1 DLA-2130-1} - libapache2-mod-auth-openidc 2.4.1-1 [buster] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7 NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453 CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote code exec ...) - ruamel.yaml (unimportant) NOTE: This is a well-known design deficiency in pyyaml (of which ruamel.yaml is derived), NOTE: various CVE IDs have been assigned to applications misusing the API over the years. NOTE: pyyaml 5.1 changed the default hebaviour CVE-2019-20477 (PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and ...) - pyyaml 5.2-1 (unimportant) [buster] - pyyaml (Vulnerability introduced in 5.1) [stretch] - pyyaml (Vulnerability introduced in 5.1) [jessie] - pyyaml (Vulnerability introduced in 5.1) NOTE: CVE exists due to an incomplete fix for CVE-2017-18342. CVE-2019-20476 RESERVED CVE-2019-20475 RESERVED CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.4 ...) NOT-FOR-US: Zoho ManageEngine Remote Access Plus CVE-2019-20473 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...) NOT-FOR-US: TK-Star Q90 Junior GPS horloge CVE-2019-20472 RESERVED CVE-2019-20471 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...) NOT-FOR-US: TK-Star Q90 Junior GPS horloge CVE-2019-20470 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...) NOT-FOR-US: TK-Star Q90 Junior GPS horloge CVE-2019-20469 RESERVED CVE-2019-20468 (An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horlo ...) NOT-FOR-US: TK-Star Q90 Junior GPS horloge CVE-2019-20467 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce CVE-2019-20466 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices CVE-2019-20465 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices CVE-2019-20464 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices CVE-2019-20463 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices CVE-2019-20462 RESERVED CVE-2019-20461 RESERVED CVE-2019-20460 RESERVED CVE-2019-20459 RESERVED CVE-2019-20458 RESERVED CVE-2019-20457 RESERVED CVE-2019-20456 (Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, ...) NOT-FOR-US: Goverlan CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK before ...) NOT-FOR-US: Heartland & Global Payments PHP SDK CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...) - pcre2 10.34-1 [buster] - pcre2 (Minor issue) [stretch] - pcre2 (Minor issue) NOTE: https://bugs.exim.org/show_bug.cgi?id=2421 NOTE: https://bugs.php.net/bug.php?id=78338 NOTE: Fixed by: https://vcs.pcre.org/pcre2?view=revision&revision=1092 NOTE: Tests: https://vcs.pcre.org/pcre2?view=revision&revision=1091 CVE-2019-20453 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...) - ajaxplorer (bug #668381) CVE-2019-20452 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...) - ajaxplorer (bug #668381) CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...) NOT-FOR-US: Prismview CVE-2019-20450 RESERVED CVE-2019-20449 RESERVED CVE-2019-20448 RESERVED CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...) NOT-FOR-US: Jobberbase CMS CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...) {DLA-2285-1} - librsvg 2.46.4-1 [buster] - librsvg (Will be fixed via spu) [jessie] - librsvg (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515 NOTE: https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135 CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...) {DSA-4885-1 DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1} - netty 1:4.1.45-1 (bug #950967) - netty-3.9 NOTE: https://github.com/netty/netty/issues/9861 NOTE: https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 (4.1) NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1) NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests) CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...) {DSA-4885-1 DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1} - netty 1:4.1.45-1 (bug #950966) - netty-3.9 NOTE: https://github.com/netty/netty/issues/9866 NOTE: https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e (4.1) CVE-2019-20443 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) NOT-FOR-US: WSO2 CVE-2019-20442 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) NOT-FOR-US: WSO2 CVE-2019-20441 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored ...) NOT-FOR-US: WSO2 CVE-2019-20440 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) NOT-FOR-US: WSO2 CVE-2019-20439 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) NOT-FOR-US: WSO2 CVE-2019-20438 (An issue was discovered in WSO2 API Manager 2.6.0. A potential stored ...) NOT-FOR-US: WSO2 CVE-2019-20437 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) NOT-FOR-US: WSO2 CVE-2019-20436 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) NOT-FOR-US: WSO2 CVE-2019-20435 (An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS att ...) NOT-FOR-US: WSO2 CVE-2019-20434 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) NOT-FOR-US: WSO2 CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...) - aspell 0.60.7-3 (bug #935128) [buster] - aspell (Minor issue) [stretch] - aspell (Minor issue) [jessie] - aspell (Minor issue) NOTE: http://aspell.net/buffer-overread-ucs.txt NOTE: Fixed by: https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b NOTE: Recommended additionally: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an out-of- ...) - lustre CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has an osd_ ...) - lustre CVE-2019-20430 (In the Lustre file system before 2.12.3, the mdt module has an LBUG pa ...) - lustre CVE-2019-20429 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) - lustre CVE-2019-20428 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) - lustre CVE-2019-20427 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...) - lustre CVE-2019-20426 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) - lustre CVE-2019-20425 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) - lustre CVE-2019-20424 (In the Lustre file system before 2.12.3, mdt_object_remote in the mdt ...) - lustre CVE-2019-20423 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...) - lustre CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7b09c2d052db4b4ad0b27b97918b46a7746966fa CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input ...) {DSA-4958-1 DLA-2750-1} - exiv2 0.27.2-8 (low; bug #950183) [jessie] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8 NOTE: https://github.com/Exiv2/exiv2/issues/1011 CVE-2019-20420 RESERVED CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20417 (NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users s ...) NOT-FOR-US: Atlassian CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...) NOT-FOR-US: Atlassian CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20412 (The Convert Sub-Task to Issue page in affected versions of Atlassian J ...) NOT-FOR-US: Atlassian CVE-2019-20411 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...) NOT-FOR-US: Atlassian CVE-2019-20408 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...) NOT-FOR-US: Atlassian CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...) NOT-FOR-US: Atlassian Jira CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...) NOT-FOR-US: Atlassian CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...) NOT-FOR-US: Atlassian CVE-2019-20404 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...) NOT-FOR-US: Atlassian CVE-2019-20403 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...) NOT-FOR-US: Atlassian CVE-2019-20402 (Support zip files in Atlassian Jira Server and Data Center before vers ...) NOT-FOR-US: Atlassian CVE-2019-20401 (Various installation setup resources in Jira before version 8.5.2 allo ...) NOT-FOR-US: Atlassian CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local attacker ...) NOT-FOR-US: Atlassian CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...) NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1) CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...) [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 [buster] - libyang (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793935 NOTE: https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08 NOTE: https://github.com/CESNET/libyang/issues/773 CVE-2019-20397 (A double-free is present in libyang before v1.0-r1 in the function yyp ...) [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 [buster] - libyang (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793928 NOTE: https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4 NOTE: https://github.com/CESNET/libyang/issues/739 CVE-2019-20396 (A segmentation fault is present in yyparse in libyang before v1.0-r1 d ...) [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 [buster] - libyang (Minor issue) NOTE: https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8 NOTE: https://github.com/CESNET/libyang/issues/740 CVE-2019-20395 (A stack consumption issue is present in libyang before v1.0-r1 due to ...) [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 [buster] - libyang (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793924 NOTE: https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237 NOTE: https://github.com/CESNET/libyang/issues/724 CVE-2019-20394 (A double-free is present in libyang before v1.0-r3 in the function yyp ...) [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 [buster] - libyang (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793932 NOTE: https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6 NOTE: https://github.com/CESNET/libyang/issues/769 CVE-2019-20393 (A double-free is present in libyang before v1.0-r1 in the function yyp ...) [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 [buster] - libyang (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793930 NOTE: https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed NOTE: https://github.com/CESNET/libyang/issues/742 CVE-2019-20392 (An invalid memory access flaw is present in libyang before v1.0-r1 in ...) [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 [buster] - libyang (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793922 NOTE: https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5 NOTE: https://github.com/CESNET/libyang/issues/723 CVE-2019-20391 (An invalid memory access flaw is present in libyang before v1.0-r3 in ...) [experimental] - libyang 1.0.167-1 - libyang 1.0.176-1 [buster] - libyang (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793934 NOTE: https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8 NOTE: https://github.com/CESNET/libyang/issues/772 CVE-2019-20390 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Su ...) NOT-FOR-US: Subrion CMS CVE-2019-20389 (An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configurat ...) NOT-FOR-US: Subrion CMS CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaV ...) {DLA-2369-1} - libxml2 2.9.10+dfsg-2.1 (bug #949583) [buster] - libxml2 2.9.4+dfsg1-7+deb10u1 [jessie] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...) {DLA-2088-1} - libsolv 0.6.36-2 (bug #949611) [buster] - libsolv 0.6.35-2+deb10u1 [stretch] - libsolv 0.6.24-1+deb9u2 NOTE: https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6) CVE-2019-20386 (An issue was discovered in button_open in login/logind-button.c in sys ...) - systemd 243-5 (unimportant) NOTE: https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad NOTE: Negligible security impact, requires root or physical access to plug in a device, NOTE: at which point you can just as well DoS the computer with a hammer instead CVE-2019-20385 (The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo A ...) NOT-FOR-US: Logaritmo Aware CallManager 2012 devices CVE-2019-20384 (Gentoo Portage through 2.3.84 allows local users to place a Trojan hor ...) NOT-FOR-US: Portage CVE-2019-20383 (ABBYY network license server in ABBYY FineReader 15 before Release 4 ( ...) NOT-FOR-US: ABBYY CVE-2019-20382 (QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle. ...) {DSA-4665-1 DLA-2288-1} - qemu 1:4.2-1 [jessie] - qemu (Minor, can be fixed along in future DLA) - qemu-kvm NOTE: https://www.openwall.com/lists/oss-security/2020/03/05/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 CVE-2019-20381 (TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the ...) NOT-FOR-US: TestLink CVE-2019-20380 RESERVED CVE-2019-20379 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...) - ganglia-web (unimportant; bug #948664) NOTE: https://github.com/ganglia/ganglia-web/issues/351 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776 CVE-2019-20378 (ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via th ...) - ganglia-web (unimportant; bug #948664) NOTE: https://github.com/ganglia/ganglia-web/issues/351 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776 CVE-2019-20377 (TopList before 2019-09-03 allows XSS via a title. ...) NOT-FOR-US: TopList CVE-2019-20376 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...) NOT-FOR-US: Electronic Logbook (ELOG) CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...) NOT-FOR-US: Electronic Logbook (ELOG) CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31 ...) NOT-FOR-US: Typora CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, allows HT ...) - nginx 1.16.1-3 (low; bug #948579) [buster] - nginx 1.14.2-2+deb10u2 [stretch] - nginx 1.10.3-1+deb9u4 [jessie] - nginx (Minor issue) NOTE: https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf NOTE: https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because the LDM ...) {DSA-4601-1 DLA-2064-1} - ldm (bug #948538) NOTE: https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/1839431 CVE-2019-20371 RESERVED CVE-2019-20370 RESERVED CVE-2019-20369 RESERVED CVE-2019-20368 RESERVED CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...) {DLA-2566-1} - libbsd 0.10.0-1 [buster] - libbsd 0.9.1-2+deb10u1 [jessie] - libbsd (Minor issue) NOTE: https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html NOTE: https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b (0.10.0) CVE-2019-20366 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTr ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20365 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via sear ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20364 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cach ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20363 (An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alia ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-20362 (In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3 ...) NOT-FOR-US: Teradici CVE-2019-20361 (There was a flaw in the WordPress plugin, Email Subscribers & News ...) NOT-FOR-US: Wordpress plugin CVE-2019-20360 (A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticat ...) NOT-FOR-US: Wordpress plugin CVE-2019-20359 RESERVED CVE-2019-20358 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below ...) NOT-FOR-US: Trend Micro CVE-2019-20357 (A Persistent Arbitrary Code Execution vulnerability exists in the Tren ...) NOT-FOR-US: Trend Micro CVE-2019-20356 RESERVED CVE-2019-20355 RESERVED CVE-2019-20354 (The web application component of piSignage before 2.6.4 allows a remot ...) NOT-FOR-US: piSignage CVE-2019-20353 RESERVED CVE-2019-20352 (In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...) - nasm 2.15.04-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392636 NOTE: Crash in CLI tool, no security impact NOTE: https://github.com/netwide-assembler/nasm/commit/7c88289e222dc5ef9f53f9e86ecaab1924744b88 (nasm-2.15.04rc6) CVE-2019-20351 RESERVED CVE-2019-20350 RESERVED CVE-2019-20349 RESERVED CVE-2019-20348 (OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UAR ...) NOT-FOR-US: OKER G232V1 devices CVE-2019-20347 RESERVED CVE-2019-20346 RESERVED CVE-2019-20345 RESERVED CVE-2019-20344 RESERVED CVE-2019-20343 (The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution v ...) NOT-FOR-US: Maven plugin CVE-2019-20342 RESERVED CVE-2019-20341 RESERVED CVE-2019-20340 RESERVED CVE-2019-20339 RESERVED CVE-2019-20338 RESERVED CVE-2019-20337 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.p ...) NOT-FOR-US: PHP Scripts Mall advanced-real-estate-script CVE-2019-20336 (In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-resu ...) NOT-FOR-US: PHP Scripts Mall advanced-real-estate-script CVE-2019-20335 RESERVED CVE-2019-20334 (In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4 NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392638 NOTE: Crash in CLI tool, no security impact CVE-2019-20333 RESERVED CVE-2019-20332 RESERVED CVE-2019-20331 RESERVED CVE-2019-20330 (FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.eh ...) {DLA-2111-1} - jackson-databind 2.10.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2526 NOTE: https://github.com/FasterXML/jackson-databind/commit/fc4214a883dc087070f25da738ef0d49c2f3387e CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL serv ...) NOT-FOR-US: OpenLambda CVE-2019-20328 RESERVED CVE-2019-20327 (Insecure permissions in cwrapper_perl in Centreon Infrastructure Monit ...) NOT-FOR-US: Centreon Infrastructure Monitoring CVE-2019-20325 REJECTED CVE-2019-20324 REJECTED CVE-2019-20323 REJECTED CVE-2019-20322 REJECTED CVE-2019-20321 REJECTED CVE-2019-20320 REJECTED CVE-2019-20319 REJECTED CVE-2019-20318 REJECTED CVE-2019-20317 REJECTED CVE-2019-20316 REJECTED CVE-2019-20315 REJECTED CVE-2019-20314 REJECTED CVE-2019-20313 REJECTED CVE-2019-20312 REJECTED CVE-2019-20311 REJECTED CVE-2019-20310 REJECTED CVE-2019-20309 REJECTED CVE-2019-20308 REJECTED CVE-2019-20307 REJECTED CVE-2019-20306 REJECTED CVE-2019-20305 REJECTED CVE-2019-20304 REJECTED CVE-2019-20303 REJECTED CVE-2019-20302 REJECTED CVE-2019-20301 REJECTED CVE-2019-20300 REJECTED CVE-2019-20299 REJECTED CVE-2019-20298 REJECTED CVE-2019-20297 REJECTED CVE-2019-20296 REJECTED CVE-2019-20295 REJECTED CVE-2019-20294 REJECTED CVE-2019-20293 REJECTED CVE-2019-20292 REJECTED CVE-2019-20291 REJECTED CVE-2019-20290 REJECTED CVE-2019-20289 REJECTED CVE-2019-20288 REJECTED CVE-2019-20287 REJECTED CVE-2019-20286 REJECTED CVE-2019-20285 REJECTED CVE-2019-20284 REJECTED CVE-2019-20283 REJECTED CVE-2019-20282 REJECTED CVE-2019-20281 REJECTED CVE-2019-20280 REJECTED CVE-2019-20279 REJECTED CVE-2019-20278 REJECTED CVE-2019-20277 REJECTED CVE-2019-20276 REJECTED CVE-2019-20275 REJECTED CVE-2019-20274 REJECTED CVE-2019-20273 REJECTED CVE-2019-20272 REJECTED CVE-2019-20271 REJECTED CVE-2019-20270 REJECTED CVE-2019-20269 REJECTED CVE-2019-20268 REJECTED CVE-2019-20267 REJECTED CVE-2019-20266 REJECTED CVE-2019-20265 REJECTED CVE-2019-20264 REJECTED CVE-2019-20263 REJECTED CVE-2019-20262 REJECTED CVE-2019-20261 REJECTED CVE-2019-20260 REJECTED CVE-2019-20259 REJECTED CVE-2019-20258 REJECTED CVE-2019-20257 REJECTED CVE-2019-20256 REJECTED CVE-2019-20255 REJECTED CVE-2019-20254 REJECTED CVE-2019-20253 REJECTED CVE-2019-20252 REJECTED CVE-2019-20251 REJECTED CVE-2019-20250 REJECTED CVE-2019-20249 REJECTED CVE-2019-20248 REJECTED CVE-2019-20247 REJECTED CVE-2019-20246 REJECTED CVE-2019-20245 REJECTED CVE-2019-20244 REJECTED CVE-2019-20243 REJECTED CVE-2019-20242 REJECTED CVE-2019-20241 REJECTED CVE-2019-20240 REJECTED CVE-2019-20239 REJECTED CVE-2019-20238 REJECTED CVE-2019-20237 REJECTED CVE-2019-20236 REJECTED CVE-2019-20235 REJECTED CVE-2019-20234 REJECTED CVE-2019-20233 REJECTED CVE-2019-20232 REJECTED CVE-2019-20231 REJECTED CVE-2019-20230 REJECTED CVE-2019-20229 REJECTED CVE-2019-20228 REJECTED CVE-2019-20227 REJECTED CVE-2019-20226 REJECTED CVE-2019-20326 (A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg( ...) {DLA-2749-1 DLA-2066-1} - gthumb 3:3.8.3-0.1 (bug #948197) [buster] - gthumb 3:3.6.2-4+deb10u1 NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/14860321ce3235d420498c4f81f21003d1fb78f4 (3.8.3) NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/4faa5ce2358812d23a1147953ee76f59631590ad (master) CVE-2019-20225 (MyBB before 1.8.22 allows an open redirect on login. ...) NOT-FOR-US: MyBB CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows ...) NOT-FOR-US: Pandora FMS CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is affected ...) NOT-FOR-US: Support Incident Tracker CVE-2019-20222 (In Support Incident Tracker (SiT!) 3.67, the Short Application Name an ...) NOT-FOR-US: Support Incident Tracker CVE-2019-20221 (In Support Incident Tracker (SiT!) 3.67, Load Plugins input in the con ...) NOT-FOR-US: Support Incident Tracker CVE-2019-20220 (In Support Incident Tracker (SiT!) 3.67, the search_id parameter in th ...) NOT-FOR-US: Support Incident Tracker CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor i ...) NOT-FOR-US: ngiflib CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...) {DLA-2340-2} - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 3.27.2-3+deb10u1 [jessie] - sqlite3 (Minor issue) NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387 CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) NOT-FOR-US: D-Link CVE-2019-20216 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) NOT-FOR-US: D-Link CVE-2019-20215 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) NOT-FOR-US: D-Link CVE-2019-20214 RESERVED CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...) NOT-FOR-US: D-Link CVE-2019-20212 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...) NOT-FOR-US: themes for WordPress CVE-2019-20211 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...) NOT-FOR-US: themes for WordPress CVE-2019-20210 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...) NOT-FOR-US: themes for WordPress CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...) NOT-FOR-US: themes for WordPress CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based ...) {DLA-2072-1} - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1348 NOTE: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #1) CVE-2019-20207 RESERVED CVE-2019-20206 RESERVED CVE-2019-20205 (libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame. ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/127 NOTE: https://github.com/saitoha/libsixel/commit/bb65fce3bbecdd325ecb86d78132c3554907af87 CVE-2019-20204 (The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by ...) NOT-FOR-US: Postie plugin for WordPress CVE-2019-20203 (The Authorized Addresses feature in the Postie plugin 1.9.40 for WordP ...) NOT-FOR-US: Authorized Addresses feature in the Postie plugin for WordPress CVE-2019-20202 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/17/ CVE-2019-20201 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_ ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/16/ CVE-2019-20200 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/19/ CVE-2019-20199 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/18/ CVE-2019-20198 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/20/ CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...) NOT-FOR-US: Nagios XI CVE-2019-20196 RESERVED CVE-2019-20195 RESERVED CVE-2019-20194 RESERVED CVE-2019-20193 RESERVED CVE-2019-20192 RESERVED CVE-2019-20191 (Oxygen XML Editor 21.1.1 allows XXE to read any file. ...) NOT-FOR-US: Oxygen XML Editor CVE-2019-20190 RESERVED CVE-2019-20189 RESERVED CVE-2019-20188 RESERVED CVE-2019-20187 RESERVED CVE-2019-20186 RESERVED CVE-2019-20185 RESERVED CVE-2019-20184 (KeePass 2.4.1 allows CSV injection in the title field of a CSV export. ...) - keepass2 (unimportant) NOTE: No security impact CVE-2019-20183 (uploadimage.php in Employee Records System 1.0 allows upload and execu ...) NOT-FOR-US: Employee Records System CVE-2019-20182 (The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_titl ...) NOT-FOR-US: Wordpress plugin CVE-2019-20181 (The awesome-support plugin 5.8.0 for WordPress allows XSS via the post ...) NOT-FOR-US: Wordpress plugin CVE-2019-20180 (The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV ...) NOT-FOR-US: Wordpress plugin CVE-2019-20179 (SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter ...) NOT-FOR-US: SOPlanning CVE-2019-20178 (Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php ...) NOT-FOR-US: Advisto PEEL Shopping CVE-2019-20177 RESERVED CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...) - pure-ftpd 1.0.49-2 (low; bug #947869) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) [jessie] - pure-ftpd (Minor issue) NOTE: https://github.com/jedisct1/pure-ftpd/commit/aea56f4bcb9948d456f3fae4d044fd3fa2e19706 CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide/core. ...) - qemu (unimportant) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg03869.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg00597.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg02165.html NOTE: Marked unimportant, as negligible security impact (a privileged guest NOTE: can trigger similar issues without triggering the specific assert) and NOTE: is disputed by QEMU security team. CVE-2019-20174 (Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is us ...) NOT-FOR-US: Auth0 Lock CVE-2019-20173 (The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XS ...) NOT-FOR-US: Auth0 wp-auth0 plugin for WordPress CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...) NOT-FOR-US: SerenityOS CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} - gpac 1.0.1+dfsg1-2 (low) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1337 NOTE: https://github.com/gpac/gpac/commit/72cdc5048dead86bb1df7d21e0b9975e49cf2d97 NOTE: https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1328 NOTE: https://github.com/gpac/gpac/commit/16856430287cc10f495eb241910b4dc45b193e03 CVE-2019-20169 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - gpac (Vulnerability introduced later, fix relates to 'use_dump_mode' introduced in v0.7.0) NOTE: https://github.com/gpac/gpac/issues/1329 NOTE: Introduces use_dump_mode: https://github.com/gpac/gpac/commit/9ea1fb39891669014a6e7592a4422e8de630cdc0 (v0.7.0) NOTE: https://github.com/gpac/gpac/commit/a8b6246da925cf744805c9427a01fcacb53314bb CVE-2019-20168 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - gpac (Vulnerability introduced later, fix relates to 'use_dump_mode' introduced in v0.7.0) NOTE: https://github.com/gpac/gpac/issues/1333 NOTE: Introduces use_dump_mode: https://github.com/gpac/gpac/commit/9ea1fb39891669014a6e7592a4422e8de630cdc0 (v0.7.0) NOTE: Uncovers/makes visible the vulnerability: https://github.com/gpac/gpac/commit/697d6afb3cd012d442e12400b6841ebd1256a354 (v0.8.0) NOTE: https://github.com/gpac/gpac/commit/a8b6246da925cf744805c9427a01fcacb53314bb CVE-2019-20167 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - gpac (Vulnerable code introduced in development version after v0.8.0) NOTE: https://github.com/gpac/gpac/issues/1330 NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #3) CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - gpac (Vulnerable code introduced in 0.7.0) NOTE: https://github.com/gpac/gpac/issues/1331 NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2) CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1338 NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #1) CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - gpac (Vulnerable code introduced in 0.7.0) NOTE: https://github.com/gpac/gpac/issues/1332 NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2) CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1335 NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4) CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1327 NOTE: https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77 CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) {DLA-2072-1} - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1320 NOTE: https://github.com/gpac/gpac/commit/7a09732d4978586e6284e84caa9c301b2fa5e956 CVE-2019-20160 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - gpac (Vulnerable code introduced in 0.8.0) NOTE: https://github.com/gpac/gpac/issues/1334 NOTE: Introduced in: https://github.com/gpac/gpac/commit/d7c2bb5cc3c67566f506f51cbefbf66f8169ea85 NOTE: Fixed by: https://github.com/gpac/gpac/commit/bcfcb3e90476692fe0d2bb532ea8deeb2a77580e (chunk #2) CVE-2019-20159 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) - gpac (Vulnerable code introduced in 0.7.0) NOTE: https://github.com/gpac/gpac/issues/1321 NOTE: Introduced in: https://github.com/gpac/gpac/commit/261fab7f51479ae8b1732350d9d4cc456c4919af (v0.7.0) NOTE: Fixed by: https://github.com/gpac/gpac/commit/e4c1f09ab9618b6af3bec6b94b8b349f2d01dbf8 CVE-2019-20158 RESERVED CVE-2019-20157 RESERVED CVE-2019-20156 RESERVED CVE-2019-20155 (An issue was discovered in report_edit.jsp in Determine (formerly Sele ...) NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management CVE-2019-20154 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...) NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management CVE-2019-20153 (An issue was discovered in Determine (formerly Selectica) Contract Lif ...) NOT-FOR-US: Determine (formerly Selectica) Contract Lifecycle Management CVE-2019-20152 (An XSS issue was discovered in TreasuryXpress 19191105. Due to the lac ...) NOT-FOR-US: TreasuryXpress CVE-2019-20151 (An XSS issue was discovered in TreasuryXpress 19191105. Due to the lac ...) NOT-FOR-US: TreasuryXpress CVE-2019-20150 (In TreasuryXpress 19191105, a logged-in user can discover saved creden ...) NOT-FOR-US: TreasuryXpress CVE-2019-20149 (ctorName in index.js in kind-of v6.0.2 allows external user input to o ...) - node-kind-of 6.0.3+dfsg-1 (bug #948095) [buster] - node-kind-of 6.0.2+dfsg-1+deb10u1 [stretch] - node-kind-of (Minor issue; can be fixed via point release) NOTE: https://github.com/jonschlinkert/kind-of/issues/30 NOTE: https://github.com/jonschlinkert/kind-of/pull/31 CVE-2019-20148 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) [experimental] - gitlab 12.6.2-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2019-20147 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) [experimental] - gitlab 12.6.2-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2019-20146 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) [experimental] - gitlab 12.6.2-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2019-20145 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) [experimental] - gitlab 12.6.2-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2019-20144 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) [experimental] - gitlab 12.6.2-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2019-20143 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) - gitlab (Only affects Gitlab CE 12.6) NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2019-20142 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) - gitlab (Only affects Gitlab CE 12.3 and later) NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2019-20141 (An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPr ...) NOT-FOR-US: Laborator Neon theme for WordPress CVE-2019-20140 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/122 NOTE: https://github.com/saitoha/libsixel/commit/598c8c88c97fd2eb5f6f5d1324fc325e66317f0c CVE-2019-20139 (In Nagios XI 5.6.9, XSS exists via the nocscreenapi.php host, hostgrou ...) NOT-FOR-US: Nagios XI CVE-2019-20138 (The HTTP Authentication library before 2019-12-27 for Nim has weak pas ...) NOT-FOR-US: HTTP Authentication library for Nim CVE-2019-20137 RESERVED CVE-2019-20136 RESERVED CVE-2019-20135 RESERVED CVE-2019-20134 RESERVED CVE-2019-20133 RESERVED CVE-2019-20132 RESERVED CVE-2019-20131 RESERVED CVE-2019-20130 RESERVED CVE-2019-20129 RESERVED CVE-2019-20128 RESERVED CVE-2019-20127 RESERVED CVE-2019-20126 RESERVED CVE-2019-20125 RESERVED CVE-2019-20124 RESERVED CVE-2019-20123 RESERVED CVE-2019-20122 RESERVED CVE-2019-20121 RESERVED CVE-2019-20120 RESERVED CVE-2019-20119 RESERVED CVE-2019-20118 RESERVED CVE-2019-20117 RESERVED CVE-2019-20116 RESERVED CVE-2019-20115 RESERVED CVE-2019-20114 RESERVED CVE-2019-20113 RESERVED CVE-2019-20112 RESERVED CVE-2019-20111 RESERVED CVE-2019-20110 RESERVED CVE-2019-20109 RESERVED CVE-2019-20108 RESERVED CVE-2019-20107 (Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allo ...) NOT-FOR-US: TestLink CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...) NOT-FOR-US: Atlassian CVE-2019-20105 (The EditApplinkServlet resource in the Atlassian Application Links plu ...) NOT-FOR-US: Atlassian CVE-2019-20104 (The OpenID client application in Atlassian Crowd before version 3.6.2, ...) NOT-FOR-US: Atlassian CVE-2019-20103 RESERVED CVE-2019-20102 (The attachment-uploading feature in Atlassian Confluence Server from v ...) NOT-FOR-US: Atlassian CVE-2019-20101 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) NOT-FOR-US: Atlassian CVE-2019-20100 (The Atlassian Application Links plugin is vulnerable to cross-site req ...) NOT-FOR-US: Atlassian Application Links plugin CVE-2019-20099 (The VerifyPopServerConnection!add.jspa component in Atlassian Jira Ser ...) NOT-FOR-US: Atlassian CVE-2019-20098 (The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Se ...) NOT-FOR-US: Atlassian CVE-2019-20097 (Bitbucket Server and Bitbucket Data Center versions starting from 1.0. ...) NOT-FOR-US: Bitbucket Server and Bitbucket Data Center CVE-2019-20096 (In the Linux kernel before 5.1, there is a memory leak in __feat_regis ...) {DLA-2114-1} - linux 5.2.6-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 [jessie] - linux 3.16.72-1 NOTE: https://git.kernel.org/linus/1d3ff0950e2b40dc861b1739029649d03f591820 CVE-2019-20095 (mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in t ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/003b686ace820ce2d635a83f10f2d7f9c147dabc CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based buffe ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/125 NOTE: https://github.com/saitoha/libsixel/commit/a18b3789cfd147028403c17fe79a43b169d8f034 CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) - libpodofo (bug #977302) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) NOTE: https://sourceforge.net/p/podofo/tickets/75/ CVE-2019-20092 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...) NOT-FOR-US: Bento4 CVE-2019-20091 (An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer der ...) NOT-FOR-US: Bento4 CVE-2019-20090 (An issue was discovered in Bento4 1.5.1.0. There is a use-after-free i ...) NOT-FOR-US: Bento4 CVE-2019-20089 (GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_See ...) NOT-FOR-US: gpmf-parser CVE-2019-20088 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayloa ...) NOT-FOR-US: gpmf-parser CVE-2019-20087 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seek ...) NOT-FOR-US: gpmf-parser CVE-2019-20086 (GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next ...) NOT-FOR-US: gpmf-parser CVE-2019-20085 (TVT NVMS-1000 devices allow GET /.. Directory Traversal ...) NOT-FOR-US: TVT NVMS-1000 devices CVE-2019-20084 RESERVED CVE-2019-20083 RESERVED CVE-2019-20082 RESERVED CVE-2019-20081 RESERVED CVE-2019-20080 RESERVED CVE-2019-20079 (The autocmd feature in window.c in Vim before 8.1.2136 accesses freed ...) - vim 2:8.1.2136-1 [buster] - vim (Vulnerable code introduced later) [stretch] - vim (Vulnerable code introduced later) [jessie] - vim (vulnerable code was introduced later) NOTE: https://github.com/vim/vim/issues/5041 NOTE: Introduced with: https://github.com/vim/vim/commit/a27e1dcddc9e3914ab34b164f71c51b72903b00b (v8.1.2121) NOTE: Fixed by: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 (v8.1.2136) CVE-2019-20078 RESERVED CVE-2019-20077 (The Typesetter CMS 5.1 logout functionality is affected by a CSRF vuln ...) NOT-FOR-US: Typesetter CMS CVE-2019-20076 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username par ...) NOT-FOR-US: Netis DL4323 devices CVE-2019-20075 (On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). ...) NOT-FOR-US: Netis DL4323 devices CVE-2019-20074 (On Netis DL4323 devices, any user role can view sensitive information, ...) NOT-FOR-US: Netis DL4323 devices CVE-2019-20073 (On Netis DL4323 devices, XSS exists via the form2userconfig.cgi userna ...) NOT-FOR-US: Netis DL4323 devices CVE-2019-20072 (On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname par ...) NOT-FOR-US: Netis DL4323 devices CVE-2019-20071 (On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete ...) NOT-FOR-US: Netis DL4323 devices CVE-2019-20070 (On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2 ...) NOT-FOR-US: Netis DL4323 devices CVE-2019-20069 RESERVED CVE-2019-20068 RESERVED CVE-2019-20067 RESERVED CVE-2019-20066 RESERVED CVE-2019-20065 RESERVED CVE-2019-20064 RESERVED CVE-2019-20063 (hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of m ...) - libmysofa 0.8~dfsg0-1 [buster] - libmysofa 0.6~dfsg0-3+deb10u1 NOTE: https://github.com/hoene/libmysofa/issues/67 NOTE: https://github.com/hoene/libmysofa/commit/ecb7b743b6f6d47b93a7bc680a60071a0f9524c6 CVE-2019-20062 (MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to r ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-20061 (The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5 ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-20060 (MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-20059 (payment_manage.ajax.php and various *_manage.ajax.php in MFScripts Yet ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS ...) NOT-FOR-US: Bolt CMS CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman ...) NOT-FOR-US: Proxyman for macOS CVE-2019-20056 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) - libstb (low) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: libsixel PR: https://github.com/saitoha/libsixel/issues/126 NOTE: libsixel patch: https://github.com/saitoha/libsixel/commit/814f831555ea2492d442e784ab5d594f6a8e2e8d NOTE: libstb PR: https://github.com/nothings/stb/issues/886 NOTE: libstb patch: https://github.com/nothings/stb/commit/bfaccab17a648b315543d366c63aee575a0756b7 CVE-2019-20055 (LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substri ...) NOT-FOR-US: LuquidPixels LiquiFire OS CVE-2019-20053 (An invalid memory address dereference was discovered in the canUnpack ...) - upx-ucl 3.96-1 (unimportant; bug #947471) NOTE: https://github.com/upx/upx/issues/314 NOTE: https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 ...) - libmatio (Vulnerable code introduced later) NOTE: https://github.com/tbeu/matio/issues/131 CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_hash in ...) - upx-ucl 3.96-1 (unimportant) NOTE: https://github.com/upx/upx/issues/313 CVE-2019-20050 (Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerab ...) NOT-FOR-US: Pandora FMS CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer dereference ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux 3.16.72-1 NOTE: https://git.kernel.org/linus/23da9588037ecdd4901db76a5b79a42b529c4ec3 NOTE: https://git.kernel.org/linus/89189557b47b35683a27c80ee78aef18248eefb4 CVE-2019-20049 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A re ...) NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices CVE-2019-20048 (An issue was discovered on Alcatel-Lucent OmniVista 8770 devices befor ...) NOT-FOR-US: Alcatel-Lucent OmniVista 8770 devices CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and ...) NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices CVE-2019-20046 (The Synergy Systems & Solutions PLC & RTU system has a vulnera ...) NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system CVE-2019-20045 (The Synergy Systems & Solutions PLC & RTU system has a vulnera ...) NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system CVE-2019-20044 (In Zsh before 5.8, attackers able to execute commands can regain privi ...) {DLA-2470-1 DLA-2117-1} - zsh 5.8-1 (bug #951458) [buster] - zsh (Minor issue) NOTE: https://www.zsh.org/mla/zsh-announce/141 NOTE: https://sourceforge.net/p/zsh/code/ci/24e993db62cf146fb76ebcf677a4a7aa3766fc74/ NOTE: https://sourceforge.net/p/zsh/code/ci/8250c5c168f07549ed646e6848e6dda118271e23/ NOTE: https://sourceforge.net/p/zsh/code/ci/26d02efa7a9b0a6b32e1a8bbc6aca6c544b94211/ NOTE: https://sourceforge.net/p/zsh/code/ci/4ce66857b71b40a0661df3780ff557f2b0f4cb13/ NOTE: https://sourceforge.net/p/zsh/code/ci/b15bd4aa590db8087d1e8f2eb1af2874f5db814d/ CVE-2019-20040 RESERVED CVE-2019-20039 RESERVED CVE-2019-20038 RESERVED CVE-2019-20037 RESERVED CVE-2019-20036 RESERVED CVE-2019-20035 RESERVED CVE-2019-20034 RESERVED CVE-2019-20033 (On Aspire-derived NEC PBXes, including all versions of SV8100 devices, ...) NOT-FOR-US: NEC devices CVE-2019-20032 (An attacker with access to an InMail voicemail box equipped with the f ...) NOT-FOR-US: NEC devices CVE-2019-20031 (NEC UM8000, UM4730 and prior non-InMail voicemail systems with all kno ...) NOT-FOR-US: NEC devices CVE-2019-20030 (An attacker with knowledge of the modem access number on a NEC UM8000 ...) NOT-FOR-US: NEC devices CVE-2019-20029 (An exploitable privilege escalation vulnerability exists in the WebPro ...) NOT-FOR-US: NEC devices CVE-2019-20028 (Aspire-derived NEC PBXes operating InMail software, including all vers ...) NOT-FOR-US: NEC devices CVE-2019-20027 (Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2 ...) NOT-FOR-US: NEC devices CVE-2019-20026 (The WebPro interface in NEC SV9100 software releases 7.0 or higher all ...) NOT-FOR-US: NEC devices CVE-2019-20025 (Certain builds of NEC SV9100 software could allow an unauthenticated, ...) NOT-FOR-US: NEC devices CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resize in ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/121 NOTE: https://github.com/saitoha/libsixel/commit/6367d2fc8c365c5841d05697200e90c73c4b3c4b CVE-2019-20023 (A memory leak was discovered in image_buffer_resize in fromsixel.c in ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/120 NOTE: Proposed fix: https://github.com/saitoha/libsixel/commit/b9a4175c803b50a863b0fbd8b8b49058ca725ea6 CVE-2019-20022 (An invalid memory address dereference was discovered in load_pnm in fr ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/108 NOTE: https://github.com/saitoha/libsixel/commit/e17c0765ed708186865f0f8badfed44181063776 CVE-2019-20021 (A heap-based buffer over-read was discovered in canUnpack in p_mach.cp ...) - upx-ucl 3.96-1 (unimportant; bug #947471) NOTE: https://github.com/upx/upx/issues/315 NOTE: https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa CVE-2019-20020 (A stack-based buffer over-read was discovered in ReadNextStructField i ...) [experimental] - libmatio 1.5.18-1 - libmatio 1.5.19-2 [buster] - libmatio (Minor issue) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue) NOTE: https://github.com/tbeu/matio/issues/128 CVE-2019-20019 (An attempted excessive memory allocation was discovered in Mat_VarRead ...) - libmatio [bullseye] - libmatio (Minor issue) [buster] - libmatio (Minor issue) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue) NOTE: https://github.com/tbeu/matio/issues/130 CVE-2019-20018 (A stack-based buffer over-read was discovered in ReadNextCell in mat5. ...) [experimental] - libmatio 1.5.18-1 - libmatio 1.5.19-2 [buster] - libmatio (Minor issue) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue) NOTE: https://github.com/tbeu/matio/issues/129 CVE-2019-20017 (A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 ...) [experimental] - libmatio 1.5.18-1 - libmatio 1.5.19-2 [buster] - libmatio (Minor issue) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue) NOTE: https://github.com/tbeu/matio/issues/127 CVE-2019-20016 (libmysofa before 2019-11-24 does not properly restrict recursive funct ...) - libmysofa 0.9~dfsg0-1 [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/commit/2e6fac6ab6156dae8e8c6f417741388084b70d6f NOTE: https://github.com/hoene/libmysofa/issues/83 NOTE: https://github.com/hoene/libmysofa/issues/84 CVE-2019-20015 (An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead ...) - libredwg (bug #595191) CVE-2019-20014 (An issue was discovered in GNU LibreDWG before 0.93. There is a double ...) - libredwg (bug #595191) CVE-2019-20013 (An issue was discovered in GNU LibreDWG before 0.93. Crafted input wil ...) - libredwg (bug #595191) CVE-2019-20012 (An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead ...) - libredwg (bug #595191) CVE-2019-20011 (An issue was discovered in GNU LibreDWG 0.92. There is a heap-based bu ...) - libredwg (bug #595191) CVE-2019-20010 (An issue was discovered in GNU LibreDWG 0.92. There is a use-after-fre ...) - libredwg (bug #595191) CVE-2019-20009 (An issue was discovered in GNU LibreDWG before 0.93. Crafted input wil ...) - libredwg (bug #595191) CVE-2019-20008 (In Archery before 1.3, inserting an XSS payload into a project name (e ...) NOT-FOR-US: Archery CVE-2019-20007 (An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezx ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/13/ CVE-2019-20006 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/15/ CVE-2019-20005 (An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezx ...) - mapcache (bug #989363) [bullseye] - mapcache (Minor issue) [buster] - mapcache (Minor issue) [stretch] - mapcache (Minor issue) - scilab (bug #989364) [bullseye] - scilab (Minor issue) [buster] - scilab (Minor issue) [stretch] - scilab (Minor issue) - netcdf (bug #989360) [bullseye] - netcdf (Minor issue) [buster] - netcdf (Minor issue) [stretch] - netcdf (vulnerable code not present) - netcdf-parallel (bug #989361) [bullseye] - netcdf-parallel (Minor issue) [buster] - netcdf-parallel (Minor issue) NOTE: https://sourceforge.net/p/ezxml/bugs/14/ CVE-2019-20004 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the ...) NOT-FOR-US: Intelbras CVE-2019-20003 (Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored ...) NOT-FOR-US: Feldtech easescreen Crystal 9.0 Web-Services CVE-2019-20002 (Formula Injection exists in the export feature in SolarWinds WebHelpDe ...) NOT-FOR-US: SolarWinds WebHelpDesk CVE-2019-20001 (An issue was discovered in RICOH Streamline NX Client Tool and RICOH S ...) NOT-FOR-US: RICOH CVE-2019-20000 (The malware scan function in BullGuard Premium Protection 20.0.371.8 h ...) NOT-FOR-US: BullGuard Premium Protection CVE-2019-19999 (Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) ...) NOT-FOR-US: Halo CVE-2019-19998 (Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. ...) NOT-FOR-US: Xiuno BBS CVE-2019-19997 RESERVED CVE-2019-19996 (An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malfor ...) NOT-FOR-US: Intelbras IWR 3000N devices CVE-2019-19995 (A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, lead ...) NOT-FOR-US: Intelbras IWR 3000N devices CVE-2019-19994 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...) NOT-FOR-US: Selesta Visual Access Manager (VAM) CVE-2019-19993 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...) NOT-FOR-US: Selesta Visual Access Manager (VAM) CVE-2019-19992 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...) NOT-FOR-US: Selesta Visual Access Manager (VAM) CVE-2019-19991 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...) NOT-FOR-US: Selesta Visual Access Manager (VAM) CVE-2019-19990 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...) NOT-FOR-US: Selesta Visual Access Manager (VAM) CVE-2019-19989 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...) NOT-FOR-US: Selesta Visual Access Manager (VAM) CVE-2019-19988 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...) NOT-FOR-US: Selesta Visual Access Manager (VAM) CVE-2019-19987 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...) NOT-FOR-US: Selesta Visual Access Manager (VAM) CVE-2019-19986 (An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 ...) NOT-FOR-US: Selesta Visual Access Manager (VAM) CVE-2019-19985 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...) NOT-FOR-US: WordPress plugin CVE-2019-19984 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...) NOT-FOR-US: WordPress plugin CVE-2019-19983 (In the WordPress plugin, Fast Velocity Minify before 2.7.7, the full w ...) NOT-FOR-US: WordPress plugin CVE-2019-19982 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...) NOT-FOR-US: WordPress plugin CVE-2019-19981 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...) NOT-FOR-US: WordPress plugin CVE-2019-19980 (The WordPress plugin, Email Subscribers & Newsletters, before 4.2. ...) NOT-FOR-US: WordPress plugin CVE-2019-19979 (A flaw in the WordPress plugin, WP Maintenance before 5.0.6, allowed a ...) NOT-FOR-US: WordPress plugin CVE-2019-19978 RESERVED CVE-2019-19976 RESERVED CVE-2019-19975 RESERVED CVE-2019-19974 RESERVED CVE-2019-19973 RESERVED CVE-2019-19972 RESERVED CVE-2019-19971 RESERVED CVE-2019-19970 RESERVED CVE-2019-19969 RESERVED CVE-2019-19968 (PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting th ...) NOT-FOR-US: PandoraFMS CVE-2019-19967 (The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH ...) NOT-FOR-US: Connect Box EuroDOCSIS 3.0 Voice Gateway devices CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a fixed-size buf ...) - libesmtp (unimportant) NOTE: https://github.com/Kirin-say/Vulnerabilities/blob/master/Stack_Overflow_in_libesmtp.md NOTE: NTLM support not enabled in the Debian builds. CVE-2019-19966 (In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_e ...) {DLA-2068-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 NOTE: https://git.kernel.org/linus/dea37a97265588da604c6ba80160a287b72c7bfd CVE-2019-19965 (In the Linux kernel through 5.4.6, there is a NULL pointer dereference ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/f70267f379b5e5e11bdc5d72a56bf17e5feed01f CVE-2019-19964 (On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having ...) NOT-FOR-US: NETGEAR CVE-2019-19963 (An issue was discovered in wolfSSL before 4.3.0 in a non-default confi ...) - wolfssl 4.3.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/commit/7e391f0fd57f2ef375b1174d752a56ce34b2b190 (v4.3.0-stable) CVE-2019-19962 (wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, lea ...) - wolfssl 4.3.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/commit/23878512c65834d12811b1107d19a001478eca5d (4.3.0-stable) CVE-2019-19961 RESERVED CVE-2019-19960 (In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist sid ...) - wolfssl 4.3.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/commit/5ee9f9c7a23f8ed093fe1e42bc540727e96cebb8 (v4.3.0-stable) CVE-2019-19959 (ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT ...) - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 3.27.2-3+deb10u1 [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) NOTE: https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec NOTE: https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1 CVE-2019-19958 (In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/str ...) NOT-FOR-US: libIEC61850 CVE-2019-19957 (In libIEC61850 1.4.0, getNumberOfElements in mms/iso_mms/server/mms_ac ...) NOT-FOR-US: libIEC61850 CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.1 ...) {DLA-2369-1 DLA-2048-1} [experimental] - libxml2 2.9.10+dfsg-1 - libxml2 2.9.10+dfsg-2 [buster] - libxml2 2.9.4+dfsg1-7+deb10u1 NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/82 NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 (v2.9.10-rc1) CVE-2019-19955 RESERVED CVE-2019-19954 (Signal Desktop before 1.29.1 on Windows allows local users to gain pri ...) - signal-desktop (bug #842943) CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buff ...) {DSA-4640-1 DLA-2084-1} - graphicsmagick 1.4+really1.3.34-1 (bug #947311) NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf NOTE: https://sourceforge.net/p/graphicsmagick/bugs/617/ CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the function ...) - imagemagick (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1791 NOTE: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c (7.x) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b (6.x) CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buff ...) {DSA-4640-1 DLA-2084-1} - graphicsmagick 1.4~hg16039-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d NOTE: https://sourceforge.net/p/graphicsmagick/bugs/608/ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free ...) {DSA-4640-1 DLA-2084-1} - graphicsmagick 1.4~hg16039-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/ CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...) {DSA-4712-1 DLA-2333-1 DLA-2049-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947309) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/34adc98afd5c7e7fb774d2ebdaea39e831c24dce (6.x) CVE-2019-19948 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in ...) {DSA-4715-1 DSA-4712-1 DLA-2049-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947308) [stretch] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1562 NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ae32a9038e360b3491969d5d03d490884f02b4c (7.x) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/9e7db22f8c374301db3f968757f0d08070fd4e54 (6.x) CVE-2019-19947 (In the Linux kernel through 5.4.6, there are information leaks of unin ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.8-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/da2311a6385c3b499da2ed5d9be59ce331fa93e9 CVE-2019-19946 (The API in Dradis Pro 3.4.1 allows any user to extract the content of ...) NOT-FOR-US: Dradis Pro CVE-2019-19945 (uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an ...) NOT-FOR-US: uhttpd in OpenWrt CVE-2019-19944 (In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c ...) NOT-FOR-US: libIEC61850 CVE-2019-19943 (The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3 ...) NOT-FOR-US: Pablo Quick 'n Easy Web Server CVE-2019-19942 (Missing output sanitation in Swisscom Centro Grande Centro Grande befo ...) NOT-FOR-US: Swisscom CVE-2019-19941 (Missing hostname validation in Swisscom Centro Grande before 6.16.12 a ...) NOT-FOR-US: Swisscom CVE-2019-19940 (Incorrect input sanitation in text-oriented user interfaces (telnet, s ...) NOT-FOR-US: Swisscom CVE-2019-19939 RESERVED CVE-2019-19938 RESERVED CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict eithe ...) NOT-FOR-US: JFrog Artifactory CVE-2019-19936 RESERVED CVE-2019-19935 (Froala Editor before 3.2.3 allows XSS. ...) NOT-FOR-US: Froala Editor CVE-2019-19934 RESERVED CVE-2019-19933 RESERVED CVE-2019-19932 RESERVED CVE-2019-19931 (In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms ...) NOT-FOR-US: libIEC61850 CVE-2019-19930 (In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mm ...) NOT-FOR-US: libIEC61850 CVE-2019-19929 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner befo ...) NOT-FOR-US: Malwarebytes AdwCleaner CVE-2019-19928 RESERVED CVE-2019-19927 (In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on k ...) - linux 5.2.6-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) CVE-2019-19926 (multiSelect in select.c in SQLite 3.30.1 mishandles certain errors dur ...) {DSA-4638-1} - sqlite3 (Incomplete fix for CVE-2019-19880 not applied) NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL ...) {DSA-4638-1} - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 3.27.2-3+deb10u1 [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) NOTE: https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618 CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...) - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3 CVE-2019-19923 (flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses o ...) {DSA-4638-1} - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 3.27.2-3+deb10u1 [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) NOTE: https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35 CVE-2019-19922 (kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quo ...) {DLA-2068-1} - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/de53fd7aedb100f03e5d2231cfce0e4993282425 CVE-2019-19921 (runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalat ...) - runc 1.0.0~rc10+dfsg1-1 [buster] - runc (Minor issue) [stretch] - runc (Minor issue) NOTE: https://github.com/opencontainers/runc/issues/2197 NOTE: https://github.com/opencontainers/runc/pull/2190 CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Poll ...) - node-handlebars 3:4.5.3-1 [buster] - node-handlebars 3:4.1.0-1+deb10u1 NOTE: https://www.npmjs.com/advisories/1164 CVE-2019-19918 (Lout 3.40 has a heap-based buffer overflow in the srcnext() function i ...) - lout (bug #947113) [buster] - lout (Minor issue) [stretch] - lout (Minor issue) [jessie] - lout (Minor issue) NOTE: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html CVE-2019-19917 (Lout 3.40 has a buffer overflow in the StringQuotedWord() function in ...) - lout (bug #947113) [buster] - lout (Minor issue) [stretch] - lout (Minor issue) [jessie] - lout (Minor issue) NOTE: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00002.html CVE-2019-19916 (In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP ...) NOT-FOR-US: Midori Browser CVE-2019-19915 (The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for Wor ...) NOT-FOR-US: "301 Redirects - Easy Redirect Manager" plugin for WordPress CVE-2019-19914 REJECTED CVE-2019-19913 (In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the ...) NOT-FOR-US: Intland codeBeamer ALM CVE-2019-19912 (In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS ...) NOT-FOR-US: Intland codeBeamer ALM CVE-2019-19911 (There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImage ...) {DSA-4631-1 DLA-2057-1} - pillow 7.0.0-1 (bug #948224) NOTE: https://github.com/python-pillow/Pillow/commit/774e53bb132461d8d5ebefec1162e29ec0ebc63d (6.2.2) CVE-2019-19910 (The MinervaNeue Skin in MediaWiki from 2019-11-05 to 2019-12-13 (1.35 ...) NOT-FOR-US: Mediawiki skin CVE-2019-19909 (An issue was discovered in Public Knowledge Project (PKP) pkp-lib befo ...) NOT-FOR-US: Public Knowledge Project (PKP) pkp-lib CVE-2019-19908 (phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript inje ...) NOT-FOR-US: phpMyChat CVE-2019-19907 (HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core ...) - kopanocore 8.7.0-6 (bug #947312) [buster] - kopanocore (Minor issue) NOTE: https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff CVE-2019-19904 RESERVED CVE-2019-19903 (An issue was discovered in Backdrop CMS 1.14.x before 1.14.2. It doesn ...) - backdrop (bug #914257) CVE-2019-19902 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14. ...) - backdrop (bug #914257) CVE-2019-19901 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14. ...) - backdrop (bug #914257) CVE-2019-19900 (An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14. ...) - backdrop (bug #914257) CVE-2019-19899 (Pebble Templates 3.1.2 allows attackers to bypass a protection mechani ...) NOT-FOR-US: Pebble Templates CVE-2019-19898 (In IXP EasyInstall 6.2.13723, there are cleartext credentials in netwo ...) NOT-FOR-US: IXP EasyInstall CVE-2019-19897 (In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the A ...) NOT-FOR-US: IXP EasyInstall CVE-2019-19896 (In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak ...) NOT-FOR-US: IXP EasyInstall CVE-2019-19895 (In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Age ...) NOT-FOR-US: IXP EasyInstall CVE-2019-19894 (In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UA ...) NOT-FOR-US: IXP EasyInstall CVE-2019-19893 (In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port ...) NOT-FOR-US: IXP EasyInstall CVE-2019-19892 RESERVED CVE-2019-19891 (An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 ...) NOT-FOR-US: Mitel SIP-DECT wireless devices CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading ...) {DSA-4591-1 DLA-2044-1} - cyrus-sasl2 2.1.27+dfsg-2 (bug #947043) NOTE: https://github.com/cyrusimap/cyrus-sasl/issues/587 NOTE: https://github.com/cyrusimap/cyrus-sasl/commit/dcc9f51cbd4ed622cfb0f9b1c141eb2ffe3b12f1 NOTE: https://www.openldap.org/its/index.cgi/Incoming?id=9123 CVE-2019-16787 REJECTED CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability ...) - nethack 3.6.6-1 (unimportant; bug #947005) NOTE: https://github.com/NetHack/NetHack/commit/f4a840a48f4bcf11757b3d859e9d53cc9d5ef226 NOTE: https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47 NOTE: Negligible security impact CVE-2019-19890 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...) NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices CVE-2019-19889 (An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160 ...) NOT-FOR-US: Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices CVE-2019-19888 (jfif_decode in jfif.c in ffjpeg through 2019-08-21 has a divide-by-zer ...) NOT-FOR-US: ffjpeg CVE-2019-19887 (bitstr_tell at bitstr.c in ffjpeg through 2019-08-21 has a NULL pointe ...) NOT-FOR-US: ffjpeg CVE-2019-19886 (Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send c ...) - modsecurity 3.0.4-1 (bug #949682) [buster] - modsecurity 3.0.3-1+deb10u1 NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2202 NOTE: https://github.com/SpiderLabs/ModSecurity/commit/7ba77631f9a37e0680d23ee57c455c6a35c65cb9 CVE-2019-19885 (In Bender COMTRAXX, user authorization is validated for most, but not ...) NOT-FOR-US: Bender COMTRAXX CVE-2019-19884 RESERVED CVE-2019-19883 RESERVED CVE-2019-19882 (shadow 4.8, in certain circumstances affecting at least Gentoo, Arch L ...) - shadow (unimportant) NOTE: https://github.com/shadow-maint/shadow/pull/199 NOTE: https://bugs.archlinux.org/task/64836 NOTE: https://bugs.gentoo.org/702252 NOTE: Debian builds are compiled using -with-libpam and explicitly passing NOTE: --disable-account-tools-setuid. CVE-2019-19881 RESERVED CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers to tr ...) {DSA-4638-1} - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 (Vulnerable code introduced later) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) NOTE: Introduced in: https://github.com/sqlite/sqlite/commit/08f6de7f314ad6b15d34cc5f27c3e737fcd99268 (3.29.0) NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54 NOTE: When fixing this issue make sure to apply as well NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 NOTE: to not open CVE-2019-19926. CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain ...) NOT-FOR-US: HashiCorp Sentinel (different from Redis Sentinel) CVE-2019-19878 (An issue was discovered in B&R Industrial Automation APROL before ...) NOT-FOR-US: B&R Industrial Automation APROL CVE-2019-19877 (An issue was discovered in B&R Industrial Automation APROL before ...) NOT-FOR-US: B&R Industrial Automation APROL CVE-2019-19876 (An issue was discovered in B&R Industrial Automation APROL before ...) NOT-FOR-US: B&R Industrial Automation APROL CVE-2019-19875 (An issue was discovered in B&R Industrial Automation APROL before ...) NOT-FOR-US: B&R Industrial Automation APROL CVE-2019-19874 (An issue was discovered in B&R Industrial Automation APROL before ...) NOT-FOR-US: B&R Industrial Automation APROL CVE-2019-19873 (An issue was discovered in B&R Industrial Automation APROL before ...) NOT-FOR-US: B&R Industrial Automation APROL CVE-2019-19872 (An issue was discovered in B&R Industrial Automation APROL before ...) NOT-FOR-US: B&R Industrial Automation APROL CVE-2019-19871 RESERVED CVE-2019-19870 RESERVED CVE-2019-19869 (An issue was discovered in B&R Industrial Automation APROL before ...) NOT-FOR-US: B&R Industrial Automation APROL CVE-2019-19868 RESERVED CVE-2019-19867 RESERVED CVE-2019-19866 (Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V1 ...) NOT-FOR-US: Atos Unify OpenScape UC Web Client CVE-2019-19865 (Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V ...) NOT-FOR-US: Atos Unify OpenScape UC Web Client CVE-2019-19864 REJECTED CVE-2019-19863 REJECTED CVE-2019-19862 REJECTED CVE-2019-19861 REJECTED CVE-2019-19860 RESERVED CVE-2019-19859 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) NOT-FOR-US: Serpico CVE-2019-19858 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) NOT-FOR-US: Serpico CVE-2019-19857 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) NOT-FOR-US: Serpico CVE-2019-19856 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) NOT-FOR-US: Serpico CVE-2019-19855 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) NOT-FOR-US: Serpico CVE-2019-19854 (An issue was discovered in Serpico (aka SimplE RePort wrIting and Coll ...) NOT-FOR-US: Serpico CVE-2019-19853 RESERVED CVE-2019-19852 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...) NOT-FOR-US: FreePBX CVE-2019-19851 (An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13 ...) NOT-FOR-US: FreePBX CVE-2019-19850 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...) NOT-FOR-US: TYPO3 CVE-2019-19849 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...) NOT-FOR-US: TYPO3 CVE-2019-19848 (An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and ...) NOT-FOR-US: TYPO3 CVE-2019-19847 (Libspiro through 20190731 has a stack-based buffer overflow in the spi ...) - libspiro 1:20200505-1 (unimportant; bug #947276) [jessie] - libspiro (Vulnerable code not present) NOTE: https://github.com/fontforge/libspiro/issues/21 NOTE: https://github.com/fontforge/libspiro/issues/21#issuecomment-567983822 NOTE: https://github.com/fontforge/libspiro/commit/35233450c922787dad42321e359e5229ff470a1e CVE-2019-19846 (In Joomla! before 3.9.14, the lack of validation of configuration para ...) NOT-FOR-US: Joomla! CVE-2019-19845 (In Joomla! before 3.9.14, a missing access check in framework files co ...) NOT-FOR-US: Joomla! CVE-2019-19844 (Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows a ...) {DSA-4598-1 DLA-2042-1} - python-django 2:2.2.9-1 (bug #946937) NOTE: https://www.djangoproject.com/weblog/2019/dec/18/security-releases/ NOTE: https://github.com/django/django/commit/5b1fbcef7a8bec991ebe7b2a18b5d5a95d72cb70 (master) NOTE: https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26 (3.0.x branch) NOTE: https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e (2.2.x branch) NOTE: https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2 (1.11.x branch) CVE-2019-19843 (Incorrect access control in the web interface in Ruckus Wireless Unlea ...) NOT-FOR-US: Ruckus devices CVE-2019-19842 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...) NOT-FOR-US: Ruckus devices CVE-2019-19841 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...) NOT-FOR-US: Ruckus devices CVE-2019-19840 (A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruc ...) NOT-FOR-US: Ruckus devices CVE-2019-19839 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...) NOT-FOR-US: Ruckus devices CVE-2019-19838 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...) NOT-FOR-US: Ruckus devices CVE-2019-19837 (Incorrect access control in the web interface in Ruckus Wireless Unlea ...) NOT-FOR-US: Ruckus devices CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200. ...) NOT-FOR-US: Ruckus devices CVE-2019-19835 (SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed thro ...) NOT-FOR-US: Ruckus devices CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed throug ...) NOT-FOR-US: Ruckus devices CVE-2019-20043 (In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...) {DSA-4599-1} - wordpress 5.3.2+dfsg1-1 (bug #946905) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 [jessie] - wordpress (Vulnerable REST API introduced in 4.4) NOTE: https://core.trac.wordpress.org/changeset/46893/trunk NOTE: https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9 NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ CVE-2019-20042 (In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function ...) {DSA-4599-1} - wordpress 5.3.2+dfsg1-1 (bug #946905) [stretch] - wordpress (Vulnerable function introduced in 5.1) [jessie] - wordpress (Vulnerable function introduced in 5.1) NOTE: https://core.trac.wordpress.org/changeset/46894/trunk NOTE: https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ CVE-2019-20041 (wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 ...) {DSA-4599-1 DLA-2067-1} - wordpress 5.3.2+dfsg1-1 (bug #946905) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 NOTE: https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53 NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ CVE-2019-16781 (In WordPress before 5.3.1, authenticated users with lower privileges ( ...) {DSA-4599-1} - wordpress 5.3.2+dfsg1-1 (bug #946905) [stretch] - wordpress (Vulnerable Block feature introduce in 5.0) [jessie] - wordpress (Vulnerable Block feature introduce in 5.0) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v NOTE: https://hackerone.com/reports/731301 NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ CVE-2019-16780 (WordPress users with lower privileges (like contributors) can inject J ...) {DSA-4599-1} - wordpress 5.3.2+dfsg1-1 (bug #946905) [stretch] - wordpress (Vulnerable Block feature introduce in 5.0) [jessie] - wordpress (Vulnerable Block feature introduce in 5.0) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x3wp-h3qx-9w94 NOTE: https://github.com/WordPress/wordpress-develop/commit/505dd6a20b6fc3d06130018c1caeff764248c29e NOTE: https://hackerone.com/reports/738644 NOTE: https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/ CVE-2019-19833 (In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shu ...) NOT-FOR-US: Tautulli CVE-2019-19832 (Xerox AltaLink C8035 printers allow CSRF. A request to add users is ma ...) NOT-FOR-US: Xerox CVE-2019-19831 RESERVED CVE-2019-19829 (A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U ...) NOT-FOR-US: SolarWinds CVE-2019-19828 RESERVED CVE-2019-19827 RESERVED CVE-2019-19826 (The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal make ...) NOT-FOR-US: Views Dynamic Fields module for Drupal CVE-2019-19825 (On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be ...) NOT-FOR-US: TOTOLINK Realtek SDK based routers CVE-2019-19824 (On certain TOTOLINK Realtek SDK based routers, an authenticated attack ...) NOT-FOR-US: TOTOLINK Realtek SDK based routers CVE-2019-19823 (A certain router administration interface (that includes Realtek APMIB ...) NOT-FOR-US: Realtek CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...) NOT-FOR-US: Realtek CVE-2019-19821 (A post-authentication privilege escalation in the web application of C ...) NOT-FOR-US: Combodo iTop CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...) NOT-FOR-US: Kyrol Internet Security CVE-2019-19819 (The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.1 ...) NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...) NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...) NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...) {DLA-2586-1 DLA-2483-1 DLA-2385-1} - linux 5.2.6-1 [buster] - linux 4.19.160-1 NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592 CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - linux 5.3.7-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - linux [bullseye] - linux (Minor issue) [buster] - linux (Minor issue) CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...) {DLA-2586-1 DLA-2385-1} - linux 5.2.6-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592 CVE-2019-19812 RESERVED CVE-2019-19811 RESERVED CVE-2019-19810 (Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserializ ...) NOT-FOR-US: Zoom CVE-2019-19809 RESERVED CVE-2019-3467 (Debian-edu-config all versions < 2.11.10, a set of configuration fi ...) {DSA-4595-1 DSA-4589-1 DLA-2063-1 DLA-2041-1} - debian-edu-config 2.11.10 (bug #946797) - debian-lan-config 0.26 (bug #947459) NOTE: debian-lan-config is effectively the same issue as in debian-edu-config and a somewhat NOTE: derived codebase, so same CVE ID is used CVE-2019-19808 RESERVED CVE-2019-19806 (_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19805 (_account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19804 RESERVED CVE-2019-19803 RESERVED CVE-2019-19802 (In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8. ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2019-19801 (In Gallagher Command Centre Server versions of v8.10 prior to v8.10.11 ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2019-19800 (Zoho ManageEngine Applications Manager 14 before 14520 allows a remote ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2019-19799 (Zoho ManageEngine Applications Manager before 14600 allows a remote un ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-19798 RESERVED CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds wr ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 (bug #946866) [buster] - fig2dev 1:3.2.7a-5+deb10u3 - transfig [jessie] - transfig (Minor issue) NOTE: https://sourceforge.net/p/mcj/tickets/67/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ CVE-2019-19807 (In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after- ...) - linux 5.3.15-1 [buster] - linux (Vulnerable code introduced later and not present in released Debian version) [stretch] - linux (Vulnerable code introduced later and not present in released Debian version) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e7af6307a8a54f0b873960b32b6a644f2d0fbd97 CVE-2019-19796 (Yabasic 2.86.2 has a heap-based buffer overflow in myformat in functio ...) - yabasic (unimportant) NOTE: https://github.com/marcIhm/yabasic/issues/37 NOTE: Negligible security impact CVE-2019-19795 (samurai 0.7 has a heap-based buffer overflow in canonpath in util.c vi ...) NOT-FOR-US: samurai CVE-2019-19794 (The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6. ...) - golang-github-miekg-dns 1.1.26-1 (bug #947403) [buster] - golang-github-miekg-dns (Minor issue) [stretch] - golang-github-miekg-dns (Minor issue) NOTE: https://github.com/coredns/coredns/issues/3519 NOTE: https://github.com/miekg/dns/commit/8ebf2e419df7857ac8919baa05248789a8ffbf33 NOTE: https://github.com/miekg/dns/issues/1043 NOTE: https://github.com/miekg/dns/pull/1044 CVE-2019-19793 (In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Wind ...) NOT-FOR-US: Cyxtera AppGate SDP Client CVE-2019-19792 (A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS ...) NOT-FOR-US: ESET Cyber Security CVE-2019-19791 [Apache access rules and SOAP/REST endpoints issue] RESERVED - lemonldap-ng 2.0.7+ds-1 [buster] - lemonldap-ng 2.0.2+ds-7+deb10u3 [stretch] - lemonldap-ng (Minor issue) [jessie] - lemonldap-ng (Minor issue) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1943 NOTE: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-7-is-out/ CVE-2019-19790 (Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a rem ...) NOT-FOR-US: Telerik UI for ASP.NET AJAX CVE-2019-19789 (3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Tool ...) NOT-FOR-US: CODESYS CVE-2019-19788 (Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed ...) NOT-FOR-US: Opera for Android CVE-2019-19787 (ATasm 1.06 has a stack-based buffer overflow in the get_signed_express ...) NOT-FOR-US: ATasm CVE-2019-19786 (ATasm 1.06 has a stack-based buffer overflow in the parse_expr() funct ...) NOT-FOR-US: ATasm CVE-2019-19785 (ATasm 1.06 has a stack-based buffer overflow in the to_comma() functio ...) NOT-FOR-US: ATasm CVE-2019-19784 RESERVED CVE-2019-19783 (An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0. ...) {DSA-4590-1} - cyrus-imapd 3.0.13-1 NOTE: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html#security-fixes CVE-2019-19782 (The FTP client in AceaXe Plus 1.0 allows a buffer overflow via a long ...) NOT-FOR-US: AceaXe Plus CVE-2019-19781 (An issue was discovered in Citrix Application Delivery Controller (ADC ...) NOT-FOR-US: Citrix CVE-2019-19780 RESERVED CVE-2019-19779 RESERVED CVE-2019-19778 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/110 CVE-2019-19777 (stb_image.h (aka the stb image loader) 2.23, as used in libsixel and o ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/109 CVE-2019-19776 RESERVED CVE-2019-19775 (The image thumbnailing handler in Zulip Server versions 1.9.0 to befor ...) - zulip-server (bug #800052) CVE-2019-19774 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP ...) NOT-FOR-US: Zoho ManageEngine EventLog Analyzer CVE-2019-19773 (Various Lexmark products have stored XSS in the embedded web server us ...) NOT-FOR-US: Lexmark CVE-2019-19772 (Various Lexmark products have reflected XSS in the embedded web server ...) NOT-FOR-US: Lexmark CVE-2019-19771 (The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have b ...) NOT-FOR-US: lodahs malicious package on npm CVE-2019-19830 (_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authent ...) {DSA-4583-1} - spip 3.2.7-1 [stretch] - spip (Vulnerable code not present) [jessie] - spip (Vulnerable code not present) CVE-2019-19770 (** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free ...) {DLA-2483-1} - linux 5.7.17-1 [buster] - linux 4.19.160-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205713 CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in the pe ...) - linux 5.5.13-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205705 NOTE: https://git.kernel.org/linus/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711 CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as d ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.15-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...) NOT-FOR-US: Bitwarden server CVE-2019-19765 REJECTED CVE-2019-19764 REJECTED CVE-2019-19763 REJECTED CVE-2019-19762 REJECTED CVE-2019-19761 RESERVED CVE-2019-19760 RESERVED CVE-2019-19759 RESERVED CVE-2019-19758 (A vulnerability in the web interface of Lenovo EZ Media & Backup C ...) NOT-FOR-US: Lenovo CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administrator (L ...) NOT-FOR-US: Lenovo CVE-2019-19756 (An internal product security audit of Lenovo XClarity Administrator (L ...) NOT-FOR-US: Lenovo CVE-2019-19755 RESERVED CVE-2019-19754 RESERVED CVE-2019-19753 RESERVED CVE-2019-19752 RESERVED CVE-2019-19751 RESERVED CVE-2019-19750 (minerstat msOS before 2019-10-23 does not have a unique SSH key for ea ...) NOT-FOR-US: minerstat msOS CVE-2019-19749 RESERVED CVE-2019-19748 (The Work Time Calendar app before 4.7.1 for Jira allows XSS. ...) NOT-FOR-US: Work Time Calendar app for Jira CVE-2019-19747 (NeuVector 3.1 when configured to allow authentication via Active Direc ...) NOT-FOR-US: NeuVector CVE-2019-19746 (make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fau ...) - fig2dev 1:3.2.7b-3 (unimportant; bug #946628) [buster] - fig2dev 1:3.2.7a-5+deb10u3 - transfig (unimportant) NOTE: https://sourceforge.net/p/mcj/tickets/57/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3065abc7b4f740ed6532322843531317de782a26/ CVE-2019-19745 (Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end u ...) NOT-FOR-US: Contao CVE-2019-19744 RESERVED CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a root(admi ...) NOT-FOR-US: D-Link CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page is vuln ...) NOT-FOR-US: D-Link CVE-2019-19741 (Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege ...) NOT-FOR-US: Electronic Arts Origin CVE-2019-19740 (Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignI ...) NOT-FOR-US: Octeth Oempro CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19738 (log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does no ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19737 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19736 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the HttpOnly flag ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19735 (class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19734 (_account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 dir ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19733 (_get_all_file_server_paths.ajax.php (aka get_all_file_server_paths.aja ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19732 (translation_manage_text.ajax.php and various *_manage.ajax.php in MFSc ...) NOT-FOR-US: MFScripts YetiShare CVE-2019-19731 (Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote ...) NOT-FOR-US: Roxy Fileman CVE-2019-19730 RESERVED CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...) NOT-FOR-US: bsjon-objectid node module CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...) {DSA-4841-1} - slurm-llnl 19.05.5-1 [stretch] - slurm-llnl (Minor issue) [jessie] - slurm-llnl (Minor issue, fix introduces regression, upstream refuses access to bug tracker) NOTE: https://github.com/SchedMD/slurm/commit/5ac031b2ef5462f6e8e47dad0247bd474614c118 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692 NOTE: Fixed upstream in 18.08.9, 19.05.5 CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...) - slurm-llnl 19.05.5-1 (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1155784 NOTE: Fixed upstream in 18.08.9, 19.05.5 NOTE: The example file is installed as well in Debian as 0644 and slurmdbd.conf NOTE: not directly installed by the slurmdbd binary package. CVE-2019-19726 (OpenBSD through 6.6 allows local users to escalate to root because a c ...) NOT-FOR-US: OpenBSD CVE-2019-19725 (sysstat through 12.2.0 has a double free in check_file_actlst in sa_co ...) - sysstat 12.2.0-2 (unimportant; bug #946657) [stretch] - sysstat (Vulnerable code introduced in v11.7.1) [jessie] - sysstat (Vulnerable code introduced in v11.7.1) NOTE: https://github.com/sysstat/sysstat/issues/242 NOTE: https://github.com/sysstat/sysstat/commit/a5c8abd4a481ee6e27a3acf00e6d9b0f023e20ed NOTE: Crash in CLI tool, no security impact CVE-2019-19724 (Insecure permissions (777) are set on $HOME/.singularity when it is ne ...) - singularity-container 3.5.2+ds1-1 NOTE: https://github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631 CVE-2019-19723 RESERVED CVE-2019-19722 (In Dovecot before 2.3.9.2, an attacker can crash a push-notification d ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/2 NOTE: https://github.com/dovecot/core/commit/1307766b6f5d97341a47376657d342bcefd10f1b NOTE: https://github.com/dovecot/core/commit/393a8cabf4dad893bf2ec60bf96cfde7a0c58432 CVE-2019-19721 (An off-by-one error in the DecodeBlock function in codec/sdl_image.c i ...) {DSA-4671-1} - vlc 3.0.9.2-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=72afe7ebd8305bf4f5360293b8621cde52ec506b (3.0.9) CVE-2019-19720 (Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() functio ...) - yabasic (unimportant) NOTE: https://github.com/marcIhm/yabasic/issues/36 NOTE: Negligible security impact CVE-2019-19719 (Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via ...) NOT-FOR-US: Tableau Server CVE-2019-19718 RESERVED CVE-2019-19717 RESERVED CVE-2019-19716 RESERVED CVE-2019-19715 RESERVED CVE-2019-19714 (Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It ...) NOT-FOR-US: Contao CVE-2019-19713 RESERVED CVE-2019-19712 (Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can ...) NOT-FOR-US: Contao CVE-2019-19711 RESERVED CVE-2019-19710 RESERVED CVE-2019-19709 (MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklis ...) {DSA-4592-1} - mediawiki 1:1.31.6-1 NOTE: https://gerrit.wikimedia.org/r/q/Ie54f366986056c876eade0fcad6c41f70b8b8de8 NOTE: https://phabricator.wikimedia.org/T239466 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-December/092886.html CVE-2019-19708 (The VisualEditor extension through 1.34 for MediaWiki allows XSS via p ...) NOT-FOR-US: VisualEditor MediaWiki extension CVE-2019-19707 (On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware thr ...) NOT-FOR-US: Moxa CVE-2019-19706 RESERVED CVE-2019-19705 RESERVED CVE-2019-19704 (In JetBrains Upsource before 2020.1, information disclosure is possibl ...) NOT-FOR-US: JetBrains Upsource CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Authoriza ...) NOT-FOR-US: Ktor CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML Ext ...) NOT-FOR-US: Modoboa CVE-2019-19701 RESERVED CVE-2019-19700 RESERVED CVE-2019-19699 (There is Authenticated remote code execution in Centreon Infrastructur ...) - centreon-web (bug #913903) CVE-2019-19698 (marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav ...) NOT-FOR-US: libwav CVE-2019-19697 (An arbitrary code execution vulnerability exists in the Trend Micro Se ...) NOT-FOR-US: Trend Micro CVE-2019-19696 (A RootCA vulnerability found in Trend Micro Password Manager for Windo ...) NOT-FOR-US: Trend Micro CVE-2019-19695 (A privilege escalation vulnerability in Trend Micro Antivirus for Mac ...) NOT-FOR-US: Trend Micro CVE-2019-19694 (The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family ...) NOT-FOR-US: Trend Micro CVE-2019-19693 (The Trend Micro Security 2020 consumer family of products contains a v ...) NOT-FOR-US: Trend Micro CVE-2019-19692 (Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS ...) NOT-FOR-US: Trend Micro CVE-2019-19691 (A vulnerability in Trend Micro Apex One and OfficeScan XG could allow ...) NOT-FOR-US: Trend Micro CVE-2019-19690 (Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and ...) NOT-FOR-US: Trend Micro CVE-2019-19689 (Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) co ...) NOT-FOR-US: Trend Micro CVE-2019-19688 (A privilege escalation vulnerability in Trend Micro HouseCall for Home ...) NOT-FOR-US: Trend Micro CVE-2019-19687 (OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in th ...) - keystone 2:16.0.0-5 (bug #946614) [buster] - keystone (Vulnerable code introduced later) [stretch] - keystone (Vulnerable code introduced later) [jessie] - keystone (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/8 NOTE: https://bugs.launchpad.net/keystone/+bug/1855080 CVE-2019-19686 RESERVED CVE-2019-19685 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF ...) NOT-FOR-US: RoxyFileman in nopCommerce CVE-2019-19684 (nopCommerce v4.2.0 allows privilege escalation via file upload in Pres ...) NOT-FOR-US: nopCommerce CVE-2019-19683 (RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ ...) NOT-FOR-US: RoxyFileman in nopCommerce CVE-2019-19682 (nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the co ...) NOT-FOR-US: nopCommerce CVE-2019-19681 (** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vuln ...) NOT-FOR-US: Pandora FMS CVE-2019-19680 (A file-extension filtering vulnerability in Proofpoint Enterprise Prot ...) NOT-FOR-US: ProofPoint Protection Server Email Firewall CVE-2019-19679 (In "Xray Test Management for Jira" prior to version 3.5.5, remote auth ...) NOT-FOR-US: Xray Test Management for Jira CVE-2019-19678 (In "Xray Test Management for Jira" prior to version 3.5.5, remote auth ...) NOT-FOR-US: Xray Test Management for Jira CVE-2019-19677 (arxes-tolina 3.0.0 allows User Enumeration. ...) NOT-FOR-US: Arxes Tolina CVE-2019-19676 (A CSV injection in arxes-tolina 3.0.0 allows malicious users to gain r ...) NOT-FOR-US: Arxes Tolina CVE-2019-19675 (In Ivanti Workspace Control before 10.3.180.0. a locally authenticated ...) NOT-FOR-US: Ivanti Workspace Control CVE-2019-19674 RESERVED CVE-2019-19673 RESERVED CVE-2019-19672 RESERVED CVE-2019-19671 RESERVED CVE-2019-19670 (A HTTP Response Splitting vulnerability was identified in the Web Sett ...) NOT-FOR-US: Rumpus FTP Server CVE-2019-19669 (A CSRF vulnerability exists in the Upload Center Forms Component of We ...) NOT-FOR-US: Rumpus FTP CVE-2019-19668 (A CSRF vulnerability exists in the File Types component of Web File Ma ...) NOT-FOR-US: Rumpus FTP CVE-2019-19667 (A CSRF vulnerability exists in the Block Clients component of Web File ...) NOT-FOR-US: Rumpus FTP CVE-2019-19666 (A CSRF vulnerability exists in the Event Notices Settings of Web File ...) NOT-FOR-US: Rumpus FTP CVE-2019-19665 (A CSRF vulnerability exists in the FTP Settings of Web File Manager in ...) NOT-FOR-US: Rumpus FTP CVE-2019-19664 (A CSRF vulnerability exists in the Web Settings of Web File Manager in ...) NOT-FOR-US: Rumpus FTP CVE-2019-19663 (A CSRF vulnerability exists in the Folder Sets Settings of Web File Ma ...) NOT-FOR-US: Rumpus FTP CVE-2019-19662 (A CSRF vulnerability exists in the Web File Manager's Create/Delete Ac ...) NOT-FOR-US: Rumpus FTP CVE-2019-19661 (A Cookie based reflected XSS exists in the Web File Manager of Rumpus ...) NOT-FOR-US: Rumpus FTP CVE-2019-19660 (A CSRF vulnerability exists in the Web File Manager's Network Setting ...) NOT-FOR-US: Rumpus FTP CVE-2019-19659 (A CSRF vulnerability exists in the Web File Manager's Edit Accounts fu ...) NOT-FOR-US: Rumpus FTP CVE-2019-19658 RESERVED CVE-2019-19657 RESERVED CVE-2019-19656 RESERVED CVE-2019-19655 RESERVED CVE-2019-19654 RESERVED CVE-2019-19653 RESERVED CVE-2019-19652 RESERVED CVE-2019-19651 RESERVED CVE-2019-19650 (Zoho ManageEngine Applications Manager before 13640 allows a remote au ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2019-19649 (Zoho ManageEngine Applications Manager before 13620 allows a remote un ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2019-19648 (In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, ...) - yara (unimportant) NOTE: https://github.com/VirusTotal/yara/issues/1178 NOTE: Negligible security impact CVE-2019-19647 (radare2 through 4.0.0 lacks validation of the content variable in the ...) - radare2 4.2.1+dfsg-1 (bug #947402) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radareorg/radare2/issues/15545 NOTE: https://github.com/radareorg/radare2/commit/07b5e062f2d4a00403ff031302cb18dfa58e3805 (4.1.0) CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_ ...) - sqlite3 (Generated column support added later) NOTE: https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3 NOTE: https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger infinite ...) - sqlite3 3.30.1+fossil191229-1 (bug #946612) [buster] - sqlite3 (Minor issue, too intrusive to backport) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Minor issue) NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06 CVE-2019-19644 RESERVED CVE-2019-19643 (ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. ...) NOT-FOR-US: ise smart connect KNX Vaillant CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...) NOT-FOR-US: SuperMicro CVE-2019-19641 RESERVED CVE-2019-19640 RESERVED CVE-2019-19639 RESERVED CVE-2019-19638 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/102 CVE-2019-19637 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/105 CVE-2019-19636 (An issue was discovered in libsixel 1.8.2. There is an integer overflo ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/104 CVE-2019-19635 (An issue was discovered in libsixel 1.8.2. There is a heap-based buffe ...) - libsixel 1.8.6-1 (low; bug #948103) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/103 CVE-2019-19634 (class.upload.php in verot.net class.upload through 1.0.3 and 2.x throu ...) NOT-FOR-US: K2 extension for Joomla! CVE-2019-19633 RESERVED CVE-2019-19632 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...) NOT-FOR-US: Big Switch Networks CVE-2019-19631 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...) NOT-FOR-US: Big Switch Networks CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...) {DLA-2700-1 DLA-2026-1} - htmldoc 1.9.7-1 (unimportant; bug #988289) [buster] - htmldoc 1.9.3-1+deb10u1 NOTE: https://github.com/michaelrsweet/htmldoc/issues/370 NOTE: https://github.com/michaelrsweet/htmldoc/commit/8a129c520e90fc967351f3e165f967128a88f09c NOTE: Crash in CLI tool, no security impact CVE-2019-19629 (In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferrin ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/ CVE-2019-19628 (In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient par ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/ CVE-2019-19627 (SROS 2 0.8.1 (after CVE-2019-19625 is mitigated) leaks ROS 2 node-rela ...) NOT-FOR-US: SROS CVE-2019-19626 RESERVED CVE-2019-19625 (SROS 2 0.8.1 (which provides the tools that generate and distribute ke ...) NOT-FOR-US: SROS CVE-2019-19624 (An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifica ...) - opencv 4.1.2+dfsg-3 [buster] - opencv (Minor issue; can be fixed via point release) [stretch] - opencv (Vulnerable code introduced later) [jessie] - opencv (Vulnerable code introduced later) NOTE: https://github.com/opencv/opencv/commit/d1615ba11a93062b1429fce9f0f638d1572d3418 NOTE: https://github.com/opencv/opencv/issues/14554 CVE-2019-19623 RESERVED CVE-2019-19622 RESERVED CVE-2019-19621 RESERVED CVE-2019-19620 (In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user ca ...) NOT-FOR-US: SecureWorks Red Cloak Windows Agent CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mishandle ...) NOT-FOR-US: Documize CVE-2019-19618 RESERVED CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...) {DLA-2413-1 DLA-2024-1} - phpmyadmin 4:4.9.2+dfsg1-1 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9 CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...) NOT-FOR-US: Microsoft Dynamics NAV CVE-2019-19615 (Multiple XSS vulnerabilities exist in the Backup & Restore module ...) NOT-FOR-US: FreePBX CVE-2019-19614 (An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login p ...) NOT-FOR-US: Halvotec RAQuest CVE-2019-19613 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login p ...) NOT-FOR-US: Halvotec RaQuest CVE-2019-19612 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. Several fea ...) NOT-FOR-US: Halvotec RaQuest CVE-2019-19611 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the ...) NOT-FOR-US: Halvotec RaQuest CVE-2019-19610 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. It allows s ...) NOT-FOR-US: Halvotec RaQuest CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...) NOT-FOR-US: Strapi CVE-2019-19608 (A SQL injection vulnerability in in the web conferencing component of ...) NOT-FOR-US: Mitel CVE-2019-19607 (A SQL injection vulnerability in the web conferencing component of Mit ...) NOT-FOR-US: Mitel CVE-2019-19606 (X-Plane before 11.41 has multiple improper path validations that could ...) NOT-FOR-US: X-Plane CVE-2019-19605 (X-Plane before 11.41 allows Arbitrary Memory Write via crafted network ...) NOT-FOR-US: X-Plane CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.21.x b ...) - git 1:2.24.0-2 [buster] - git 1:2.20.1-2+deb10u1 [stretch] - git (Vulnerable code introduced in v2.20.0-rc0) [jessie] - git (Vulnerable code introduced in v2.20.0-rc0) NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e904deb89d9a9669a76a426182506a084d3f6308 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=bb92255ebe6bccd76227e023d6d0bc997e318ad0 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c1547450748fcbac21675f2681506d2d80351a19 NOTE: Upstream did backport fixes for CVE-2019-19604 to older versions as the introducing NOTE: version for sake of robustness/hardening. In particular, the server-side protection NOTE: provided by the fsck is useful for protecting unpatched clients that are affected NOTE: by the bug. NOTE: https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent ...) - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 (Minor issue, too intrusive to backport) [stretch] - sqlite3 (vulnerable code not present) [jessie] - sqlite3 (Minor issue) NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13 CVE-2019-19601 (OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of ...) - texlive-bin (unimportant; bug #949630) NOTE: https://github.com/pkubowicz/opendetex/issues/60 NOTE: Debian builds using the kpathsea codepaths. CVE-2019-19600 RESERVED CVE-2019-19599 RESERVED CVE-2019-19602 (fpregs_state_valid in arch/x86/include/asm/fpu/internal.h in the Linux ...) - linux 5.3.15-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/59c4bd853abcea95eccc167a7d7fd5f1a5f47b98 CVE-2019-19598 (D-Link DAP-1860 devices before v1.04b03 Beta allow access to administr ...) NOT-FOR-US: D-Link CVE-2019-19597 (D-Link DAP-1860 devices before v1.04b03 Beta allow arbitrary remote co ...) NOT-FOR-US: D-Link CVE-2019-19596 (GitBook through 2.6.9 allows XSS via a local .md file. ...) NOT-FOR-US: GitBook CVE-2019-19595 (reset/modules/advanced_form_maker_edit/multiupload/upload.php in the R ...) NOT-FOR-US: RESET.PRO Adobe Stock API integration for PrestaShop CVE-2019-19594 (reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stoc ...) NOT-FOR-US: Adobe Stock API integration for PrestaShop CVE-2019-19593 RESERVED CVE-2019-19592 (Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting ...) NOT-FOR-US: Jama Connect CVE-2019-19591 RESERVED CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the variable ...) - radare2 4.2.1+dfsg-1 (bug #947791) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radareorg/radare2/issues/15543 NOTE: https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70 CVE-2019-19589 (** DISPUTED ** The Lever PDF Embedder plugin 4.4 for WordPress does no ...) NOT-FOR-US: Lever PDF Embedder plugin for WordPress CVE-2019-19588 (The validators package 0.12.2 through 0.12.5 for Python enters an infi ...) NOT-FOR-US: validators Python package CVE-2019-19587 (In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updatin ...) NOT-FOR-US: WSO2 Enterprise Integrator CVE-2019-19586 RESERVED CVE-2019-19585 (An issue was discovered in rConfig 3.9.3. The install script updates t ...) NOT-FOR-US: rConfig CVE-2019-19584 RESERVED CVE-2019-19583 (An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH gue ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-308.html CVE-2019-19582 (An issue was discovered in Xen through 4.12.x allowing x86 guest OS us ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-307.html CVE-2019-19581 (An issue was discovered in Xen through 4.12.x allowing 32-bit Arm gues ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-307.html CVE-2019-19580 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-310.html CVE-2019-19578 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-309.html CVE-2019-19577 (An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM gue ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-311.html CVE-2019-19579 (An issue was discovered in Xen through 4.12.x allowing attackers to ga ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-306.html CVE-2019-19576 (class.upload.php in verot.net class.upload before 1.0.3 and 2.x before ...) NOT-FOR-US: K2 extension for Joomla! CVE-2019-19575 RESERVED CVE-2019-19574 RESERVED CVE-2019-19573 RESERVED CVE-2019-19572 RESERVED CVE-2019-19571 RESERVED CVE-2019-19570 RESERVED CVE-2019-19569 RESERVED CVE-2019-19568 RESERVED CVE-2019-19567 RESERVED CVE-2019-19566 RESERVED CVE-2019-19565 RESERVED CVE-2019-19564 RESERVED CVE-2019-19563 (A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 ...) NOT-FOR-US: Mercedes-Benz HERMES CVE-2019-19562 (An authentication bypass in the debug interface in Mercedes-Benz HERME ...) NOT-FOR-US: Mercedes-Benz HERMES CVE-2019-19561 (A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 ...) NOT-FOR-US: Mercedes-Benz HERMES CVE-2019-19560 (An authentication bypass in the debug interface in Mercedes-Benz HERME ...) NOT-FOR-US: Mercedes-Benz HERMES CVE-2019-19559 RESERVED CVE-2019-19558 RESERVED CVE-2019-19557 (A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 al ...) NOT-FOR-US: Mercedes-Benz HERMES CVE-2019-19556 (An authentication bypass in the debug interface in Mercedes-Benz HERME ...) NOT-FOR-US: Mercedes-Benz HERMES CVE-2019-19555 (read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buf ...) {DLA-2073-1} - fig2dev 1:3.2.7b-2 (unimportant; bug #946176) [buster] - fig2dev 1:3.2.7a-5+deb10u2 [stretch] - fig2dev 1:3.2.6a-2+deb9u3 - transfig (unimportant) NOTE: https://sourceforge.net/p/mcj/tickets/55/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/19db5fe6f77ebad91af4b4ef0defd61bd0bb358f/ NOTE: Crash in CLI tool, negligible security impact CVE-2019-19554 RESERVED CVE-2019-19553 (In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector cou ...) {DLA-2547-1} - wireshark 3.0.7-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Can be fixed along in next 1.12.x DLA) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=34d2e0d5318d0a7e9889498c721639e5cbf4ce45 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-22.html CVE-2019-19552 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists i ...) NOT-FOR-US: FreePBX CVE-2019-19551 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists i ...) NOT-FOR-US: FreePBX CVE-2019-19550 (Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 ...) NOT-FOR-US: Senior Rubiweb CVE-2019-19549 RESERVED CVE-2019-19548 (Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privil ...) NOT-FOR-US: Norton CVE-2019-19547 (Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may b ...) NOT-FOR-US: Symantec CVE-2019-19546 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to an in ...) NOT-FOR-US: Norton Password Manager CVE-2019-19545 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cro ...) NOT-FOR-US: Norton Password Manager CVE-2019-19544 (CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to ...) NOT-FOR-US: CA Automic Dollar Universe CVE-2019-19542 (The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS ...) NOT-FOR-US: ListingPro theme for WordPress CVE-2019-19541 (The ListingPro theme before v2.0.14.2 for WordPress has Persistent XSS ...) NOT-FOR-US: ListingPro theme for WordPress CVE-2019-19540 (The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS ...) NOT-FOR-US: ListingPro theme for WordPress CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in serial_ ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01AB ...) NOT-FOR-US: Idelji Web ViewPoint CVE-2019-19538 (In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0. ...) NOT-FOR-US: FreePBX CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...) {DLA-2114-1 DLA-2068-1} - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff CVE-2019-19536 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) {DLA-2114-1 DLA-2068-1} - linux 5.2.9-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/ead16e53c2f0ed946d82d4037c630e2f60f4ab69 CVE-2019-19535 (In the Linux kernel before 5.2.9, there is an info-leak bug that can b ...) {DLA-2114-1} - linux 5.2.9-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/30a8beeb3042f49d0537b7050fd21b490166a3d9 CVE-2019-19534 (In the Linux kernel before 5.3.11, there is an info-leak bug that can ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd CVE-2019-19533 (In the Linux kernel before 5.3.4, there is an info-leak bug that can b ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/a10feaf8c464c3f9cfdd3a8a7ce17e1c0d498da1 CVE-2019-19532 (In the Linux kernel before 5.3.9, there are multiple out-of-bounds wri ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b CVE-2019-19531 (In the Linux kernel before 5.2.9, there is a use-after-free bug that c ...) {DLA-2114-1 DLA-2068-1} - linux 5.2.9-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/fc05481b2fcabaaeccf63e32ac1baab54e5b6963 CVE-2019-19530 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) {DLA-2114-1 DLA-2068-1} - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625 CVE-2019-19529 (In the Linux kernel before 5.3.11, there is a use-after-free bug that ...) - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4d6636498c41891d0482a914dd570343a838ad79 CVE-2019-19528 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerable code not yet present in released version) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/edc4746f253d907d048de680a621e121517f484b CVE-2019-19527 (In the Linux kernel before 5.2.10, there is a use-after-free bug that ...) {DLA-2114-1 DLA-2068-1} - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/6d4472d7bec39917b54e4e80245784ea5d60ce49 NOTE: https://git.kernel.org/linus/9c09b214f30e3c11f9b0b03f89442df03643794d CVE-2019-19526 (In the Linux kernel before 5.3.9, there is a use-after-free bug that c ...) - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/6af3aa57a0984e061f61308fe181a9a12359fecc CVE-2019-19525 (In the Linux kernel before 5.3.6, there is a use-after-free bug that c ...) {DLA-2114-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7fd25e6fc035f4b04b75bca6d7e8daa069603a76 CVE-2019-19524 (In the Linux kernel before 5.3.12, there is a use-after-free bug that ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86 CVE-2019-19523 (In the Linux kernel before 5.3.7, there is a use-after-free bug that c ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/44efc269db7929f6275a1fa927ef082e533ecde0 CVE-2019-19522 (OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey aut ...) NOT-FOR-US: OpenBSD CVE-2019-19521 (libc in OpenBSD 6.6 allows authentication bypass via the -schallenge u ...) NOT-FOR-US: OpenBSD CVE-2019-19520 (xlock in OpenBSD 6.6 allows local users to gain the privileges of the ...) NOT-FOR-US: OpenBSD CVE-2019-19519 (In OpenBSD 6.6, local users can use the su -L option to achieve any lo ...) NOT-FOR-US: OpenBSD CVE-2019-19518 (CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, relat ...) NOT-FOR-US: CA Automic Sysload CVE-2019-19517 (Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html for ...) NOT-FOR-US: Intelbras CVE-2019-19516 (Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp ...) NOT-FOR-US: Intelbras WRN CVE-2019-19515 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireles ...) NOT-FOR-US: Ayision CVE-2019-19514 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic r ...) NOT-FOR-US: Ayision CVE-2019-19513 (The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows ...) NOT-FOR-US: BASS Audio Library CVE-2019-19512 RESERVED CVE-2019-19511 RESERVED CVE-2019-19510 RESERVED CVE-2019-19509 (An issue was discovered in rConfig 3.9.3. A remote authenticated user ...) NOT-FOR-US: rConfig CVE-2019-19508 RESERVED CVE-2019-19507 (In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can ...) NOT-FOR-US: Json Pattern Validator CVE-2019-19506 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial ...) NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender CVE-2019-19505 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-b ...) NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender CVE-2019-19504 RESERVED CVE-2019-19503 RESERVED CVE-2019-19502 (Code injection in pluginconfig.php in Image Uploader and Browser for C ...) NOT-FOR-US: ckeditor plugin CVE-2019-19501 (VeraCrypt 1.24 allows Local Privilege Escalation during execution of V ...) NOT-FOR-US: VeraCrypt CVE-2019-19500 (Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS v ...) NOT-FOR-US: Matrix42 Workspace Management CVE-2019-19499 (Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which co ...) - grafana CVE-2019-19498 RESERVED CVE-2019-19497 (MDaemon Email Server 17.5.1 allows XSS via the filename of an attachme ...) NOT-FOR-US: MDaemon Email Server CVE-2019-19496 (Alfresco Enterprise before 5.2.5 allows stored XSS via an uploaded HTM ...) NOT-FOR-US: Alfresco CVE-2019-19495 (The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable t ...) NOT-FOR-US: Technicolor CVE-2019-19494 (Broadcom based cable modems across multiple vendors are vulnerable to ...) NOT-FOR-US: Broadcom based cable modems CVE-2019-19493 (Kentico before 12.0.50 allows file uploads in which the Content-Type h ...) NOT-FOR-US: Kentico CVE-2019-19492 (FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socke ...) - freeswitch (bug #389591) CVE-2019-19491 (TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit par ...) NOT-FOR-US: TestLink CVE-2019-19490 (LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the ...) NOT-FOR-US: LiteManager CVE-2019-19489 (SMPlayer 19.5.0 has a buffer overflow via a long .m3u file. ...) NOTE: Bogus report, smplayer correctly bails out CVE-2019-19488 RESERVED CVE-2019-19487 (Command Injection in minPlayCommand.php in Centreon (19.04.4 and below ...) - centreon-web (bug #913903) CVE-2019-19486 (Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and be ...) - centreon-web (bug #913903) CVE-2019-19485 RESERVED CVE-2019-19484 (Open redirect via parameter ‘p’ in login.php in Centreon ( ...) - centreon-web (bug #913903) CVE-2019-19483 RESERVED CVE-2019-19482 RESERVED CVE-2019-19481 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...) - opensc 0.19.0~rc1-1 [stretch] - opensc (Vulnerable code not present) [jessie] - opensc (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618 NOTE: CAC support added in: https://github.com/OpenSC/OpenSC/commit/777e2a3751e3f6d53f056c98e9e20e42af674fb1 (0.17.0-rc1) NOTE: Drop support of CAC1: https://github.com/OpenSC/OpenSC/commit/2190bb927c739852266481d6517aaf3a07b52526 (0.19.0-rc1) NOTE: Restored minimal CAC1 driver support: https://github.com/OpenSC/OpenSC/commit/e2b1fb81e0e1339eebaa36fb90635e03f69d4da3 (0.20.0-rc1) NOTE: https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278 NOTE: Mark 0.19.0~rc1 based version as fixed which removed the affected code, which NOTE: later was re-introduced upstream in 0.20.0~rc1 again. CVE-2019-19480 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...) - opensc (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478 NOTE: Introduced in: https://github.com/OpenSC/OpenSC/commit/630d6adf32cecaab0ee184618f56497bd50400fb NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 NOTE: The introducing commit attempted to fix a memory leak issue, and later on NOTE: further memleak issues were addressed related to those changes. But those NOTE: fixes are not related "directly" to the CVE assignment for the incorrect NOTE: free operation in sc_pkcs15_decode_prkdf_entry. CVE-2019-19479 (An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0. ...) {DLA-2046-1} - opensc 0.20.0-1 (bug #947383) [buster] - opensc (Minor issue) [stretch] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 NOTE: https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 CVE-2019-19478 RESERVED CVE-2019-19477 RESERVED CVE-2019-19476 RESERVED CVE-2019-19475 (An issue was discovered in ManageEngine Applications Manager 14 with B ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2019-19474 RESERVED CVE-2019-19473 RESERVED CVE-2019-19472 RESERVED CVE-2019-19471 RESERVED CVE-2019-19470 (Unsafe usage of .NET deserialization in Named Pipe message processing ...) NOT-FOR-US: TinyWall Controller CVE-2019-19469 (In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks ...) NOT-FOR-US: Zmanda Management Console CVE-2019-19468 (Free Photo Viewer 1.3 allows remote attackers to execute arbitrary cod ...) NOT-FOR-US: Free Photo Viewer CVE-2019-19467 RESERVED CVE-2019-19466 (SCEditor 2.1.3 allows XSS. ...) NOT-FOR-US: SCEditor CVE-2019-19465 RESERVED CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.26.0 fo ...) NOT-FOR-US: CBC Gem application for Android CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has an Un ...) NOT-FOR-US: Anhui Huami Mi Fit application for Android CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-2 [jessie] - linux (Vulnerability introduced later) CVE-2019-19461 (Post-authentication Stored XSS in Team Password Manager through 7.93.2 ...) NOT-FOR-US: Team Password Manager CVE-2019-19460 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product' ...) NOT-FOR-US: SALTO ProAccess SPACE CVE-2019-19459 (An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker ...) NOT-FOR-US: SALTO ProAccess SPACE CVE-2019-19458 (SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data E ...) NOT-FOR-US: SALTO ProAccess SPACE CVE-2019-19457 (SALTO ProAccess SPACE 5.4.3.0 allows XSS. ...) NOT-FOR-US: SALTO ProAccess SPACE CVE-2019-19456 (A Reflected XSS was found in the server selection box inside the login ...) NOT-FOR-US: Wowza Streaming Engine CVE-2019-19455 (Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may ...) NOT-FOR-US: Wowza Streaming Engine CVE-2019-19454 (An arbitrary file download was found in the "Download Log" functionali ...) NOT-FOR-US: Wowza Streaming Engine CVE-2019-19453 (Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An auth ...) NOT-FOR-US: Wowza Streaming Engine CVE-2019-19452 (A buffer overflow was found in Patriot Viper RGB through 1.1 when proc ...) NOT-FOR-US: Patriot Viper RGB CVE-2019-19451 (When GNOME Dia before 2019-11-27 is launched with a filename argument ...) - dia (unimportant; bug #945876) NOTE: https://gitlab.gnome.org/GNOME/dia/issues/428 NOTE: Introduced by: https://gitlab.gnome.org/GNOME/dia/commit/9a5f438d4b3e718c8ab0efe01d08ee2c3a0d9a86 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/dia/commit/baa2df853f9fb770eedcf3d94c7f5becebc90bb9 NOTE: Negligible security impact, hang in end user tool CVE-2019-19450 RESERVED CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...) - linux [bullseye] - linux (Minor issue, revisit once fixed upstream) [buster] - linux (Minor issue, revisit once fixed upstream) NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449 CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesy ...) {DLA-2420-1 DLA-2385-1} - linux 5.7.17-1 [buster] - linux 4.19.146-1 NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448 CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, ...) {DLA-2241-1 DLA-2114-1} - linux 5.4.6-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447 NOTE: https://git.kernel.org/linus/c7df4a1ecb8579838ec8c56b2bb6a6716e974f37 CVE-2019-19446 RESERVED CVE-2019-19445 RESERVED CVE-2019-19444 RESERVED CVE-2019-19443 RESERVED CVE-2019-19442 RESERVED CVE-2019-19441 (HUAWEI P30 smart phones with versions earlier than 10.0.0.166(C00E66R1 ...) NOT-FOR-US: Huawei CVE-2019-19440 RESERVED CVE-2019-19439 RESERVED CVE-2019-19438 RESERVED CVE-2019-19437 RESERVED CVE-2019-19436 RESERVED CVE-2019-19435 RESERVED CVE-2019-19434 RESERVED CVE-2019-19433 RESERVED CVE-2019-19432 RESERVED CVE-2019-19431 RESERVED CVE-2019-19430 RESERVED CVE-2019-19429 RESERVED CVE-2019-19428 RESERVED CVE-2019-19427 RESERVED CVE-2019-19426 RESERVED CVE-2019-19425 RESERVED CVE-2019-19424 RESERVED CVE-2019-19423 RESERVED CVE-2019-19422 RESERVED CVE-2019-19421 RESERVED CVE-2019-19420 RESERVED CVE-2019-19419 RESERVED CVE-2019-19418 RESERVED CVE-2019-19417 (The SIP module of some Huawei products have a denial of service (DoS) ...) NOT-FOR-US: Huawei CVE-2019-19416 (The SIP module of some Huawei products have a denial of service (DoS) ...) NOT-FOR-US: Huawei CVE-2019-19415 (The SIP module of some Huawei products have a denial of service (DoS) ...) NOT-FOR-US: Huawei CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of some Huaw ...) NOT-FOR-US: Huawei CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...) NOT-FOR-US: Huawei CVE-2019-19412 (Huawei smart phones have a Factory Reset Protection (FRP) bypass secur ...) NOT-FOR-US: Huawei CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...) NOT-FOR-US: Huawei CVE-2019-19410 RESERVED CVE-2019-19409 RESERVED CVE-2019-19408 RESERVED CVE-2019-19407 RESERVED CVE-2019-19406 RESERVED CVE-2019-19405 RESERVED CVE-2019-19404 RESERVED CVE-2019-19403 RESERVED CVE-2019-19402 RESERVED CVE-2019-19401 RESERVED CVE-2019-19400 RESERVED CVE-2019-19399 RESERVED CVE-2019-19398 (M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input ...) NOT-FOR-US: Huawei CVE-2019-19397 (There is a weak algorithm vulnerability in some Huawei products. The a ...) NOT-FOR-US: Huawei CVE-2019-19396 (illumos, as used in OmniOS Community Edition before r151030y, allows a ...) NOT-FOR-US: illumos CVE-2019-19395 RESERVED CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x bef ...) NOT-FOR-US: CFEngine Enterprise CVE-2019-19393 (The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to ...) NOT-FOR-US: Rittal CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...) NOT-FOR-US: forDNN.UsersExportImport module for DNN CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...) - luajit (bug #946053; unimportant) NOTE: https://github.com/LuaJIT/LuaJIT/pull/526 NOTE: Negligible security impact. The debug library is unsafe per se and one is NOTE: not supposed to release an application with the debug library. CVE-2019-19390 (The Search parameter of the Software Catalogue section of Matrix42 Wor ...) NOT-FOR-US: Matrix42 Workspace Management CVE-2019-19389 (JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP R ...) NOT-FOR-US: JetBrains Ktor framework CVE-2019-19388 (A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_d ...) NOT-FOR-US: FusionPBX CVE-2019-19387 (A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_inter ...) NOT-FOR-US: FusionPBX CVE-2019-19386 (A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/ ...) NOT-FOR-US: FusionPBX CVE-2019-19385 (A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans. ...) NOT-FOR-US: FusionPBX CVE-2019-19384 (A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php ...) NOT-FOR-US: FusionPBX CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted ...) NOT-FOR-US: freeFTPd CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the ...) NOT-FOR-US: Max Secure Anti Virus Plus CVE-2019-19381 (oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 b ...) NOT-FOR-US: Abacus OAuth Login CVE-2019-19380 RESERVED CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can bypass ...) NOT-FOR-US: MISP CVE-2019-19378 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...) - linux [bullseye] - linux (Minor issue) [buster] - linux (Minor issue) CVE-2019-19377 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...) {DLA-2483-1} - linux 5.6.7-1 [buster] - linux 4.19.160-1 NOTE: https://git.kernel.org/linus/b3ff8f1d380e65dddd772542aa9bff6c86bf715a CVE-2019-19376 (In Octopus Deploy before 2019.10.6, an authenticated user with TeamEdi ...) NOT-FOR-US: Octopus Deploy CVE-2019-19375 (In Octopus Deploy before 2019.10.7, in a configuration where SSL offlo ...) NOT-FOR-US: Octopus Deploy CVE-2019-19374 (An issue was discovered in core/assets/form/form_question_types/form_q ...) NOT-FOR-US: Squiz Matrix CMS CVE-2019-19373 (An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5. ...) NOT-FOR-US: Squiz Matrix CMS CVE-2019-19372 (** DISPUTED ** A downloadFile.php download_file path traversal vulnera ...) NOT-FOR-US: rConfig CVE-2019-19371 (A cross-site scripting (XSS) vulnerability in the web conferencing com ...) NOT-FOR-US: Mitel CVE-2019-19370 (A cross-site scripting (XSS) vulnerability in the web conferencing com ...) NOT-FOR-US: Mitel CVE-2019-19369 RESERVED CVE-2019-19368 (A Reflected Cross Site Scripting was discovered in the Login page of R ...) NOT-FOR-US: Rumpus FTP Web File Manager CVE-2019-19367 (A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in ...) NOT-FOR-US: FusionPBX CVE-2019-19366 (A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_sear ...) NOT-FOR-US: FusionPBX CVE-2019-19365 RESERVED CVE-2019-19364 (A weak malicious user can escalate its privilege whenever CatalystProd ...) NOT-FOR-US: Sony Catalyst Production Suite CVE-2019-19363 (An issue was discovered in Ricoh (including Savin and Lanier) Windows ...) NOT-FOR-US: Ricoh CVE-2019-19362 (An issue was discovered in the Chat functionality of the TeamViewer de ...) NOT-FOR-US: TeamViewer CVE-2019-19361 RESERVED CVE-2019-19360 RESERVED CVE-2019-19359 RESERVED CVE-2019-19358 RESERVED CVE-2019-19357 RESERVED CVE-2019-19356 (Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE ...) NOT-FOR-US: Netis WF2419 CVE-2019-19355 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2019-19354 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2019-19353 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2019-19352 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2019-19351 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2019-19350 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2019-19349 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2019-19348 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2019-19347 REJECTED CVE-2019-19346 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2019-19345 (A vulnerability was found in all openshift/mediawiki-apb 4.x.x version ...) NOT-FOR-US: openshift CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...) - samba 2:4.11.5+dfsg-1 (bug #950499) [buster] - samba (Minor issue) [stretch] - samba (Only affects Samba 4.9 onwards) [jessie] - samba (Only affects Samba 4.9 onwards) NOTE: https://www.samba.org/samba/security/CVE-2019-19344.html CVE-2019-19343 (A flaw was found in Undertow when using Remoting as shipped in Red Hat ...) - undertow (bug #948024; unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780445 NOTE: Issue affects both Undertow and rmeoting, but for adressing the immediate NOTE: issue only af fix via remoting (https://issues.redhat.com/browse/REM3-347) NOTE: was added. CVE-2019-19342 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...) NOT-FOR-US: Ansible Tower CVE-2019-19341 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2, where ...) NOT-FOR-US: Ansible Tower CVE-2019-19340 (A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5 ...) NOT-FOR-US: Ansible Tower CVE-2019-19339 (It was found that the Red Hat Enterprise Linux 8 kpatch update did not ...) NOT-FOR-US: Red Hat specific kpatch update which was incomplete to address CVE-2018-12207 CVE-2019-19338 (A flaw was found in the fix for CVE-2019-11135, in the Linux upstream ...) - linux (Only affects specific distro kernels which do not include commit e1d38b63acd8) NOTE: https://www.openwall.com/lists/oss-security/2019/12/10/3 NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/1 CVE-2019-19337 (A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph ...) - ceph (Only affects Ceph as packaged by Red Hat) CVE-2019-19336 (A cross-site scripting vulnerability was reported in the oVirt-engine' ...) NOT-FOR-US: ovirt-engine CVE-2019-19335 (During installation of an OpenShift 4 cluster, the `openshift-install` ...) NOT-FOR-US: OpenShift CVE-2019-19334 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...) - libyang 0.16.105-2 (bug #946217) [buster] - libyang 0.16.105-1+deb10u1 NOTE: https://github.com/CESNET/libyang/commit/6980afae2ff9fcd6d67508b0a3f694d75fd059d6 CVE-2019-19333 (In all versions of libyang before 1.0-r5, a stack-based buffer overflo ...) - libyang 0.16.105-2 (bug #946217) [buster] - libyang 0.16.105-1+deb10u1 NOTE: https://github.com/CESNET/libyang/commit/f6d684ade99dd37b21babaa8a856f64faa1e2e0d CVE-2019-19332 (An out-of-bounds memory write issue was found in the Linux Kernel, ver ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.6-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/433f4ba1904100da65a311033f17a9bf586b287e CVE-2019-19331 (knot-resolver before version 4.3.0 is vulnerable to denial of service ...) - knot-resolver 5.0.1-1 (bug #946181) [buster] - knot-resolver (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2019/12/04/4 CVE-2019-19329 (In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-0 ...) NOT-FOR-US: Wikibase Wikidata Query Service GUI CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before ...) NOT-FOR-US: Wikibase Wikidata Query Service GUI CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-S ...) NOT-FOR-US: Wikibase Wikidata Query Service GUI CVE-2019-19326 (Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache ...) NOT-FOR-US: SilverStripe CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...) NOT-FOR-US: SilverStripe CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms ...) NOT-FOR-US: Xmidt cjwt CVE-2019-19323 RESERVED CVE-2019-19322 RESERVED CVE-2019-19321 RESERVED CVE-2019-19320 RESERVED CVE-2019-19319 (In the Linux kernel before 5.2, a setxattr operation, after a mount of ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.2.6-1 [buster] - linux 4.19.87-1 CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...) {DLA-2586-1} - linux 5.4.6-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/9f7fec0ba89108b9385f1b9fb167861224912a4a CVE-2019-19317 (lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed b ...) - sqlite3 (Generated column support was added with SQLite version 3.31.0) NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8 NOTE: Additional testcases: https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3 CVE-2019-19316 (When using the Azure backend with a shared access signature (SAS), Ter ...) NOT-FOR-US: Terraform CVE-2019-19315 (NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitr ...) NOT-FOR-US: Nalpeiron Licensing Service CVE-2019-19314 (GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens i ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19313 (GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Servi ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19312 (GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access C ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19311 (GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group an ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19310 (GitLab Enterprise Edition (EE) 9.0 and later through 12.5 allows Infor ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19309 (GitLab Enterprise Edition (EE) 8.90 and later through 12.5 has Incorre ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19330 (The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ...) {DSA-4577-1} - haproxy 2.0.10-1 [stretch] - haproxy (Vulnerable code introduced in 1.8) [jessie] - haproxy (Vulnerable code introduced in 1.8) NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344 NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878 CVE-2019-19308 (In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, ...) - gnome-font-viewer 3.34.0-2 (unimportant) - gnome-sushi (unimportant) NOTE: https://gitlab.gnome.org/GNOME/gnome-font-viewer/issues/17 NOTE: https://gitlab.gnome.org/GNOME/gnome-font-viewer/commit/9661683379806e2bad6a52ce6dde776a33f4f981 NOTE: Crash in GUI tool, no security impact CVE-2019-19307 (An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6. ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2019-19306 (The Zoho CRM Lead Magnet plugin 1.6.9.1 for WordPress allows XSS via m ...) NOT-FOR-US: Zoho CRM Lead Magnet plugin for WordPress CVE-2019-19305 RESERVED CVE-2019-19304 RESERVED CVE-2019-19303 RESERVED CVE-2019-19302 RESERVED CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2019-19300 (A vulnerability has been identified in Development/Evaluation Kits for ...) NOT-FOR-US: Siemens CVE-2019-19299 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19298 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19297 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19296 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19295 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19294 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19293 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19292 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19291 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19290 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19289 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) NOT-FOR-US: XHQ CVE-2019-19288 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) NOT-FOR-US: XHQ CVE-2019-19287 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) NOT-FOR-US: XHQ CVE-2019-19286 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) NOT-FOR-US: XHQ CVE-2019-19285 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) NOT-FOR-US: XHQ CVE-2019-19284 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) NOT-FOR-US: XHQ CVE-2019-19283 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) NOT-FOR-US: XHQ CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), ...) NOT-FOR-US: Siemens CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) NOT-FOR-US: Siemens CVE-2019-19280 RESERVED CVE-2019-19279 (A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact ...) NOT-FOR-US: Siemens CVE-2019-19278 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 ...) NOT-FOR-US: SINAMICS CVE-2019-19277 (A vulnerability has been identified in SIPORT MP (All versions < 3. ...) NOT-FOR-US: Siemens CVE-2019-19276 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 1st ...) NOT-FOR-US: Siemens CVE-2019-19275 (typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. ...) - python3-typed-ast 1.4.0-1 (low) [buster] - python3-typed-ast (Minor issue) [stretch] - python3-typed-ast (Vulnerable code introduced later) NOTE: https://bugs.python.org/issue36495 NOTE: Introduced by: https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce (1.3.0) NOTE: Fixed by: https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b (1.3.2) CVE-2019-19274 (typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds ...) - python3-typed-ast 1.4.0-1 (low) [buster] - python3-typed-ast (Minor issue) [stretch] - python3-typed-ast (Vulnerable code introduced later) NOTE: https://bugs.python.org/issue36495 NOTE: Introduced by: https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce (1.3.0) NOTE: Fixed by: https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b (1.3.2) CVE-2019-19273 (On Samsung mobile devices with O(8.0) and P(9.0) software and an Exyno ...) NOT-FOR-US: Samsung CVE-2019-19272 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Dir ...) - proftpd-dfsg 1.3.6-1 [stretch] - proftpd-dfsg (Bug was introduced in 1.3.5c) [jessie] - proftpd-dfsg (Bug was introduced in 1.3.5c) NOTE: https://github.com/proftpd/proftpd/issues/858 NOTE: Introduced in: https://github.com/proftpd/proftpd/commit/474075d2cb8c8ced7764b1b4b5ad63a49284d61f (v1.3.5c) CVE-2019-19271 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A w ...) - proftpd-dfsg 1.3.6-1 [stretch] - proftpd-dfsg (Bug was introduced in 1.3.5c) [jessie] - proftpd-dfsg (Bug was introduced in 1.3.5c) NOTE: https://github.com/proftpd/proftpd/issues/860 NOTE: Introduced in: https://github.com/proftpd/proftpd/commit/474075d2cb8c8ced7764b1b4b5ad63a49284d61f (v1.3.5c) CVE-2019-19270 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. F ...) - proftpd-dfsg 1.3.6b-2 (bug #946346) [buster] - proftpd-dfsg 1.3.6-4+deb10u3 [stretch] - proftpd-dfsg (Bug was introduced in 1.3.5c) [jessie] - proftpd-dfsg (Bug was introduced in 1.3.5c) NOTE: https://github.com/proftpd/proftpd/issues/859 NOTE: https://github.com/proftpd/proftpd/commit/81cc5dce4fc0285629a1b08a07a109af10c208dd (master) NOTE: https://github.com/proftpd/proftpd/commit/be8e1687819cb665359bd62b4c896ff4b1a09c3f (1.3.6 branch) NOTE: Introduced in: https://github.com/proftpd/proftpd/commit/0e27c53177db6e1ce4196c772c119071678c77a7 (v1.3.5c) CVE-2019-19269 (An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A ...) {DLA-2018-1} - proftpd-dfsg 1.3.6b-2 (bug #946345) [buster] - proftpd-dfsg 1.3.6-4+deb10u3 [stretch] - proftpd-dfsg 1.3.5b-4+deb9u3 NOTE: https://github.com/proftpd/proftpd/issues/861 NOTE: https://github.com/proftpd/proftpd/commit/81cc5dce4fc0285629a1b08a07a109af10c208dd (master) NOTE: https://github.com/proftpd/proftpd/commit/be8e1687819cb665359bd62b4c896ff4b1a09c3f (1.3.6 branch) CVE-2019-19268 RESERVED CVE-2019-19267 RESERVED CVE-2019-19266 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably ...) NOT-FOR-US: IceWarp WebMail Server CVE-2019-19265 (IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably ...) NOT-FOR-US: IceWarp WebMail Server CVE-2019-19264 (In Simplifile RecordFusion through 2019-11-25, the logs and hist param ...) NOT-FOR-US: Simplifile RecordFusion CVE-2019-19263 (GitLab Enterprise Edition (EE) 8.2 and later through 12.5 has Insecure ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19262 (GitLab Enterprise Edition (EE) 11.9 and later through 12.5 has Insecur ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-2-released/ CVE-2019-19261 (GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...) [experimental] - gitlab 12.2.9-5 - gitlab 12.6.8-3 - gitlab-workhorse 8.8.1+debian-3 [buster] - gitlab-workhorse (Minor issue) [stretch] - gitlab-workhorse (Minor issue) [experimental] - gitaly 1.65.2+dfsg-1 NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19259 (GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an I ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19258 (GitLab Enterprise Edition (EE) 10.8 and later through 12.5 has Incorre ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19257 (GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 ...) [experimental] - gitlab 12.2.9-5 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19256 (GitLab Enterprise Edition (EE) 12.2 and later through 12.5 has Incorre ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19255 (GitLab Enterprise Edition (EE) 12.3 and later through 12.5 has Incorre ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19254 (GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and lat ...) [experimental] - gitlab 12.2.9-5 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19253 RESERVED NOT-FOR-US: Apereo CAS CVE-2019-19252 (vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5. ...) - linux 5.4.6-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://lore.kernel.org/lkml/c30fc539-68a8-65d7-226c-6f8e6fd8bdfb@suse.com/ CVE-2019-19251 (The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS ma ...) NOT-FOR-US: Last.fm desktop app on macOS CVE-2019-19250 (OpenTrade before 2019-11-23 allows SQL injection, related to server/mo ...) NOT-FOR-US: OpenTrade CVE-2019-19249 (Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta m ...) NOT-FOR-US: QueryTree CVE-2019-19248 (Electronic Arts Origin through 10.5.x allows Elevation of Privilege (i ...) NOT-FOR-US: Electronic Arts Origin CVE-2019-19247 (Electronic Arts Origin through 10.5.x allows Elevation of Privilege (i ...) NOT-FOR-US: Electronic Arts Origin CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ...) {DLA-2431-1 DLA-2020-1} - libonig 6.9.4-1 (low; bug #946344) [buster] - libonig (Minor issue) NOTE: https://bugs.php.net/bug.php?id=78559 NOTE: https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...) NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...) - sqlite3 3.30.1+fossil191229-1 (unimportant; bug #946656) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code, i.e. window functions, not present) NOTE: https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348 NOTE: Only triggerable with SQLITE_DEBUG, which Debian builds don't use CVE-2019-19243 RESERVED CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_C ...) - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 (Vulnerable code not present) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code not present) NOTE: https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c CVE-2019-19241 (In the Linux kernel before 5.4.2, the io_uring feature leads to reques ...) - linux 5.3.15-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1975 NOTE: https://git.kernel.org/linus/181e448d8709e517c9c7b523fcd209f24eb38ca7 NOTE: https://git.kernel.org/linus/d69e07793f891524c6bbf1e75b9ae69db4450953 CVE-2019-19240 (Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests wit ...) NOT-FOR-US: Embedthis GoAhead CVE-2019-19239 RESERVED CVE-2019-19238 RESERVED CVE-2019-19237 RESERVED CVE-2019-19236 RESERVED CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 note ...) NOT-FOR-US: ASUS CVE-2019-19234 (** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been b ...) - sudo 1.8.31-1 (bug #947225; unimportant) NOTE: https://www.sudo.ws/devel.html#1.8.30b2 NOTE: Sudo 1.8.30 adds an optional setting to check the shell of the target user NOTE: additionally. CVE-2019-19233 RESERVED CVE-2019-19232 (** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Ru ...) - sudo 1.8.31-1 (bug #947225; unimportant) NOTE: https://www.sudo.ws/devel.html#1.8.30b2 NOTE: Sudo 1.8.30 introduces an option to enable/disable the behavior. CVE-2019-19231 (An insecure file access vulnerability exists in CA Client Automation 1 ...) NOT-FOR-US: CA Client Automation CVE-2019-19230 (An unsafe deserialization vulnerability exists in CA Release Automatio ...) NOT-FOR-US: CA Release Automation (Nolio) CVE-2019-19229 (admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.1 ...) NOT-FOR-US: Fronius Solar Inverter devices CVE-2019-19228 (Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attacke ...) NOT-FOR-US: Fronius Solar Inverter devices CVE-2019-19227 (In the AppleTalk subsystem in the Linux kernel before 5.1, there is a ...) {DLA-2114-1 DLA-2068-1} - linux 5.2.6-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/9804501fa1228048857910a6bf23e085aade37cc CVE-2019-19226 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...) NOT-FOR-US: D-Link CVE-2019-19225 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...) NOT-FOR-US: D-Link CVE-2019-19224 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...) NOT-FOR-US: D-Link CVE-2019-19223 (A Broken Access Control vulnerability in the D-Link DSL-2680 web admin ...) NOT-FOR-US: D-Link CVE-2019-19222 (A Stored XSS issue in the D-Link DSL-2680 web administration interface ...) NOT-FOR-US: D-Link CVE-2019-19221 (In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string ...) - libarchive 3.4.2-1 (bug #945287) [buster] - libarchive (Minor issue) [stretch] - libarchive (Minor issue) [jessie] - libarchive (Minor issue) NOTE: https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41 NOTE: https://github.com/libarchive/libarchive/issues/1276 CVE-2019-19220 (BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of ...) NOT-FOR-US: BMC Control-M/Agent CVE-2019-19219 (BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download. ...) NOT-FOR-US: BMC Control-M/Agent CVE-2019-19218 (BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. ...) NOT-FOR-US: BMC Control-M/Agent CVE-2019-19217 (BMC Control-M/Agent 7.0.00.000 allows OS Command Injection. ...) NOT-FOR-US: BMC Control-M/Agent CVE-2019-19216 (BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. ...) NOT-FOR-US: BMC Control-M/Agent CVE-2019-19215 (A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when ...) NOT-FOR-US: BMC Control-M/Agent CVE-2019-19214 REJECTED CVE-2019-19213 REJECTED CVE-2019-19212 (Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter t ...) - dolibarr CVE-2019-19211 (Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue tha ...) - dolibarr CVE-2019-19210 (Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML docume ...) - dolibarr CVE-2019-19209 (Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. ...) - dolibarr CVE-2019-19208 (Codiad Web IDE through 2.8.4 allows PHP Code injection. ...) NOT-FOR-US: Codiad Web IDE CVE-2019-19207 (rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. ...) NOT-FOR-US: rConfig CVE-2019-19206 (Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to J ...) - dolibarr CVE-2019-19205 RESERVED CVE-2019-19204 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...) {DLA-2431-1 DLA-2020-1} - libonig 6.9.4-1 (low; bug #945313) [buster] - libonig (Minor issue) NOTE: https://github.com/kkos/oniguruma/issues/162 NOTE: https://github.com/kkos/oniguruma/commit/6eb4aca6a7f2f60f473580576d86686ed6a6ebec (v6.9.4_rc2) NOTE: Only exploitable with attacker-provided pattern CVE-2019-19203 (An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the func ...) {DLA-2431-1} - libonig 6.9.4-1 (low; bug #945312) [buster] - libonig (Minor issue) [jessie] - libonig (Minor issue, not reproducible, non-trivial backport) NOTE: https://github.com/kkos/oniguruma/issues/163 NOTE: https://github.com/kkos/oniguruma/commit/aa0188eaedc056dca8374ac03d0177429b495515 (v6.9.4_rc2) NOTE: Only exploitable with attacker-provided pattern CVE-2019-19202 (In Vtiger 7.x before 7.2.0, the My Preferences saving functionality al ...) NOT-FOR-US: Vtiger CRM CVE-2019-19201 RESERVED CVE-2019-19200 (REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access t ...) NOT-FOR-US: REDDOXX MailDepot CVE-2019-19199 (REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiratio ...) NOT-FOR-US: REDDOXX MailDepot CVE-2019-19198 (The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. ...) NOT-FOR-US: Scoutnet Kalender plugin for WordPress CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0. ...) NOT-FOR-US: Kyrol Internet Security CVE-2019-19196 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...) NOT-FOR-US: Telink CVE-2019-19195 (The Bluetooth Low Energy implementation on Microchip Technology BluSDK ...) NOT-FOR-US: Microchip CVE-2019-19194 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...) NOT-FOR-US: Telink CVE-2019-19193 (The Bluetooth Low Energy peripheral implementation on Texas Instrument ...) NOT-FOR-US: Texas Instruments CVE-2019-19192 (The Bluetooth Low Energy implementation on STMicroelectronics BLE Stac ...) NOT-FOR-US: STMicroelectronics CVE-2019-19191 (Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file ...) - shibboleth-sp (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1157471 NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-874 NOTE: This is an issue in the upstream provided spec file which is not relevant NOTE: for the binary packages build in Debian (fixed upstream in 3.1.0). The NOTE: postinst in the Debian packaging does not have similar problematic chown logic. CVE-2019-19190 RESERVED CVE-2019-19189 RESERVED CVE-2019-19188 RESERVED CVE-2019-19187 RESERVED CVE-2019-19186 RESERVED CVE-2019-19185 RESERVED CVE-2019-19184 REJECTED CVE-2019-19183 REJECTED CVE-2019-19182 RESERVED CVE-2019-19181 REJECTED CVE-2019-19180 RESERVED CVE-2019-19179 REJECTED CVE-2019-19178 REJECTED CVE-2019-19177 RESERVED CVE-2019-19176 RESERVED CVE-2019-19175 RESERVED CVE-2019-19174 RESERVED CVE-2019-19173 REJECTED CVE-2019-19172 RESERVED CVE-2019-19171 RESERVED CVE-2019-19170 RESERVED CVE-2019-19169 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerabili ...) NOT-FOR-US: Dext5.ocx ActiveX CVE-2019-19168 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerabili ...) NOT-FOR-US: Dext5.ocx ActiveX CVE-2019-19167 (Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary co ...) NOT-FOR-US: Tobesoft Nexacro CVE-2019-19166 (Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability t ...) NOT-FOR-US: Tobesoft XPlatform CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability ...) NOT-FOR-US: Inogard Ebiz4u CVE-2019-19164 (dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versio ...) NOT-FOR-US: Dext5.ocx ActiveX CVE-2019-19163 (A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an ...) NOT-FOR-US: COMMAX CVE-2019-19162 (A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 ...) NOT-FOR-US: TOBESOFT XPLATFORM CVE-2019-19161 (CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files require ...) NOT-FOR-US: CyMiInstaller322 CVE-2019-19160 (Reportexpress ProPlus contains a vulnerability that could allow an arb ...) NOT-FOR-US: Reportexpress ProPlus CVE-2019-19159 RESERVED CVE-2019-19158 RESERVED CVE-2019-19157 RESERVED CVE-2019-19156 RESERVED CVE-2019-19155 RESERVED CVE-2019-19154 RESERVED CVE-2019-19153 RESERVED CVE-2019-19152 RESERVED CVE-2019-19151 (On BIG-IP versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-19150 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-19149 RESERVED CVE-2019-19148 (Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command ...) NOT-FOR-US: Tellabs Optical Line Terminal (OLT) devices CVE-2019-19147 RESERVED CVE-2019-19146 RESERVED CVE-2019-19145 RESERVED CVE-2019-19144 RESERVED CVE-2019-19143 (TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to ...) NOT-FOR-US: TP-LINK CVE-2019-19142 (Intelbras WRN240 devices do not require authentication to replace the ...) NOT-FOR-US: Intelbras CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through 1.18.2.20 ...) NOT-FOR-US: Plex Media Server CVE-2019-19140 RESERVED CVE-2019-19139 RESERVED CVE-2019-19138 RESERVED CVE-2019-19137 RESERVED CVE-2019-19136 RESERVED CVE-2019-19135 (In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do ...) NOT-FOR-US: OPC Foundation OPC UA .NET Standard codebase CVE-2019-19134 (The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to ...) NOT-FOR-US: Hero Maps Premium plugin for WordPress CVE-2019-19133 (The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected ...) NOT-FOR-US: CSS Hero plugin for WordPress CVE-2019-19132 RESERVED CVE-2019-19131 RESERVED CVE-2019-19130 RESERVED CVE-2019-19129 (Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11 ...) NOT-FOR-US: Afterlogic CVE-2019-19128 RESERVED CVE-2019-19127 (An authentication bypass vulnerability is present in the standalone SI ...) NOT-FOR-US: Tribal SITS CVE-2019-19126 (On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 ...) - glibc 2.29-8 (bug #945250) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Vulnerable code introduced in 2.23) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25204 NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=object;h=b9eb92ab05204df772eb4929eccd018637c9f3e9 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d5dfad4326fc683c813df1e37bbf5cf920591c8e CVE-2019-19125 RESERVED CVE-2019-19124 RESERVED CVE-2019-19123 REJECTED CVE-2019-19122 RESERVED CVE-2019-19121 REJECTED CVE-2019-19120 REJECTED CVE-2019-19119 (An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficie ...) NOT-FOR-US: PRTG Network Monitor CVE-2019-19118 (Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model ...) - python-django 2:2.2.8-1 (bug #946011) [buster] - python-django (Vulnerable code introduced later) [stretch] - python-django (Vulnerable code introduced later) [jessie] - python-django (Vulnerable code introduced later) NOTE: https://www.djangoproject.com/weblog/2019/dec/02/security-releases/ NOTE: Introduced after https://github.com/django/django/commit/825f0beda804e48e9197fcf3b0d909f9f548aa47 (2.1a1) NOTE: https://github.com/django/django/commit/11c5e0609bcc0db93809de2a08e0dc3d70b393e4 (master) NOTE: https://github.com/django/django/commit/092cd66cf3c3e175acce698d6ca2012068d878fa (3.0 branch) NOTE: https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21 (2.2 branch) NOTE: https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244 (2.1 branch) CVE-2019-19117 (/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG12 ...) NOT-FOR-US: PHICOMM K2(PSG1218) devices CVE-2019-19116 RESERVED CVE-2019-19115 (An escalation of privilege vulnerability in Nahimic APO Software Compo ...) NOT-FOR-US: Nahimic APO Software Component Driver CVE-2019-19114 RESERVED CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka Ne ...) NOT-FOR-US: newbee-mall CVE-2019-19112 (The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw- ...) NOT-FOR-US: wpForo plugin for WordPress CVE-2019-19111 (The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admi ...) NOT-FOR-US: wpForo plugin for WordPress CVE-2019-19110 (The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admi ...) NOT-FOR-US: wpForo plugin for WordPress CVE-2019-19109 (The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=w ...) NOT-FOR-US: wpForo plugin for WordPress CVE-2019-19108 (An authentication weakness in the SNMP service in B&R Automation R ...) NOT-FOR-US: B&R Automation Runtime CVE-2019-19107 (The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Ja ...) NOT-FOR-US: ABB CVE-2019-19106 (Improper implementation of Access Control in ABB Telephone Gateway TG/ ...) NOT-FOR-US: ABB CVE-2019-19105 (The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger ...) NOT-FOR-US: ABB CVE-2019-19104 (The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186 ...) NOT-FOR-US: ABB CVE-2019-19103 RESERVED CVE-2019-19102 (A directory traversal vulnerability in SharpZipLib used in the upgrade ...) NOT-FOR-US: B&R Automation Studio CVE-2019-19101 (A missing secure communication definition and an incomplete TLS valida ...) NOT-FOR-US: B&R Automation Studio CVE-2019-19100 (A privilege escalation vulnerability in the upgrade service in B&R ...) NOT-FOR-US: B&R Automation Studio CVE-2019-19099 RESERVED CVE-2019-19098 RESERVED CVE-2019-19097 (ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium streng ...) NOT-FOR-US: ABB eSOMS CVE-2019-19096 (The Redis data structure component used in ABB eSOMS versions 6.0 to 6 ...) NOT-FOR-US: ABB eSOMS CVE-2019-19095 (Lack of adequate input/output validation for ABB eSOMS versions 4.0 to ...) NOT-FOR-US: ABB eSOMS CVE-2019-19094 (Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0. ...) NOT-FOR-US: ABB eSOMS CVE-2019-19093 (eSOMS versions 4.0 to 6.0.3 do not enforce password complexity setting ...) NOT-FOR-US: ABB eSOMS CVE-2019-19092 (ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message ...) NOT-FOR-US: ABB eSOMS CVE-2019-19091 (For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments ...) NOT-FOR-US: ABB eSOMS CVE-2019-19090 (For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the ...) NOT-FOR-US: ABB eSOMS CVE-2019-19089 (For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header ...) NOT-FOR-US: ABB eSOMS CVE-2019-19088 (Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Tr ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19087 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19086 (Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/ CVE-2019-19085 (A persistent cross-site scripting (XSS) vulnerability in Octopus Serve ...) NOT-FOR-US: Octopus Server CVE-2019-19084 (In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with ...) NOT-FOR-US: Octopus Deploy CVE-2019-19083 (Memory leaks in *clock_source_create() functions under drivers/gpu/drm ...) - linux 5.3.9-1 (unimportant) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/055e547478a11a6360c7ce05e2afc3e366968a12 CVE-2019-19082 (Memory leaks in *create_resource_pool() functions under drivers/gpu/dr ...) - linux 5.4.6-1 [buster] - linux 4.19.146-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d CVE-2019-19081 (A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers ...) - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8ce39eb5a67aee25d9f05b40b673c95b23502e3e CVE-2019-19080 (Four memory leaks in the nfp_flower_spawn_phy_reprs() function in driv ...) - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8572cea1461a006bce1d06c0c4b0575869125fa4 CVE-2019-19079 (A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c ...) - linux 5.3.7-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/a21b7f0cff1906a93a0130b74713b15a0b36481d CVE-2019-19078 (A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wi ...) - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) CVE-2019-19077 (A memory leak in the bnxt_re_create_srq() function in drivers/infiniba ...) - linux 5.4.6-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4a9d46a9fe14401f21df69cea97c62396d5fb053 CVE-2019-19076 (** DISPUTED ** A memory leak in the nfp_abm_u32_knode_replace() functi ...) - linux 5.3.7-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/78beef629fd95be4ed853b2d37b832f766bd96ca CVE-2019-19075 (A memory leak in the ca8210_probe() function in drivers/net/ieee802154 ...) - linux 5.3.9-1 (unimportant) [buster] - linux 4.19.87-1 NOTE: https://git.kernel.org/linus/6402939ec86eaf226c8b8ae00ed983936b164908 CVE-2019-19074 (A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ ...) {DLA-2420-1} - linux 5.4.6-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/728c1e2a05e4b5fc52fab3421dce772a806612a2 CVE-2019-19073 (Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux ...) {DLA-2420-1} - linux 5.4.6-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/853acf7caf10b828102d92d05b5c101666a6142b CVE-2019-19072 (A memory leak in the predicate_parse() function in kernel/trace/trace_ ...) - linux 5.4.6-1 [buster] - linux 4.19.146-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/96c5c6e6a5b6db592acae039fed54b5c8844cd35 CVE-2019-19071 (A memory leak in the rsi_send_beacon() function in drivers/net/wireles ...) - linux 5.4.6-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) CVE-2019-19070 (** DISPUTED ** A memory leak in the spi_gpio_probe() function in drive ...) - linux (unimportant) CVE-2019-19069 (A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc ...) - linux 5.3.9-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/fc739a058d99c9297ef6bfd923b809d85855b9a9 CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net ...) {DLA-2114-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Vulnerable code not present) CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function in driv ...) - linux 5.3.9-1 (unimportant) [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725 CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/ ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 CVE-2019-19065 (** DISPUTED ** A memory leak in the sdma_init() function in drivers/in ...) - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/34b3be18a04ecdc610aae4c48e5d1b799d8689f6 CVE-2019-19064 (** DISPUTED ** A memory leak in the fsl_lpspi_probe() function in driv ...) - linux 5.4.13-1 (unimportant) CVE-2019-19063 (Two memory leaks in the rtl_usb_probe() function in drivers/net/wirele ...) - linux 5.4.8-1 (unimportant) [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 CVE-2019-19062 (A memory leak in the crypto_report() function in crypto/crypto_user_ba ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.6-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in drivers ...) - linux 5.3.9-1 (unimportant) [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/9c0530e898f384c5d279bfcebd8bb17af1105873 CVE-2019-19060 (A memory leak in the adis_update_scan_mode() function in drivers/iio/i ...) - linux 5.3.9-1 (unimportant) [buster] - linux 4.19.87-1 NOTE: https://git.kernel.org/linus/ab612b1daf415b62c58e130cb3d0f30b255a14d0 CVE-2019-19059 (Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function i ...) - linux 5.4.6-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0f4f199443faca715523b0659aa536251d8b978f CVE-2019-19058 (A memory leak in the alloc_sgtable() function in drivers/net/wireless/ ...) - linux 5.4.6-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b4b814fec1a5a849383f7b3886b654a13abbda7d CVE-2019-19057 (Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drive ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.8-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 CVE-2019-19056 (A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drive ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_stats() ...) - linux 5.4.6-1 (unimportant) [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57 CVE-2019-19054 (A memory leak in the cx23888_ir_probe() function in drivers/media/pci/ ...) - linux 5.5.13-1 (unimportant) [buster] - linux 4.19.146-1 NOTE: Memory leak on probe only. CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpm ...) - linux 5.4.13-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) CVE-2019-19052 (A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_ ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/fb5be6a7b4863ecc44963bb80ca614584b6c7817 CVE-2019-19051 (A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/ ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.15-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/6f3ef5c25cc762687a7341c18cbea5af54461407 CVE-2019-19050 (A memory leak in the crypto_reportstat() function in crypto/crypto_use ...) - linux 5.4.6-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) CVE-2019-19049 (** DISPUTED ** A memory leak in the unittest_data_add() function in dr ...) - linux 5.3.15-1 (unimportant) [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/e13de8fe0d6a51341671bbe384826d527afe8d44 NOTE: unittest.c can only be reached during boot. CVE-2019-19048 (A memory leak in the crypto_reportstat() function in drivers/virt/vbox ...) - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/e0b0cb9388642c104838fac100a4af32745621e2 CVE-2019-19047 (A memory leak in the mlx5_fw_fatal_reporter_dump() function in drivers ...) - linux 5.3.15-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/c7ed6d0183d5ea9bc31bcaeeba4070bd62546471 CVE-2019-19046 (** DISPUTED ** A memory leak in the __ipmi_bmc_register() function in ...) - linux 5.4.19-1 (unimportant) [buster] - linux 4.19.118-1 NOTE: Only a memory leak on the probe path CVE-2019-19045 (A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/ne ...) - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/c8c2a057fdc7de1cd16f4baa51425b932a42eb39 CVE-2019-19044 (Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/ ...) - linux 5.3.15-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/29cd13cfd7624726d9e6becbae9aa419ef35af7f CVE-2019-19043 (A memory leak in the i40e_setup_macvlans() function in drivers/net/eth ...) - linux 5.4.19-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) CVE-2019-19042 RESERVED CVE-2019-19041 (An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as d ...) NOT-FOR-US: Xorux CVE-2019-19040 (KairosDB through 1.2.2 has XSS in view.html because of showErrorMessag ...) NOT-FOR-US: KairosDB CVE-2019-19039 (** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c in the Li ...) {DLA-2483-1} - linux 5.6.7-1 [buster] - linux 4.19.160-1 NOTE: https://git.kernel.org/linus/b3ff8f1d380e65dddd772542aa9bff6c86bf715a CVE-2019-19038 RESERVED CVE-2019-19037 (ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 a ...) {DLA-2114-1} - linux 5.4.8-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Vulnerability introduced later) CVE-2019-19036 (btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 ...) - linux 5.3.7-1 [buster] - linux 4.19.131-1 NOTE: https://git.kernel.org/linus/62fdaa52a3d00a875da771719b6dc537ca79fce1 CVE-2019-19035 (jhead 3.03 is affected by: heap-based buffer over-read. The impact is: ...) - jhead 1:3.04-1 (unimportant; bug #944961) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765647 NOTE: Crash in CLI tool, no security impact CVE-2019-19034 (Zoho ManageEngine Asset Explorer 6.5 does not validate the System Cent ...) NOT-FOR-US: Zoho CVE-2019-19033 (Jalios JCMS 10 allows attackers to access any part of the website and ...) NOT-FOR-US: Jalios JCMS CVE-2019-19032 (XMLBlueprint through 16.191112 is affected by XML External Entity Inje ...) NOT-FOR-US: XMLBlueprint CVE-2019-19031 (Easy XML Editor through v1.7.8 is affected by: XML External Entity Inj ...) NOT-FOR-US: Easy XML Editor CVE-2019-19030 RESERVED CVE-2019-19029 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...) NOT-FOR-US: Harbor CVE-2019-19028 RESERVED CVE-2019-19027 RESERVED CVE-2019-19026 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...) NOT-FOR-US: Harbor CVE-2019-19025 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allo ...) NOT-FOR-US: Harbor CVE-2019-19024 RESERVED CVE-2019-19023 (Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has ...) NOT-FOR-US: Harbor CVE-2019-19022 (iTerm2 through 3.3.6 has potentially insufficient documentation about ...) NOT-FOR-US: iTerm2 CVE-2019-19021 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a hidd ...) NOT-FOR-US: TitanHQ WebTitan CVE-2019-19020 (An issue was discovered in TitanHQ WebTitan before 5.18. In the admini ...) NOT-FOR-US: TitanHQ WebTitan CVE-2019-19019 (An issue was discovered in TitanHQ WebTitan before 5.18. It contains a ...) NOT-FOR-US: TitanHQ WebTitan CVE-2019-19018 (An issue was discovered in TitanHQ WebTitan before 5.18. It exposes a ...) NOT-FOR-US: TitanHQ WebTitan CVE-2019-19017 (An issue was discovered in TitanHQ WebTitan before 5.18. The appliance ...) NOT-FOR-US: TitanHQ WebTitan CVE-2019-19016 (An issue was discovered in TitanHQ WebTitan before 5.18. Some function ...) NOT-FOR-US: TitanHQ WebTitan CVE-2019-19015 (An issue was discovered in TitanHQ WebTitan before 5.18. The proxy ser ...) NOT-FOR-US: TitanHQ WebTitan CVE-2019-19014 (An issue was discovered in TitanHQ WebTitan before 5.18. It has a sudo ...) NOT-FOR-US: TitanHQ WebTitan CVE-2019-19013 (A CSRF vulnerability in Pagekit 1.0.17 allows an attacker to upload an ...) NOT-FOR-US: Pagekit CMS CVE-2019-19012 (An integer overflow in the search_in_range function in regexec.c in On ...) {DLA-2431-1 DLA-2020-1} - libonig 6.9.4-1 (low; bug #944959) [buster] - libonig (Minor issue) NOTE: https://github.com/kkos/oniguruma/issues/164 NOTE: https://github.com/kkos/oniguruma/commit/0463e21432515631a9bc925ce5eb95b097c73719 NOTE: https://github.com/kkos/oniguruma/commit/778a43dd56925ed58bbe26e3a7bb8202d72c3f3f NOTE: https://github.com/kkos/oniguruma/commit/b6cb7580a7e0c56fc325fe9370b9d34044910aed NOTE: https://github.com/kkos/oniguruma/commit/bfc36d3d8139b8be4d3df630d625c58687b0c7d4 NOTE: https://github.com/kkos/oniguruma/commit/db64ef3189f54917a5008a02bdb000adc514a90a CVE-2019-19011 (MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueC ...) NOT-FOR-US: ngiflib CVE-2019-19010 (Eval injection in the Math plugin of Limnoria (before 2019.11.09) and ...) - limnoria 2019.11.09-1 [buster] - limnoria 2019.02.23-1+deb10u1 [stretch] - limnoria 2017.01.10-1+deb9u1 NOTE: https://github.com/ProgVal/Limnoria/commit/3848ae78de45b35c029cc333963d436b9d2f0a35 NOTE: https://github.com/ProgVal/Limnoria/wiki/math-eval-vulnerability CVE-2019-19009 RESERVED CVE-2019-19008 REJECTED CVE-2019-19007 (Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrato ...) NOT-FOR-US: Intelbras IWR 3000N 1.8.7 devices CVE-2019-19006 (Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197. ...) NOT-FOR-US: FreePBX CVE-2019-19005 (A bitmap double free in main.c in autotrace 0.31.1 allows attackers to ...) - autotrace NOTE: https://github.com/autotrace/autotrace/pull/40 CVE-2019-19004 (A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 ...) - autotrace NOTE: https://github.com/autotrace/autotrace/pull/40 CVE-2019-19003 (For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. Thi ...) NOT-FOR-US: ABB eSOMS CVE-2019-19002 (For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP respons ...) NOT-FOR-US: ABB eSOMS CVE-2019-19001 (For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not ...) NOT-FOR-US: ABB eSOMS CVE-2019-19000 (For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s ...) NOT-FOR-US: ABB eSOMS CVE-2019-18999 RESERVED CVE-2019-18998 (Insufficient access control in the web interface of ABB Asset Suite ve ...) NOT-FOR-US: ABB Asset Suite CVE-2019-18997 (The HMISimulator component of ABB PB610 Panel Builder 600 uses the rea ...) NOT-FOR-US: ABB PB610 Panel Builder CVE-2019-18996 (Path settings in HMIStudio component of ABB PB610 Panel Builder 600 ve ...) NOT-FOR-US: ABB PB610 Panel Builder CVE-2019-18995 (The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8 ...) NOT-FOR-US: ABB PB610 Panel Builder CVE-2019-18994 (Due to a lack of file length check, the HMIStudio component of ABB PB6 ...) NOT-FOR-US: ABB PB610 Panel Builder CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to th ...) NOT-FOR-US: OpenWrt CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/a ...) NOT-FOR-US: OpenWrt CVE-2019-18991 (A partial authentication bypass vulnerability exists on Atheros AR9132 ...) NOT-FOR-US: Atheros devices CVE-2019-18990 (A partial authentication bypass vulnerability exists on Realtek RTL881 ...) NOT-FOR-US: Realtek devices CVE-2019-18989 (A partial authentication bypass vulnerability exists on Mediatek MT762 ...) NOT-FOR-US: Mediatek devices CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...) NOT-FOR-US: TeamViewer CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...) NOT-FOR-US: AbuseFilter MediaWiki extension CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess) valid user ...) NOT-FOR-US: Pimcore CVE-2019-18985 (Pimcore before 6.2.2 lacks brute force protection for the 2FA token. ...) NOT-FOR-US: Pimcore CVE-2019-18984 RESERVED CVE-2019-18983 RESERVED CVE-2019-18982 (bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore be ...) NOT-FOR-US: Pimcore CVE-2019-18981 (Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scen ...) NOT-FOR-US: Pimcore CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022 ...) NOT-FOR-US: Signify Philips Taolight CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...) NOT-FOR-US: Adaware CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...) {DSA-4918-1 DLA-2389-1 DLA-2096-1} - ruby-rack-cors 1.1.1-1 (bug #944849) NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4 CVE-2019-18977 RESERVED CVE-2019-18976 (An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through ...) - asterisk 1:16.1.1~dfsg-1 [stretch] - asterisk (Minor issue) [jessie] - asterisk (Vulnerable code not present) NOTE: https://downloads.asterisk.org/pub/security/AST-2019-008.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28612 NOTE: Only affects 13.x, marking first unstable upload after 13.x as fixed CVE-2019-18975 RESERVED CVE-2019-18974 RESERVED CVE-2019-18973 RESERVED CVE-2019-18972 RESERVED CVE-2019-18971 RESERVED CVE-2019-18970 REJECTED CVE-2019-18969 REJECTED CVE-2019-18968 REJECTED CVE-2019-18967 REJECTED CVE-2019-18966 REJECTED CVE-2019-18965 REJECTED CVE-2019-18964 REJECTED CVE-2019-18963 REJECTED CVE-2019-18962 REJECTED CVE-2019-18961 REJECTED CVE-2019-18960 (Firecracker vsock implementation buffer overflow in versions 0.18.0 an ...) NOT-FOR-US: AWS Firecracker CVE-2019-18959 RESERVED CVE-2019-18958 (Nitro Pro before 13.2 creates a debug.log file in the directory where ...) NOT-FOR-US: Nitro Pro CVE-2019-18957 (Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has r ...) NOT-FOR-US: Microstrategy Library CVE-2019-18956 (Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 an ...) NOT-FOR-US: Divisa Proxia Suite CVE-2019-18955 (The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Prod ...) NOT-FOR-US: Lansweeper CVE-2019-18954 (Pomelo v2.2.5 allows external control of critical state data. A malici ...) NOT-FOR-US: Pomelo CVE-2019-18953 RESERVED CVE-2019-18952 (SibSoft Xfilesharing through 2.5.1 allows cgi-bin/up.cgi arbitrary fil ...) NOT-FOR-US: SibSoft Xfilesharing CVE-2019-18951 (SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directo ...) NOT-FOR-US: SibSoft Xfilesharing CVE-2019-18950 RESERVED CVE-2019-18949 (SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaSc ...) NOT-FOR-US: SnowHaze CVE-2019-18948 (An issue was found in Arista EOS. Specific malformed ARP packets can i ...) NOT-FOR-US: Arista CVE-2019-18947 (Micro Focus Solutions Business Manager Application Repository versions ...) NOT-FOR-US: Micro Focus CVE-2019-18946 (Micro Focus Solutions Business Manager Application Repository versions ...) NOT-FOR-US: Micro Focus CVE-2019-18945 (Micro Focus Solutions Business Manager Application Repository versions ...) NOT-FOR-US: Micro Focus CVE-2019-18944 (Micro Focus Solutions Business Manager Application Repository versions ...) NOT-FOR-US: Micro Focus CVE-2019-18943 (Micro Focus Solutions Business Manager versions prior to 11.7.1 are vu ...) NOT-FOR-US: Micro Focus CVE-2019-18942 (Micro Focus Solutions Business Manager versions prior to 11.7.1 are vu ...) NOT-FOR-US: Micro Focus CVE-2019-18941 RESERVED CVE-2019-18940 RESERVED CVE-2019-18939 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn t ...) NOT-FOR-US: eQ-3 Homematic CVE-2019-18938 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail AddOn thr ...) NOT-FOR-US: eQ-3 Homematic CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser Ad ...) NOT-FOR-US: eQ-3 Homematic CVE-2019-18936 (UniValue::read() in UniValue before 1.0.5 allow attackers to cause a d ...) - libunivalue 1.1.1-2 (bug #954959) [buster] - libunivalue (Minor issue) [stretch] - libunivalue (Minor issue) NOTE: https://github.com/jgarzik/univalue/commit/07aa635c034f3a2accfe4e20a8148c366bccf5bf NOTE: https://github.com/jgarzik/univalue/pull/58 CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...) NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...) - unbound 1.9.6-1 (unimportant) [stretch] - unbound (ipsecmod module introduced later) [jessie] - unbound (ipsecmod module introduced later) NOTE: Debian binary packages not built with --enable-ipsecmod NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt NOTE: https://github.com/NLnetLabs/unbound/commit/09845779d5f2c96e3064ff398cad65c08357cfbf NOTE: https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new ...) - zulip-server (bug #800052) CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows ...) - sarg 2.4.0-1 (unimportant; bug #951390) NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6 NOTE: The sarg-reports as shipped in Debian has already safe use of mktemp for NOTE: use of temporary files and directories. NOTE: Fixed by: https://sourceforge.net/p/sarg/code/ci/8ec6d20be8c0da3c885aba78e63251f2e5080748 NOTE: Neutralised by kernel hardening CVE-2019-18931 (Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer O ...) NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware CVE-2019-18930 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users ...) NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware CVE-2019-18929 (Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users ...) NOT-FOR-US: Western Digital My Cloud EX2 Ultra firmware CVE-2019-18928 (Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege ...) - cyrus-imapd 3.0.12-1 [buster] - cyrus-imapd 3.0.8-6+deb10u3 [stretch] - cyrus-imapd (Minor issue; can be fixed via point release) NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/e675bf7b0e9c6e160516d274bffaec6f9dccaef7 (cyrus-imapd-3.0.12) NOTE: Fixed in 3.0.12 and 2.5.14 upstream CVE-2019-18927 RESERVED CVE-2019-18926 (Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable t ...) NOT-FOR-US: Systematic IRIS Standards Management (ISM) CVE-2019-18925 (Systematic IRIS WebForms 5.4 and its functionalities can be accessed a ...) NOT-FOR-US: Systematic IRIS WebForms CVE-2019-18924 (Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By ...) NOT-FOR-US: Systematic IRIS WebForms CVE-2019-18923 (Insufficient content type validation of proxied resources in go-camo b ...) NOT-FOR-US: go-camo CVE-2019-18922 (A Directory Traversal in the Web interface of the Allied Telesis AT-GS ...) NOT-FOR-US: Allied Telesis CVE-2019-18921 RESERVED CVE-2019-18920 RESERVED CVE-2019-18919 RESERVED CVE-2019-18918 RESERVED CVE-2019-18917 (A potential security vulnerability has been identified for certain HP ...) NOT-FOR-US: HP CVE-2019-18916 (A potential security vulnerability has been identified for HP LaserJet ...) NOT-FOR-US: HP CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...) NOT-FOR-US: HP System Event Utility CVE-2019-18914 (A potential security vulnerability has been identified for certain HP ...) NOT-FOR-US: HP CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow unautho ...) NOT-FOR-US: Generic UEFI hardware/software issue CVE-2019-18912 (A potential security vulnerability has been identified for certain HP ...) NOT-FOR-US: HP CVE-2019-18911 RESERVED CVE-2019-18910 (The Citrix Receiver wrapper function does not safely handle user suppl ...) NOT-FOR-US: Citrix CVE-2019-18909 (The VPN software within HP ThinPro does not safely handle user supplie ...) NOT-FOR-US: HP ThinPro CVE-2019-18908 RESERVED CVE-2019-18907 RESERVED CVE-2019-18906 (A Use of Password Hash Instead of Password for Authentication vulnerab ...) NOT-FOR-US: SAP CVE-2019-18905 (A Insufficient Verification of Data Authenticity vulnerability in auto ...) NOT-FOR-US: autoyast2 CVE-2019-18904 (A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux ...) NOT-FOR-US: SAP CVE-2019-18903 (A Use After Free vulnerability in wicked of SUSE Linux Enterprise Serv ...) NOT-FOR-US: openSUSE wicked CVE-2019-18902 (A Use After Free vulnerability in wicked of SUSE Linux Enterprise Serv ...) NOT-FOR-US: openSUSE wicked CVE-2019-18901 (A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-sy ...) NOT-FOR-US: SuSE-specific mysqld-systemd-helper CVE-2019-18900 (: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS ...) {DLA-2132-1} [experimental] - libzypp 17.25.5-1 - libzypp 17.25.5-2 (bug #953362) [buster] - libzypp (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1158763 NOTE: https://github.com/openSUSE/libzypp/pull/196 NOTE: https://github.com/openSUSE/libzypp/commit/ea50981352bb5c7ab48663edaeb2df1ddd66953e NOTE: https://github.com/openSUSE/libzypp/commit/508b1201f23b44ee90dee6dbbeb3ac5f8bd4c089 CVE-2019-18899 (The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in use ...) - apt-cacher-ng (openSUSE specific systemd service unit configuration) CVE-2019-18898 (UNIX Symbolic Link (Symlink) Following vulnerability in the trousers p ...) NOT-FOR-US: SUSE specific packaging issue in %posttrans section in src:trousers CVE-2019-18897 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) - salt (SuSE-specific Salt packaging vulnerability) CVE-2019-18896 RESERVED CVE-2019-18895 (Scanguard through 2019-11-12 on Windows has Insecure Permissions for t ...) NOT-FOR-US: Scanguard CVE-2019-18894 (In Avast Premium Security 19.8.2393, attackers can send a specially cr ...) NOT-FOR-US: Avast Premium Security CVE-2019-18893 (XSS in the Video Downloader component before 1.5 of Avast Secure Brows ...) NOT-FOR-US: Avast Secure Browser CVE-2019-18892 RESERVED CVE-2019-18891 RESERVED CVE-2019-18890 (A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x befor ...) {DSA-4574-1} - redmine 3.4.2-1 NOTE: https://www.redmine.org/news/125 NOTE: https://www.redmine.org/projects/redmine/repository/revisions/16196 NOTE: https://www.redmine.org/issues/32374 NOTE: https://github.com/redmine/redmine/commit/04d4a1a191c46e4595ed455372e86c66cf3f6ed7#diff-72469d98e80a60152ebcfa998306b5ecL581-R584 CVE-2019-18889 (An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through ...) - symfony 4.3.8+dfsg-1 [buster] - symfony 3.4.22+dfsg-2+deb10u1 [stretch] - symfony (Vulnerable code not present) [jessie] - symfony (Vulnerable code not present) NOTE: https://symfony.com/blog/cve-2019-18889-forbid-serializing-abstractadapter-and-tagawareadapter-instances NOTE: https://github.com/symfony/symfony/commit/8817d28fcaacb31fe01d267f6e19b44d8179395a CVE-2019-18888 (An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through ...) {DSA-4573-1 DLA-1999-1} - symfony 4.3.8+dfsg-1 NOTE: https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesser NOTE: https://github.com/symfony/symfony/commit/691486e43ce0e4893cd703e221bafc10a871f365 NOTE: https://github.com/symfony/symfony/commit/77ddabf2e785ea85860d2720cc86f7c5d8967ed5 CVE-2019-18887 (An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through ...) {DSA-4573-1 DLA-1999-1} - symfony 4.3.8+dfsg-1 NOTE: https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner NOTE: https://github.com/symfony/symfony/commit/cccefe6a7f12e776df0665aeb77fe9294c285fbb CVE-2019-18886 (An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7. ...) {DLA-1999-1} - symfony 4.3.8+dfsg-1 [buster] - symfony (Vulnerability introduced in 4.1.0) [stretch] - symfony (Vulnerability introduced in 4.1.0) NOTE: https://symfony.com/blog/cve-2019-18886-prevent-user-enumeration-using-switch-user-functionality NOTE: Introduced by: https://github.com/symfony/symfony/commit/6e6ac9eaeec9e6a6cc0ab003cac3738460542b0a (v4.1.0-BETA1) NOTE: Previous versions asserts "the current user is granted to switch" BEFORE NOTE: "loading the user" and thus are not affected. NOTE: Fixed by: https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332 (v4.2.12) CVE-2019-18885 (fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verif ...) {DLA-2323-1} - linux 5.2.6-1 [buster] - linux 4.19.131-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/09ba3bc9dd150457c506e4661380a6183af651c1 (5.1-rc1) CVE-2019-18884 (index.php/team_members/add_team_member in RISE Ultimate Project Manage ...) NOT-FOR-US: RISE CVE-2019-18883 (XSS exists in Lavalite CMS 5.7 via the admin/profile name or designati ...) NOT-FOR-US: Lavalite CMS CVE-2019-18882 (WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.ja ...) NOT-FOR-US: WSO2 IS CVE-2019-18881 (WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in t ...) NOT-FOR-US: WSO2 IS CVE-2019-18880 RESERVED CVE-2019-18879 RESERVED CVE-2019-18878 RESERVED CVE-2019-18877 RESERVED CVE-2019-18876 RESERVED CVE-2019-18875 RESERVED CVE-2019-18874 (psutil (aka python-psutil) through 5.6.5 can have a double free. This ...) {DLA-1998-1} - python-psutil 5.6.7-1 (low; bug #944605) [buster] - python-psutil (Minor issue) [stretch] - python-psutil (Minor issue) NOTE: https://github.com/giampaolo/psutil/commit/7d512c8e4442a896d56505be3e78f1156f443465 NOTE: https://github.com/giampaolo/psutil/pull/1616 CVE-2019-18873 (FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP hea ...) NOT-FOR-US: FUDForum CVE-2019-18872 (Weak password requirements in Blaauw Remote Kiln Control through v3.00 ...) NOT-FOR-US: Blaauw Remote Kiln Control CVE-2019-18871 (A path traversal in debug.php accessed via default.php in Blaauw Remot ...) NOT-FOR-US: Blaauw Remote Kiln Control CVE-2019-18870 (A path traversal via the iniFile parameter in excel.php in Blaauw Remo ...) NOT-FOR-US: Blaauw Remote Kiln Control CVE-2019-18869 (Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allo ...) NOT-FOR-US: Blaauw Remote Kiln Control CVE-2019-18868 (Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated a ...) NOT-FOR-US: Blaauw Remote Kiln Control CVE-2019-18867 (Browsable directories in Blaauw Remote Kiln Control through v3.00r4 al ...) NOT-FOR-US: Blaauw Remote Kiln Control CVE-2019-18866 (Unauthenticated SQL injection via the username in the login mechanism ...) NOT-FOR-US: Blaauw Remote Kiln Control CVE-2019-18865 (Information disclosure via error message discrepancies in authenticati ...) NOT-FOR-US: Blaauw Remote Kiln Control CVE-2019-18864 (/server-info and /server-status in Blaauw Remote Kiln Control through ...) NOT-FOR-US: Blaauw Remote Kiln Control CVE-2019-18863 (A key length vulnerability in the implementation of the SRTP 128-bit k ...) NOT-FOR-US: Mitel CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allows loca ...) - mailutils 1:3.8-1 (unimportant; bug #944265) [buster] - mailutils 1:3.5-4 NOTE: /usr/sbin/maidat not installed suid root on Debian CVE-2019-18861 RESERVED CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML ...) {DSA-4732-1 DLA-2278-1} - squid 4.9-1 (low) - squid3 NOTE: https://github.com/squid-cache/squid/pull/504 NOTE: https://github.com/squid-cache/squid/commit/5cc4b155cee1a4968109737f6eba2ef29d51034d (SQUID_5_0_1) NOTE: https://github.com/squid-cache/squid/commit/5a90b4ce64c346ba7f317a278ba601091d9de076 (SQUID_4_9) CVE-2019-18859 (Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. ...) NOT-FOR-US: Digi AnywhereUSB CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Con ...) NOT-FOR-US: CODESYS 3 web server CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and data val ...) NOT-FOR-US: darylldoyle svg-sanitizer CVE-2019-18856 (A Denial Of Service vulnerability exists in the SVG Sanitizer module t ...) NOT-FOR-US: SVG Sanitizer module for Drupal CVE-2019-18855 (A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG ...) NOT-FOR-US: safe-svg (aka Safe SVG) plugin for WordPress CVE-2019-18854 (A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG ...) NOT-FOR-US: safe-svg (aka Safe SVG) plugin for WordPress CVE-2019-18853 (ImageMagick before 7.0.9-0 allows remote attackers to cause a denial o ...) - imagemagick (Only affects Imagemagick 7.x) NOTE: https://github.com/ImageMagick/ImageMagick/commit/ec9c8944af2bfc65c697ca44f93a727a99b405f1 CVE-2019-18852 (Certain D-Link devices have a hardcoded Alphanetworks user account wit ...) NOT-FOR-US: D-Link CVE-2019-18851 RESERVED CVE-2019-18850 (TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a dis ...) NOT-FOR-US: TrevorC2 CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the victim' ...) {DLA-2748-1 DLA-2005-1} - tnef 1.4.18-1 (bug #944851) [buster] - tnef 1.4.12-1.2+deb10u1 NOTE: https://github.com/verdammelt/tnef/pull/40 CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during ...) {DLA-2390-1} - ruby-json-jwt 1.11.0-1 (bug #944850) [buster] - ruby-json-jwt (Minor issue) NOTE: https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a CVE-2019-18847 (Enterprise Access Client Auto-Updater allows for Remote Code Execution ...) NOT-FOR-US: Akamai / Enterprise Access Client Auto-Updater CVE-2019-18846 (OX App Suite through 7.10.2 allows SSRF. ...) NOT-FOR-US: OX App Suite CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 ...) NOT-FOR-US: Patriot Viper RGB CVE-2019-18844 (The Device Model in ACRN before 2019w25.5-140000p relies on assert cal ...) NOT-FOR-US: ACRN CVE-2019-18843 RESERVED CVE-2019-18842 (A cross-site scripting (XSS) vulnerability in the configuration web in ...) NOT-FOR-US: Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module CVE-2019-18841 (Chartkick.js 3.1.0 through 3.1.3, as used in the Chartkick gem before ...) - chartkick.js (Vulnerability introduced with 3.1.0) NOTE: https://github.com/ankane/chartkick/commit/b810936bbf687bc74c5b6dba72d2397a399885fa CVE-2019-18840 (In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of me ...) - wolfssl 4.2.0+dfsg-3 NOTE: https://github.com/wolfSSL/wolfssl/issues/2555 NOTE: https://github.com/wolfSSL/wolfssl/commit/52f28bd5149360f8e3bf8ca13d3fb9a77283df7c CVE-2019-18839 (FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. T ...) NOT-FOR-US: FUDForum CVE-2019-18838 (An issue was discovered in Envoy 1.12.0. Upon receipt of a malformed H ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-18837 (An issue was discovered in crun before 0.10.5. With a crafted image, i ...) - crun (Fixed in initial upload) CVE-2019-18836 (Envoy 1.12.0 allows a remote denial of service because of resource loo ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-18835 (Matrix Synapse before 1.5.0 mishandles signature checking on some fede ...) - matrix-synapse 1.5.0-1 (bug #944355) NOTE: https://github.com/matrix-org/synapse/pull/6262 NOTE: https://github.com/matrix-org/synapse/releases/tag/v1.5.0 CVE-2019-18834 (Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 fo ...) NOT-FOR-US: WooCommerce Subscriptions plugin for WordPress CVE-2019-18833 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...) NOT-FOR-US: Barco ClickShare Button R9861500D01 devices CVE-2019-18832 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have incorrec ...) NOT-FOR-US: Barco ClickShare Button R9861500D01 devices CVE-2019-18831 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Informa ...) NOT-FOR-US: Barco ClickShare Button R9861500D01 devices CVE-2019-18830 (Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Comm ...) NOT-FOR-US: Barco ClickShare Button R9861500D01 devices CVE-2019-18829 (Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Miss ...) NOT-FOR-US: Barco ClickShare Button R9861500D01 devices CVE-2019-18828 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insuffic ...) NOT-FOR-US: Barco ClickShare Button R9861500D01 devices CVE-2019-18827 (On Barco ClickShare Button R9861500D01 devices (before firmware versio ...) NOT-FOR-US: Barco ClickShare Button R9861500D01 devices CVE-2019-18826 (Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper ...) NOT-FOR-US: Barco ClickShare Button R9861500D01 devices CVE-2019-18825 (Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 device ...) NOT-FOR-US: Barco ClickShare Huddle devices CVE-2019-18824 (Barco ClickShare Button R9861500D01 devices before 1.10.0.13 have Miss ...) NOT-FOR-US: Barco ClickShare Button R9861500D01 devices CVE-2019-18823 (HTCondor up to and including stable series 8.8.6 and development serie ...) {DLA-2724-1} - condor (bug #963777) NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0003.html NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2020-0004.html NOTE: https://github.com/htcondor/htcondor/commit/95eaee86e7ad3852c17df46a1b8b193dabd1fd14 NOTE: https://github.com/htcondor/htcondor/commit/07e33c8b14aa00e04d045d4d79c963db082a3129 NOTE: https://github.com/htcondor/htcondor/commit/cbcb93695a932d511c1c7bd40aed1eabeff01d8d NOTE: https://github.com/htcondor/htcondor/commit/3916209123a8ef762b7a9cd84ca0cf8b2cd99716 NOTE: https://github.com/htcondor/htcondor/commit/5c84c6f0b3db4eda1eec42c2c708069bb9393f0b CVE-2019-18822 (A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allo ...) NOT-FOR-US: ZOOM Call Recording CVE-2019-18821 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiCu ...) NOT-FOR-US: Eximious Logo Designer CVE-2019-18820 (Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!Rtlp ...) NOT-FOR-US: Eximious Logo Designer CVE-2019-18819 (Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVe ...) NOT-FOR-US: Eximious Logo Designer CVE-2019-18818 (strapi before 3.0.0-beta.17.5 mishandles password resets within packag ...) NOT-FOR-US: strapi CMS CVE-2019-18817 (Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_ ...) NOT-FOR-US: Istio CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows pos ...) NOT-FOR-US: PopojiCMS CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...) NOT-FOR-US: PopojiCMS CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://lore.kernel.org/patchwork/patch/1142523/ CVE-2019-18813 (A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc ...) - linux 5.3.15-1 (unimportant) [buster] - linux 4.19.87-1 [stretch] - linux (Bug introduced later) [jessie] - linux (Bug introduced later) NOTE: https://git.kernel.org/linus/9bbfceea12a8f145097a27d7c7267af25893c060 NOTE: No security impact since the issue is on the probe path. CVE-2019-18812 (A memory leak in the sof_dfsentry_write() function in sound/soc/sof/de ...) - linux 5.4.6-1 (unimportant) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: Function only exposed through debugfs CVE-2019-18811 (A memory leak in the sof_set_get_large_ctrl_data() function in sound/s ...) - linux 5.3.15-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) CVE-2019-18810 (A memory leak in the komeda_wb_connector_add() function in drivers/gpu ...) - linux 5.3.9-1 (unimportant) [buster] - linux (Bug introduced later) [stretch] - linux (Bug introduced later) [jessie] - linux (Bug introduced later) NOTE: https://git.kernel.org/linus/a0ecd6fdbf5d648123a7315c695fb6850d702835 NOTE: CONFIG_DRM_KOMEDA not enabled in Debian builds. CVE-2019-18809 (A memory leak in the af9005_identify_state() function in drivers/media ...) {DLA-2114-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Bug introduced later) CVE-2019-18808 (A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...) - linux 5.5.13-1 (unimportant) [buster] - linux 4.19.146-1 NOTE: Not a valid issue CVE-2019-18807 (Two memory leaks in the sja1105_static_config_upload() function in dri ...) - linux 5.3.7-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/68501df92d116b760777a2cfda314789f926476f CVE-2019-18806 (A memory leak in the ql_alloc_large_buffers() function in drivers/net/ ...) - linux 5.3.7-1 (unimportant) [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux 3.16.81-1 NOTE: https://git.kernel.org/linus/1acb8f2a7a9f10543868ddd737e37424d5c36cf4 CVE-2019-18805 (An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux ker ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/19fad20d15a6494f47f85d869f00b11343ee5c78 CVE-2019-18804 (DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU:: ...) {DLA-2667-1 DLA-1985-1} - djvulibre 3.5.27.1-14 (bug #945114) [buster] - djvulibre (Minor issue) NOTE: https://sourceforge.net/p/djvu/bugs/309/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/ CVE-2019-18803 RESERVED CVE-2019-18802 (An issue was discovered in Envoy 1.12.0. An untrusted remote client ma ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-18801 (An issue was discovered in Envoy 1.12.0. An untrusted remote client ma ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-18800 (Viber through 11.7.0.5 allows a remote attacker who can capture a vict ...) NOT-FOR-US: Viber CVE-2019-18799 (LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser ...) - libsass 3.6.3-1 (low) [buster] - libsass (Minor issue) [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/3001 NOTE: https://github.com/mgreter/libsass/commit/994695c669085058c4a500f295a0531893eff77a CVE-2019-18798 (LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::wea ...) - libsass 3.6.3-1 (low) [buster] - libsass (Minor issue) [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/2999 NOTE: https://github.com/mgreter/libsass/commit/0b721e0f37fc69ab197ec956a923e036e3b05ca6 CVE-2019-18797 (LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sas ...) - libsass (unimportant) [buster] - libsass (Minor issue) [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/3000 NOTE: Not considered a security issue be upstream CVE-2019-18796 (The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamC ...) NOT-FOR-US: BASS Audio Library CVE-2019-18795 (The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamC ...) NOT-FOR-US: BASS Audio Library CVE-2019-18794 (The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamC ...) NOT-FOR-US: BASS Audio Library CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/inde ...) NOT-FOR-US: Parallels Plesk Panel CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to bypass/ev ...) {DLA-2087-1} [experimental] - suricata 1:5.0.1-1~exp1 - suricata 1:5.0.2-1 [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) NOTE: https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b (master-4.1.x) NOTE: https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 (suricata-5.0.1) NOTE: https://redmine.openinfosecfoundation.org/issues/3324 NOTE: https://redmine.openinfosecfoundation.org/issues/3394 CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark devices ha ...) NOT-FOR-US: Lexmark CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...) {DLA-2017-1} - asterisk 1:16.10.0~dfsg-1 (bug #947381) [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2 [stretch] - asterisk (Minor issue) NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28589 CVE-2019-18789 RESERVED CVE-2019-18788 RESERVED CVE-2019-18787 RESERVED CVE-2019-18785 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 mishandles ...) NOT-FOR-US: SuiteCRM CVE-2019-18784 (SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2019-18783 RESERVED CVE-2019-18782 (SuiteCRM 7.10.x prior to 7.10.21 and 7.11.x prior to 7.11.9 does not c ...) NOT-FOR-US: SuiteCRM CVE-2019-18781 (An open redirect vulnerability was discovered in Zoho ManageEngine ADS ...) NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2019-18786 (In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitial ...) - linux 5.4.8-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://patchwork.linuxtv.org/patch/59542/ CVE-2019-18780 (An arbitrary command injection vulnerability in the Cluster Server com ...) NOT-FOR-US: Veritas InfoScale CVE-2019-18779 RESERVED CVE-2019-18778 RESERVED CVE-2019-18777 RESERVED CVE-2019-18776 RESERVED CVE-2019-18775 RESERVED CVE-2019-18774 REJECTED CVE-2019-18773 REJECTED CVE-2019-18772 REJECTED CVE-2019-18771 REJECTED CVE-2019-18770 REJECTED CVE-2019-18769 REJECTED CVE-2019-18768 REJECTED CVE-2019-18767 REJECTED CVE-2019-18766 REJECTED CVE-2019-18765 REJECTED CVE-2019-18764 REJECTED CVE-2019-18763 REJECTED CVE-2019-18762 REJECTED CVE-2019-18761 REJECTED CVE-2019-18760 REJECTED CVE-2019-18759 REJECTED CVE-2019-18758 REJECTED CVE-2019-18757 REJECTED CVE-2019-18756 REJECTED CVE-2019-18755 REJECTED CVE-2019-18754 REJECTED CVE-2019-18753 REJECTED CVE-2019-18752 REJECTED CVE-2019-18751 REJECTED CVE-2019-18750 REJECTED CVE-2019-18749 REJECTED CVE-2019-18748 REJECTED CVE-2019-18747 REJECTED CVE-2019-18746 REJECTED CVE-2019-18745 REJECTED CVE-2019-18744 REJECTED CVE-2019-18743 REJECTED CVE-2019-18742 REJECTED CVE-2019-18741 REJECTED CVE-2019-18740 REJECTED CVE-2019-18739 REJECTED CVE-2019-18738 REJECTED CVE-2019-18737 REJECTED CVE-2019-18736 REJECTED CVE-2019-18735 REJECTED CVE-2019-18734 REJECTED CVE-2019-18733 REJECTED CVE-2019-18732 REJECTED CVE-2019-18731 REJECTED CVE-2019-18730 REJECTED CVE-2019-18729 REJECTED CVE-2019-18728 REJECTED CVE-2019-18727 REJECTED CVE-2019-18726 REJECTED CVE-2019-18725 REJECTED CVE-2019-18724 REJECTED CVE-2019-18723 REJECTED CVE-2019-18722 REJECTED CVE-2019-18721 REJECTED CVE-2019-18720 REJECTED CVE-2019-18719 REJECTED CVE-2019-18718 REJECTED CVE-2019-18717 REJECTED CVE-2019-18716 REJECTED CVE-2019-18715 REJECTED CVE-2019-18714 REJECTED CVE-2019-18713 REJECTED CVE-2019-18712 REJECTED CVE-2019-18711 REJECTED CVE-2019-18710 REJECTED CVE-2019-18709 REJECTED CVE-2019-18708 REJECTED CVE-2019-18707 REJECTED CVE-2019-18706 REJECTED CVE-2019-18705 REJECTED CVE-2019-18704 REJECTED CVE-2019-18703 REJECTED CVE-2019-18702 REJECTED CVE-2019-18701 REJECTED CVE-2019-18700 REJECTED CVE-2019-18699 REJECTED CVE-2019-18698 REJECTED CVE-2019-18697 REJECTED CVE-2019-18696 REJECTED CVE-2019-18695 REJECTED CVE-2019-18694 REJECTED CVE-2019-18693 REJECTED CVE-2019-18692 REJECTED CVE-2019-18691 REJECTED CVE-2019-18690 REJECTED CVE-2019-18689 REJECTED CVE-2019-18688 REJECTED CVE-2019-18687 REJECTED CVE-2019-18686 REJECTED CVE-2019-18685 REJECTED CVE-2019-18684 (** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to r ...) NOTE: https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd NOTE: Issue is bogus and a non-security issue (confirmed by upstream and in progress NOTE: of beeing REJECTED). An attack is only viable if the attacker can write to fd/3. CVE-2019-18682 RESERVED CVE-2019-18681 RESERVED CVE-2019-18680 (An issue was discovered in the Linux kernel 4.4.x before 4.4.195. Ther ...) - linux (Vulnerable code not present) NOTE: https://lkml.org/lkml/2019/9/18/337 CVE-2019-18679 (An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to ...) {DSA-4682-1 DLA-2278-1 DLA-2028-1} - squid 4.9-1 - squid3 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6f2841090dffbec1a2b2417e18bb3dc71d62dd2e.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt CVE-2019-18678 (An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...) {DSA-4682-1 DLA-2278-1 DLA-2028-1} - squid 4.9-1 - squid3 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_10.txt CVE-2019-18677 (An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...) {DSA-4682-1 DLA-2278-1 DLA-2028-1} - squid 4.9-1 - squid3 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_9.txt CVE-2019-18676 (An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incor ...) {DSA-4682-1 DLA-2278-1} - squid 4.9-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch CVE-2019-18683 (An issue was discovered in drivers/media/platform/vivid in the Linux k ...) {DLA-2114-1} - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2019/11/02/1 CVE-2019-18675 (The Linux kernel through 5.3.13 has a start_offset+size Integer Overfl ...) - linux 4.16.16-1 [stretch] - linux 4.9.110-1 [jessie] - linux 3.16.64-1 NOTE: https://deshal3v.github.io/blog/kernel-research/mmap_exploitation CVE-2019-18674 (An issue was discovered in Joomla! before 3.9.13. A missing access che ...) NOT-FOR-US: Joomla! CVE-2019-18673 (On SHIFT BitBox02 devices, a side channel for the row-based OLED displ ...) NOT-FOR-US: SHIFT BitBox02 devices CVE-2019-18672 (Insufficient checks in the finite state machine of the ShapeShift Keep ...) NOT-FOR-US: ShapeShift CVE-2019-18671 (Insufficient checks in the USB packet handling of the ShapeShift KeepK ...) NOT-FOR-US: ShapeShift CVE-2019-18670 (In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2 ...) NOT-FOR-US: Acer CVE-2019-18669 RESERVED CVE-2019-18668 (An issue was discovered in the Currency Switcher addon before 2.11.2 f ...) NOT-FOR-US: Currency Switcher addon for WooCommerce CVE-2019-18667 (/usr/local/www/freeradius_view_config.php in the freeradius3 package b ...) NOT-FOR-US: FreeBSD specific freeradius_view_config.php in the freeradius3 package CVE-2019-18666 (An issue was discovered on D-Link DAP-1360 revision F devices. Remote ...) NOT-FOR-US: D-Link CVE-2019-18665 (The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion ...) NOT-FOR-US: SECUDOS DOMOS CVE-2019-18664 (The Log module in SECUDOS DOMOS before 5.6 allows XSS. ...) NOT-FOR-US: SECUDOS DOMOS CVE-2019-18663 (A SQL injection vulnerability in a /login/forgot1 POST request in ARP- ...) NOT-FOR-US: ARP-GUARD CVE-2019-18662 (An issue was discovered in YouPHPTube through 7.7. User input passed t ...) NOT-FOR-US: YouPHPTube CVE-2019-18661 (Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by ...) NOT-FOR-US: Fastweb FASTGate CVE-2019-18660 (The Linux kernel before 5.4.1 on powerpc allows Information Exposure b ...) - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux (powerpc not supported in LTS) NOTE: https://www.openwall.com/lists/oss-security/2019/11/27/1 CVE-2019-18659 (The Wireless Emergency Alerts (WEA) protocol allows remote attackers t ...) NOT-FOR-US: Wireless Emergency Alerts (WEA) protocol CVE-2019-18658 (In Helm 2.x before 2.15.2, commands that deal with loading a chart as ...) - helm-kubernetes (bug #910799) CVE-2019-18657 (ClickHouse before 19.13.5.44 allows HTTP header injection via the url ...) NOT-FOR-US: ClickHouse CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBu ...) NOT-FOR-US: Pimcore CVE-2019-18655 (File Sharing Wizard version 1.5.0 build 2008 is affected by a Structur ...) NOT-FOR-US: File Sharing Wizard CVE-2019-18654 (A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet S ...) NOT-FOR-US: AVG CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, In ...) NOT-FOR-US: Avast CVE-2019-18652 (A DOM based XSS vulnerability has been identified on the WatchGuard XM ...) NOT-FOR-US: Watchguard CVE-2019-18651 (A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias ...) NOT-FOR-US: 3xLogic CVE-2019-18650 (An issue was discovered in Joomla! before 3.9.13. A missing token chec ...) NOT-FOR-US: Joomla! CVE-2019-18649 (When logged in as an admin user, the Title input field (under Reports) ...) NOT-FOR-US: Untangle NG firewall CVE-2019-18648 (When logged in as an admin user, the Untangle NG firewall 14.2.0 is vu ...) NOT-FOR-US: Untangle NG firewall CVE-2019-18647 (The Untangle NG firewall 14.2.0 is vulnerable to an authenticated comm ...) NOT-FOR-US: Untangle NG firewall CVE-2019-18646 (The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline- ...) NOT-FOR-US: Untangle NG firewall CVE-2019-18645 (The quarantine restoration function in Total Defense Anti-virus 11.5.2 ...) NOT-FOR-US: Total Defense Anti-virus CVE-2019-18644 (The malware scan function in Total Defense Anti-virus 11.5.2.28 is vul ...) NOT-FOR-US: Total Defense Anti-virus CVE-2019-18643 (Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to pr ...) NOT-FOR-US: Rock RMS CVE-2019-18642 (Rock RMS version before 8.6 is vulnerable to account takeover by tampe ...) NOT-FOR-US: Rock RMS CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...) NOT-FOR-US: Rock RMS CVE-2019-18640 RESERVED CVE-2019-18639 RESERVED CVE-2019-18638 RESERVED CVE-2019-18637 RESERVED CVE-2019-18636 (A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka A ...) NOT-FOR-US: Jitbit .NET Forum CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through v0.42.1 and v ...) NOT-FOR-US: Mooltipass Moolticute CVE-2019-18634 (In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users ...) {DSA-4614-1 DLA-2094-1} - sudo 1.8.31-1 (bug #950371) [buster] - sudo 1.8.27-1+deb10u2 NOTE: https://www.sudo.ws/alerts/pwfeedback.html NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/6 NOTE: https://github.com/sudo-project/sudo/commit/fa8ffeb17523494f0e8bb49a25e53635f4509078 (master) NOTE: https://github.com/sudo-project/sudo/commit/b5d2010b6514ff45693509273bb07df3abb0bf0a (SUDO_1_8_31) NOTE: The issue itself is fixed only in 1.8.31 but a change in the EOF handling NOTE: introduced in 1.8.26 mitigated exploitation of the bug in some cases: NOTE: https://www.openwall.com/lists/oss-security/2020/01/31/1 NOTE: Change for "Print a warning for password read issues" in 1.8.26: NOTE: https://github.com/sudo-project/sudo/commit/ab2cba0f5d8b286e8e52c06076efd32434f538ae (SUDO_1_8_26) NOTE: The overflow is tough as well reachable when using a pty: NOTE: https://www.openwall.com/lists/oss-security/2020/02/05/2 CVE-2019-18633 (European Commission eIDAS-Node Integration Package before 2.3.1 has Mi ...) NOT-FOR-US: European Commission eIDAS-Node Integration Package CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1 allows ...) NOT-FOR-US: European Commission eIDAS-Node Integration Package CVE-2019-18631 (The Windows component of Centrify Authentication and Privilege Elevati ...) NOT-FOR-US: Centrify Authentication and Privilege Elevation Services CVE-2019-18630 (On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/ ...) NOT-FOR-US: Xerox CVE-2019-18629 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...) NOT-FOR-US: Xerox CVE-2019-18628 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...) NOT-FOR-US: Xerox CVE-2019-18627 RESERVED CVE-2019-18626 (Harris Ormed Self Service before 2019.1.4 allows an authenticated user ...) NOT-FOR-US: Harris Ormed Self Service CVE-2019-18625 (An issue was discovered in Suricata 5.0.0. It was possible to bypass/e ...) {DLA-2087-1} [experimental] - suricata 1:5.0.1-1~exp1 - suricata 1:5.0.2-1 [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) NOTE: https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 (suricata-5.0.1) NOTE: https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 (master-4.1.x) NOTE: https://redmine.openinfosecfoundation.org/issues/3286 NOTE: https://redmine.openinfosecfoundation.org/issues/3395 CVE-2019-18624 (Opera Mini for Android allows attackers to bypass intended restriction ...) NOT-FOR-US: Opera Mini for Android CVE-2019-18623 (Escalation of privileges in EnergyCAP 7 through 7.5.6 allows an attack ...) NOT-FOR-US: EnergyCAP CVE-2019-18622 (An issue was discovered in phpMyAdmin before 4.9.2. A crafted database ...) - phpmyadmin 4:4.9.2+dfsg1-1 (bug #945349) [stretch] - phpmyadmin (vulnerable code is not present) [jessie] - phpmyadmin (vulnerable code is not present) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ff541af95d7155d8dd326f331b5e248fea8e7111 NOTE: https://gist.github.com/ibennetch/4ba7d2fac6f384a5039d697a110e0912 NOTE: https://www.phpmyadmin.net/security/PMASA-2019-5/ CVE-2019-18621 RESERVED CVE-2019-18620 RESERVED CVE-2019-18619 (Incorrect parameter validation in the synaTee component of Synaptics W ...) NOT-FOR-US: Synaptics CVE-2019-18618 (Incorrect access control in the firmware of Synaptics VFS75xx family f ...) NOT-FOR-US: firmware of Synaptics VFS75xx family fingerprint sensors CVE-2019-18617 RESERVED CVE-2019-18616 RESERVED CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2 Train, unde ...) NOT-FOR-US: CloudVision Portal CVE-2019-18614 (On the Cypress CYW20735 evaluation board, any data that exceeds 384 by ...) NOT-FOR-US: Cypress CVE-2019-18613 RESERVED CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 1.34 for ...) NOT-FOR-US: AbuseFilter MediaWiki extension CVE-2019-18611 (An issue was discovered in the CheckUser extension through 1.34 for Me ...) NOT-FOR-US: CheckUser MediaWiki extension CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through 13.x, ...) {DLA-2017-1} - asterisk 1:16.10.0~dfsg-1 (bug #947377) [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2 [stretch] - asterisk (Minor issue) NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580 CVE-2019-18609 (An issue was discovered in amqp_handle_input in amqp_connection.c in r ...) {DLA-2022-1} - librabbitmq 0.10.0-1 (low; bug #946005) [buster] - librabbitmq (Minor issue) [stretch] - librabbitmq (Minor issue) NOTE: https://github.com/alanxz/rabbitmq-c/commit/fc85be7123050b91b054e45b91c78d3241a5047a CVE-2019-18608 (Cezerin v0.33.0 allows unauthorized order-information modification bec ...) NOT-FOR-US: Cezerin CVE-2019-18607 RESERVED CVE-2019-18606 RESERVED CVE-2019-18605 RESERVED CVE-2019-18604 (In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distr ...) - texlive-bin 2020.20200327.54578-2 [buster] - texlive-bin (Minor issue) [stretch] - texlive-bin (Vulnerable code not present) [jessie] - texlive-bin (Vulnerable code not present) NOTE: https://github.com/TeX-Live/texlive-source/commit/9216833a3888a4105a18e8c349f65b045ddb1079#diff-987e40c0e27ee43f6a2414ada73a191a CVE-2019-18600 RESERVED CVE-2019-18599 RESERVED CVE-2019-18598 RESERVED CVE-2019-18597 RESERVED CVE-2019-18596 RESERVED CVE-2019-18595 RESERVED CVE-2019-18594 RESERVED CVE-2019-18593 RESERVED CVE-2019-18592 RESERVED CVE-2019-18591 RESERVED CVE-2019-18590 RESERVED CVE-2019-18589 RESERVED CVE-2019-18588 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Un ...) NOT-FOR-US: EMC CVE-2019-18587 RESERVED CVE-2019-18586 REJECTED CVE-2019-18585 REJECTED CVE-2019-18584 REJECTED CVE-2019-18583 REJECTED CVE-2019-18582 (Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions ...) NOT-FOR-US: EMC CVE-2019-18581 (Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions ...) NOT-FOR-US: EMC CVE-2019-18580 (Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Jav ...) NOT-FOR-US: EMC CVE-2019-18579 (Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1. ...) NOT-FOR-US: Dell CVE-2019-18578 (Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-si ...) NOT-FOR-US: EMC XtremIO XMS CVE-2019-18577 (Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect perm ...) NOT-FOR-US: EMC XtremIO XMS CVE-2019-18576 (Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information di ...) NOT-FOR-US: EMC XtremIO XMS CVE-2019-18575 (Dell Command Configure versions prior to 4.2.1 contain an uncontrolled ...) NOT-FOR-US: Dell Command Configure CVE-2019-18574 (RSA Authentication Manager software versions prior to 8.4 P8 contain a ...) NOT-FOR-US: RSA Authentication Manager software CVE-2019-18573 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...) NOT-FOR-US: RSA CVE-2019-18572 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...) NOT-FOR-US: RSA CVE-2019-18571 (The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Go ...) NOT-FOR-US: RSA CVE-2019-18570 RESERVED CVE-2019-18569 RESERVED CVE-2019-18568 (Avira Free Antivirus 15.0.1907.1514 is prone to a local privilege esca ...) NOT-FOR-US: Avira Free Antivirus CVE-2019-18567 (Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an o ...) NOT-FOR-US: Bromium CVE-2019-18566 REJECTED CVE-2019-18565 REJECTED CVE-2019-18564 REJECTED CVE-2019-18563 REJECTED CVE-2019-18562 REJECTED CVE-2019-18561 REJECTED CVE-2019-18560 REJECTED CVE-2019-18559 REJECTED CVE-2019-18558 REJECTED CVE-2019-18557 REJECTED CVE-2019-18556 REJECTED CVE-2019-18555 REJECTED CVE-2019-18554 REJECTED CVE-2019-18553 REJECTED CVE-2019-18552 REJECTED CVE-2019-18551 REJECTED CVE-2019-18550 REJECTED CVE-2019-18549 REJECTED CVE-2019-18548 REJECTED CVE-2019-18547 REJECTED CVE-2019-18546 REJECTED CVE-2019-18545 REJECTED CVE-2019-18544 REJECTED CVE-2019-18543 REJECTED CVE-2019-18542 REJECTED CVE-2019-18541 REJECTED CVE-2019-18540 REJECTED CVE-2019-18539 REJECTED CVE-2019-18538 REJECTED CVE-2019-18537 REJECTED CVE-2019-18536 REJECTED CVE-2019-18535 REJECTED CVE-2019-18534 REJECTED CVE-2019-18533 REJECTED CVE-2019-18532 REJECTED CVE-2019-18531 REJECTED CVE-2019-18530 REJECTED CVE-2019-18529 REJECTED CVE-2019-18528 REJECTED CVE-2019-18527 REJECTED CVE-2019-18526 REJECTED CVE-2019-18525 REJECTED CVE-2019-18524 REJECTED CVE-2019-18523 REJECTED CVE-2019-18522 REJECTED CVE-2019-18521 REJECTED CVE-2019-18520 REJECTED CVE-2019-18519 REJECTED CVE-2019-18518 REJECTED CVE-2019-18517 REJECTED CVE-2019-18516 REJECTED CVE-2019-18515 REJECTED CVE-2019-18514 REJECTED CVE-2019-18513 REJECTED CVE-2019-18512 REJECTED CVE-2019-18511 REJECTED CVE-2019-18510 REJECTED CVE-2019-18509 REJECTED CVE-2019-18508 REJECTED CVE-2019-18507 REJECTED CVE-2019-18506 REJECTED CVE-2019-18505 REJECTED CVE-2019-18504 REJECTED CVE-2019-18503 REJECTED CVE-2019-18502 REJECTED CVE-2019-18501 REJECTED CVE-2019-18500 REJECTED CVE-2019-18499 REJECTED CVE-2019-18498 REJECTED CVE-2019-18497 REJECTED CVE-2019-18496 REJECTED CVE-2019-18495 REJECTED CVE-2019-18494 REJECTED CVE-2019-18493 REJECTED CVE-2019-18492 REJECTED CVE-2019-18491 REJECTED CVE-2019-18490 REJECTED CVE-2019-18489 REJECTED CVE-2019-18488 REJECTED CVE-2019-18487 REJECTED CVE-2019-18486 REJECTED CVE-2019-18485 REJECTED CVE-2019-18484 REJECTED CVE-2019-18483 REJECTED CVE-2019-18482 REJECTED CVE-2019-18481 REJECTED CVE-2019-18480 REJECTED CVE-2019-18479 REJECTED CVE-2019-18478 REJECTED CVE-2019-18477 REJECTED CVE-2019-18476 REJECTED CVE-2019-18475 REJECTED CVE-2019-18474 REJECTED CVE-2019-18473 REJECTED CVE-2019-18472 REJECTED CVE-2019-18471 REJECTED CVE-2019-18470 REJECTED CVE-2019-18469 REJECTED CVE-2019-18468 REJECTED CVE-2019-18467 REJECTED CVE-2019-18466 (An issue was discovered in Podman in libpod before 1.6.0. It resolves ...) - libpod (Fixed before initial upload) CVE-2019-18601 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of ser ...) {DLA-1982-1} - openafs 1.8.5-1 (low; bug #943587) [buster] - openafs (Minor issue) [stretch] - openafs (Minor issue) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-003.txt CVE-2019-18602 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an informatio ...) {DLA-1982-1} - openafs 1.8.5-1 (low; bug #943587) [buster] - openafs (Minor issue) [stretch] - openafs (Minor issue) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-002.txt CVE-2019-18603 (OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information l ...) {DLA-1982-1} - openafs 1.8.5-1 (low; bug #943587) [buster] - openafs (Minor issue) [stretch] - openafs (Minor issue) NOTE: http://openafs.org/pages/security/OPENAFS-SA-2019-001.txt CVE-2019-18465 (In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has be ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2019-18464 (In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 1 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2019-18463 (An issue was discovered in GitLab Community and Enterprise Edition thr ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18462 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18461 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18460 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18459 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18458 (An issue was discovered in GitLab Community and Enterprise Edition thr ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18457 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18456 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18455 (An issue was discovered in GitLab Community and Enterprise Edition 11 ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18454 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18453 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18452 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18451 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18450 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18449 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18448 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18447 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18446 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 12.2.9-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/ CVE-2019-18445 RESERVED CVE-2019-18444 RESERVED CVE-2019-18443 RESERVED CVE-2019-18442 RESERVED CVE-2019-18441 RESERVED CVE-2019-18440 RESERVED CVE-2019-18439 RESERVED CVE-2019-18438 RESERVED CVE-2019-18437 RESERVED CVE-2019-18436 RESERVED CVE-2019-18435 RESERVED CVE-2019-18434 RESERVED CVE-2019-18433 RESERVED CVE-2019-18432 RESERVED CVE-2019-18431 RESERVED CVE-2019-18430 RESERVED CVE-2019-18429 RESERVED CVE-2019-18428 RESERVED CVE-2019-18427 RESERVED CVE-2019-18426 (A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when pa ...) NOT-FOR-US: WhatsApp Desktop CVE-2019-18425 (An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-298.html CVE-2019-18424 (An issue was discovered in Xen through 4.12.x allowing attackers to ga ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-302.html CVE-2019-18423 (An issue was discovered in Xen through 4.12.x allowing ARM guest OS us ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-301.html CVE-2019-18422 (An issue was discovered in Xen through 4.12.x allowing ARM guest OS us ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-303.html CVE-2019-18421 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-299.html CVE-2019-18420 (An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-296.html CVE-2019-18419 (A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB ...) NOT-FOR-US: ClonOS CVE-2019-18418 (clonos.php in ClonOS WEB control panel 19.09 allows remote attackers t ...) NOT-FOR-US: ClonOS CVE-2019-18417 (Sourcecodester Restaurant Management System 1.0 allows an authenticate ...) NOT-FOR-US: Sourcecodester Restaurant Management System CVE-2019-18416 (Sourcecodester Restaurant Management System 1.0 allows XSS via the Las ...) NOT-FOR-US: Sourcecodester Restaurant Management System CVE-2019-18415 (Sourcecodester Restaurant Management System 1.0 allows XSS via the "se ...) NOT-FOR-US: Sourcecodester Restaurant Management System CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by an admi ...) NOT-FOR-US: Sourcecodester Restaurant Management System CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation can b ...) NOT-FOR-US: TypeStack class-validator CVE-2019-18412 (JetBrains IDETalk plugin before version 193.4099.10 allows XXE ...) NOT-FOR-US: JetBrains IDETalk plugin CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-18410 RESERVED CVE-2019-18409 (The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local pr ...) NOT-FOR-US: ruby_parser-legacy packaging issue CVE-2019-18408 (archive_read_format_rar_read_data in archive_read_support_format_rar.c ...) {DSA-4557-1 DLA-1971-1} - libarchive 3.4.0-1 NOTE: https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14689 CVE-2019-18407 RESERVED CVE-2019-18406 RESERVED CVE-2019-18405 RESERVED CVE-2019-18404 RESERVED CVE-2019-18403 RESERVED CVE-2019-18402 RESERVED CVE-2019-18401 RESERVED CVE-2019-18400 RESERVED CVE-2019-18399 RESERVED CVE-2019-18398 RESERVED CVE-2019-18397 (A buffer overflow in the fribidi_get_par_embedding_levels_ex() functio ...) {DSA-4561-1} - fribidi 1.0.7-1.1 (bug #944327) [stretch] - fribidi (Vulnerable code not present) [jessie] - fribidi (Vulnerable code not present) NOTE: Fixed by: https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568 NOTE: Introduced by: https://github.com/fribidi/fribidi/commit/f20b6480b9cd46dae8d82a6f95d9c53558fcfd20 (v1.0.0) CVE-2019-18396 (An issue was discovered in certain Oi third-party firmware that may be ...) NOT-FOR-US: Technicolor CVE-2019-18395 RESERVED CVE-2019-18394 (A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.j ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-18393 (PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-18392 REJECTED CVE-2019-18391 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...) - virglrenderer 0.8.1-1 (bug #946942) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/2abeb1802e3c005b17a7123e382171b3fb665971 CVE-2019-18390 (An out-of-bounds read in the vrend_blit_need_swizzle function in vrend ...) - virglrenderer 0.8.1-1 [buster] - virglrenderer (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765584 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/24f67de7a9088a873844a39be03cee6882260ac9 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#3cd772559e0d73afa136d6818023cfd0c4c8ecc0_0_151 CVE-2019-18389 (A heap-based buffer overflow in the vrend_renderer_transfer_write_iov ...) - virglrenderer 0.8.1-1 (bug #946942) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/cbc8d8b75be360236cada63784046688aeb6d921 CVE-2019-18388 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...) - virglrenderer 0.8.1-1 [buster] - virglrenderer (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1765578 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/0d9a2c88dc3a70023541b3260b9f00c982abda16 NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/314/diffs?commit_id=d2cdbcf6a8f2317f250fd54f08aa35dde2fa3e30#diff-content-3cd772559e0d73afa136d6818023cfd0c4c8ecc0 CVE-2019-18387 (Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to ...) NOT-FOR-US: Sourcecodester Hotel and Lodge Management System CVE-2019-18386 (Systems management on Unisys ClearPath Forward Libra and ClearPath MCP ...) NOT-FOR-US: Unisys CVE-2019-18385 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unaut ...) NOT-FOR-US: TerraMaster CVE-2019-18384 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authe ...) NOT-FOR-US: TerraMaster CVE-2019-18383 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can ...) NOT-FOR-US: TerraMaster CVE-2019-18382 (An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A d ...) NOT-FOR-US: AVStar PE204 CVE-2019-18381 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cro ...) NOT-FOR-US: Norton Password Manager CVE-2019-18380 (Symantec Industrial Control System Protection (ICSP), versions 6.x.x, ...) NOT-FOR-US: Symantec CVE-2019-18379 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a s ...) NOT-FOR-US: Symantec CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a c ...) NOT-FOR-US: Symantec CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...) NOT-FOR-US: Symantec CVE-2019-18376 (A CSRF token disclosure vulnerability allows a remote attacker, with a ...) NOT-FOR-US: Broadcom CVE-2019-18375 (The ASG and ProxySG management consoles are susceptible to a session h ...) NOT-FOR-US: ASG and ProxySG management consoles CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & ...) NOT-FOR-US: Symantec CVE-2019-18373 (Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass ex ...) NOT-FOR-US: Norton CVE-2019-18372 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2019-18371 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...) NOT-FOR-US: Xiaomi CVE-2019-18370 (An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-s ...) NOT-FOR-US: Xiaomi CVE-2019-18369 (In JetBrains YouTrack before 2019.2.55152, removing tags from the issu ...) NOT-FOR-US: JetBrains CVE-2019-18368 (In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escal ...) NOT-FOR-US: JetBrains CVE-2019-18367 (In JetBrains TeamCity before 2019.1.2, a non-destructive operation cou ...) NOT-FOR-US: JetBrains CVE-2019-18366 (In JetBrains TeamCity before 2019.1.2, secure values could be exposed ...) NOT-FOR-US: JetBrains CVE-2019-18365 (In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible ...) NOT-FOR-US: JetBrains CVE-2019-18364 (In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization c ...) NOT-FOR-US: JetBrains CVE-2019-18363 (In JetBrains TeamCity before 2019.1.2, access could be gained to the h ...) NOT-FOR-US: JetBrains CVE-2019-18362 (JetBrains MPS before 2019.2.2 exposed listening ports to the network. ...) NOT-FOR-US: JetBrains CVE-2019-18361 (JetBrains IntelliJ IDEA before 2019.2 allows local user privilege esca ...) - intellij-idea (bug #747616) CVE-2019-18360 (In JetBrains Hub versions earlier than 2019.1.11738, username enumerat ...) NOT-FOR-US: JetBrains CVE-2019-18359 (A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3G ...) - mp3gain 1.6.2-2 (bug #973932) NOTE: SuSE fix: https://build.opensuse.org/package/view_file/openSUSE:Maintenance:12304/mp3gain.openSUSE_Leap_15.1_Update/0001-fix-security-bugs.patch?rev=0db47562b2545871d0be3fc88083e0cd NOTE: Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc CVE-2019-18358 RESERVED CVE-2019-18357 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...) NOT-FOR-US: Thycotic Secret Server CVE-2019-18356 (An XSS issue was discovered in Thycotic Secret Server before 10.7 (iss ...) NOT-FOR-US: Thycotic Secret Server CVE-2019-18355 (An SSRF issue was discovered in the legacy Web launcher in Thycotic Se ...) NOT-FOR-US: Thycotic Secret Server CVE-2019-18354 RESERVED CVE-2019-18353 RESERVED CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices ...) NOT-FOR-US: PHOENIX CONTACT FL NAT 2208 devices CVE-2019-18351 REJECTED CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET ...) NOT-FOR-US: Ant Design Pro CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...) NOT-FOR-US: HotkeyP CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...) {DLA-2280-1} - python3.8 3.8.3~rc1-1 (unimportant) - python3.7 (unimportant) - python3.5 (unimportant) - python3.4 (unimportant) - python2.7 2.7.18~rc1-1 (unimportant) NOTE: https://github.com/python/cpython/commit/9165addc22d05e776a54319a8531ebd0b2fe01ef (master) NOTE: https://github.com/python/cpython/commit/ff69c9d12c1b06af58e5eae5db4630cedd94740e (3.8 branch) NOTE: https://github.com/python/cpython/commit/34f85af3229f86c004a954c3f261ceea1f5e9f95 (3.7 branch) NOTE: https://github.com/python/cpython/commit/09d8172837b6985c4ad90ee025f6b5a554a9f0ac (3.5 branch) NOTE: https://github.com/python/cpython/commit/e176e0c105786e9f476758eb5438c57223b65e7f (v2.7.18rc1) NOTE: https://bugs.python.org/issue38576 NOTE: Issue only exploitable if CVE-2016-10739 is unfixed in src:glibc. This is NOTE: not the case in all suites, but the issue is minor in general and would NOTE: tend to a no-dsa/ignored tag in those suites. CVE-2019-18347 (A stored XSS issue was discovered in DAViCal through 1.1.8. It does no ...) {DSA-4582-1 DLA-2034-1} - davical 1.1.9.2-1 (bug #946343) NOTE: https://hackdefense.com/publications/cve-2019-18347-davical-caldav-server-vulnerability/ NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19 CVE-2019-18346 (A CSRF issue was discovered in DAViCal through 1.1.8. If an authentica ...) {DSA-4582-1 DLA-2034-1} - davical 1.1.9.2-1 (bug #946343) NOTE: https://hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/ NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19 CVE-2019-18345 (A reflected XSS issue was discovered in DAViCal through 1.1.8. It echo ...) {DSA-4582-1 DLA-2034-1} - davical 1.1.9.2-1 (bug #946343) NOTE: https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/ NOTE: https://gitlab.com/davical-project/davical/commit/86a8ec5302b705cd11f0373eefbe2168799b277b NOTE: https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19 CVE-2019-18344 (Sourcecodester Online Grading System 1.0 is vulnerable to unauthentica ...) NOT-FOR-US: Sourcecodester Online Grading System CVE-2019-18343 RESERVED CVE-2019-18342 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: Siemens CVE-2019-18341 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: Siemens CVE-2019-18340 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: Siemens CVE-2019-18339 (A vulnerability has been identified in SiNVR/SiVMS Video Server (All v ...) NOT-FOR-US: Siemens CVE-2019-18338 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: Siemens CVE-2019-18337 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: Siemens CVE-2019-18336 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) NOT-FOR-US: Siemens CVE-2019-18335 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18334 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18333 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18332 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18331 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18330 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18329 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18328 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18327 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18326 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18325 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18324 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18323 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18322 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18321 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18320 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18319 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18318 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18317 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18316 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18315 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18314 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18313 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18312 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18311 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18310 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18309 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18308 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18307 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18306 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18305 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18304 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18303 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18302 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18301 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18300 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18299 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18298 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18297 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18296 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18295 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18294 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18293 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18292 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18291 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18290 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18289 (A vulnerability has been identified in SPPA-T3000 MS3000 Migration Ser ...) NOT-FOR-US: Siemens CVE-2019-18288 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18287 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18286 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18285 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18284 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18283 (A vulnerability has been identified in SPPA-T3000 Application Server ( ...) NOT-FOR-US: Siemens CVE-2019-18282 (The flow_dissector feature in the Linux kernel 4.3 through 5.x before ...) {DLA-2114-1} - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/55667441c84fa5e0911a0aac44fb059c15ba6da2 CVE-2019-18281 (An out-of-bounds memory access in the generateDirectionalRuns() functi ...) {DSA-4556-1} - qtbase-opensource-src-gles 5.12.5+dfsg-1 - qtbase-opensource-src 5.12.5+dfsg-2 [buster] - qtbase-opensource-src (Minor issue) [stretch] - qtbase-opensource-src (Vulnerable code not present) [jessie] - qtbase-opensource-src (Vulnerable code not present) NOTE: https://github.com/qt/qtbase/commit/af6ac444c97ed2dc234f93fe457440c9da5482ea NOTE: https://bugreports.qt.io/browse/QTBUG-77819 CVE-2019-18280 (Sourcecodester Online Grading System 1.0 is affected by a Cross Site R ...) NOT-FOR-US: Sourcecodester Online Grading System CVE-2019-18279 (In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included driver ...) NOT-FOR-US: Phoenix SCT WinFlash CVE-2019-18278 (When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, ...) NOT-FOR-US: VLC on Windows CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ...) - haproxy 2.0.6-1 [buster] - haproxy 1.8.19-1+deb10u3 [stretch] - haproxy (Minor issue) [jessie] - haproxy (Minor issue) NOTE: https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581 NOTE: https://nathandavison.com/blog/haproxy-http-request-smuggling CVE-2019-18276 (An issue was discovered in disable_priv_mode in shell.c in GNU Bash th ...) - bash 5.1~rc1-2 (unimportant) NOTE: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaad7a18cc0dc1036bba86b18b90874d39ff NOTE: https://savannah.gnu.org/patch/?9822 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1158028 NOTE: Negligible security impact CVE-2019-18275 (OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affect ...) NOT-FOR-US: OSIsoft CVE-2019-18274 RESERVED CVE-2019-18273 (OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The af ...) NOT-FOR-US: OSIsoft CVE-2019-18272 RESERVED CVE-2019-18271 (OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affect ...) NOT-FOR-US: OSIsoft CVE-2019-18270 RESERVED CVE-2019-18269 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...) NOT-FOR-US: Omron CVE-2019-18268 RESERVED CVE-2019-18267 (An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G ...) NOT-FOR-US: GE CVE-2019-18266 RESERVED CVE-2019-18265 RESERVED CVE-2019-18264 RESERVED CVE-2019-18263 (An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual ...) NOT-FOR-US: Philips CVE-2019-18262 RESERVED CVE-2019-18261 (In Omron PLC CS series, all versions, Omron PLC CJ series, all version ...) NOT-FOR-US: Omron CVE-2019-18260 RESERVED CVE-2019-18259 (In Omron PLC CJ series, all versions and Omron PLC CS series, all vers ...) NOT-FOR-US: Omron CVE-2019-18258 RESERVED CVE-2019-18257 (In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple ...) NOT-FOR-US: Advantech CVE-2019-18256 (BIOTRONIK CardioMessenger II, The affected products use individual per ...) NOT-FOR-US: BIOTRONIK CardioMessenge CVE-2019-18255 (HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated u ...) NOT-FOR-US: HMI/SCADA iFIX CVE-2019-18254 (BIOTRONIK CardioMessenger II, The affected products do not encrypt sen ...) NOT-FOR-US: BIOTRONIK CardioMessenge CVE-2019-18253 (An attacker could use specially crafted paths in a specific request to ...) NOT-FOR-US: Relion CVE-2019-18252 (BIOTRONIK CardioMessenger II, The affected products allow credential r ...) NOT-FOR-US: BIOTRONIK CardioMessenge CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervis ...) NOT-FOR-US: Omron CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGIM) and ...) NOT-FOR-US: ABB CVE-2019-18249 (Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firm ...) NOT-FOR-US: Reliable Controls CVE-2019-18248 (BIOTRONIK CardioMessenger II, The affected products transmit credentia ...) NOT-FOR-US: BIOTRONIK CardioMessenge CVE-2019-18247 (An attacker may use a specially crafted message to force Relion 650 se ...) NOT-FOR-US: Relion CVE-2019-18246 (BIOTRONIK CardioMessenger II, The affected products do not properly en ...) NOT-FOR-US: BIOTRONIK CardioMessenge CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may allow an a ...) NOT-FOR-US: Reliable Controls LicenseManager CVE-2019-18244 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft CVE-2019-18243 (HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated u ...) NOT-FOR-US: HMI/SCADA iFIX CVE-2019-18242 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...) NOT-FOR-US: Moxa CVE-2019-18241 (In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all ver ...) NOT-FOR-US: Philips CVE-2019-18240 (In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer o ...) NOT-FOR-US: Fuji CVE-2019-18239 RESERVED CVE-2019-18238 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...) NOT-FOR-US: Moxa CVE-2019-18237 RESERVED CVE-2019-18236 (Multiple buffer overflow vulnerabilities exist when the PLC Editor Ver ...) NOT-FOR-US: PLC Editor CVE-2019-18235 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient ...) NOT-FOR-US: Advantech Spectre RT ERT351 CVE-2019-18234 (Equinox Control Expert all versions, is vulnerable to an SQL injection ...) NOT-FOR-US: Equinox Control Expert CVE-2019-18233 (In Advantech Spectre RT Industrial Routers ERT351 5.1.3 and prior, the ...) NOT-FOR-US: Advantech Spectre RT Industrial Routers ERT351 CVE-2019-18232 (SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only ...) NOT-FOR-US: SafeNet Sentinel LDK License Manager CVE-2019-18231 (Advantech Spectre RT ERT351 Versions 5.1.3 and prior logins and passwo ...) NOT-FOR-US: Advantech Spectre RT ERT351 CVE-2019-18230 (Honeywell equIP and Performance series IP cameras, multiple versions, ...) NOT-FOR-US: Honeywell CVE-2019-18229 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Lack of sanitizati ...) NOT-FOR-US: Advantech CVE-2019-18228 (Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vul ...) NOT-FOR-US: Honeywell CVE-2019-18227 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. XXE vulnerabilitie ...) NOT-FOR-US: Advantech CVE-2019-18226 (Honeywell equIP series and Performance series IP cameras and recorders ...) NOT-FOR-US: Honeywell CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controller (ADC ...) NOT-FOR-US: Citrix CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...) {DSA-4613-1} - libidn2 2.2.0-1 (bug #942895) - libidn2-0 (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420 NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c CVE-2019-18223 (ZOOM International Call Recording 6.3.1 suffers from multiple authenti ...) NOT-FOR-US: ZOOM International Call Recording CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ...) - mbedtls 2.16.4-1 [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 NOTE: Fixed upstream in 2.20.0, 2.16.4 and 2.7.13 CVE-2019-18221 (CoreHR Core Portal before 27.0.7 allows stored XSS. ...) NOT-FOR-US: CoreHR Core Portal CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) ...) NOT-FOR-US: Sitemagic CMS CVE-2019-18219 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Scripting (XSS) vulner ...) NOT-FOR-US: Sitemagic CMS CVE-2019-18218 (cdf_read_property_info in cdf.c in file through 5.37 does not restrict ...) {DSA-4550-1 DLA-2708-1 DLA-1969-1} - file 1:5.37-6 (bug #942830) - php7.0 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780 NOTE: https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84 NOTE: https://github.com/php/php-src/commit/469820048df558040f6dec7c39471ad11e2a7cfb (php-7.2.25RC1) CVE-2019-18217 (ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauth ...) {DSA-4559-1 DLA-1974-1} - proftpd-dfsg 1.3.6a-2 (bug #942831) NOTE: https://github.com/proftpd/proftpd/commit/13fe9462787b9a551152162f46f1641d65fe4df4 NOTE: https://github.com/proftpd/proftpd/issues/846 CVE-2019-18216 (** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM ...) NOT-FOR-US: BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 CVE-2019-18215 (An issue was discovered in signmgr.dll 6.5.0.819 in Comodo Internet Se ...) NOT-FOR-US: Comodo Internet Security CVE-2019-18214 (The Video_Converter app 0.1.0 for Nextcloud allows denial of service ( ...) NOT-FOR-US: Video_Converter app for Nextcloud CVE-2019-18213 (XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML ...) NOT-FOR-US: XML Language Server (aka lsp4xml) CVE-2019-18212 (XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0. ...) NOT-FOR-US: XML Language Server (aka lsp4xml) CVE-2019-18211 (An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTok ...) NOT-FOR-US: Orckestra C1 CMS CVE-2019-18210 (Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows a ...) - moodle CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser doe ...) - etherpad-lite (bug #576998) CVE-2019-18208 RESERVED CVE-2019-18207 (In Zucchetti InfoBusiness before and including 4.4.1, an authenticated ...) NOT-FOR-US: Zucchetti InfoBusiness CVE-2019-18206 (A cross-site request forgery (CSRF) vulnerability in Zucchetti InfoBus ...) NOT-FOR-US: Zucchetti InfoBusiness CVE-2019-18205 (Multiple Reflected Cross-site Scripting (XSS) vulnerabilities exist in ...) NOT-FOR-US: Zucchetti InfoBusiness CVE-2019-18204 (Zucchetti InfoBusiness before and including 4.4.1 allows any authentic ...) NOT-FOR-US: Zucchetti InfoBusiness CVE-2019-18203 (On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabili ...) NOT-FOR-US: Ricoh CVE-2019-18202 (Information Disclosure is possible on WAGO Series PFC100 and PFC200 de ...) NOT-FOR-US: WAGO Series PFC100 and PFC200 devices CVE-2019-18201 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...) NOT-FOR-US: Fujitsu CVE-2019-18200 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...) NOT-FOR-US: Fujitsu CVE-2019-18199 (An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 d ...) NOT-FOR-US: Fujitsu CVE-2019-18197 (In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable i ...) {DLA-1973-1} - libxslt 1.1.32-2.2 (bug #942646) [buster] - libxslt 1.1.32-2.2~deb10u1 [stretch] - libxslt 1.1.29-2.1+deb9u2 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15746 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15768 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15914 NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285 CVE-2019-18196 (A DLL side loading vulnerability in the Windows Service in TeamViewer ...) NOT-FOR-US: TeamViewer CVE-2019-18198 (In the Linux kernel before 5.3.4, a reference count usage error in the ...) - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26 NOTE: https://launchpad.net/bugs/1847478 CVE-2019-18195 (An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal u ...) NOT-FOR-US: TerraMaster FS-210 devices CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escal ...) NOT-FOR-US: TotalAV CVE-2019-18193 (In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, ...) NOT-FOR-US: Unisys Stealth CVE-2019-18192 (GNU Guix 1.0.1 allows local users to gain access to an arbitrary user' ...) - guix (Fixed before initial upload to Debian) NOTE: https://issues.guix.gnu.org/issue/37744 NOTE: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=81c580c8664bfeeb767e2c47ea343004e88223c7 (v1.1.0rc1) CVE-2019-18191 (A privilege escalation vulnerability in the Trend Micro Deep Security ...) NOT-FOR-US: Trend Micro CVE-2019-18190 (Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerab ...) NOT-FOR-US: Trend Micro CVE-2019-18189 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...) NOT-FOR-US: Trend Micro CVE-2019-18188 (Trend Micro Apex One could be exploited by an attacker utilizing a com ...) NOT-FOR-US: Trend Micro CVE-2019-18187 (Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited ...) NOT-FOR-US: Trend Micro CVE-2019-18186 RESERVED CVE-2019-18185 RESERVED CVE-2019-18184 (Crestron DMC-STRO 1.0 devices allow remote command execution as root v ...) NOT-FOR-US: Crestron DMC-STRO 1.0 devices CVE-2019-18183 (pacman before 5.2 is vulnerable to arbitrary command injection in lib/ ...) NOT-FOR-US: pacman package manager for arch, different from src:pacman CVE-2019-18182 (pacman before 5.2 is vulnerable to arbitrary command injection in conf ...) NOT-FOR-US: pacman package manager for arch, different from src:pacman CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train ...) NOT-FOR-US: CloudVision Portal CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...) - otrs2 6.0.24-1 (bug #945251) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (vulnerable code not present) NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/ CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) {DLA-2053-1} - otrs2 6.0.24-1 (bug #945251) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/ CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The fun ...) NOT-FOR-US: FreeRTOS+FAT CVE-2019-18177 RESERVED CVE-2019-18176 RESERVED CVE-2019-18175 RESERVED CVE-2019-18174 RESERVED CVE-2019-18173 RESERVED CVE-2019-18172 RESERVED CVE-2019-18171 RESERVED CVE-2019-18170 RESERVED CVE-2019-18169 RESERVED CVE-2019-18168 RESERVED CVE-2019-18167 RESERVED CVE-2019-18166 RESERVED CVE-2019-18165 RESERVED CVE-2019-18164 RESERVED CVE-2019-18163 RESERVED CVE-2019-18162 RESERVED CVE-2019-18161 RESERVED CVE-2019-18160 RESERVED CVE-2019-18159 RESERVED CVE-2019-18158 RESERVED CVE-2019-18157 RESERVED CVE-2019-18156 RESERVED CVE-2019-18155 RESERVED CVE-2019-18154 RESERVED CVE-2019-18153 RESERVED CVE-2019-18152 RESERVED CVE-2019-18151 RESERVED CVE-2019-18150 RESERVED CVE-2019-18149 RESERVED CVE-2019-18148 RESERVED CVE-2019-18147 RESERVED CVE-2019-18146 RESERVED CVE-2019-18145 RESERVED CVE-2019-18144 RESERVED CVE-2019-18143 RESERVED CVE-2019-18142 RESERVED CVE-2019-18141 RESERVED CVE-2019-18140 RESERVED CVE-2019-18139 RESERVED CVE-2019-18138 RESERVED CVE-2019-18137 RESERVED CVE-2019-18136 RESERVED CVE-2019-18135 RESERVED CVE-2019-18134 RESERVED CVE-2019-18133 RESERVED CVE-2019-18132 RESERVED CVE-2019-18131 RESERVED CVE-2019-18130 RESERVED CVE-2019-18129 RESERVED CVE-2019-18128 RESERVED CVE-2019-18127 RESERVED CVE-2019-18126 RESERVED CVE-2019-18125 RESERVED CVE-2019-18124 RESERVED CVE-2019-18123 RESERVED CVE-2019-18122 RESERVED CVE-2019-18121 RESERVED CVE-2019-18120 RESERVED CVE-2019-18119 RESERVED CVE-2019-18118 RESERVED CVE-2019-18117 RESERVED CVE-2019-18116 RESERVED CVE-2019-18115 RESERVED CVE-2019-18114 RESERVED CVE-2019-18113 RESERVED CVE-2019-18112 RESERVED CVE-2019-18111 RESERVED CVE-2019-18110 RESERVED CVE-2019-18109 RESERVED CVE-2019-18108 RESERVED CVE-2019-18107 RESERVED CVE-2019-18106 RESERVED CVE-2019-18105 RESERVED CVE-2019-18104 RESERVED CVE-2019-18103 RESERVED CVE-2019-18102 RESERVED CVE-2019-18101 RESERVED CVE-2019-18100 RESERVED CVE-2019-18099 RESERVED CVE-2019-18098 RESERVED CVE-2019-18097 RESERVED CVE-2019-18096 RESERVED CVE-2019-18095 RESERVED CVE-2019-18094 RESERVED CVE-2019-18093 RESERVED CVE-2019-18092 RESERVED CVE-2019-18091 RESERVED CVE-2019-18090 RESERVED CVE-2019-18089 RESERVED CVE-2019-18088 RESERVED CVE-2019-18087 RESERVED CVE-2019-18086 RESERVED CVE-2019-18085 RESERVED CVE-2019-18084 RESERVED CVE-2019-18083 RESERVED CVE-2019-18082 RESERVED CVE-2019-18081 RESERVED CVE-2019-18080 RESERVED CVE-2019-18079 RESERVED CVE-2019-18078 RESERVED CVE-2019-18077 RESERVED CVE-2019-18076 RESERVED CVE-2019-18075 RESERVED CVE-2019-18074 RESERVED CVE-2019-18073 RESERVED CVE-2019-18072 RESERVED CVE-2019-18071 RESERVED CVE-2019-18070 RESERVED CVE-2019-18069 RESERVED CVE-2019-18068 RESERVED CVE-2019-18067 RESERVED CVE-2019-18066 RESERVED CVE-2019-18065 RESERVED CVE-2019-18064 RESERVED CVE-2019-18063 RESERVED CVE-2019-18062 RESERVED CVE-2019-18061 RESERVED CVE-2019-18060 RESERVED CVE-2019-18059 RESERVED CVE-2019-18058 RESERVED CVE-2019-18057 RESERVED CVE-2019-18056 RESERVED CVE-2019-18055 RESERVED CVE-2019-18054 RESERVED CVE-2019-18053 RESERVED CVE-2019-18052 RESERVED CVE-2019-18051 RESERVED CVE-2019-18050 RESERVED CVE-2019-18049 RESERVED CVE-2019-18048 RESERVED CVE-2019-18047 RESERVED CVE-2019-18046 RESERVED CVE-2019-18045 RESERVED CVE-2019-18044 RESERVED CVE-2019-18043 RESERVED CVE-2019-18042 RESERVED CVE-2019-18041 RESERVED CVE-2019-18040 RESERVED CVE-2019-18039 RESERVED CVE-2019-18038 RESERVED CVE-2019-18037 RESERVED CVE-2019-18036 RESERVED CVE-2019-18035 RESERVED CVE-2019-18034 RESERVED CVE-2019-18033 RESERVED CVE-2019-18032 RESERVED CVE-2019-18031 RESERVED CVE-2019-18030 RESERVED CVE-2019-18029 RESERVED CVE-2019-18028 RESERVED CVE-2019-18027 RESERVED CVE-2019-18026 RESERVED CVE-2019-18025 RESERVED CVE-2019-18024 RESERVED CVE-2019-18023 RESERVED CVE-2019-18022 RESERVED CVE-2019-18021 RESERVED CVE-2019-18020 RESERVED CVE-2019-18019 RESERVED CVE-2019-18018 RESERVED CVE-2019-18017 RESERVED CVE-2019-18016 RESERVED CVE-2019-18015 RESERVED CVE-2019-18014 RESERVED CVE-2019-18013 RESERVED CVE-2019-18012 RESERVED CVE-2019-18011 RESERVED CVE-2019-18010 RESERVED CVE-2019-18009 RESERVED CVE-2019-18008 RESERVED CVE-2019-18007 RESERVED CVE-2019-18006 RESERVED CVE-2019-18005 RESERVED CVE-2019-18004 RESERVED CVE-2019-18003 RESERVED CVE-2019-18002 RESERVED CVE-2019-18001 RESERVED CVE-2019-18000 RESERVED CVE-2019-17999 RESERVED CVE-2019-17998 RESERVED CVE-2019-17997 RESERVED CVE-2019-17996 RESERVED CVE-2019-17995 RESERVED CVE-2019-17994 RESERVED CVE-2019-17993 RESERVED CVE-2019-17992 RESERVED CVE-2019-17991 RESERVED CVE-2019-17990 RESERVED CVE-2019-17989 RESERVED CVE-2019-17988 RESERVED CVE-2019-17987 RESERVED CVE-2019-17986 RESERVED CVE-2019-17985 RESERVED CVE-2019-17984 RESERVED CVE-2019-17983 RESERVED CVE-2019-17982 RESERVED CVE-2019-17981 RESERVED CVE-2019-17980 RESERVED CVE-2019-17979 RESERVED CVE-2019-17978 RESERVED CVE-2019-17977 RESERVED CVE-2019-17976 RESERVED CVE-2019-17975 RESERVED CVE-2019-17974 RESERVED CVE-2019-17973 RESERVED CVE-2019-17972 RESERVED CVE-2019-17971 RESERVED CVE-2019-17970 RESERVED CVE-2019-17969 RESERVED CVE-2019-17968 RESERVED CVE-2019-17967 RESERVED CVE-2019-17966 RESERVED CVE-2019-17965 RESERVED CVE-2019-17964 RESERVED CVE-2019-17963 RESERVED CVE-2019-17962 RESERVED CVE-2019-17961 RESERVED CVE-2019-17960 RESERVED CVE-2019-17959 RESERVED CVE-2019-17958 RESERVED CVE-2019-17957 RESERVED CVE-2019-17956 RESERVED CVE-2019-17955 RESERVED CVE-2019-17954 RESERVED CVE-2019-17953 RESERVED CVE-2019-17952 RESERVED CVE-2019-17951 RESERVED CVE-2019-17950 RESERVED CVE-2019-17949 RESERVED CVE-2019-17948 RESERVED CVE-2019-17947 RESERVED CVE-2019-17946 RESERVED CVE-2019-17945 RESERVED CVE-2019-17944 RESERVED CVE-2019-17943 RESERVED CVE-2019-17942 RESERVED CVE-2019-17941 RESERVED CVE-2019-17940 RESERVED CVE-2019-17939 RESERVED CVE-2019-17938 RESERVED CVE-2019-17937 RESERVED CVE-2019-17936 RESERVED CVE-2019-17935 RESERVED CVE-2019-17934 RESERVED CVE-2019-17933 RESERVED CVE-2019-17932 RESERVED CVE-2019-17931 RESERVED CVE-2019-17930 RESERVED CVE-2019-17929 RESERVED CVE-2019-17928 RESERVED CVE-2019-17927 RESERVED CVE-2019-17926 RESERVED CVE-2019-17925 RESERVED CVE-2019-17924 RESERVED CVE-2019-17923 RESERVED CVE-2019-17922 RESERVED CVE-2019-17921 RESERVED CVE-2019-17920 RESERVED CVE-2019-17919 RESERVED CVE-2019-17918 RESERVED CVE-2019-17917 RESERVED CVE-2019-17916 RESERVED CVE-2019-17915 RESERVED CVE-2019-17914 RESERVED CVE-2019-17913 RESERVED CVE-2019-17912 RESERVED CVE-2019-17911 RESERVED CVE-2019-17910 RESERVED CVE-2019-17909 RESERVED CVE-2019-17908 RESERVED CVE-2019-17907 RESERVED CVE-2019-17906 RESERVED CVE-2019-17905 RESERVED CVE-2019-17904 RESERVED CVE-2019-17903 RESERVED CVE-2019-17902 RESERVED CVE-2019-17901 RESERVED CVE-2019-17900 RESERVED CVE-2019-17899 RESERVED CVE-2019-17898 RESERVED CVE-2019-17897 RESERVED CVE-2019-17896 RESERVED CVE-2019-17895 RESERVED CVE-2019-17894 RESERVED CVE-2019-17893 RESERVED CVE-2019-17892 RESERVED CVE-2019-17891 RESERVED CVE-2019-17890 RESERVED CVE-2019-17889 RESERVED CVE-2019-17888 RESERVED CVE-2019-17887 RESERVED CVE-2019-17886 RESERVED CVE-2019-17885 RESERVED CVE-2019-17884 RESERVED CVE-2019-17883 RESERVED CVE-2019-17882 RESERVED CVE-2019-17881 RESERVED CVE-2019-17880 RESERVED CVE-2019-17879 RESERVED CVE-2019-17878 RESERVED CVE-2019-17877 RESERVED CVE-2019-17876 RESERVED CVE-2019-17875 RESERVED CVE-2019-17874 RESERVED CVE-2019-17873 RESERVED CVE-2019-17872 RESERVED CVE-2019-17871 RESERVED CVE-2019-17870 RESERVED CVE-2019-17869 RESERVED CVE-2019-17868 RESERVED CVE-2019-17867 RESERVED CVE-2019-17866 RESERVED CVE-2019-17865 RESERVED CVE-2019-17864 RESERVED CVE-2019-17863 RESERVED CVE-2019-17862 RESERVED CVE-2019-17861 RESERVED CVE-2019-17860 RESERVED CVE-2019-17859 RESERVED CVE-2019-17858 RESERVED CVE-2019-17857 RESERVED CVE-2019-17856 RESERVED CVE-2019-17855 RESERVED CVE-2019-17854 RESERVED CVE-2019-17853 RESERVED CVE-2019-17852 RESERVED CVE-2019-17851 RESERVED CVE-2019-17850 RESERVED CVE-2019-17849 RESERVED CVE-2019-17848 RESERVED CVE-2019-17847 RESERVED CVE-2019-17846 RESERVED CVE-2019-17845 RESERVED CVE-2019-17844 RESERVED CVE-2019-17843 RESERVED CVE-2019-17842 RESERVED CVE-2019-17841 RESERVED CVE-2019-17840 RESERVED CVE-2019-17839 RESERVED CVE-2019-17838 RESERVED CVE-2019-17837 RESERVED CVE-2019-17836 RESERVED CVE-2019-17835 RESERVED CVE-2019-17834 RESERVED CVE-2019-17833 RESERVED CVE-2019-17832 RESERVED CVE-2019-17831 RESERVED CVE-2019-17830 RESERVED CVE-2019-17829 RESERVED CVE-2019-17828 RESERVED CVE-2019-17827 RESERVED CVE-2019-17826 RESERVED CVE-2019-17825 RESERVED CVE-2019-17824 RESERVED CVE-2019-17823 RESERVED CVE-2019-17822 RESERVED CVE-2019-17821 RESERVED CVE-2019-17820 RESERVED CVE-2019-17819 RESERVED CVE-2019-17818 RESERVED CVE-2019-17817 RESERVED CVE-2019-17816 RESERVED CVE-2019-17815 RESERVED CVE-2019-17814 RESERVED CVE-2019-17813 RESERVED CVE-2019-17812 RESERVED CVE-2019-17811 RESERVED CVE-2019-17810 RESERVED CVE-2019-17809 RESERVED CVE-2019-17808 RESERVED CVE-2019-17807 RESERVED CVE-2019-17806 RESERVED CVE-2019-17805 RESERVED CVE-2019-17804 RESERVED CVE-2019-17803 RESERVED CVE-2019-17802 RESERVED CVE-2019-17801 RESERVED CVE-2019-17800 RESERVED CVE-2019-17799 RESERVED CVE-2019-17798 RESERVED CVE-2019-17797 RESERVED CVE-2019-17796 RESERVED CVE-2019-17795 RESERVED CVE-2019-17794 RESERVED CVE-2019-17793 RESERVED CVE-2019-17792 RESERVED CVE-2019-17791 RESERVED CVE-2019-17790 RESERVED CVE-2019-17789 RESERVED CVE-2019-17788 RESERVED CVE-2019-17787 RESERVED CVE-2019-17786 RESERVED CVE-2019-17785 RESERVED CVE-2019-17784 RESERVED CVE-2019-17783 RESERVED CVE-2019-17782 RESERVED CVE-2019-17781 RESERVED CVE-2019-17780 RESERVED CVE-2019-17779 RESERVED CVE-2019-17778 RESERVED CVE-2019-17777 RESERVED CVE-2019-17776 RESERVED CVE-2019-17775 RESERVED CVE-2019-17774 RESERVED CVE-2019-17773 RESERVED CVE-2019-17772 RESERVED CVE-2019-17771 RESERVED CVE-2019-17770 RESERVED CVE-2019-17769 RESERVED CVE-2019-17768 RESERVED CVE-2019-17767 RESERVED CVE-2019-17766 RESERVED CVE-2019-17765 RESERVED CVE-2019-17764 RESERVED CVE-2019-17763 RESERVED CVE-2019-17762 RESERVED CVE-2019-17761 RESERVED CVE-2019-17760 RESERVED CVE-2019-17759 RESERVED CVE-2019-17758 RESERVED CVE-2019-17757 RESERVED CVE-2019-17756 RESERVED CVE-2019-17755 RESERVED CVE-2019-17754 RESERVED CVE-2019-17753 RESERVED CVE-2019-17752 RESERVED CVE-2019-17751 RESERVED CVE-2019-17750 RESERVED CVE-2019-17749 RESERVED CVE-2019-17748 RESERVED CVE-2019-17747 RESERVED CVE-2019-17746 RESERVED CVE-2019-17745 RESERVED CVE-2019-17744 RESERVED CVE-2019-17743 RESERVED CVE-2019-17742 RESERVED CVE-2019-17741 RESERVED CVE-2019-17740 RESERVED CVE-2019-17739 RESERVED CVE-2019-17738 RESERVED CVE-2019-17737 RESERVED CVE-2019-17736 RESERVED CVE-2019-17735 RESERVED CVE-2019-17734 RESERVED CVE-2019-17733 RESERVED CVE-2019-17732 RESERVED CVE-2019-17731 RESERVED CVE-2019-17730 RESERVED CVE-2019-17729 RESERVED CVE-2019-17728 RESERVED CVE-2019-17727 RESERVED CVE-2019-17726 RESERVED CVE-2019-17725 RESERVED CVE-2019-17724 RESERVED CVE-2019-17723 RESERVED CVE-2019-17722 RESERVED CVE-2019-17721 RESERVED CVE-2019-17720 RESERVED CVE-2019-17719 RESERVED CVE-2019-17718 RESERVED CVE-2019-17717 RESERVED CVE-2019-17716 RESERVED CVE-2019-17715 RESERVED CVE-2019-17714 RESERVED CVE-2019-17713 RESERVED CVE-2019-17712 RESERVED CVE-2019-17711 RESERVED CVE-2019-17710 RESERVED CVE-2019-17709 RESERVED CVE-2019-17708 RESERVED CVE-2019-17707 RESERVED CVE-2019-17706 RESERVED CVE-2019-17705 RESERVED CVE-2019-17704 RESERVED CVE-2019-17703 RESERVED CVE-2019-17702 RESERVED CVE-2019-17701 RESERVED CVE-2019-17700 RESERVED CVE-2019-17699 RESERVED CVE-2019-17698 RESERVED CVE-2019-17697 RESERVED CVE-2019-17696 RESERVED CVE-2019-17695 RESERVED CVE-2019-17694 RESERVED CVE-2019-17693 RESERVED CVE-2019-17692 RESERVED CVE-2019-17691 RESERVED CVE-2019-17690 RESERVED CVE-2019-17689 RESERVED CVE-2019-17688 RESERVED CVE-2019-17687 RESERVED CVE-2019-17686 RESERVED CVE-2019-17685 RESERVED CVE-2019-17684 RESERVED CVE-2019-17683 RESERVED CVE-2019-17682 RESERVED CVE-2019-17681 RESERVED CVE-2019-17680 RESERVED CVE-2019-17679 RESERVED CVE-2019-17678 RESERVED CVE-2019-17677 RESERVED CVE-2019-17676 (app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a C ...) NOT-FOR-US: MetInfo CVE-2019-17668 (Samsung Galaxy S10 and Note10 devices allow unlock operations via unre ...) NOT-FOR-US: Samsung Galaxy S10 and Note10 devices CVE-2019-17667 (Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML inj ...) NOT-FOR-US: Comtech H8 Heights Remote Gateway devices CVE-2019-17666 (rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Lin ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://lkml.org/lkml/2019/10/16/1226 CVE-2019-17665 (NSA Ghidra before 9.0.2 is vulnerable to DLL hijacking because it load ...) - ghidra (bug #923851) CVE-2019-17664 (NSA Ghidra through 9.0.4 uses a potentially untrusted search path. Whe ...) - ghidra (bug #923851) CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in t ...) NOT-FOR-US: D-Link CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a c ...) NOT-FOR-US: ThinVNC CVE-2019-17661 (A CSV injection in the codepress-admin-columns (aka Admin Columns) plu ...) NOT-FOR-US: Wordpress plugin CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in admin/translate/translat ...) - limesurvey (bug #472802) CVE-2019-17659 RESERVED CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiTray co ...) NOT-FOR-US: Fortiguard CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSw ...) NOT-FOR-US: Fortiguard CVE-2019-17656 (A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of For ...) NOT-FOR-US: Fortiguard CVE-2019-17655 (A cleartext storage in a file or on disk (CWE-313) vulnerability in Fo ...) NOT-FOR-US: Fortiguard CVE-2019-17654 (An Insufficient Verification of Data Authenticity vulnerability in For ...) NOT-FOR-US: Fortiguard CVE-2019-17653 (A Cross-Site Request Forgery (CSRF) vulnerability in the user interfac ...) NOT-FOR-US: Fortiguard CVE-2019-17652 (A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 a ...) NOT-FOR-US: Fortiguard FortiClient CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the description a ...) NOT-FOR-US: FortiSIEM CVE-2019-17650 (An Improper Neutralization of Special Elements used in a Command vulne ...) NOT-FOR-US: Fortiguard CVE-2019-17649 RESERVED CVE-2019-17648 RESERVED CVE-2019-17647 (An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, a ...) - centreon-web (bug #913903) CVE-2019-17646 (An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10 ...) - centreon-web (bug #913903) CVE-2019-17645 (An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, a ...) - centreon-web (bug #913903) CVE-2019-17644 (An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, a ...) - centreon-web (bug #913903) CVE-2019-17643 (An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, an ...) - centreon-web (bug #913903) CVE-2019-17642 (An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04 ...) - centreon-web (bug #913903) CVE-2019-17641 RESERVED CVE-2019-17640 (In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone ...) NOT-FOR-US: Eclipse Vert.x CVE-2019-17639 (In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling th ...) NOT-FOR-US: IBM JDK specific issue on on AIX and Linux on the Power platform CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...) - jetty9 9.4.31-1 [buster] - jetty9 (vulnerable code was introduced in 9.4.27) [stretch] - jetty9 (vulnerable code was introduced in 9.4.27) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984 NOTE: https://github.com/eclipse/jetty.project/issues/4936 CVE-2019-17637 (In all versions of Eclipse Web Tools Platform through release 3.18 (20 ...) {DLA-2404-1} - eclipse-wtp 3.18-1 NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571 NOTE: http://git.eclipse.org/c/sourceediting/webtools.sourceediting.git/commit/?id=9644d4217cd6e3be367d654a8320104d88ddfd6b NOTE: Issue fixed along when packaging 3.18 upstream version as in the Debian NOTE: source (re)packaging the DTDParser.java and DTDValidator.java were removed. CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...) NOT-FOR-US: Eclipse Theia CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...) NOT-FOR-US: Eclipse Memory Analyzer CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cros ...) NOT-FOR-US: Eclipse Memory Analyzer CVE-2019-17633 (For Eclipse Che versions 6.16 to 7.3.0, with both authentication and T ...) NOT-FOR-US: Eclipse Che CVE-2019-17632 (In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...) - jetty9 9.4.26-1 [buster] - jetty9 (vulnerable code introduced later) [stretch] - jetty9 (vulnerable code introduced later) - jetty8 [jessie] - jetty8 (vulnerable code introduced later) - jetty [jessie] - jetty (vulnerable code introduced later) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443 NOTE: https://github.com/eclipse/jetty.project/issues/4334 NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/bde86467f4e5df595773ab11ed5e80c615b741f3 (jetty-9.4.21.v20190926) CVE-2019-17631 (From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2019-17630 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...) NOT-FOR-US: CMS Made Simple CVE-2019-17629 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...) NOT-FOR-US: CMS Made Simple CVE-2019-17628 RESERVED CVE-2019-17627 (The Yale Bluetooth Key application for mobile devices allows unauthori ...) NOT-FOR-US: Yale Bluetooth Key application for mobile devices CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of toCol ...) {DSA-4663-1 DLA-2112-1} - python-reportlab 3.5.34-1 (bug #942763) NOTE: https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code NOTE: Minimal patch in https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code#comment-55887892 NOTE: but upstream did make the bugreport private. CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code execution. ...) NOT-FOR-US: Rambox CVE-2019-17624 ("" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in ...) NOTE: Bogus report, will probably get rejected NOTE: https://packetstormsecurity.com/files/154868/X.Org-X-Server-1.20.4-Local-Stack-Overflow.html CVE-2019-17623 RESERVED CVE-2019-17622 RESERVED CVE-2019-17675 (WordPress before 5.2.4 does not properly consider type confusion durin ...) {DSA-4599-1 DLA-1980-1} - wordpress 5.2.4+dfsg1-1 (bug #942459) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html NOTE: https://core.trac.wordpress.org/changeset/46477 NOTE: https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0 NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ CVE-2019-17674 (WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripti ...) {DSA-4599-1} - wordpress 5.2.4+dfsg1-1 (bug #942459) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 [jessie] - wordpress (officially fixed in 4.1.28 but no related fix was identified) NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ NOTE: https://wordpress.org/support/wordpress-version/version-4.1.28/ NOTE: https://github.com/WordPress/WordPress/commit/d1e2b35359df9644f255b7b54a568b56a2c490d7 (4.1.28) CVE-2019-17673 (WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON ...) {DSA-4599-1} - wordpress 5.2.4+dfsg1-1 (bug #942459) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 [jessie] - wordpress (vulnerable code not present) NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html NOTE: https://core.trac.wordpress.org/changeset/46478 NOTE: https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ CVE-2019-17672 (WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject ...) {DSA-4599-1} - wordpress 5.2.4+dfsg1-1 (bug #942459) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 [jessie] - wordpress (officially fixed in 4.1.28 but no related fix was identified) NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ NOTE: https://wordpress.org/support/wordpress-version/version-4.1.28/ NOTE: https://github.com/WordPress/WordPress/commit/d1e2b35359df9644f255b7b54a568b56a2c490d7 (4.1.28) CVE-2019-17671 (In WordPress before 5.2.4, unauthenticated viewing of certain content ...) {DSA-4599-1 DLA-1980-1} - wordpress 5.2.4+dfsg1-1 (bug #942459) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html NOTE: https://core.trac.wordpress.org/changeset/46474 NOTE: https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308 CVE-2019-17670 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...) {DLA-2371-1 DLA-1980-1} - wordpress 5.2.4+dfsg1-1 (bug #942459) [buster] - wordpress (Minor issue) NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html NOTE: https://core.trac.wordpress.org/changeset/46472 NOTE: https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2 NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ CVE-2019-17669 (WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulner ...) {DSA-4599-1 DLA-1980-1} - wordpress 5.2.4+dfsg1-1 (bug #942459) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 NOTE: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html NOTE: https://core.trac.wordpress.org/changeset/46475 NOTE: https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/ CVE-2019-17621 (The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.0 ...) NOT-FOR-US: D-Link CVE-2019-17620 RESERVED CVE-2019-17619 RESERVED CVE-2019-17618 RESERVED CVE-2019-17617 RESERVED CVE-2019-17616 RESERVED CVE-2019-17615 RESERVED CVE-2019-17614 RESERVED CVE-2019-17613 (qibosoft 7 allows remote code execution because do/jf.php makes eval c ...) NOT-FOR-US: qibosoft CVE-2019-17612 (An issue was discovered in 74CMS v5.2.8. There is a SQL Injection gene ...) NOT-FOR-US: 74CMS CVE-2019-17611 (HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter. ...) NOT-FOR-US: HongCMS CVE-2019-17610 (HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter. ...) NOT-FOR-US: HongCMS CVE-2019-17609 (HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter. ...) NOT-FOR-US: HongCMS CVE-2019-17608 (HongCMS 3.0.0 has XSS via the install/index.php dbname parameter. ...) NOT-FOR-US: HongCMS CVE-2019-17607 (HongCMS 3.0.0 has XSS via the install/index.php servername parameter. ...) NOT-FOR-US: HongCMS CVE-2019-17606 (The Post editor functionality in the hexo-admin plugin versions 2.3.0 ...) NOT-FOR-US: hexo-admin Node module CVE-2019-17605 (A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 ...) NOT-FOR-US: eyeCMS CVE-2019-17604 (An Insecure Direct Object Reference (IDOR) vulnerability in eyecomms e ...) NOT-FOR-US: eyeCMS CVE-2019-17603 (Ene.sys in Asus Aura Sync through 1.07.71 does not properly validate i ...) NOT-FOR-US: Asus CVE-2019-17602 (An issue was discovered in Zoho ManageEngine OpManager before 12.4 bui ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2019-17601 (In MiniShare 1.4.1, there is a stack-based buffer overflow via an HTTP ...) NOT-FOR-US: MiniShare CVE-2019-17600 (Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrato ...) NOT-FOR-US: Intelbras IWR 1000N devices CVE-2019-17599 (The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 ...) NOT-FOR-US: quiz-master-next (aka Quiz And Survey Master) plugin for WordPress CVE-2019-17598 (An issue was discovered in Lightbend Play Framework 2.5.x through 2.6. ...) NOT-FOR-US: Lightbend Play Framework CVE-2019-17597 RESERVED CVE-2019-17596 (Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to ...) {DSA-4551-1 DLA-2592-1 DLA-2591-1} - golang-1.13 1.13.3-1 (bug #942628) - golang-1.12 1.12.12-1 (bug #942629) - golang-1.11 - golang-1.8 - golang-1.7 - golang [jessie] - golang (Minor issue) NOTE: https://golang.org/issue/34960 NOTE: https://github.com/golang/go/issues/34962 (1.13 backport) NOTE: https://github.com/golang/go/issues/34961 (1.12 backport) NOTE: https://groups.google.com/forum/#!msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ CVE-2019-17595 (There is a heap-based buffer over-read in the fmt_entry function in ti ...) - ncurses 6.1+20191019-1 (low; bug #942401) [buster] - ncurses 6.1+20181013-2+deb10u2 [stretch] - ncurses (Minor issue) [jessie] - ncurses (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html CVE-2019-17594 (There is a heap-based buffer over-read in the _nc_find_entry function ...) - ncurses 6.1+20191019-1 (low; bug #942401) [buster] - ncurses 6.1+20181013-2+deb10u2 [stretch] - ncurses (Minor issue) [jessie] - ncurses (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html CVE-2019-17593 (JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an adm ...) NOT-FOR-US: JIZHICMS CVE-2019-17592 (The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular ...) NOT-FOR-US: csv-parse Node module CVE-2019-17591 RESERVED CVE-2019-17590 (** DISPUTED ** The csrf_callback function in the CSRF Magic library th ...) NOT-FOR-US: CSRF Magic library CVE-2019-17589 REJECTED CVE-2019-17588 REJECTED CVE-2019-17587 REJECTED CVE-2019-17586 REJECTED CVE-2019-17585 REJECTED CVE-2019-17584 (The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which all ...) NOT-FOR-US: Meinberg SyncBox/PTP/PTPv2 devices CVE-2019-17583 (idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of se ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-17582 (A use-after-free in the _zip_dirent_read function of zip_dirent.c in l ...) - libzip (Vulnerable code introduced later; and never in a released version in Debian) NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0) NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 (rel-1-3-0) NOTE: Same fixing commit as CVE-2017-12858 apparently, but CVE assignment for NOTE: two different use-after-free issues. CVE-2019-17581 (tonyy dormsystem through 1.3 allows DOM XSS. ...) NOT-FOR-US: tonyy dormsystem CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in admin.php. ...) NOT-FOR-US: tonyy dormsystem CVE-2019-17579 (SonarSource SonarQube before 7.8 has XSS in project links on account/p ...) NOT-FOR-US: SonarSource SonarQube CVE-2019-17578 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoi ...) - dolibarr CVE-2019-17577 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoi ...) - dolibarr CVE-2019-17576 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoi ...) - dolibarr CVE-2019-17575 (A file-rename filter bypass exists in admin/media/rename.php in WBCE C ...) NOT-FOR-US: WBCE CMS CVE-2019-17574 (An issue was discovered in the Popup Maker plugin before 1.8.13 for Wo ...) NOT-FOR-US: Popup Maker plugin for WordPress CVE-2019-17573 (By default, Apache CXF creates a /services page containing a listing o ...) NOT-FOR-US: Apache CFX CVE-2019-17572 (In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation i ...) NOT-FOR-US: Apache RocketMQ CVE-2019-17571 (Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ...) {DSA-4686-1 DLA-2065-1} - apache-log4j1.2 1.2.17-9 (bug #947124) NOTE: https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3Cdev.logging.apache.org%3E NOTE: CVE-2019-17571 correspond to CVE-2017-5645 for apache-log4j2. 1.2.x branch NOTE: is end-of-life upstream and does not recieve a fix for this issue. Users NOTE: should upgrade to Log4j 2.x. NOTE: Fixed by https://src.fedoraproject.org/rpms/log4j12/c/d4c817c458d69dcc629a7271999d178b0dcb7c74?branch=master CVE-2019-17570 (An untrusted deserialization was found in the org.apache.xmlrpc.parser ...) {DSA-4619-1 DLA-2078-1} - libxmlrpc3-java (bug #949089) NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/1 NOTE: Proposed patch: https://bugzilla.redhat.com/show_bug.cgi?id=1775193 NOTE: https://github.com/orangecertcc/xmlrpc-common-deserialization CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8 ...) {DSA-4680-1 DSA-4673-1 DLA-2133-1} - tomcat9 9.0.31-1 - tomcat8 [jessie] - tomcat8 (vulnerable code introduced in later version) - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/959f1dfd767bf3cb64776b44f7395d1d8d8f7ab3 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8 (7.0.100) CVE-2019-17568 REJECTED CVE-2019-17567 (Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configu ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.48-2 [buster] - apache2 (Intrusive and risky backport) [stretch] - apache2 (Intrusive and risky backport) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567 NOTE: https://svn.apache.org/r1885605 CVE-2019-17566 (Apache Batik is vulnerable to server-side request forgery, caused by i ...) - batik 1.12-1.1 (bug #964510) [buster] - batik 1.10-2+deb10u1 [stretch] - batik 1.8-4+deb9u2 NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/2 NOTE: patch: http://svn.apache.org/viewvc?view=revision&revision=1871084 NOTE: corresponding bug: https://issues.apache.org/jira/browse/BATIK-1276 CVE-2019-17565 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...) {DSA-4672-1} - trafficserver 8.0.6+ds-1 NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/commit/60e0a8ce23d390b851873e020483d6f75e857158 CVE-2019-17564 (Unsafe deserialization occurs within a Dubbo application which has HTT ...) NOT-FOR-US: Dubbo CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, ...) {DSA-4680-1 DSA-4596-1 DLA-2209-1 DLA-2077-1} - tomcat9 9.0.31-1 - tomcat8 - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652 (9.0.30) NOTE: https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c (8.5.50) NOTE: https://github.com/apache/tomcat/commit/ab72a106fe5d992abddda954e30849d7cf8cc583 (7.0.99) CVE-2019-17562 (A buffer overflow vulnerability has been found in the baremetal compon ...) NOT-FOR-US: Apache CloudStack CVE-2019-17561 (The "Apache NetBeans" autoupdate system does not fully validate code s ...) - netbeans 12.1-1 (unimportant) NOTE: Debian packages updated via apt, starting with 12.1 only some classes are shipped CVE-2019-17560 (The "Apache NetBeans" autoupdate system does not validate SSL certific ...) - netbeans 12.1-1 (unimportant) NOTE: Debian packages updated via apt, starting with 12.1 only some classes are shipped CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...) {DSA-4672-1} - trafficserver 8.0.6+ds-1 NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E CVE-2019-17558 (Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code ...) - lucene-solr (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2019/12/30/1 NOTE: https://issues.apache.org/jira/browse/SOLR-13971 NOTE: https://issues.apache.org/jira/browse/SOLR-14025 CVE-2019-17557 (It was found that the Apache Syncope EndUser UI login page prio to 2.0 ...) NOT-FOR-US: Apache Syncope CVE-2019-17556 (Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService clas ...) NOT-FOR-US: Olingo CVE-2019-17555 (The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to ...) NOT-FOR-US: Olingo CVE-2019-17554 (The XML content type entity deserializer in Apache Olingo versions 4.0 ...) NOT-FOR-US: Olingo CVE-2019-17553 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...) NOT-FOR-US: MetInfo CVE-2019-17552 (An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_ ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-17551 (In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an atta ...) NOT-FOR-US: Apak Wholesale Floorplanning Finance CVE-2019-17550 (The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cros ...) NOT-FOR-US: Blog2Social plugin for WordPress CVE-2019-17549 (ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-servic ...) NOT-FOR-US: ESET Cyber Security CVE-2019-17548 RESERVED CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a ...) - imagemagick (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537 NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecf7c6b288e11e7e7f75387c5e9e93e423b98397 CVE-2019-17546 (tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0. ...) {DSA-4670-1 DSA-4608-1 DLA-2147-1 DLA-2009-1} - gdal (unimportant) - tiff 4.0.10+git190818-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16443 NOTE: https://github.com/OSGeo/gdal/commit/21674033ee246f698887604c7af7ba1962a40ddf NOTE: https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145 NOTE: gdal uses system libtiff libraries since 2.0.1+dfsg-1~exp1 (#684233) CVE-2019-17545 (GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ...) {DLA-1984-1} - gdal 2.4.2+dfsg-2 (low) [buster] - gdal (Minor issue) [stretch] - gdal (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16178 NOTE: https://github.com/OSGeo/gdal/commit/148115fcc40f1651a5d15fa34c9a8c528e7147bb CVE-2019-17544 (libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over- ...) {DSA-4948-1 DLA-2720-1 DLA-1966-1} - aspell 0.60.8-1 (low) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16109 NOTE: https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e CVE-2019-17543 (LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (rela ...) - lz4 1.9.2-1 (low; bug #943680) [buster] - lz4 (Minor issue) [stretch] - lz4 (Minor issue) [jessie] - lz4 (Very hard to exploit, low risk) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941 NOTE: https://github.com/lz4/lz4/pull/756 NOTE: https://github.com/lz4/lz4/pull/760 CVE-2019-17542 (FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk ...) {DSA-4722-1 DLA-2291-1 DLA-2021-1} - ffmpeg 7:4.2.1-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2 CVE-2019-17541 (ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo ...) - imagemagick (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15827 NOTE: https://github.com/ImageMagick/ImageMagick/commit/39f226a9c137f547e12afde972eeba7551124493 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c1a5aa3f4214ad6e4748de84dad44398959014e1 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1641 NOTE: vulnerable code introduced in NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/edb32b1780e23c76b5d6dd735f89959a0b7e3867 CVE-2019-17540 (ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPS ...) - imagemagick (bug #942578; Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15826 NOTE: vulnerable code introduced in NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/bfb5bdd6b41dac60d5171108fc02ecaf8735c4a8 NOTE: no upstream bug report, four commits: NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/668d6a970553a94b0a2e378afda1d37abac94b5c NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9667a9034a5eeedb30dfb18cfd1083ff32fd679b NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/73dd03cfb57f8f8c0a732fa062b9966ec7bf2f91 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/e868e227085463932c5db32e5e0f27e306a0eb95 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/b9261b1bce3dbfeecc445e092d207434b41c0752 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/5a4c9cfb76ee82bda0cd970cc9e58499b09cc137 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/41399a3414069870071e47680b0bbbe0a283db5d NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4ba4dc73b7e38bb66c57d457f17ab4aeb9b6bbdc CVE-2019-17539 (In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NUL ...) {DSA-4722-1 DLA-2537-1} - ffmpeg 7:4.2.1-1 (low) - libav (low) [jessie] - libav (Vulnerable code introduced in v12.x) NOTE: https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c CVE-2019-17538 (Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for fil ...) NOT-FOR-US: Jiangnan Online Judge CVE-2019-17537 (Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for fil ...) NOT-FOR-US: Jiangnan Online Judge CVE-2019-17536 (Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Da ...) NOT-FOR-US: Gila CMS CVE-2019-17535 (Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blo ...) NOT-FOR-US: Gila CMS CVE-2019-17534 (vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips befor ...) - vips (Vulnerable code never in a released version) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796 NOTE: Introduced by: https://github.com/libvips/libvips/commit/https://github.com/libvips/libvips/commit/25e457736173369dcb0f7c09d07af68aedbdc175 NOTE: Fixed by: https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d CVE-2019-17533 (Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' ch ...) {DLA-2267-1} - libmatio 1.5.17-4 (bug #942255) [buster] - libmatio (Minor issue) [stretch] - libmatio (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16856 NOTE: https://github.com/tbeu/matio/commit/651a8e28099edb5fbb9e4e1d4d3238848f446c9a CVE-2019-17532 (An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OW ...) NOT-FOR-US: Belkin CVE-2019-17531 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DLA-2030-1} - jackson-databind 2.10.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2498 NOTE: https://github.com/FasterXML/jackson-databind/commit/b5a304a98590b6bb766134f9261e6566dcbbb6d0 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2019-17530 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) NOT-FOR-US: Bento4 CVE-2019-17529 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) NOT-FOR-US: Bento4 CVE-2019-17528 (An issue was discovered in Bento4 1.5.1.0. There is a SEGV in the func ...) NOT-FOR-US: Bento4 CVE-2019-17527 (dataForDepandantField in models/custormfields.php in the JS JOBS FREE ...) NOT-FOR-US: JS JOBS FREE extension for Joomla! CVE-2019-17526 (** DISPUTED ** An issue was discovered in SageMath Sage Cell Server th ...) NOT-FOR-US: Sage Cell Server (not part of SafeMath as packaged in Debian) CVE-2019-17525 (The login page on D-Link DIR-615 T1 20.10 devices allows remote attack ...) NOT-FOR-US: D-Link CVE-2019-17524 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows r ...) NOT-FOR-US: Technicolor TC7300 STFA.51.20 devices CVE-2019-17523 (An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows r ...) NOT-FOR-US: Technicolor TC7300 STFA.51.20 devices CVE-2019-17522 (A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the ...) NOT-FOR-US: Hotaru CMS CVE-2019-17521 (An issue was discovered in Landing-CMS 0.0.6. There is a CSRF vulnerab ...) NOT-FOR-US: Landing-CMS CVE-2019-17520 (The Bluetooth Low Energy implementation on Texas Instruments SDK throu ...) NOT-FOR-US: Texas Instruments CVE-2019-17519 (The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for K ...) NOT-FOR-US: NXP CVE-2019-17518 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...) NOT-FOR-US: Dialog Semiconductor CVE-2019-17517 (The Bluetooth Low Energy implementation on Dialog Semiconductor SDK th ...) NOT-FOR-US: Dialog Semiconductor CVE-2019-17516 RESERVED CVE-2019-17515 (The CleanTalk cleantalk-spam-protect plugin before 5.127.4 for WordPre ...) NOT-FOR-US: CleanTalk cleantalk-spam-protect plugin for WordPress CVE-2019-17514 (library/glob.html in the Python 2 and 3 documentation before 2016 has ...) NOT-FOR-US: Non-actionable CVE assignment for Python docs CVE-2019-17513 (An issue was discovered in Ratpack before 1.7.5. Due to a misuse of th ...) NOT-FOR-US: Ratpack CVE-2019-17512 (There are some web interfaces without authentication requirements on D ...) NOT-FOR-US: D-Link CVE-2019-17511 (There are some web interfaces without authentication requirements on D ...) NOT-FOR-US: D-Link CVE-2019-17510 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to ...) NOT-FOR-US: D-Link CVE-2019-17509 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to ...) NOT-FOR-US: D-Link CVE-2019-17508 (On D-Link DIR-859 A3-1.06 and DIR-850 A1.13 devices, /etc/services/DEV ...) NOT-FOR-US: D-Link CVE-2019-17507 (An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker ...) NOT-FOR-US: D-Link CVE-2019-17506 (There are some web interfaces without authentication requirements on D ...) NOT-FOR-US: D-Link CVE-2019-17505 (D-Link DAP-1320 A2-V1.21 routers have some web interfaces without auth ...) NOT-FOR-US: D-Link CVE-2019-17504 (An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5. ...) NOT-FOR-US: Kirona Dynamic Resource Scheduling (DRS) CVE-2019-17503 (An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5. ...) NOT-FOR-US: Kirona Dynamic Resource Scheduling (DRS) CVE-2019-17502 (Hydra through 0.1.8 has a NULL pointer dereference and daemon crash wh ...) NOT-FOR-US: Hydra (different from src:hydra) CVE-2019-17501 (Centreon 19.04 allows attackers to execute arbitrary OS commands via t ...) - centreon-web (bug #913903) CVE-2019-17500 RESERVED CVE-2019-17499 (The setter.xml component of the Common Gateway Interface on Compal CH7 ...) NOT-FOR-US: Compal CH7465LG devices CVE-2019-17498 (In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic i ...) {DLA-1991-1} - libssh2 1.9.0-1 (low; bug #943562) [buster] - libssh2 (Minor issue) [stretch] - libssh2 (Minor issue) NOTE: https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c NOTE: https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/ NOTE: Backported SUSE patch for versions <= 1.8.0 (including struct string_buf, NOTE: and the functions _libssh2_check_length(), _libssh2_get_u32() and NOTE: libssh2_get_string(), forming part of the fix): NOTE: https://bugzilla.suse.com/attachment.cgi?id=822416 NOTE: Only exploitable with a malicious server CVE-2019-17497 (Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft ...) NOT-FOR-US: Tracker PDF-XChange Editor CVE-2019-17496 (Craft CMS before 3.3.8 has stored XSS via a name field. This field is ...) NOT-FOR-US: Craft CMS CVE-2019-17495 (A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI b ...) - node-swagger-ui (bug #871461) - swagger-ui (bug #895422) CVE-2019-17494 (laravel-bjyblog 6.1.1 has XSS via a crafted URL. ...) NOT-FOR-US: laravel-bjyblog CVE-2019-17493 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_ ...) NOT-FOR-US: Jiangnan Online Judge CVE-2019-17492 RESERVED CVE-2019-17491 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[descrip ...) NOT-FOR-US: Jiangnan Online Judge CVE-2019-17490 (app\modules\polygon\controllers\ProblemController in Jiangnan Online J ...) NOT-FOR-US: Jiangnan Online Judge CVE-2019-17489 (Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] ...) NOT-FOR-US: Jiangnan Online Judge CVE-2019-17488 (b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent ...) NOT-FOR-US: b3log Symphony CVE-2019-17487 RESERVED CVE-2019-17486 RESERVED CVE-2019-17485 RESERVED CVE-2019-17484 RESERVED CVE-2019-17483 RESERVED CVE-2019-17482 RESERVED CVE-2019-17481 RESERVED CVE-2019-17480 RESERVED CVE-2019-17479 RESERVED CVE-2019-17478 RESERVED CVE-2019-17477 RESERVED CVE-2019-17476 RESERVED CVE-2019-17475 RESERVED CVE-2019-17474 RESERVED CVE-2019-17473 RESERVED CVE-2019-17472 RESERVED CVE-2019-17471 RESERVED CVE-2019-17470 RESERVED CVE-2019-17469 RESERVED CVE-2019-17468 RESERVED CVE-2019-17467 RESERVED CVE-2019-17466 RESERVED CVE-2019-17465 RESERVED CVE-2019-17464 RESERVED CVE-2019-17463 RESERVED CVE-2019-17462 RESERVED CVE-2019-17461 RESERVED CVE-2019-17460 RESERVED CVE-2019-17459 RESERVED CVE-2019-17458 RESERVED CVE-2019-17457 RESERVED CVE-2019-17456 RESERVED CVE-2019-17455 (Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequ ...) {DLA-2831-1 DLA-2207-1} - libntlm 1.6-1 (bug #942145) [buster] - libntlm 1.5-1+deb10u1 NOTE: https://gitlab.com/jas/libntlm/issues/2 NOTE: https://gitlab.com/jas/libntlm/-/commit/b967886873fcf19f816b9c0868465f2d9e5df85e CVE-2019-17454 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_Descriptor::GetTa ...) NOT-FOR-US: Bento4 CVE-2019-17453 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListWri ...) NOT-FOR-US: Bento4 CVE-2019-17452 (Bento4 1.5.1.0 has a NULL pointer dereference in AP4_DescriptorListIns ...) NOT-FOR-US: Bento4 CVE-2019-17451 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...) - binutils 2.34-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25070 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848f4b9558456fdcf283ee8a32d7fd1 NOTE: binutils not covered by security support CVE-2019-17450 (find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) ...) - binutils 2.34-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25078 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79281f33fd33f0964541a73511b9e2b NOTE: binutils not covered by security support CVE-2019-17449 (** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL ...) NOT-FOR-US: Avira Software Updater CVE-2019-17448 RESERVED CVE-2019-17447 RESERVED CVE-2019-17446 (An issue was discovered in Eracent EPA Agent through 10.2.26. The agen ...) NOT-FOR-US: Eracent EPA Agent CVE-2019-17445 (An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Ag ...) NOT-FOR-US: Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent CVE-2019-17444 (Jfrog Artifactory uses default passwords (such as "password") for admi ...) NOT-FOR-US: JFrog Artifactory CVE-2019-17443 RESERVED CVE-2019-17442 RESERVED CVE-2019-17441 RESERVED CVE-2019-17440 (Improper restriction of communications to Log Forwarding Card (LFC) on ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2019-17439 RESERVED CVE-2019-17438 RESERVED CVE-2019-17437 (An improper authentication check in Palo Alto Networks PAN-OS may allo ...) NOT-FOR-US: PAN-OS CVE-2019-17436 (A Local Privilege Escalation vulnerability exists in GlobalProtect Age ...) NOT-FOR-US: GlobalProtect Agent CVE-2019-17435 (A Local Privilege Escalation vulnerability exists in the GlobalProtect ...) NOT-FOR-US: GlobalProtect Agent CVE-2019-17434 (LavaLite through 5.7 has XSS via a crafted account name that is mishan ...) NOT-FOR-US: LavaLite CVE-2019-17433 (z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles s ...) NOT-FOR-US: z-song laravel-admin CVE-2019-17432 (An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a p ...) NOT-FOR-US: fastadmin CVE-2019-17431 (An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a p ...) NOT-FOR-US: fastadmin CVE-2019-17430 (EyouCms through 2019-07-11 has XSS related to the login.php web_record ...) NOT-FOR-US: EyouCms CVE-2019-17429 (Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id ...) NOT-FOR-US: Adhouma CMS CVE-2019-17428 (An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the en ...) NOT-FOR-US: Intesync Solismed CVE-2019-17427 (In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists ...) {DSA-4574-1} - redmine 4.0.4-1 NOTE: Fixed in 3.4.11 and 4.0.4 NOTE: https://github.com/redmine/redmine/commit/899fc2e0cd2bcb4f5f9333b612b160bb9c6e803b CVE-2019-17426 (Automattic Mongoose through 5.7.4 allows attackers to bypass access co ...) NOT-FOR-US: Automattic Mongoose (different from Cesenta Mongoose) CVE-2019-17425 RESERVED CVE-2019-17424 (A stack-based buffer overflow in the processPrivilage() function in IO ...) NOT-FOR-US: nipper-ng CVE-2019-17423 RESERVED CVE-2019-17422 RESERVED CVE-2019-17421 (Incorrect file permissions on the packaged Nipper executable file in Z ...) NOT-FOR-US: Zoho CVE-2019-17420 (In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other prod ...) - libhtp 1:0.5.31-1 [buster] - libhtp (Minor issue) NOTE: https://github.com/OISF/libhtp/pull/213 CVE-2019-17419 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...) NOT-FOR-US: MetInfo CVE-2019-17418 (An issue was discovered in MetInfo 7.0. There is SQL injection via the ...) NOT-FOR-US: MetInfo CVE-2019-17417 (PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p= ...) NOT-FOR-US: PbootCMS CVE-2019-17416 RESERVED CVE-2019-17415 (A Structured Exception Handler (SEH) based buffer overflow in File Sha ...) NOT-FOR-US: File Sharing Wizard CVE-2019-17414 (tinylcy Vino through 2017-12-15 allows remote attackers to cause a den ...) NOT-FOR-US: tinylcy Vino CVE-2019-17413 RESERVED CVE-2019-17412 RESERVED CVE-2019-17411 RESERVED CVE-2019-17410 RESERVED CVE-2019-17409 (Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5. ...) NOT-FOR-US: OpenEMR CVE-2019-17408 (parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows re ...) NOT-FOR-US: ZZZCMS CVE-2019-17407 RESERVED CVE-2019-14842 (Structured reply is a feature of the newstyle NBD protocol allowing th ...) - libnbd 1.0.3-1 (bug #942215) NOTE: https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html NOTE: https://github.com/libguestfs/libnbd/commit/f75f602a6361c0c5f42debfeea6980f698ce7f09 (1.1.4) NOTE: https://github.com/libguestfs/libnbd/commit/2c1987fc23d6d0f537edc6d4701e95a2387f7917 (stable-1.0) CVE-2019-17406 (Nokia IMPACT < 18A has path traversal that may lead to RCE if chain ...) NOT-FOR-US: Nokia CVE-2019-17405 (Nokia IMPACT < 18A: has Reflected self XSS ...) NOT-FOR-US: Nokia CVE-2019-17404 (Nokia IMPACT < 18A: allows full path disclosure ...) NOT-FOR-US: Nokia CVE-2019-17403 (Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was f ...) NOT-FOR-US: Nokia CVE-2019-17402 (Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in ...) {DLA-2019-1} - exiv2 0.27.3-1 (bug #946341) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/1019 NOTE: https://github.com/Exiv2/exiv2/commit/88054239e3c914862d13f6ac89a19a104fa2c076 (master) NOTE: https://github.com/Exiv2/exiv2/commit/50e9dd964a439da357798344ed1dd86edcadf0ec (0.27-branch) NOTE: Follow-up: https://github.com/Exiv2/exiv2/issues/1026 CVE-2019-17401 (** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-rea ...) - liblnk (unimportant) NOTE: https://github.com/libyal/liblnk/issues/40 NOTE: Negligible/questionable security impact CVE-2019-17400 (The unoconv package before 0.9 mishandles untrusted pathnames, leading ...) - unoconv 0.7-2 (low; bug #943561) [buster] - unoconv (Minor issue) [stretch] - unoconv (Minor issue) [jessie] - unoconv (Minor issue) NOTE: https://github.com/unoconv/unoconv/pull/510 CVE-2019-17399 (The Shack Forms Pro extension before 4.0.32 for Joomla! allows path tr ...) NOT-FOR-US: Shack Forms Pro extension for Joomla! CVE-2019-17398 (In the Dark Horse Comics application 1.3.21 for Android, token informa ...) NOT-FOR-US: Dark Horse Comics application CVE-2019-17397 (In the DoorDash application through 11.5.2 for Android, the username a ...) NOT-FOR-US: DoorDash application CVE-2019-17396 (In the PowerSchool Mobile application 1.1.8 for Android, the username ...) NOT-FOR-US: PowerSchool Mobile application CVE-2019-17395 (In the Rapid Gator application 0.7.1 for Android, the username and pas ...) NOT-FOR-US: Rapid Gator application CVE-2019-17394 (In the Seesaw Parent and Family application 6.2.5 for Android, the use ...) NOT-FOR-US: Seesaw Parent and Family application CVE-2019-17393 (The Customer's Tomedo Server in Version 1.7.3 communicates to the Vend ...) NOT-FOR-US: Tomedo Server CVE-2019-17392 (Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a ...) NOT-FOR-US: Progress Sitefinity CVE-2019-17391 (An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-0 ...) NOT-FOR-US: Espressif ESP32 CVE-2019-17390 (An issue was discovered in the Outlook add-in in Pronestor Planner bef ...) NOT-FOR-US: Outlook add-in in Pronestor Planner CVE-2019-17389 (In RIOT 2019.07, the MQTT-SN implementation (asymcute) mishandles erro ...) NOT-FOR-US: RIOT RIOT-OS CVE-2019-17388 (Weak file permissions applied to the Aviatrix VPN Client through 2.2.1 ...) NOT-FOR-US: Aviatrix VPN Client CVE-2019-17387 (An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client ...) NOT-FOR-US: Aviatrix VPN Client CVE-2019-17386 (The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimat ...) NOT-FOR-US: Wordpress plugin CVE-2019-17385 (The animate-it plugin before 2.3.5 for WordPress has XSS. ...) NOT-FOR-US: animate-it plugin for WordPress CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS. ...) NOT-FOR-US: animate-it plugin for WordPress CVE-2019-17383 (The netaddr gem before 2.0.4 for Ruby has misconfigured file permissio ...) - ruby-netaddr (Upstream packaging issue) CVE-2019-17382 (An issue was discovered in zabbix.php?action=dashboard.view&dashbo ...) - zabbix 1:5.0.0+dfsg-1 [buster] - zabbix (Minor issue) [stretch] - zabbix (Minor issue, no patch, guest accounts can be disabled) [jessie] - zabbix (Minor issue, guest accounts can be disabled) NOTE: https://support.zabbix.com/browse/ZBX-16789 NOTE: Disputed by upstream, closed as not a security bug. NOTE: Guest account is disabled by default starting in 4.0.15rc1, 4.4.2rc1 and NOTE: 5.0.0alpha1 (Cf. https://support.zabbix.com/browse/ZBXNEXT-5532) CVE-2019-17381 RESERVED CVE-2019-17380 (cPanel before 82.0.15 allows self XSS in the WHM Update Preferences in ...) NOT-FOR-US: cPanel CVE-2019-17379 (cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Ma ...) NOT-FOR-US: cPanel CVE-2019-17378 (cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface ...) NOT-FOR-US: cPanel CVE-2019-17377 (cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC- ...) NOT-FOR-US: cPanel CVE-2019-17376 (cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload in ...) NOT-FOR-US: cPanel CVE-2019-17375 (cPanel before 82.0.15 allows API token credentials to persist after an ...) NOT-FOR-US: cPanel CVE-2019-17374 RESERVED CVE-2019-17373 (Certain NETGEAR devices allow unauthenticated access to critical .cgi ...) NOT-FOR-US: NETGEAR CVE-2019-17372 (Certain NETGEAR devices allow remote attackers to disable all authenti ...) NOT-FOR-US: NETGEAR CVE-2019-17371 (gif2png 2.5.13 has a memory leak in the writefile function. ...) - gif2png (unimportant) NOTE: https://github.com/glennrp/libpng/issues/307 NOTE: Initially filed for libpng, but the bug is actually in gif2png NOTE: Memory leak in CLI tool, no security impact CVE-2019-17370 (OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheck ...) NOT-FOR-US: OTCMS CVE-2019-17369 (OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, le ...) NOT-FOR-US: OTCMS CVE-2019-17368 (S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from par ...) NOT-FOR-US: S-CMS CVE-2019-17367 (OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/ra ...) NOT-FOR-US: OpenWRT CVE-2019-17366 (Citrix Application Delivery Management (ADM) 12.1 before build 54.13 h ...) NOT-FOR-US: Citrix CVE-2019-17365 (Nix through 2.3 allows local users to gain access to an arbitrary user ...) NOT-FOR-US: Nix CVE-2019-17364 (The processCommandUploadLog() function of libcommon.so in Petwant PF-1 ...) NOT-FOR-US: Petwant CVE-2019-17363 RESERVED CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in ...) {DLA-1951-1} - libtomcrypt 1.18.2-3 [buster] - libtomcrypt (Minor issue) [stretch] - libtomcrypt (Minor issue) NOTE: https://github.com/libtom/libtomcrypt/issues/507 NOTE: https://github.com/libtom/libtomcrypt/pull/508 CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh ...) {DSA-4676-1} - salt 2019.2.3+dfsg1-1 (bug #949222) [jessie] - salt (Vulnerable code added in v2014.7) NOTE: https://github.com/saltstack/salt/commit/bca115f3f00fbde564dd2f12bf036b5d2fd08387 NOTE: Vulnerability introduced in https://github.com/saltstack/salt/commit/3bade9d6258fb8df849b32f68de6343cfdd83720 CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 a ...) NOT-FOR-US: Hitachi CVE-2019-17359 (The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigge ...) - bouncycastle (Vulnerable code introduced n 1.63) NOTE: Introduced only in 1.63, fixed in 1.64. NOTE: https://github.com/bcgit/bc-java/commit/b1bc75254f5fea633a49a751a1a7339056f97856 CVE-2019-17358 (Cacti through 1.2.7 is affected by multiple instances of lib/functions ...) {DSA-4604-1 DLA-2032-1} - cacti 1.2.8+ds1-1 (bug #947375) NOTE: https://github.com/Cacti/cacti/issues/3026 NOTE: https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8 CVE-2019-17357 (Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ...) - cacti 1.2.8+ds1-1 (bug #947374) [buster] - cacti 1.2.2+ds1-2+deb10u2 [stretch] - cacti (Vulnerable code not present) [jessie] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/issues/3025 NOTE: https://github.com/Cacti/cacti/commit/d6dc48503bbcde0717e7a93df7638fd4796200f4 CVE-2019-17356 (The Infinite Design application 3.4.12 for Android sends a username an ...) NOT-FOR-US: Infinite Design application CVE-2019-17355 (In the Orbitz application 19.31.1 for Android, the username and passwo ...) NOT-FOR-US: Orbitz application CVE-2019-17354 (wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C ...) NOT-FOR-US: Zyxel CVE-2019-17353 (An issue discovered on D-Link DIR-615 devices with firmware version 20 ...) NOT-FOR-US: D-Link CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vul ...) NOT-FOR-US: JFinal CVE-2019-17339 (The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabr ...) NOT-FOR-US: TIBCO CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO Patterns - ...) NOT-FOR-US: TIBCO CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2019-17336 (The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfir ...) NOT-FOR-US: TIBCO CVE-2019-17335 (The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfir ...) NOT-FOR-US: TIBCO CVE-2019-17334 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...) NOT-FOR-US: TIBCO CVE-2019-17333 (The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a ...) NOT-FOR-US: TIBCO EBX CVE-2019-17332 (The Digital Asset Manager Web Interface component of TIBCO Software In ...) NOT-FOR-US: TIBCO CVE-2019-17331 (The Data Exchange Web Interface component of TIBCO Software Inc.'s TIB ...) NOT-FOR-US: TIBCO CVE-2019-17330 (The Web server component of TIBCO Software Inc.'s TIBCO EBX contains m ...) NOT-FOR-US: TIBCO CVE-2019-17329 RESERVED CVE-2019-17328 RESERVED CVE-2019-17327 (JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory travers ...) NOT-FOR-US: JEUS CVE-2019-17326 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker ...) NOT-FOR-US: ClipSoft REXPERT CVE-2019-17325 (ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker ...) NOT-FOR-US: ClipSoft REXPERT CVE-2019-17324 (ClipSoft REXPERT 1.0.0.527 and earlier version allows directory traver ...) NOT-FOR-US: ClipSoft REXPERT CVE-2019-17323 (ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file c ...) NOT-FOR-US: ClipSoft REXPERT CVE-2019-17322 (ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file c ...) NOT-FOR-US: ClipSoft REXPERT CVE-2019-17321 (ClipSoft REXPERT 1.0.0.527 and earlier version have an information dis ...) NOT-FOR-US: ClipSoft REXPERT CVE-2019-17320 (NetSarang XFTP Client 6.0149 and earlier version contains a buffer ove ...) NOT-FOR-US: NetSarang XFTP Client CVE-2019-17319 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17318 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17317 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...) NOT-FOR-US: SugarCRM CVE-2019-17316 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...) NOT-FOR-US: SugarCRM CVE-2019-17315 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection ...) NOT-FOR-US: SugarCRM CVE-2019-17314 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...) NOT-FOR-US: SugarCRM CVE-2019-17313 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...) NOT-FOR-US: SugarCRM CVE-2019-17312 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...) NOT-FOR-US: SugarCRM CVE-2019-17311 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal ...) NOT-FOR-US: SugarCRM CVE-2019-17310 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17309 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17308 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17307 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17306 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17305 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17304 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17303 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17302 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17301 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17300 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17299 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection i ...) NOT-FOR-US: SugarCRM CVE-2019-17298 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17297 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17296 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17295 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17294 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17293 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17292 (SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the ...) NOT-FOR-US: SugarCRM CVE-2019-17291 REJECTED CVE-2019-17290 REJECTED CVE-2019-17289 REJECTED CVE-2019-17288 REJECTED CVE-2019-17287 REJECTED CVE-2019-17286 REJECTED CVE-2019-17285 REJECTED CVE-2019-17284 REJECTED CVE-2019-17283 REJECTED CVE-2019-17282 REJECTED CVE-2019-17281 REJECTED CVE-2019-17280 REJECTED CVE-2019-17279 REJECTED CVE-2019-17278 REJECTED CVE-2019-17277 REJECTED CVE-2019-17276 (OnCommand System Manager versions 9.3 prior to 9.3P18 and 9.4 prior to ...) NOT-FOR-US: OnCommand CVE-2019-17275 (OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arb ...) NOT-FOR-US: OnCommand Cloud Manager CVE-2019-17274 (NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC ...) NOT-FOR-US: NetApp CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is suscepti ...) NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...) NOT-FOR-US: ONTAP CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...) NOT-FOR-US: vBulletin CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform direct Opera ...) NOT-FOR-US: Yachtcontrol CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...) NOT-FOR-US: Intellian Remote Access CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGe ...) NOT-FOR-US: omniauth-weibo-oauth2 gem CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DLA-2030-1} - jackson-databind 2.10.0-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2460 NOTE: https://github.com/FasterXML/jackson-databind/commit/191a4cdf87b56d2ddddb77edd895ee756b7f75eb CVE-2019-17266 (libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer ove ...) - libsoup2.4 2.68.2-1 (bug #941912) [buster] - libsoup2.4 (Vulnerable code introduced in 2.65.1) [stretch] - libsoup2.4 (Vulnerable code introduced in 2.65.1) [jessie] - libsoup2.4 (Vulnerable code introduced in 2.65.1) NOTE: https://gitlab.gnome.org/GNOME/libsoup/issues/173 (private) CVE-2019-17265 RESERVED CVE-2019-17264 (** DISPUTED ** In libyal liblnk before 20191006, liblnk_location_infor ...) - liblnk (unimportant) NOTE: https://github.com/libyal/liblnk/issues/38 NOTE: https://github.com/libyal/liblnk/commit/c4d04de2c76f62129677c90a616d049be9c52482 NOTE: Negligible/questionable security impact CVE-2019-17263 (** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_bl ...) - liblnk (unimportant) - libfwsi (unimportant) NOTE: https://github.com/libyal/libfwsi/issues/13 NOTE: https://github.com/libyal/libfwsi/commit/54afa5c71d6c795a555dbcb1e160fea393b98fb3 NOTE: Negligible/questionable security impact CVE-2019-17262 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...) NOT-FOR-US: XnView CVE-2019-17261 (XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0 ...) NOT-FOR-US: XnView CVE-2019-17260 (MPC-HC through 1.7.13 allows a Read Access Violation on a Block Data M ...) NOT-FOR-US: MPC-HC CVE-2019-17259 (KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_ne ...) NOT-FOR-US: KMPlayer (different from src:kmplayer) CVE-2019-17258 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...) NOT-FOR-US: IrfanView CVE-2019-17257 (IrfanView 4.53 allows a Exception Handler Chain to be Corrupted starti ...) NOT-FOR-US: IrfanView CVE-2019-17256 (IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0 ...) NOT-FOR-US: IrfanView CVE-2019-17255 (IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0 ...) NOT-FOR-US: IrfanView CVE-2019-17254 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...) NOT-FOR-US: IrfanView CVE-2019-17253 (IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x00000 ...) NOT-FOR-US: IrfanView CVE-2019-17252 (IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_Ba ...) NOT-FOR-US: IrfanView CVE-2019-17251 (IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlug ...) NOT-FOR-US: IrfanView CVE-2019-17250 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...) NOT-FOR-US: IrfanView CVE-2019-17249 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...) NOT-FOR-US: IrfanView CVE-2019-17248 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...) NOT-FOR-US: IrfanView CVE-2019-17247 (IrfanView 4.53 allows Data from a Faulting Address to control a subseq ...) NOT-FOR-US: IrfanView CVE-2019-17246 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...) NOT-FOR-US: IrfanView CVE-2019-17245 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...) NOT-FOR-US: IrfanView CVE-2019-17244 (IrfanView 4.53 allows Data from a Faulting Address to control Code Flo ...) NOT-FOR-US: IrfanView CVE-2019-17243 (IrfanView 4.53 allows Data from a Faulting Address to control Code Flo ...) NOT-FOR-US: IrfanView CVE-2019-17242 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...) NOT-FOR-US: IrfanView CVE-2019-17241 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0 ...) NOT-FOR-US: IrfanView CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypas ...) NOT-FOR-US: Bludit CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the downl ...) NOT-FOR-US: Wordpress plugin CVE-2019-17238 RESERVED CVE-2019-17237 (includes/class-coming-soon-creator.php in the igniteup plugin through ...) NOT-FOR-US: igniteup plugin for WordPress CVE-2019-17236 (includes/class-coming-soon-creator.php in the igniteup plugin through ...) NOT-FOR-US: igniteup plugin for WordPress CVE-2019-17235 (includes/class-coming-soon-creator.php in the igniteup plugin through ...) NOT-FOR-US: igniteup plugin for WordPress CVE-2019-17234 (includes/class-coming-soon-creator.php in the igniteup plugin through ...) NOT-FOR-US: igniteup plugin for WordPress CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...) NOT-FOR-US: Wordpress plugin CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...) NOT-FOR-US: Wordpress plugin CVE-2019-17231 (includes/theme-functions.php in the OneTone theme through 3.0.6 for Wo ...) NOT-FOR-US: OneTone theme for WordPress CVE-2019-17230 (includes/theme-functions.php in the OneTone theme through 3.0.6 for Wo ...) NOT-FOR-US: OneTone theme for WordPress CVE-2019-17229 (includes/options.php in the motors-car-dealership-classified-listings ...) NOT-FOR-US: motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin for WordPress CVE-2019-17228 (includes/options.php in the motors-car-dealership-classified-listings ...) NOT-FOR-US: motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin for WordPress CVE-2019-17227 RESERVED CVE-2019-17226 (CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Modu ...) NOT-FOR-US: CMS Made Simple CVE-2019-17225 (Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, o ...) NOT-FOR-US: Subrion CMS CVE-2019-17224 (The web interface of the Compal Broadband CH7465LG modem (version CH74 ...) NOT-FOR-US: Compal Broadband CH7465LG modem CVE-2019-17223 (There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 v ...) - dolibarr CVE-2019-17222 (An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is ...) NOT-FOR-US: Intelbras WRN 150 devices CVE-2019-17221 (PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as d ...) - phantomjs (unimportant) NOTE: https://www.darkmatter.ae/blogs/breaching-the-perimeter-phantomjs-arbitrary-file-read/ NOTE: qtwebkit not covered by security support CVE-2019-17220 (Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. ...) NOT-FOR-US: Rocket.Chat CVE-2019-17219 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...) NOT-FOR-US: V-Zug Combi-Steam MSLQ devices CVE-2019-17218 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...) NOT-FOR-US: V-Zug Combi-Steam MSLQ devices CVE-2019-17217 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...) NOT-FOR-US: V-Zug Combi-Steam MSLQ devices CVE-2019-17216 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...) NOT-FOR-US: V-Zug Combi-Steam MSLQ devices CVE-2019-17215 (An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ether ...) NOT-FOR-US: V-Zug Combi-Steam MSLQ devices CVE-2019-17214 (The WebARX plugin 1.3.0 for WordPress allows firewall bypass by append ...) NOT-FOR-US: WebARX plugin for WordPress CVE-2019-17213 (The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS v ...) NOT-FOR-US: WebARX plugin for WordPress CVE-2019-17212 (Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5. ...) NOT-FOR-US: Arm Mbed OS CVE-2019-17211 (An integer overflow was discovered in the CoAP library in Arm Mbed OS ...) NOT-FOR-US: Arm Mbed OS CVE-2019-17210 (A denial-of-service issue was discovered in the MQTT library in Arm Mb ...) NOT-FOR-US: Arm Mbed OS CVE-2019-17209 RESERVED CVE-2019-17208 RESERVED CVE-2019-17207 (A reflected XSS vulnerability was found in includes/admin/table-printe ...) NOT-FOR-US: broken-link-checker (aka Broken Link Checker) plugin for WordPress CVE-2019-17206 (Uncontrolled deserialization of a pickled object in models.py in Frost ...) NOT-FOR-US: Frost Ming rediswrapper CVE-2019-17205 (TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the usern ...) - teampass (bug #730180) CVE-2019-17204 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Ba ...) - teampass (bug #730180) CVE-2019-17203 (TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a c ...) - teampass (bug #730180) CVE-2019-17202 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...) NOT-FOR-US: FastTrack Admin By Request CVE-2019-17201 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...) NOT-FOR-US: FastTrack Admin By Request CVE-2019-17200 RESERVED CVE-2019-17199 (www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory T ...) NOT-FOR-US: WPO WebPageTest CVE-2019-17198 RESERVED CVE-2019-17197 (OpenEMR through 5.0.2 has SQL Injection in the Lifestyle demographic f ...) NOT-FOR-US: OpenEMR CVE-2019-17196 RESERVED CVE-2019-17195 (Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exce ...) NOT-FOR-US: Connect2id Nimbus JOSE+JWT CVE-2019-17194 RESERVED CVE-2019-17193 RESERVED CVE-2019-17192 (** DISPUTED ** The WebRTC component in the Signal Private Messenger ap ...) NOT-FOR-US: Signal CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for Android all ...) NOT-FOR-US: Signal CVE-2019-17190 (A Local Privilege Escalation issue was discovered in Avast Secure Brow ...) NOT-FOR-US: Avast Secure Browser CVE-2019-17189 (totemodata 3.0.0_b936 has XSS via a folder name. ...) NOT-FOR-US: totemodata CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in catalog/pr ...) NOT-FOR-US: Fecshop FecMall CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_ ...) NOT-FOR-US: FiberHome HG2201T devices CVE-2019-17186 (/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201 ...) NOT-FOR-US: FiberHome HG2201T devices CVE-2019-17185 (In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global Op ...) - freeradius 3.0.20+dfsg-1 [buster] - freeradius (Minor issue) [stretch] - freeradius (Minor issue) [jessie] - freeradius (Vulnerable code not present; EAP-pwd module introduced in later version) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/6b522f8780813726799e6b8cf0f1f8e0ce2c8ebf CVE-2019-17184 (Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C ...) NOT-FOR-US: Xerox printers CVE-2019-17183 (Foxit Reader before 9.7 allows an Access Violation and crash if insuff ...) NOT-FOR-US: Foxit Reader CVE-2019-17182 RESERVED CVE-2019-17181 (A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007 ...) NOT-FOR-US: IntraSrv CVE-2019-17180 (Valve Steam Client before 2019-09-12 allows placing or appending parti ...) NOT-FOR-US: Steam on Windows CVE-2019-17179 (4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5 ...) NOT-FOR-US: OpenEMR CVE-2019-17178 (HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-0 ...) - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1 - freerdp [stretch] - freerdp (Minor issue, can be fixed along with next DLA) NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645 NOTE: https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007 NOTE: Multiple source packages embed a copy of lodepng (openscad, tbb, mame, passage, NOTE: quakespasm, simbody, paraview, dart, drumgizmo, doxygen, love, libtcod, f NOTE: cubicsdr, nestopia, refind, zopfli, montage), but don't seem security-relevant CVE-2019-17177 (libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0 ...) - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-2 (low) [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u1 - freerdp (low) [stretch] - freerdp (Minor issue) [jessie] - freerdp (Minor issue; Patching this old version would be very invasive; no upstream patch available) NOTE: https://github.com/FreeRDP/FreeRDP/issues/5645 NOTE: https://github.com/akallabeth/FreeRDP/commit/fc80ab45621bd966f70594c0b7393ec005a94007 CVE-2019-17176 (Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPa ...) NOT-FOR-US: Genesys PureEngage Digital (eServices) CVE-2019-17175 (joyplus-cms 1.6.0 allows manager/admin_pic.php?rootpath= absolute path ...) NOT-FOR-US: joyplus-cms CVE-2019-17174 RESERVED CVE-2019-17173 RESERVED CVE-2019-17172 RESERVED CVE-2019-17171 RESERVED CVE-2019-17170 RESERVED CVE-2019-17169 RESERVED CVE-2019-17168 RESERVED CVE-2019-17167 RESERVED CVE-2019-17166 RESERVED CVE-2019-17165 RESERVED CVE-2019-17164 RESERVED CVE-2019-17163 RESERVED CVE-2019-17162 RESERVED CVE-2019-17161 RESERVED CVE-2019-17160 RESERVED CVE-2019-17159 RESERVED CVE-2019-17158 RESERVED CVE-2019-17157 RESERVED CVE-2019-17156 RESERVED CVE-2019-17155 RESERVED CVE-2019-17154 RESERVED CVE-2019-17153 RESERVED CVE-2019-17152 RESERVED CVE-2019-17151 (This vulnerability allows remote attackers redirect users to an extern ...) NOT-FOR-US: Tencent WeChat CVE-2019-17150 REJECTED CVE-2019-17149 REJECTED CVE-2019-17148 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2019-17147 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2019-17146 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: D-Link CVE-2019-17145 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2019-17144 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2019-17143 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2019-17142 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2019-17141 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2019-17140 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2019-17139 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2019-17138 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2019-17137 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2019-17136 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-17135 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-17134 (Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 ...) - octavia 4.0.0-6 (bug #941897) [buster] - octavia (Minor issue in regular setups, can be fixed via point release) CVE-2019-17132 (vBulletin through 5.5.4 mishandles custom avatars. ...) NOT-FOR-US: vBulletin CVE-2019-17131 (vBulletin before 5.5.4 allows clickjacking. ...) NOT-FOR-US: vBulletin CVE-2019-17130 (vBulletin through 5.5.4 mishandles external URLs within the /core/vb/v ...) NOT-FOR-US: vBulletin CVE-2019-17133 (In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/w ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://marc.info/?l=linux-wireless&m=157018270915487&w=2 CVE-2019-17129 RESERVED CVE-2019-17128 (Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection ...) NOT-FOR-US: Netreo OmniCenter CVE-2019-17127 (A Stored Client Side Template Injection (CSTI) with Angular was discov ...) NOT-FOR-US: SolarWinds Orion Platform CVE-2019-17126 RESERVED CVE-2019-17125 (A Reflected Client Side Template Injection (CSTI) with Angular was dis ...) NOT-FOR-US: SolarWinds Orion Platform CVE-2019-17124 (Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. ...) NOT-FOR-US: Kramer VIAware CVE-2019-17123 (The eGain Web Email API 11+ allows spoofed messages because the fromNa ...) NOT-FOR-US: eGain Web Email API CVE-2019-17122 RESERVED CVE-2019-17121 (REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-si ...) NOT-FOR-US: REDCap CVE-2019-17120 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...) NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17119 (Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterp ...) NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17118 (A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows ...) NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17117 (A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterpri ...) NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17116 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...) NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17115 (Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enter ...) NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17114 (A stored and reflected cross-site scripting (XSS) vulnerability in WiK ...) NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-17113 (In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_Instrument ...) {DSA-4729-1 DLA-2308-1} - libopenmpt 0.4.9-1 NOTE: https://github.com/OpenMPT/openmpt/commit/927688ddab43c2b203569de79407a899e734fabe NOTE: https://source.openmpt.org/browse/openmpt/trunk/OpenMPT/?op=revision&rev=12127&peg=12127 NOTE: Fixed in upstream versions 0.3.19 and 0.4.9. CVE-2019-17112 (An issue was discovered in Zoho ManageEngine DataSecurity Plus before ...) NOT-FOR-US: Zoho CVE-2019-17111 RESERVED CVE-2019-17110 REJECTED CVE-2019-17109 (Koji through 1.18.0 allows remote Directory Traversal, with resultant ...) - koji (bug #942146) NOTE: https://docs.pagure.org/koji/CVE-2019-17109/ NOTE: https://pagure.io/koji/issue/1634 CVE-2019-17108 (Local file inclusion in brokerPerformance.php in Centreon Web before 2 ...) - centreon-web (bug #913903) CVE-2019-17107 (minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated ...) - centreon-web (bug #913903) CVE-2019-17106 (In Centreon Web through 2.8.29, disclosure of external components' pas ...) - centreon-web (bug #913903) CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27 is pred ...) - centreon-web (bug #913903) CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration within the Ap ...) - centreon-web (bug #913903) CVE-2019-17103 (An Incorrect Default Permissions vulnerability in the BDLDaemon compon ...) NOT-FOR-US: Bitdefender AV for Mac CVE-2019-17102 (An exploitable command execution vulnerability exists in the recovery ...) NOT-FOR-US: Bitdefender BOX 2 CVE-2019-17101 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: Netatmo Smart Indoor Camera CVE-2019-17100 (An Untrusted Search Path vulnerability in bdserviceshost.exe as used i ...) NOT-FOR-US: Bitdefender Total Security CVE-2019-17099 (An Untrusted Search Path vulnerability in EPSecurityService.exe as use ...) NOT-FOR-US: Bitdefender Endpoint Security Tools CVE-2019-17098 (Use of hard-coded cryptographic key vulnerability in August Connect Wi ...) NOT-FOR-US: August Connect Wi-Fi Bridge App CVE-2019-17097 RESERVED CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of Bitdefe ...) NOT-FOR-US: Bitdefender BOX 2 CVE-2019-17095 (A command injection vulnerability has been discovered in the bootstrap ...) NOT-FOR-US: Bitdefender BOX 2 CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in libbelkin_api.so compon ...) NOT-FOR-US: Belkin CVE-2019-17093 (An issue was discovered in Avast antivirus before 19.8 and AVG antivir ...) NOT-FOR-US: Avast CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 9.0.4 and 1 ...) NOT-FOR-US: OpenProject CVE-2019-17091 (faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used ...) - mojarra (Vulnerable code not present) CVE-2019-17090 RESERVED CVE-2019-17089 RESERVED CVE-2019-17088 RESERVED CVE-2019-17087 (Unauthorized file download vulnerability in all supported versions of ...) NOT-FOR-US: Micro Focus AcuToWeb CVE-2019-17086 RESERVED CVE-2019-17085 (XXE attack vulnerability on Micro Focus Operations Agent, affected ver ...) NOT-FOR-US: Micro Focus CVE-2019-17084 RESERVED CVE-2019-17083 RESERVED CVE-2019-17082 RESERVED CVE-2019-17081 RESERVED CVE-2019-17080 (mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code ex ...) NOT-FOR-US: Linux Mint CVE-2019-17079 RESERVED CVE-2019-17078 RESERVED CVE-2019-17077 RESERVED CVE-2019-17076 (An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deser ...) NOT-FOR-US: Jamf Pro CVE-2019-17075 (An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cx ...) {DLA-2114-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Not a problem in practice) NOTE: https://lore.kernel.org/lkml/20191001165611.GA3542072@kroah.com CVE-2019-17074 (An issue was discovered in XunRuiCMS 4.3.1. There is a stored XSS in t ...) NOT-FOR-US: XunRuiCMS CVE-2019-17073 (emlog through 6.0.0beta allows remote authenticated users to delete ar ...) NOT-FOR-US: emlog CVE-2019-17072 (The new-contact-form-widget (aka Contact Form Widget - Contact Query, ...) NOT-FOR-US: new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin for WordPress CVE-2019-17071 (The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XS ...) NOT-FOR-US: client-dash (aka Client Dash) plugin for WordPress CVE-2019-17070 (The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1. ...) NOT-FOR-US: liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin for WordPress CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...) - putty 0.73-1 (unimportant) NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=69201ad8936fe0ff1b8723b7a43accb5e9f1c888 NOTE: Negligible security impact CVE-2019-17068 (PuTTY before 0.73 mishandles the "bracketed paste mode" protection mec ...) - putty 0.73-1 [buster] - putty (Vulnerable code introduced later) [stretch] - putty (Vulnerable code introduced later) [jessie] - putty (Vulnerable code introduced later) NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html NOTE: Introduced by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9fccb065a67c283d978b2e3394d6fff69b4f4f30 (0.72) NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=2c279283cc695ade15bafb418a8207ef0edd89cd (0.73) CVE-2019-17067 (PuTTY before 0.73 on Windows improperly opens port-forwarding listenin ...) - putty (Windows-specific) NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html CVE-2019-17066 (In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate right ...) NOT-FOR-US: Ivanti WorkSpace Control CVE-2019-17065 RESERVED CVE-2019-17064 (Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-17063 (In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can ...) NOT-FOR-US: Snowtide PDFxStream CVE-2019-17062 (An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x befor ...) NOT-FOR-US: OXID eShop CVE-2019-17061 (The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 ...) NOT-FOR-US: Cypress CVE-2019-17060 (The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z ( ...) NOT-FOR-US: NXP CVE-2019-17059 (A shell injection vulnerability on the Sophos Cyberoam firewall applia ...) NOT-FOR-US: Sophos CVE-2019-17058 (Footy Tipping Software AFL Web Edition 2019 allows arbitrary file uplo ...) NOT-FOR-US: Footy Tipping Software AFL Web Edition CVE-2019-17057 (Footy Tipping Software AFL Web Edition 2019 allows XSS. ...) NOT-FOR-US: Footy Tipping Software AFL Web Edition CVE-2019-17056 (llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module i ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/3a359798b176183ef09efb7a3dc59abad1cc7104 CVE-2019-17055 (base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80 CVE-2019-17054 (atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/6cc03e8aa36c51f3b26a0d21a3c4ce2809c842ac CVE-2019-17053 (ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 netw ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef CVE-2019-17052 (ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/0614e2b73768b502fc32a75349823356d98aae2c CVE-2019-17051 (Evernote before 7.13 GA on macOS allows code execution because the com ...) NOT-FOR-US: Evernote CVE-2019-17050 (An issue was discovered in the Voyager package through 1.2.7 for Larav ...) NOT-FOR-US: Voyager CVE-2019-17049 (NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in t ...) NOT-FOR-US: NETGEAR CVE-2019-17048 RESERVED CVE-2019-17047 RESERVED CVE-2019-17046 (Ilch 2.1.22 allows remote code execution because php is listed under " ...) NOT-FOR-US: Ilch CMS CVE-2019-17045 (Ilch 2.1.22 allows stored XSS via the title, text, or email id to the ...) NOT-FOR-US: Ilch CMS CVE-2019-17044 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...) NOT-FOR-US: BMC Patrol Agent CVE-2019-17043 (An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution pe ...) NOT-FOR-US: BMC Patrol Agent CVE-2019-17042 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmc ...) {DLA-1952-1} - rsyslog 8.1910.0-1 (bug #942065) [buster] - rsyslog (Minor issue, pmcisconames module not loaded by default) [stretch] - rsyslog (Minor issue, pmcisconames module not loaded by default) NOTE: https://github.com/rsyslog/rsyslog/pull/3883 CVE-2019-17041 (An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfr ...) {DLA-1952-1} - rsyslog 8.1910.0-1 (bug #942067) [buster] - rsyslog (Minor issue, pmaixforwardedfrom module not loaded by default) [stretch] - rsyslog (Minor issue, pmaixforwardedfrom module not loaded by default) NOTE: https://github.com/rsyslog/rsyslog/pull/3884 CVE-2019-17040 (contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bound ...) - rsyslog 8.1910.0-1 (unimportant) [buster] - rsyslog (Vulnerable code introduced later) [stretch] - rsyslog (Vulnerable code introduced later) [jessie] - rsyslog (Vulnerable code introduced later) NOTE: https://github.com/rsyslog/rsyslog/pull/3875 NOTE: pmdb2diag module not complied in Debian. CVE-2019-17039 REJECTED CVE-2019-17038 REJECTED CVE-2019-17037 REJECTED CVE-2019-17036 REJECTED CVE-2019-17035 REJECTED CVE-2019-17034 REJECTED CVE-2019-17033 REJECTED CVE-2019-17032 REJECTED CVE-2019-17031 REJECTED CVE-2019-17030 REJECTED CVE-2019-17029 REJECTED CVE-2019-17028 REJECTED CVE-2019-17027 REJECTED CVE-2019-17026 (Incorrect alias information in IonMonkey JIT compiler for setting arra ...) {DSA-4603-1 DSA-4600-1 DLA-2093-1 DLA-2071-1} - firefox 72.0.1-1 (bug #948452) - firefox-esr 68.4.1esr-1 - thunderbird 1:68.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17026 CVE-2019-17025 (Mozilla developers reported memory safety bugs present in Firefox 71. ...) - firefox 72.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17025 CVE-2019-17024 (Mozilla developers reported memory safety bugs present in Firefox 71 a ...) {DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1} - firefox 72.0-1 - firefox-esr 68.4.0esr-1 - thunderbird 1:68.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17024 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17024 CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may negotiate a lo ...) {DSA-4726-1} - firefox 72.0-1 - nss 2:3.49-1 [stretch] - nss (Vulnerable code was introduced later) [jessie] - nss (Vulnerable code was introduced later) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023 NOTE: https://hg.mozilla.org/projects/nss/rev/d64102b76a437f24d98a20480dcc9f1655143e7c NOTE: https://hg.mozilla.org/projects/nss/rev/8a2bd40e7f89a796cf24a0ff7cfb67c6e69c5c78 CVE-2019-17022 (When pasting a &lt;style&gt; tag from the clipboard into a ric ...) {DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1} - firefox 72.0-1 - firefox-esr 68.4.0esr-1 - thunderbird 1:68.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17022 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17022 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17022 CVE-2019-17021 (During the initialization of a new content process, a race condition o ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17021 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17021 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17021 CVE-2019-17020 (If an XML file is served with a Content Security Policy and the XML fi ...) - firefox 72.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17020 CVE-2019-17019 (When Python was installed on Windows, a python file being served with ...) - firefox (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17019 CVE-2019-17018 (When in Private Browsing Mode on Windows 10, the Windows keyboard may ...) - firefox (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17018 CVE-2019-17017 (Due to a missing case handling object types, a type confusion vulnerab ...) {DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1} - firefox 72.0-1 - firefox-esr 68.4.0esr-1 - thunderbird 1:68.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17017 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17017 CVE-2019-17016 (When pasting a &lt;style&gt; tag from the clipboard into a ric ...) {DSA-4603-1 DSA-4600-1 DLA-2071-1 DLA-2061-1} - firefox 72.0-1 - firefox-esr 68.4.0esr-1 - thunderbird 1:68.4.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17016 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17016 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17016 CVE-2019-17015 (During the initialization of a new content process, a pointer offset c ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17015 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17015 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-04/#CVE-2019-17015 CVE-2019-17014 (If an image had not loaded correctly (such as when it is not actually ...) - firefox 71.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014 CVE-2019-17013 (Mozilla developers reported memory safety bugs present in Firefox 70. ...) - firefox 71.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013 CVE-2019-17012 (Mozilla developers reported memory safety bugs present in Firefox 70 a ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17012 CVE-2019-17011 (Under certain conditions, when retrieving a document from a DocShell i ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17011 CVE-2019-17010 (Under certain conditions, when checking the Resist Fingerprinting pref ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17010 CVE-2019-17009 (When running, the updater service wrote status and log files to an unr ...) - firefox (Updater not used in Debian packages) - firefox-esr (Updater not used in Debian packages) - thunderbird (Updater not used in Debian packages) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17009 CVE-2019-17008 (When using nested workers, a use-after-free could occur during worker ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008 CVE-2019-17007 (In Network Security Services before 3.44, a malformed Netscape Certifi ...) {DSA-4579-1 DLA-2388-1 DLA-2015-1} - nss 2:3.45-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216 NOTE: https://hg.mozilla.org/projects/nss/rev/1473dd7efe2ce4f8722a33ebb03a3425e09887de NOTE: Fixed in 3.44 upstream (and there was an upload of 3.44 to unstable NOTE: but then reverted until the 2:3.45-1 upload). CVE-2019-17006 (In Network Security Services (NSS) before 3.46, several cryptographic ...) {DSA-4726-1 DLA-2388-1 DLA-2058-1} - nss 2:3.47-1 NOTE: Fixed upstream in NSS 3.46. NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 NOTE: https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34 NOTE: https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe CVE-2019-17005 (The plain text serializer used a fixed-size array for the number of &l ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 - thunderbird 1:68.3.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17005 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17005 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17005 CVE-2019-17004 RESERVED CVE-2019-17003 RESERVED CVE-2019-17002 (If upgrade-insecure-requests was specified in the Content Security Pol ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002 CVE-2019-17001 (A Content-Security-Policy that blocks in-line scripts could be bypasse ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17001 CVE-2019-17000 (An object tag with a data URI did not correctly inherit the document's ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17000 CVE-2019-16999 (CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status ...) NOT-FOR-US: CloudBoot CVE-2019-16998 RESERVED CVE-2019-16997 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/lan ...) NOT-FOR-US: Metinfo CVE-2019-16996 (In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/pro ...) NOT-FOR-US: Metinfo CVE-2019-16995 (In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_final ...) - linux 4.19.37-1 [stretch] - linux 4.9.168-1 [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/6caabe7f197d3466d238f70915d65301f1716626 CVE-2019-16994 (In the Linux kernel before 5.0, a memory leak exists in sit_init_net() ...) - linux 4.19.28-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/07f12b26e21ab359261bf75cfcb424fdc7daeb6d CVE-2019-16992 (The Keybase app 2.13.2 for iOS provides potentially insufficient notic ...) NOT-FOR-US: Keybase CVE-2019-16991 (In FusionPBX up to v4.5.7, the file app\edit\filedelete.php uses an un ...) NOT-FOR-US: FusionPBX CVE-2019-16990 (In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.ph ...) NOT-FOR-US: FusionPBX CVE-2019-16989 (In FusionPBX up to v4.5.7, the file app\conferences_active\conference_ ...) NOT-FOR-US: FusionPBX CVE-2019-16988 (In FusionPBX up to v4.5.7, the file app\basic_operator_panel\resources ...) NOT-FOR-US: FusionPBX CVE-2019-16987 (In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php us ...) NOT-FOR-US: FusionPBX CVE-2019-16986 (In FusionPBX up to v4.5.7, the file resources\download.php uses an uns ...) NOT-FOR-US: FusionPBX CVE-2019-16985 (In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php use ...) NOT-FOR-US: FusionPBX CVE-2019-16984 (In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php ...) NOT-FOR-US: FusionPBX CVE-2019-16983 (In FusionPBX up to v4.5.7, the file resources\paging.php has a paging ...) NOT-FOR-US: FusionPBX CVE-2019-16982 (In FusionPBX up to v4.5.7, the file app\access_controls\access_control ...) NOT-FOR-US: FusionPBX CVE-2019-16981 (In FusionPBX up to v4.5.7, the file app\conference_profiles\conference ...) NOT-FOR-US: FusionPBX CVE-2019-16980 (In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_ ...) NOT-FOR-US: FusionPBX CVE-2019-16979 (In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses ...) NOT-FOR-US: FusionPBX CVE-2019-16978 (In FusionPBX up to v4.5.7, the file app\devices\device_settings.php us ...) NOT-FOR-US: FusionPBX CVE-2019-16977 (In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.ph ...) NOT-FOR-US: FusionPBX CVE-2019-16976 (In FusionPBX up to 4.5.7, the file app\destinations\destination_import ...) NOT-FOR-US: FusionPBX CVE-2019-16975 (In FusionPBX up to 4.5.7, the file app\contacts\contact_notes.php uses ...) NOT-FOR-US: FusionPBX CVE-2019-16974 (In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses ...) NOT-FOR-US: FusionPBX CVE-2019-16973 (In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses ...) NOT-FOR-US: FusionPBX CVE-2019-16972 (In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php ...) NOT-FOR-US: FusionPBX CVE-2019-16971 (In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php us ...) NOT-FOR-US: FusionPBX CVE-2019-16970 (In FusionPBX up to 4.5.7, the file app\sip_status\sip_status.php uses ...) NOT-FOR-US: FusionPBX CVE-2019-16969 (In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php ...) NOT-FOR-US: FusionPBX CVE-2019-16968 (An issue was discovered in FusionPBX up to 4.5.7. In the file app\conf ...) NOT-FOR-US: FusionPBX CVE-2019-16967 (An issue was discovered in Manager 13.x before 13.0.2.6 and 15.x befor ...) NOT-FOR-US: FusionPBX CVE-2019-16966 (An issue was discovered in Contactmanager 13.x before 13.0.45.3, 14.x ...) NOT-FOR-US: FusionPBX CVE-2019-16965 (resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command inje ...) NOT-FOR-US: FusionPBX CVE-2019-16964 (app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX ...) NOT-FOR-US: FusionPBX CVE-2019-16963 RESERVED CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2019-16961 (SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. ...) NOT-FOR-US: SolarWinds CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...) NOT-FOR-US: SolarWinds CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Fo ...) NOT-FOR-US: SolarWinds CVE-2019-16958 (Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 1 ...) NOT-FOR-US: SolarWinds Web Help Desk CVE-2019-16957 (SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of ...) NOT-FOR-US: SolarWinds CVE-2019-16956 (SolarWinds Web Help Desk 12.7.0 allows XSS via the Request Type parame ...) NOT-FOR-US: SolarWinds CVE-2019-16955 (SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG documen ...) NOT-FOR-US: SolarWinds CVE-2019-16954 (SolarWinds Web Help Desk 12.7.0 allows HTML injection via a Comment in ...) NOT-FOR-US: SolarWinds CVE-2019-16953 RESERVED CVE-2019-16952 RESERVED CVE-2019-16951 (A remote file include (RFI) issue was discovered in Enghouse Web Chat ...) NOT-FOR-US: Enghouse Web Chat CVE-2019-16950 (An XSS issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.28 ...) NOT-FOR-US: Enghouse Web Chat CVE-2019-16949 (An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34 ...) NOT-FOR-US: Enghouse Web Chat CVE-2019-16948 (An SSRF issue was discovered in Enghouse Web Chat 6.1.300.31. In any P ...) NOT-FOR-US: Enghouse Web Chat CVE-2019-16947 RESERVED CVE-2019-16946 RESERVED CVE-2019-16945 RESERVED CVE-2019-16944 RESERVED CVE-2019-16943 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DSA-4542-1 DLA-1943-1} - jackson-databind 2.10.0-2 (bug #941530) NOTE: https://github.com/FasterXML/jackson-databind/issues/2478 CVE-2019-16942 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DSA-4542-1 DLA-1943-1} - jackson-databind 2.10.0-2 (bug #941530) NOTE: https://github.com/FasterXML/jackson-databind/issues/2478 CVE-2019-16941 (NSA Ghidra through 9.0.4, when experimental mode is enabled, allows ar ...) - ghidra (bug #923851) CVE-2019-16940 RESERVED CVE-2019-16939 RESERVED CVE-2019-16938 RESERVED CVE-2019-16937 RESERVED CVE-2019-16936 RESERVED CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x through ...) {DLA-2628-1 DLA-2280-1} - python3.8 3.8.0~rc1-1 - python3.7 3.7.5~rc1-1 [buster] - python3.7 3.7.3-2+deb10u1 - python3.5 - python3.4 [jessie] - python3.4 (Minor Issue, XSS in an unlikely use-case) - python2.7 2.7.17~rc1-1 [buster] - python2.7 2.7.16-2+deb10u1 [jessie] - python2.7 (Minor Issue, XSS in an unlikely use-case) - jython [bullseye] - jython (Minor Issue) [buster] - jython (Minor Issue) [stretch] - jython (Minor Issue) [jessie] - jython (Minor Issue, XSS in an unlikely use-case) - pypy 7.3.2+dfsg-1 (low) [buster] - pypy (Minor issue) [stretch] - pypy (Minor issue) [jessie] - pypy (Minor Issue, XSS in an unlikely use-case) NOTE: https://bugs.python.org/issue38243 NOTE: https://github.com/python/cpython/pull/16373 NOTE: https://github.com/python/cpython/commit/e8650a4f8c7fb76f570d4ca9c1fbe44e91c8dfaa (master) NOTE: https://github.com/python/cpython/commit/6447b9f9bd27e1f6b04cef674dd3a7ab27bf4f28 (3.8 branch) NOTE: https://github.com/python/cpython/commit/39a0c7555530e31c6941a78da19b6a5b61170687 (3.7 branch) NOTE: https://github.com/python/cpython/commit/1698cacfb924d1df452e78d11a4bf81ae7777389 (3.6 branch) NOTE: https://github.com/python/cpython/commit/8eb64155ff26823542ccf0225b3d57b6ae36ea89 (2.7 branch) CVE-2019-16934 RESERVED CVE-2019-16933 RESERVED CVE-2019-16932 (A blind SSRF vulnerability exists in the Visualizer plugin before 3.3. ...) NOT-FOR-US: Visualizer plugin for WordPress CVE-2019-16931 (A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPres ...) NOT-FOR-US: Visualizer plugin for WordPress CVE-2019-16930 (Zcashd in Zcash before 2.0.7-3 allows discovery of the IP address of a ...) NOT-FOR-US: Zcash CVE-2019-16929 (Auth0 auth0.net before 6.5.4 has Incorrect Access Control because Iden ...) NOT-FOR-US: Auth0 auth0.net CVE-2019-16927 (Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-16926 (** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name. NOTE: T ...) NOT-FOR-US: Flower CVE-2019-16925 (** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in an @app. ...) NOT-FOR-US: Flower CVE-2019-16924 (The Nulock application 1.5.0 for mobile devices sends a cleartext pass ...) NOT-FOR-US: Nulock CVE-2019-16923 (kkcms 1.3 has jx.php?url= XSS. ...) NOT-FOR-US: kkcms CVE-2019-16922 (SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows uninten ...) NOT-FOR-US: SuiteCRM CVE-2019-16921 (In the Linux kernel before 4.17, hns_roce_alloc_ucontext in drivers/in ...) - linux (Did not affect any released kernel) CVE-2019-16920 (Unauthenticated remote code execution occurs in D-Link products such a ...) NOT-FOR-US: D-Link CVE-2019-16928 (Exim 4.92 through 4.92.2 allows remote code execution, a different vul ...) {DSA-4536-1} - exim4 4.92.2-3 [stretch] - exim4 (Vulnerable code introduced later) [jessie] - exim4 (Vulnerable code introduced later) NOTE: https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html NOTE: https://bugs.exim.org/show_bug.cgi?id=2449 NOTE: https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f CVE-2019-16919 (Harbor API has a Broken Access Control vulnerability. The vulnerabilit ...) NOT-FOR-US: Harbor CVE-2019-16918 RESERVED CVE-2019-16917 (WiKID Enterprise 2FA (two factor authentication) Enterprise Server thr ...) NOT-FOR-US: WiKID 2FA Enterprise Server CVE-2019-16916 REJECTED CVE-2019-16915 (An issue was discovered in pfSense through 2.4.4-p3. widgets/widgets/p ...) NOT-FOR-US: pfSense CVE-2019-16914 (An XSS issue was discovered in pfSense through 2.4.4-p3. In services_c ...) NOT-FOR-US: pfSense CVE-2019-16913 (PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86 ...) NOT-FOR-US: PC Protect Antivirus CVE-2019-16912 RESERVED CVE-2019-16911 RESERVED CVE-2019-16910 (Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when dete ...) - mbedtls 2.16.3-1 (bug #941265) [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) - polarssl [jessie] - polarssl (Minor issue, backport intrusive because of API changes) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10 NOTE: https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd (2.7.12) NOTE: https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b (2.16.3) CVE-2019-16909 (An issue was discovered in the Infosysta "In-App & Desktop Notific ...) NOT-FOR-US: Infosysta CVE-2019-16908 (An issue was discovered in the Infosysta "In-App & Desktop Notific ...) NOT-FOR-US: Infosysta CVE-2019-16907 (An issue was discovered in the Infosysta "In-App & Desktop Notific ...) NOT-FOR-US: Infosysta CVE-2019-16906 (An issue was discovered in the Infosysta "In-App & Desktop Notific ...) NOT-FOR-US: Infosysta CVE-2019-16905 (OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an expe ...) - openssh 1:8.1p1-1 (unimportant) [stretch] - openssh (Vulnerable code introduced later) [jessie] - openssh (Vulnerable code introduced later) NOTE: Issue in experimental (and not enabled) XMSS implementation; futhermore there NOTE: is not supported way to enable it when building openssh. CVE-2019-16904 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for ...) - teampass (bug #730180) CVE-2019-16903 (Platinum UPnP SDK 1.2.0 allows Directory Traversal in Core/PltHttpServ ...) NOT-FOR-US: Platinum UPnP SDK CVE-2019-16902 (In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformco ...) NOT-FOR-US: ARforms plugin for WordPress CVE-2019-16901 (Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain ...) NOT-FOR-US: Advantech CVE-2019-16900 (Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV sta ...) NOT-FOR-US: Advantech CVE-2019-16899 (In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Add ...) NOT-FOR-US: Advantech CVE-2019-16898 REJECTED CVE-2019-16897 (In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security ...) NOT-FOR-US: K7 CVE-2019-16896 (In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the ba ...) NOT-FOR-US: K7 Ultimate Security CVE-2019-16895 REJECTED CVE-2019-16894 (download.php in inoERP 4.15 allows SQL injection through insecure dese ...) NOT-FOR-US: inoERP CVE-2019-16893 (The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 device ...) NOT-FOR-US: TP-Link CVE-2019-16892 (In Rubyzip before 1.3.0, a crafted ZIP file can bypass application che ...) - ruby-zip 2.0.0-1 (low; bug #941222) [buster] - ruby-zip (Minor issue) [stretch] - ruby-zip (Minor issue) [jessie] - ruby-zip (Minor issue, zip bomb non-default mitigation) NOTE: https://github.com/rubyzip/rubyzip/pull/403 NOTE: https://github.com/rubyzip/rubyzip/commit/4167f0ce67e42b082605bca75c7bdfd01eb23804 NOTE: https://github.com/rubyzip/rubyzip/commit/7849f7362ab0cd23d5730ef8b6f2c39252da2285 NOTE: https://github.com/rubyzip/rubyzip/commit/97cb6aefe6d12bd2429d7a2e119ccb26f259d71d CVE-2019-16891 (Liferay Portal CE 6.2.5 allows remote command execution because of des ...) NOT-FOR-US: Liferay Portal CVE-2019-16890 (Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content ...) NOT-FOR-US: Halo CVE-2019-16889 (Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause ...) NOT-FOR-US: Ubiquiti EdgeMAX CVE-2019-16888 RESERVED CVE-2019-16887 (In IrfanView 4.53, Data from a Faulting Address controls a subsequent ...) NOT-FOR-US: IrfanView CVE-2019-16886 RESERVED CVE-2019-16885 (In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remo ...) NOT-FOR-US: OkayCMS CVE-2019-16884 (runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other ...) - runc 1.0.0~rc9+dfsg1-1 (bug #942026) [buster] - runc (Minor issue) [stretch] - runc (Minor issue) - golang-github-opencontainers-selinux 1.3.0-2 (bug #942027) [buster] - golang-github-opencontainers-selinux (Minor issue) NOTE: https://github.com/opencontainers/runc/issues/2128 CVE-2019-16883 RESERVED CVE-2019-16882 (An issue was discovered in the string-interner crate before 0.7.1 for ...) NOT-FOR-US: Rust string-interner crate CVE-2019-16881 (An issue was discovered in the portaudio-rs crate through 0.3.1 for Ru ...) NOT-FOR-US: Rustportaudio-rs crate CVE-2019-16880 (An issue was discovered in the linea crate through 0.9.4 for Rust. The ...) NOT-FOR-US: Rust linea crate CVE-2019-16879 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2019-16878 (Portainer before 1.22.1 has XSS (issue 2 of 2). ...) NOT-FOR-US: Portainer CVE-2019-16877 (Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). ...) NOT-FOR-US: Portainer CVE-2019-16876 (Portainer before 1.22.1 allows Directory Traversal. ...) NOT-FOR-US: Portainer CVE-2019-16875 RESERVED CVE-2019-16874 (Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). ...) NOT-FOR-US: Portainer CVE-2019-16873 (Portainer before 1.22.1 has XSS (issue 1 of 2). ...) NOT-FOR-US: Portainer CVE-2019-16872 (Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). ...) NOT-FOR-US: Portainer CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twinca ...) NOT-FOR-US: Beckhoff CVE-2019-16870 RESERVED CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...) {DSA-4597-1 DLA-2365-1 DLA-2110-1 DLA-1941-1} - netty 1:4.1.33-2 (bug #941266) - netty-3.9 NOTE: https://github.com/netty/netty/issues/9571 NOTE: https://github.com/netty/netty/commit/39cafcb05c99f2aa9fce7e6597664c9ed6a63a95 CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary file deletion vulnerability v ...) NOT-FOR-US: emlog CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file par ...) NOT-FOR-US: HongCMS CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which allows remot ...) {DSA-4544-1} - unbound 1.9.4-1 (bug #941692) [stretch] - unbound (Vulnerable code introduced in 1.7.1) [jessie] - unbound (Vulnerable code introduced in 1.7.1) NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff NOTE: https://github.com/NLnetLabs/unbound/commit/b60c4a472c856f0a98120b7259e991b3a6507eb5 NOTE: https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading specially ...) - pillow 6.2.0-1 (low) [buster] - pillow 5.4.1-2+deb10u1 [stretch] - pillow (Minor issue, too intrusive to backport) [jessie] - pillow (Risk of regressions is too high) - python-imaging NOTE: https://github.com/python-pillow/Pillow/commit/b36c1bc943d554ba223086c7efb502d080f73905 NOTE: https://github.com/python-pillow/Pillow/commit/f228d0ccbf6bf9392d7fcd51356ef2cfda80c75a NOTE: https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5 NOTE: https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc CVE-2019-16864 RESERVED CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...) NOT-FOR-US: STMicroelectronics CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...) NOT-FOR-US: OpenEMR CVE-2019-16861 (Code42 server through 7.0.2 for Windows has an Untrusted Search Path. ...) NOT-FOR-US: Code42 CVE-2019-16860 (Code42 app through version 7.0.2 for Windows has an Untrusted Search P ...) NOT-FOR-US: Code42 CVE-2019-16859 RESERVED CVE-2019-16858 RESERVED CVE-2019-16857 RESERVED CVE-2019-16856 RESERVED CVE-2019-16855 RESERVED CVE-2019-16854 RESERVED CVE-2019-16853 RESERVED CVE-2019-16852 RESERVED CVE-2019-16851 RESERVED CVE-2019-16850 RESERVED CVE-2019-16849 RESERVED CVE-2019-16848 RESERVED CVE-2019-16847 RESERVED CVE-2019-16846 RESERVED CVE-2019-16845 RESERVED CVE-2019-16844 RESERVED CVE-2019-16843 RESERVED CVE-2019-16842 RESERVED CVE-2019-16841 RESERVED CVE-2019-16840 RESERVED CVE-2019-16839 RESERVED CVE-2019-16838 RESERVED CVE-2019-16837 RESERVED CVE-2019-16836 RESERVED CVE-2019-16835 RESERVED CVE-2019-16834 RESERVED CVE-2019-16833 RESERVED CVE-2019-16832 RESERVED CVE-2019-16831 RESERVED CVE-2019-16830 RESERVED CVE-2019-16829 RESERVED CVE-2019-16828 RESERVED CVE-2019-16827 RESERVED CVE-2019-16826 RESERVED CVE-2019-16825 RESERVED CVE-2019-16824 RESERVED CVE-2019-16823 RESERVED CVE-2019-16822 RESERVED CVE-2019-16821 RESERVED CVE-2019-16820 RESERVED CVE-2019-16819 RESERVED CVE-2019-16818 RESERVED CVE-2019-16817 RESERVED CVE-2019-16816 RESERVED CVE-2019-16815 RESERVED CVE-2019-16814 RESERVED CVE-2019-16813 RESERVED CVE-2019-16812 RESERVED CVE-2019-16811 RESERVED CVE-2019-16810 RESERVED CVE-2019-16809 RESERVED CVE-2019-16808 RESERVED CVE-2019-16807 RESERVED CVE-2019-16806 RESERVED CVE-2019-16805 RESERVED CVE-2019-16804 RESERVED CVE-2019-16803 RESERVED CVE-2019-16802 RESERVED CVE-2019-16801 RESERVED CVE-2019-16800 RESERVED CVE-2019-16799 RESERVED CVE-2019-16798 RESERVED CVE-2019-16797 RESERVED CVE-2019-16796 RESERVED CVE-2019-16795 RESERVED CVE-2019-16794 RESERVED CVE-2019-16793 RESERVED CVE-2019-16792 (Waitress through version 1.3.1 allows request smuggling by sending the ...) - waitress 1.4.1-1 [buster] - waitress (Minor issue) [stretch] - waitress (Minor issue) [jessie] - waitress (Minor issue) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6 NOTE: https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65 CVE-2019-16791 (In postfix-mta-sts-resolver before 0.5.1, All users can receive incorr ...) - postfix-mta-sts-resolver (Fixed before initial upload) NOTE: https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6 CVE-2019-16790 (In Tiny File Manager before 2.3.9, there is a remote code execution vi ...) NOT-FOR-US: Tiny File Manager CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in front ...) {DLA-2056-1} - waitress 1.4.1-1 (bug #947433) [buster] - waitress (Minor issue) [stretch] - waitress (Minor issue) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 NOTE: https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017 CVE-2019-16788 REJECTED CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...) - waitress 1.4.1-1 (bug #947306) [buster] - waitress (Minor issue) [stretch] - waitress (Minor issue) [jessie] - waitress (Minor issue) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p NOTE: https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3 CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 ...) - waitress 1.4.1-1 (bug #947306) [buster] - waitress (Minor issue) [stretch] - waitress (Minor issue) [jessie] - waitress (Minor issue) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p NOTE: https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba CVE-2019-16784 (In PyInstaller before version 3.6, only on Windows, a local privilege ...) NOT-FOR-US: PyInstaller on Windows CVE-2019-16783 RESERVED CVE-2019-16782 (There's a possible information leak / session hijack vulnerability in ...) - ruby-rack 2.1.1-2 (bug #946983) [buster] - ruby-rack (Minor issue) [stretch] - ruby-rack (Minor issue) [jessie] - ruby-rack (Minor issue) NOTE: https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38 NOTE: https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3 CVE-2019-16779 (In RubyGem excon before 0.71.0, there was a race condition around pers ...) {DLA-2070-1} - ruby-excon 0.60.0-2 (bug #946904) [buster] - ruby-excon (Minor issue) [stretch] - ruby-excon (Minor issue) NOTE: https://github.com/excon/excon/security/advisories/GHSA-q58g-455p-8vw9 NOTE: https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29 CVE-2019-16778 (In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSu ...) - tensorflow (bug #804612) CVE-2019-16777 (Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary ...) [experimental] - npm 6.13.4+ds-1 - npm 6.13.4+ds-2 (bug #947127) [buster] - npm 5.8.0+ds6-4+deb10u1 [jessie] - npm (Nodejs in jessie not covered by security support) NOTE: https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr NOTE: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli CVE-2019-16776 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...) [experimental] - npm 6.13.4+ds-1 - npm 6.13.4+ds-2 (bug #947127) [buster] - npm 5.8.0+ds6-4+deb10u1 [jessie] - npm (Nodejs in jessie not covered by security support) NOTE: https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46 NOTE: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli CVE-2019-16775 (Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary ...) [experimental] - npm 6.13.4+ds-1 - npm 6.13.4+ds-2 (bug #947127) [buster] - npm 5.8.0+ds6-4+deb10u1 [jessie] - npm (Nodejs in jessie not covered by security support) NOTE: https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx NOTE: https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object injection vul ...) - kopano-webapp-plugin-files 2.1.5+dfsg1-2 (unimportant) NOTE: https://github.com/PHPSocialNetwork/phpfastcache/security/advisories/GHSA-484f-743f-6jx2 NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4 (5.0.13) NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/82a84adff6e8fc9b564c616d0fdc9238ae2e86c3 (4.3.18) NOTE: Affected phpfastcache code is not used in kopano-webapp-plugin-files. CVE-2019-16773 REJECTED CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerable to ...) NOT-FOR-US: serialize-to-js Node package CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...) NOT-FOR-US: Armeria CVE-2019-16770 (In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client coul ...) - puma 3.12.0-4 (bug #946312) [buster] - puma 3.12.0-2+deb10u1 [stretch] - puma (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994 NOTE: https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e NOTE: This is an incomplete fix. When fixing this issue make sure to also apply NOTE: the fix for CVE-2021-29509 to not open that CVE. CVE-2019-16769 (The serialize-javascript npm package before version 2.1.1 is vulnerabl ...) NOT-FOR-US: serialize-javascript Node package CVE-2019-16768 (In affected versions of Sylius, exception messages from internal excep ...) NOT-FOR-US: Sylius CVE-2019-16767 (The admin sys mode is now conditional and dedicated for the special ca ...) NOT-FOR-US: ezmaster CVE-2019-16766 (When using wagtail-2fa before 1.3.0, if someone gains access to someon ...) NOT-FOR-US: wagtail-2fa CVE-2019-16765 (If an attacker can get a user to open a specially prepared directory t ...) NOT-FOR-US: Vscode CVE-2019-16764 (The use of `String.to_atom/1` in PowAssent is susceptible to denial of ...) NOT-FOR-US: PowAssent CVE-2019-16763 (In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data ...) NOT-FOR-US: Pannellum CVE-2019-16762 (A specially crafted Bitcoin script can cause a discrepancy between the ...) NOT-FOR-US: SLP CVE-2019-16761 (A specially crafted Bitcoin script can cause a discrepancy between the ...) NOT-FOR-US: SLP CVE-2019-16760 (Cargo prior to Rust 1.26.0 may download the wrong dependency if your p ...) - cargo 0.27.0-1 NOTE: https://rustsec.org/advisories/CVE-2019-16760.html CVE-2019-16759 (vBulletin 5.x through 5.5.4 allows remote command execution via the wi ...) NOT-FOR-US: vBulletin CVE-2019-16758 (In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a ...) NOT-FOR-US: Lexmark CVE-2019-16757 RESERVED CVE-2019-16756 RESERVED CVE-2019-16755 (BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both ...) NOT-FOR-US: BMC MyIT Digital Workplace DWP CVE-2019-16754 (RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implem ...) NOT-FOR-US: RIOT RIOT-OS CVE-2019-16753 (An issue was discovered in Decentralized Anonymous Payment System (DAP ...) NOT-FOR-US: Decentralized Anonymous Payment System (DAPS) CVE-2019-16752 (An issue was discovered in Decentralized Anonymous Payment System (DAP ...) NOT-FOR-US: Decentralized Anonymous Payment System (DAPS) CVE-2019-16751 (An issue was discovered in Devise Token Auth through 1.1.2. The omniau ...) NOT-FOR-US: Devise Token Auth CVE-2019-16750 RESERVED CVE-2019-16749 RESERVED CVE-2019-16748 (In wolfSSL through 4.1.0, there is a missing sanity check of memory ac ...) - wolfssl 4.2.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/issues/2459 CVE-2019-16747 (In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an inval ...) - matrixssl NOTE: https://github.com/matrixssl/matrixssl/issues/33 CVE-2019-16745 (eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. ...) NOT-FOR-US: eBrigade CVE-2019-16744 (eBrigade before 5.0 has evenements.php cid SQL Injection. ...) NOT-FOR-US: eBrigade CVE-2019-16743 (eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. ...) NOT-FOR-US: eBrigade CVE-2019-16742 RESERVED CVE-2019-16741 RESERVED CVE-2019-16740 RESERVED CVE-2019-16739 RESERVED CVE-2019-16738 (In MediaWiki through 1.33.0, Special:Redirect allows information discl ...) {DSA-4545-1} - mediawiki 1:1.31.4-1 NOTE: https://phabricator.wikimedia.org/T230402 CVE-2019-16737 (The processCommandSetMac() function of libcommon.so in Petwant PF-103 ...) NOT-FOR-US: Petwant PF-103 and Petalk AI CVE-2019-16736 (A stack-based buffer overflow in processCommandUploadSnapshot in libco ...) NOT-FOR-US: Petwant PF-103 and Petalk AI CVE-2019-16735 (A stack-based buffer overflow in processCommandUploadLog in libcommon. ...) NOT-FOR-US: Petwant PF-103 and Petalk AI CVE-2019-16734 (Use of default credentials for the TELNET server in Petwant PF-103 fir ...) NOT-FOR-US: Petwant PF-103 and Petalk AI CVE-2019-16733 (processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22 ...) NOT-FOR-US: Petwant PF-103 and Petalk AI CVE-2019-16732 (Unencrypted HTTP communications for firmware upgrades in Petalk AI and ...) NOT-FOR-US: Petwant PF-103 and Petalk AI CVE-2019-16731 (The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Peta ...) NOT-FOR-US: Petwant PF-103 and Petalk AI CVE-2019-16730 (processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.2 ...) NOT-FOR-US: Petwant PF-103 and Petalk AI CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (m ...) {DLA-2419-1} - dompurify.js NOTE: https://research.securitum.com/dompurify-bypass-using-mxss/ CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux kernel ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://marc.info/?l=linux-wireless&m=156901391225058&w=2 CVE-2019-16727 RESERVED CVE-2019-16726 RESERVED CVE-2019-16725 (In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks ...) NOT-FOR-US: Joomla! CVE-2019-16724 (File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary ...) NOT-FOR-US: File Sharing Wizard CVE-2019-16723 (In Cacti through 1.2.6, authenticated users may bypass authorization c ...) - cacti 1.2.7+ds1-1 (bug #941036) [buster] - cacti 1.2.2+ds1-2+deb10u2 [stretch] - cacti (vulnerability introduced later) [jessie] - cacti (vulnerability introduced later) NOTE: vulnerability introduced in NOTE: https://github.com/Cacti/cacti/commit/cf73ae1a9f65b5a27d7f9d10c8e14835c3a76326 NOTE: see Debian bug report for more information NOTE: https://github.com/Cacti/cacti/issues/2964 NOTE: https://github.com/Cacti/cacti/commit/7a6a17252a1cbda180b61fff244cb3ce797d5264 NOTE: https://github.com/Cacti/cacti/commit/c7cf4a26e4848872b48094e67f8d0a01dd7613d2 NOTE: after further discussion, upstream issued a new fix which reverts previous commits NOTE: https://github.com/Cacti/cacti/commit/cfb0733597af97abc92270de4f47cbfa32f9ce8b NOTE: which turned out to be insufficient to fix the issue, follow up patches: NOTE: https://github.com/Cacti/cacti/commit/9a1d2ec46d2dde23826c134ca70a0cd3bef43ee7 NOTE: https://github.com/Cacti/cacti/commit/d5f98679a06aa96adfe04f60908f9108cfc9f7f7 NOTE: https://github.com/Cacti/cacti/commit/4cecb19f6be8b84fa1c7b6450b66176007cb53df NOTE: The original issue mentions only a bypass via graph_json.php but there are NOTE: additional permission checks missed while checking the issue fixed with the NOTE: upstream commits. CVE-2019-16722 (ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against ...) NOT-FOR-US: ZZZCMS CVE-2019-16721 (NoneCMS v1.3 has CSRF in public/index.php/admin/admin/dele.html, as de ...) NOT-FOR-US: NoneCMS CVE-2019-16720 (ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins ...) NOT-FOR-US: ZZZCMS CVE-2019-16719 (WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with r ...) NOT-FOR-US: WTCMS CVE-2019-16718 (In radare2 before 3.9.0, a command injection vulnerability exists in b ...) - radare2 (Incomplete fixes for CVE-2019-14745 not applied) CVE-2019-16717 (OX App Suite through 7.10.2 has XSS. ...) NOT-FOR-US: Open-Xchange App Suite CVE-2019-16716 (OX App Suite through 7.10.2 has Incorrect Access Control. ...) NOT-FOR-US: Open-Xchange App Suite CVE-2019-16715 RESERVED CVE-2019-16713 (ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrate ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1558 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/6954a3f7f1bf1dad417260c5965f2c30a64fa25e CVE-2019-16712 (ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in code ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1557 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/451d0e4aadb17f16d15006aed379b71714d04a5d CVE-2019-16711 (ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in code ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1542 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/448f301a781405a45717bb53578475de06df973a CVE-2019-16710 (ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrate ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1528 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/80deac0626d2d69e1da836d7d893db1e022b10fc CVE-2019-16709 (ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrate ...) - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) - graphicsmagick 1.4+really1.3.33+hg16117-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/13801f5d0bd7a6fdb119682d34946636afdb2629 CVE-2019-16708 (ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1531 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/13801f5d0bd7a6fdb119682d34946636afdb2629 CVE-2019-16707 (Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommon ...) - hunspell 1.7.0-3 (unimportant; bug #941185) NOTE: Negligible security impact NOTE: https://github.com/butterflyhack/hunspell-crash NOTE: https://github.com/hunspell/hunspell/issues/624 CVE-2019-16706 (kkcms v1.3 has a CSRF vulnerablity that can add an user account via ad ...) NOT-FOR-US: kkcms CVE-2019-16729 (pam-python before 1.0.7-1 has an issue in regard to the default enviro ...) {DSA-4555-1 DLA-2000-1} - pam-python 1.0.7-1 (bug #942514) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1150510#c1 NOTE: https://sourceforge.net/p/pam-python/code/ci/0247ab687b4347cc52859ca461fb0126dd7e2ebe/ CVE-2019-16714 (In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv. ...) - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7d0a06586b2686ba80c4a2da5f91cb10ffbea736 CVE-2019-16705 (Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in th ...) - ming NOTE: https://github.com/libming/libming/issues/178 CVE-2019-16704 (admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS. ...) NOT-FOR-US: PHPMyWind CVE-2019-16703 (admin/infolist_add.php in PHPMyWind 5.6 has stored XSS. ...) NOT-FOR-US: PHPMyWind CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary c ...) NOT-FOR-US: Integard Pro CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...) NOT-FOR-US: pfSense CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension through 3.0.2 ...) NOT-FOR-US: TYPO3 extension CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5 ...) NOT-FOR-US: TYPO3 extension CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 ha ...) NOT-FOR-US: TYPO3 extension CVE-2019-16697 RESERVED CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...) NOT-FOR-US: phpIPAM CVE-2019-16695 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...) NOT-FOR-US: phpIPAM CVE-2019-16694 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit- ...) NOT-FOR-US: phpIPAM CVE-2019-16693 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order ...) NOT-FOR-US: phpIPAM CVE-2019-16692 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filte ...) NOT-FOR-US: phpIPAM CVE-2019-16691 REJECTED CVE-2019-16690 RESERVED CVE-2019-16689 RESERVED CVE-2019-16688 (Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_te ...) - dolibarr CVE-2019-16687 (Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section ...) - dolibarr CVE-2019-16686 (Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A us ...) - dolibarr CVE-2019-16685 (Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Descripti ...) - dolibarr CVE-2019-16684 (An issue was discovered in the image-manager in Xoops 2.5.10. When any ...) NOT-FOR-US: Xoops CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. When the ...) NOT-FOR-US: Xoops CVE-2019-16682 (The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 ...) NOT-FOR-US: TYPO3 extension CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...) NOT-FOR-US: Traveloka CVE-2019-16680 (An issue was discovered in GNOME file-roller before 3.29.91. It allows ...) {DSA-4537-1 DLA-1938-1} - file-roller 3.30.0-1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794337 NOTE: https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2 CVE-2019-16679 (Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, lea ...) NOT-FOR-US: Gila CMS CVE-2019-16678 (admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant deni ...) NOT-FOR-US: YzmCMS CVE-2019-16677 (An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=membe ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-16676 (Plataformatec Simple Form has Incorrect Access Control in file_method? ...) - ruby-simple-form NOTE: http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/ NOTE: https://github.com/plataformatec/simple_form/commit/8c91bd76a5052ddf3e3ab9fd8333f9aa7b2e2dd6 NOTE: https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx CVE-2019-16675 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...) NOT-FOR-US: PHOENIX CONTACT PC Worx CVE-2019-16674 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...) NOT-FOR-US: Weidmueller IE-SW-VL05M CVE-2019-16673 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...) NOT-FOR-US: Weidmueller IE-SW-VL05M CVE-2019-16672 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...) NOT-FOR-US: Weidmueller IE-SW-VL05M CVE-2019-16671 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...) NOT-FOR-US: Weidmueller IE-SW-VL05M CVE-2019-16670 (An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 1610241 ...) NOT-FOR-US: Weidmueller IE-SW-VL05M CVE-2019-16669 (The Reset Password feature in Pagekit 1.0.17 gives a different respons ...) NOT-FOR-US: Pagekit CMS CVE-2019-16668 RESERVED CVE-2019-16667 (diag_command.php in pfSense 2.4.4-p3 allows CSRF via the txtCommand or ...) NOT-FOR-US: pfSense CVE-2019-16666 RESERVED CVE-2019-16665 (An issue was discovered in ThinkSAAS 2.91. There is XSS via the conten ...) NOT-FOR-US: ThinkSAAS CVE-2019-16664 (An issue was discovered in ThinkSAAS 2.91. There is XSS via the index. ...) NOT-FOR-US: ThinkSAAS CVE-2019-16663 (An issue was discovered in rConfig 3.9.2. An attacker can directly exe ...) NOT-FOR-US: rConfig CVE-2019-16662 (An issue was discovered in rConfig 3.9.2. An attacker can directly exe ...) NOT-FOR-US: rConfig CVE-2019-16661 (Ogma CMS 0.5 has XSS via creation of a new blog. ...) NOT-FOR-US: Ogma CMS CVE-2019-16660 (joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CS ...) NOT-FOR-US: joyplus-cms CVE-2019-16659 (TuziCMS 2.0.6 has index.php/manage/link/do_add CSRF. ...) NOT-FOR-US: TuziCMS CVE-2019-16658 (TuziCMS 2.0.6 has index.php/manage/notice/do_add CSRF. ...) NOT-FOR-US: TuziCMS CVE-2019-16657 (TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrate ...) NOT-FOR-US: TuziCMS CVE-2019-16656 (joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP cod ...) NOT-FOR-US: joyplus-cms CVE-2019-16655 (joyplus-cms 1.6.0 allows reinstallation if the install/ URI remains av ...) NOT-FOR-US: joyplus-cms CVE-2019-16654 RESERVED CVE-2019-16653 (An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2. ...) NOT-FOR-US: Genius Bytes Genius Server (Genius CDDS) CVE-2019-16652 (The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 al ...) NOT-FOR-US: Genius Bytes Genius Server (Genius CDDS) CVE-2019-16651 (An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG ...) NOT-FOR-US: Virgin Media Super Hub CVE-2019-16650 (On Supermicro X10 and X11 products, a client's access privileges may b ...) NOT-FOR-US: Supermicro CVE-2019-16649 (On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination ...) NOT-FOR-US: Supermicro CVE-2019-16648 RESERVED CVE-2019-16647 (Unquoted Search Path in Maxthon 5.1.0 to 5.2.7 Browser for Windows. ...) NOT-FOR-US: Maxthon CVE-2019-16646 RESERVED CVE-2019-16645 (An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (suc ...) NOT-FOR-US: Embedthis GoAhead CVE-2019-16644 (App\Home\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has S ...) NOT-FOR-US: TuziCMS CVE-2019-16643 (An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerab ...) NOT-FOR-US: ZrLog CVE-2019-16642 (App\Mobile\Controller\ZhuantiController.class.php in TuziCMS 2.0.6 has ...) NOT-FOR-US: TuziCMS CVE-2019-16641 RESERVED CVE-2019-16640 RESERVED CVE-2019-16639 RESERVED CVE-2019-16638 RESERVED CVE-2019-16637 RESERVED CVE-2019-16636 RESERVED CVE-2019-16635 RESERVED CVE-2019-16634 RESERVED CVE-2019-16633 RESERVED CVE-2019-16632 RESERVED CVE-2019-16631 RESERVED CVE-2019-16630 RESERVED CVE-2019-16629 RESERVED CVE-2019-16628 RESERVED CVE-2019-16627 RESERVED CVE-2019-16626 RESERVED CVE-2019-16625 RESERVED CVE-2019-16624 RESERVED CVE-2019-16623 RESERVED CVE-2019-16622 RESERVED CVE-2019-16621 RESERVED CVE-2019-16620 RESERVED CVE-2019-16619 RESERVED CVE-2019-16618 RESERVED CVE-2019-16617 RESERVED CVE-2019-16616 RESERVED CVE-2019-16615 RESERVED CVE-2019-16614 RESERVED CVE-2019-16613 RESERVED CVE-2019-16612 RESERVED CVE-2019-16611 RESERVED CVE-2019-16610 RESERVED CVE-2019-16609 RESERVED CVE-2019-16608 RESERVED CVE-2019-16607 RESERVED CVE-2019-16606 RESERVED CVE-2019-16605 RESERVED CVE-2019-16604 RESERVED CVE-2019-16603 RESERVED CVE-2019-16602 RESERVED CVE-2019-16601 RESERVED CVE-2019-16600 RESERVED CVE-2019-16599 RESERVED CVE-2019-16598 RESERVED CVE-2019-16597 RESERVED CVE-2019-16596 RESERVED CVE-2019-16595 RESERVED CVE-2019-16594 RESERVED CVE-2019-16593 RESERVED CVE-2019-16592 RESERVED CVE-2019-16591 RESERVED CVE-2019-16590 RESERVED CVE-2019-16589 RESERVED CVE-2019-16588 RESERVED CVE-2019-16587 RESERVED CVE-2019-16586 RESERVED CVE-2019-16585 RESERVED CVE-2019-16584 RESERVED CVE-2019-16583 RESERVED CVE-2019-16582 RESERVED CVE-2019-16581 RESERVED CVE-2019-16580 RESERVED CVE-2019-16579 RESERVED CVE-2019-16578 RESERVED CVE-2019-16577 RESERVED CVE-2019-16576 (A missing permission check in Jenkins Alauda Kubernetes Suport Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-16575 (A cross-site request forgery vulnerability in Jenkins Alauda Kubernete ...) NOT-FOR-US: Jenkins plugin CVE-2019-16574 (A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2. ...) NOT-FOR-US: Jenkins plugin CVE-2019-16573 (A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pi ...) NOT-FOR-US: Jenkins plugin CVE-2019-16572 (Jenkins Weibo Plugin 1.0.1 and earlier stores credentials unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2019-16571 (A missing permission check in Jenkins RapidDeploy Plugin 4.1 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2019-16570 (A cross-site request forgery vulnerability in Jenkins RapidDeploy Plug ...) NOT-FOR-US: Jenkins plugin CVE-2019-16569 (A cross-site request forgery vulnerability in Jenkins Mantis Plugin 0. ...) NOT-FOR-US: Jenkins plugin CVE-2019-16568 (Jenkins SCTMExecutor Plugin 2.2 and earlier transmits previously confi ...) NOT-FOR-US: Jenkins plugin CVE-2019-16567 (A missing permission check in Jenkins Team Concert Plugin 1.3.0 and ea ...) NOT-FOR-US: Jenkins plugin CVE-2019-16566 (A missing permission check in Jenkins Team Concert Plugin 1.3.0 and ea ...) NOT-FOR-US: Jenkins plugin CVE-2019-16565 (A cross-site request forgery vulnerability in Jenkins Team Concert Plu ...) NOT-FOR-US: Jenkins plugin CVE-2019-16564 (Jenkins Pipeline Aggregator View Plugin 1.8 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2019-16563 (Jenkins Mission Control Plugin 0.9.16 and earlier does not escape job ...) NOT-FOR-US: Jenkins plugin CVE-2019-16562 (Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the des ...) NOT-FOR-US: Jenkins plugin CVE-2019-16561 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with ...) NOT-FOR-US: Jenkins plugin CVE-2019-16560 (A cross-site request forgery vulnerability in Jenkins WebSphere Deploy ...) NOT-FOR-US: Jenkins plugin CVE-2019-16559 (A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 ...) NOT-FOR-US: Jenkins plugin CVE-2019-16558 (Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certi ...) NOT-FOR-US: Jenkins plugin CVE-2019-16557 (Jenkins Redgate SQL Change Automation Plugin 2.0.3 and earlier stores ...) NOT-FOR-US: Jenkins plugin CVE-2019-16556 (Jenkins Rundeck Plugin 3.6.5 and earlier stores credentials unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2019-16555 (A user-supplied regular expression in Jenkins Build Failure Analyzer P ...) NOT-FOR-US: Jenkins Build Failure Analyzer Plugin CVE-2019-16554 (A missing permission check in Jenkins Build Failure Analyzer Plugin 1. ...) NOT-FOR-US: Jenkins plugin CVE-2019-16553 (A cross-site request forgery vulnerability in Jenkins Build Failure An ...) NOT-FOR-US: Jenkins plugin CVE-2019-16552 (A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and ...) NOT-FOR-US: Jenkins plugin CVE-2019-16551 (A cross-site request forgery vulnerability in Jenkins Gerrit Trigger P ...) NOT-FOR-US: Jenkins plugin CVE-2019-16550 (A cross-site request forgery vulnerability in a connection test form m ...) NOT-FOR-US: Jenkins plugin CVE-2019-16549 (Jenkins Maven Release Plugin 0.16.1 and earlier does not configure the ...) NOT-FOR-US: Jenkins plugin CVE-2019-16548 (A cross-site request forgery vulnerability in Jenkins Google Compute E ...) NOT-FOR-US: Jenkins plugin CVE-2019-16547 (Missing permission checks in various API endpoints in Jenkins Google C ...) NOT-FOR-US: Jenkins plugin CVE-2019-16546 (Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify ...) NOT-FOR-US: Jenkins plugin CVE-2019-16545 (Jenkins QMetry for JIRA - Test Management Plugin transmits credentials ...) NOT-FOR-US: Jenkins plugin CVE-2019-16544 (Jenkins QMetry for JIRA - Test Management Plugin 1.12 and earlier stor ...) NOT-FOR-US: Jenkins plugin CVE-2019-16543 (Jenkins Spira Importer Plugin 3.2.2 and earlier stores credentials une ...) NOT-FOR-US: Jenkins plugin CVE-2019-16542 (Jenkins Anchore Container Image Scanner Plugin 1.0.19 and earlier stor ...) NOT-FOR-US: Jenkins plugin CVE-2019-16541 (Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (f ...) NOT-FOR-US: Jenkins plugin CVE-2019-16540 (A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and ...) NOT-FOR-US: Jenkins plugin CVE-2019-16539 (A missing permission check in Jenkins Support Core Plugin 2.63 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2019-16538 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.67 ...) NOT-FOR-US: Jenkins plugin CVE-2019-16537 RESERVED CVE-2019-16536 RESERVED CVE-2019-16535 (In all versions of ClickHouse before 19.14, an OOB read, OOB write and ...) NOT-FOR-US: ClickHouse CVE-2019-16534 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a c ...) NOT-FOR-US: DrayTek Vigor2925 devices CVE-2019-16533 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access C ...) NOT-FOR-US: DrayTek Vigor2925 devices CVE-2019-16532 (An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A m ...) NOT-FOR-US: YzmCMS CVE-2019-16531 (LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by chan ...) NOT-FOR-US: LayerBB CVE-2019-16530 (Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3. ...) NOT-FOR-US: Sonatype CVE-2019-16529 (An issue was discovered in the CheckUser extension through 1.35.0 for ...) NOT-FOR-US: CheckUser extension for MediawWiki CVE-2019-16528 (An issue was discovered in the AbuseFilter extension for MediaWiki. in ...) NOT-FOR-US: AbuseFilter extension for MediawWiki CVE-2019-16527 RESERVED CVE-2019-16526 RESERVED CVE-2019-16525 (An XSS issue was discovered in the checklist plugin before 1.1.9 for W ...) NOT-FOR-US: checklist plugin for WordPress CVE-2019-16524 (The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBo ...) NOT-FOR-US: Wordpress plugin CVE-2019-16523 (The events-manager plugin through 5.9.5 for WordPress (aka Events Mana ...) NOT-FOR-US: Wordpress plugin CVE-2019-16522 (The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie La ...) NOT-FOR-US: Wordpress plugin CVE-2019-16521 (The broken-link-checker plugin through 1.11.8 for WordPress (aka Broke ...) NOT-FOR-US: Wordpress plugin CVE-2019-16520 (The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in ...) NOT-FOR-US: Wordpress plugin CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to exe ...) NOT-FOR-US: ESET Cyber Security CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the Vandy Va ...) NOT-FOR-US: Swell Kit Mod devices CVE-2019-16517 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) NOT-FOR-US: ConnectWise Control CVE-2019-16516 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) NOT-FOR-US: ConnectWise Control CVE-2019-16515 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) NOT-FOR-US: ConnectWise Control CVE-2019-16514 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) NOT-FOR-US: ConnectWise Control CVE-2019-16513 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) NOT-FOR-US: ConnectWise Control CVE-2019-16512 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) NOT-FOR-US: ConnectWise Control CVE-2019-16511 (An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. ...) NOT-FOR-US: FireGiant CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady ...) NOT-FOR-US: libIEC61850 CVE-2019-16509 RESERVED CVE-2019-16508 (The Imagination Technologies driver for Chrome OS before R74-11895.B, ...) NOT-FOR-US: Imagination Technologies driver for Chrome OS CVE-2019-16507 RESERVED CVE-2019-16506 RESERVED CVE-2019-16505 RESERVED CVE-2019-16504 RESERVED CVE-2019-16503 RESERVED CVE-2019-16502 RESERVED CVE-2019-16501 RESERVED CVE-2019-16500 RESERVED CVE-2019-16499 RESERVED CVE-2019-16498 RESERVED CVE-2019-16497 RESERVED CVE-2019-16496 RESERVED CVE-2019-16495 RESERVED CVE-2019-16494 RESERVED CVE-2019-16493 RESERVED CVE-2019-16492 RESERVED CVE-2019-16491 RESERVED CVE-2019-16490 RESERVED CVE-2019-16489 RESERVED CVE-2019-16488 RESERVED CVE-2019-16487 RESERVED CVE-2019-16486 RESERVED CVE-2019-16485 RESERVED CVE-2019-16484 RESERVED CVE-2019-16483 RESERVED CVE-2019-16482 RESERVED CVE-2019-16481 RESERVED CVE-2019-16480 RESERVED CVE-2019-16479 RESERVED CVE-2019-16478 RESERVED CVE-2019-16477 RESERVED CVE-2019-16476 RESERVED CVE-2019-16475 RESERVED CVE-2019-16474 RESERVED CVE-2019-16473 RESERVED CVE-2019-16472 RESERVED CVE-2019-16471 RESERVED CVE-2019-16470 RESERVED CVE-2019-16469 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...) NOT-FOR-US: Adobe Experience Manager CVE-2019-16468 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...) NOT-FOR-US: Adobe Experience Manager CVE-2019-16467 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...) NOT-FOR-US: Adobe Experience Manager CVE-2019-16466 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...) NOT-FOR-US: Adobe Experience Manager CVE-2019-16465 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16464 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16463 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16462 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16461 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16460 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16459 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16458 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16457 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16456 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16455 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16454 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16453 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16452 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16451 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16450 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16449 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16448 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16447 RESERVED CVE-2019-16446 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16445 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16444 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16443 RESERVED CVE-2019-16442 RESERVED CVE-2019-16441 RESERVED CVE-2019-16440 RESERVED CVE-2019-16439 RESERVED CVE-2019-16438 RESERVED CVE-2019-16437 RESERVED CVE-2019-16436 RESERVED CVE-2019-16435 RESERVED CVE-2019-16434 RESERVED CVE-2019-16433 RESERVED CVE-2019-16432 RESERVED CVE-2019-16431 RESERVED CVE-2019-16430 RESERVED CVE-2019-16429 RESERVED CVE-2019-16428 RESERVED CVE-2019-16427 RESERVED CVE-2019-16426 RESERVED CVE-2019-16425 RESERVED CVE-2019-16424 RESERVED CVE-2019-16423 RESERVED CVE-2019-16422 RESERVED CVE-2019-16421 RESERVED CVE-2019-16420 RESERVED CVE-2019-16419 RESERVED CVE-2019-16418 RESERVED CVE-2019-16417 (HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense rep ...) NOT-FOR-US: HRworks FLOW CVE-2019-16416 (HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. ...) NOT-FOR-US: HRworks CVE-2019-16415 RESERVED CVE-2019-16414 (A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malici ...) NOT-FOR-US: GFI Kerio Control CVE-2019-16413 (An issue was discovered in the Linux kernel before 5.0.4. The 9p files ...) - linux 4.19.37-1 [stretch] - linux 4.9.168-1 [jessie] - linux 3.16.70-1 NOTE: https://git.kernel.org/linus/5e3cc1ee1405a7eb3487ed24f786dec01b4cbe1f CVE-2019-16412 (In goform/setSysTools on Tenda N301 wireless routers, attackers can tr ...) NOT-FOR-US: Tenda CVE-2019-16411 (An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 pa ...) - suricata 1:4.1.5-1 (low) [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Minor issue) NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/ CVE-2019-16410 (An issue was discovered in Suricata 4.1.4. By sending multiple fragmen ...) - suricata 1:4.1.5-1 (low) [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Minor issue) NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/ CVE-2019-16409 (In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpu ...) NOT-FOR-US: SilverStripe CVE-2019-16408 RESERVED CVE-2019-16407 (JetBrains ReSharper installers for versions before 2019.2 had a DLL Hi ...) NOT-FOR-US: JetBrains ReSharper installer CVE-2019-16406 (Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware v ...) - centreon-web (bug #913903) CVE-2019-16405 (Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19. ...) - centreon-web (bug #913903) CVE-2019-16404 (Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php ...) NOT-FOR-US: OpenEMR CVE-2019-16403 (In Webkul Bagisto before 0.1.5, the functionalities for customers to c ...) NOT-FOR-US: Webkul Bagisto CVE-2019-16402 RESERVED CVE-2019-16401 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...) NOT-FOR-US: Samsung CVE-2019-16400 (Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G9 ...) NOT-FOR-US: Samsung CVE-2019-16399 (Western Digital WD My Book World through II 1.02.12 suffers from Broke ...) NOT-FOR-US: Western Digital CVE-2019-16398 (On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution ca ...) NOT-FOR-US: Keeper CVE-2019-16397 RESERVED CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() f ...) - gnucobol 4.0~early~20200606-1 (low; bug #940950) [buster] - gnucobol (Minor issue) - open-cobol [stretch] - open-cobol (Minor issue) [jessie] - open-cobol (Minor issue) NOTE: https://sourceforge.net/p/gnucobol/bugs/587/ NOTE: Fixed by: https://sourceforge.net/p/open-cobol/code/3347/ CVE-2019-16395 (GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() functi ...) - gnucobol 4.0~early~20200606-1 (low; bug #940949) [buster] - gnucobol (Minor issue) - open-cobol [stretch] - open-cobol (Minor issue) [jessie] - open-cobol (Minor issue) NOTE: https://sourceforge.net/p/gnucobol/bugs/586/ NOTE: Fixed by: https://sourceforge.net/p/open-cobol/code/3346/ CVE-2019-16390 RESERVED CVE-2019-16389 RESERVED CVE-2019-16388 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to Information disclo ...) NOT-FOR-US: PEGA Platform CVE-2019-16387 (** DISPUTED ** PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso ...) NOT-FOR-US: PEGA Platform CVE-2019-16386 (** DISPUTED ** PEGA Platform 7.x and 8.x is vulnerable to Information ...) NOT-FOR-US: PEGA Platform CVE-2019-16385 (Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting vi ...) NOT-FOR-US: Cybele Thinfinity VirtualUI CVE-2019-16384 (Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that ca ...) NOT-FOR-US: Cybele Thinfinity VirtualUI CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2019-16382 (An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is ...) NOT-FOR-US: Ivanti Workspace Control CVE-2019-16381 RESERVED CVE-2019-16380 RESERVED CVE-2019-16379 RESERVED CVE-2019-16377 (The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Co ...) NOT-FOR-US: makandra consul gem CVE-2019-16376 RESERVED CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) - otrs2 6.0.23-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (Minor issue) NOTE: https://community.otrs.com/security-advisory-2019-13-security-update-for-otrs-framework/ NOTE: https://github.com/OTRS/otrs/commit/aeb33d800716e2a6653597aa86314c4cbdadb678 (6.x) NOTE: https://github.com/OTRS/otrs/commit/03ca8f396b1aa9933c212a63f52a9ea26c06e7da (5.x) CVE-2019-16394 (SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messa ...) {DSA-4532-1 DLA-1975-1} - spip 3.2.5-1 NOTE: https://core.spip.net/issues/4171 NOTE: https://zone.spip.net/trac/spip-zone/changeset/117577/spip-zone NOTE: https://zone.spip.net/trac/spip-zone/changeset/117578/spip-zone CVE-2019-16393 (SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ec ...) {DSA-4532-1 DLA-1975-1} - spip 3.2.5-1 NOTE: https://core.spip.net/issues/4362 NOTE: https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1 CVE-2019-16392 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login ...) {DSA-4532-1 DLA-1975-1} - spip 3.2.5-1 NOTE: https://git.spip.net/SPIP/spip/commit/3c12a82c7d9d4afd09e708748fa82e7836174028 CVE-2019-16391 (SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors ...) {DSA-4532-1 DLA-1975-1} - spip 3.2.5-1 NOTE: https://git.spip.net/SPIP/spip/commit/187952ce85e73b52c2753f2d54fc2c44807b8f79 NOTE: https://git.spip.net/SPIP/spip/commit/3cbc758400323ab006c00ea78eacdb8f76aa5f66 CVE-2019-16374 (Pega Platform 8.2.1 allows LDAP injection because a username can conta ...) NOT-FOR-US: Pega Platform CVE-2019-16373 RESERVED CVE-2019-16372 RESERVED CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted ...) NOT-FOR-US: LogMeIn LastPass CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algori ...) - gradle (low; bug #941186) [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue) [stretch] - gradle (Minor issue) [jessie] - gradle (Minor issue, old gradle mainly used for building Debian packages with apt signatures) NOTE: https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f CVE-2019-16369 RESERVED CVE-2019-16368 RESERVED CVE-2019-16367 RESERVED CVE-2019-16366 (In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer ove ...) NOT-FOR-US: Moddable SDK CVE-2019-16365 RESERVED CVE-2019-16364 RESERVED CVE-2019-16363 RESERVED CVE-2019-16362 RESERVED CVE-2019-16361 RESERVED CVE-2019-16360 RESERVED CVE-2019-16359 RESERVED CVE-2019-16358 RESERVED CVE-2019-16357 RESERVED CVE-2019-16356 RESERVED CVE-2019-16355 (The File Session Manager in Beego 1.10.0 allows local users to read se ...) NOT-FOR-US: Beego CVE-2019-16354 (The File Session Manager in Beego 1.10.0 allows local users to read se ...) NOT-FOR-US: Beego CVE-2019-16353 (Emerson GE Automation Proficy Machine Edition 8.0 allows an access vio ...) NOT-FOR-US: Emerson GE Automation Proficy Machine Edition CVE-2019-16352 (ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load ...) NOT-FOR-US: ffjpeg CVE-2019-16351 (ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_dec ...) NOT-FOR-US: ffjpeg CVE-2019-16350 (ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() ...) NOT-FOR-US: ffjpeg CVE-2019-16349 (Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::Rea ...) NOT-FOR-US: Bento4 CVE-2019-16348 (marc-q libwav through 2017-04-20 has a NULL pointer dereference in gai ...) NOT-FOR-US: libwav CVE-2019-16347 (ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngifl ...) NOT-FOR-US: ngiflib CVE-2019-16346 (ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngifli ...) NOT-FOR-US: ngiflib CVE-2019-16345 RESERVED CVE-2019-16344 (A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR ...) NOT-FOR-US: ScadaBR CVE-2019-16343 RESERVED CVE-2019-16342 RESERVED CVE-2019-16341 RESERVED CVE-2019-16340 (Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to d ...) NOT-FOR-US: Belkin CVE-2019-16339 RESERVED CVE-2019-16338 (The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 a ...) NOT-FOR-US: Hancom Office CVE-2019-16337 (The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-f ...) NOT-FOR-US: Hancom Office CVE-2019-16336 (The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE componen ...) NOT-FOR-US: Cypress CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DSA-4542-1 DLA-1943-1} - jackson-databind 2.10.0-1 (bug #940498) NOTE: https://github.com/FasterXML/jackson-databind/issues/2449 NOTE: https://github.com/FasterXML/jackson-databind/commit/73c1c2cc76e6cdd7f3a5615cbe3207fe96e4d3db CVE-2019-16334 (In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categ ...) NOT-FOR-US: Bludit CVE-2019-16333 (GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in adm ...) NOT-FOR-US: GetSimple CMS CVE-2019-16332 (In the api-bearer-auth plugin before 20190907 for WordPress, the serve ...) NOT-FOR-US: Wordpress plugin CVE-2019-12412 (A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference ...) {DSA-4541-1 DLA-1944-1} - libapreq2 2.13-6 (bug #939937) NOTE: https://svn.apache.org/r1866760 CVE-2019-16331 RESERVED CVE-2019-16330 (In NCH Express Accounts Accounting v7.02, persistent cross site script ...) NOT-FOR-US: NCH Express Accounts Accounting CVE-2019-16329 RESERVED CVE-2019-16328 (In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify ...) - rpyc CVE-2019-16327 (D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypa ...) NOT-FOR-US: D-Link CVE-2019-16326 (D-Link DIR-601 B1 2.00NA devices have CSRF because no anti-CSRF token ...) NOT-FOR-US: D-Link CVE-2019-16325 RESERVED CVE-2019-16324 RESERVED CVE-2019-16323 RESERVED CVE-2019-16322 RESERVED CVE-2019-16321 (ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a ...) NOT-FOR-US: ScadaBR CVE-2019-16320 (Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers ...) NOT-FOR-US: Cobham Sea Tel CVE-2019-16318 (In Pimcore before 5.7.1, an attacker with limited privileges can bypas ...) NOT-FOR-US: Pimcore CVE-2019-16317 (In Pimcore before 5.7.1, an attacker with limited privileges can trigg ...) NOT-FOR-US: Pimcore CVE-2019-16316 RESERVED CVE-2019-16315 RESERVED CVE-2019-16314 (Indexhibit 2.1.5 allows a product reinstallation, with resultant remot ...) NOT-FOR-US: Indexhibit CVE-2019-16313 (ifw8 Router ROM v4.31 allows credential disclosure by reading the acti ...) NOT-FOR-US: ifw8 Router ROM CVE-2019-16312 (s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. ...) NOT-FOR-US: s-cms CVE-2019-16311 (NIUSHOP V1.11 has CSRF via search&#95;info to index.php. ...) NOT-FOR-US: NIUSHOP CVE-2019-16310 (NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. ...) NOT-FOR-US: NIUSHOP CVE-2019-16309 (FlameCMS 3.3.5 has SQL injection in account/login.php via accountName. ...) NOT-FOR-US: FlameCMS CVE-2019-16308 RESERVED CVE-2019-16307 (A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx modu ...) NOT-FOR-US: Fuji CVE-2019-16306 RESERVED CVE-2019-16305 (In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to comm ...) NOT-FOR-US: MobaXterm CVE-2019-16304 RESERVED CVE-2019-16303 (A class generated by the Generator in JHipster before 6.3.0 and JHipst ...) NOT-FOR-US: JHipster CVE-2019-16302 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2019-16301 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2019-16300 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2019-16299 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2019-16298 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2019-16297 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2019-16296 RESERVED CVE-2019-16295 (Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2019-16294 (SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote ...) NOT-FOR-US: Notepad++ CVE-2019-16293 (The Create Discoveries feature of Open-AudIT before 3.2.0 allows an au ...) NOT-FOR-US: Open-AudIT CVE-2019-16292 RESERVED CVE-2019-16291 RESERVED CVE-2019-16290 RESERVED CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPre ...) NOT-FOR-US: Wordpress plugin CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...) NOT-FOR-US: Tenda CVE-2019-16287 (In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able t ...) NOT-FOR-US: HP CVE-2019-16286 (An attacker may be able to bypass the OS application filter meant to r ...) NOT-FOR-US: HP CVE-2019-16285 (If a local user has been configured and logged in, an unauthenticated ...) NOT-FOR-US: HP CVE-2019-16284 (A potential security vulnerability has been identified in multiple HP ...) NOT-FOR-US: HP CVE-2019-16283 RESERVED CVE-2019-16282 (In NCH Express Invoice v7.12, persistent cross site scripting (XSS) ex ...) NOT-FOR-US: NCH Express Invoice CVE-2019-16281 (Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token ...) NOT-FOR-US: Ptarmigan CVE-2019-16280 RESERVED CVE-2019-16279 (A memory error in the function SSL_accept in nostromo nhttpd through 1 ...) - nostromo (bug #493645) CVE-2019-16278 (Directory Traversal in the function http_verify in nostromo nhttpd thr ...) - nostromo (bug #493645) CVE-2019-16277 (PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/ ...) NOT-FOR-US: PicoC CVE-2019-16319 (In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector ...) {DLA-2547-1} - wireshark 3.0.4-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2019-21.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16020 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a CVE-2019-16276 (Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smugglin ...) {DSA-4534-1 DLA-2592-1 DLA-2591-1} - golang-1.13 1.13.1-1 - golang-1.12 1.12.10-1 (bug #941173) - golang-1.11 - golang-1.8 - golang-1.7 - golang [jessie] - golang (Minor issue) NOTE: https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q NOTE: https://golang.org/issue/34540 NOTE: https://github.com/golang/go/commit/5a6ab1ec3e678640befebeb3318b746a64ad986c (golang-1.13) NOTE: https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8 (golang-1.12) CVE-2019-16274 (DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data fi ...) NOT-FOR-US: DTEN D5 devices CVE-2019-16273 (DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell a ...) NOT-FOR-US: DTEN D5 devices CVE-2019-16272 (On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for fi ...) NOT-FOR-US: DTEN D5 devices CVE-2019-16271 (DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read sa ...) NOT-FOR-US: DTEN D5 devices CVE-2019-16270 RESERVED CVE-2019-16269 RESERVED CVE-2019-16268 (Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection vi ...) NOT-FOR-US: Zoho ManageEngine Remote Access Plus CVE-2019-16267 RESERVED CVE-2019-16266 RESERVED CVE-2019-16265 (CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. ...) NOT-FOR-US: 3S-Smart CODESYS CVE-2019-16264 (In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado d ...) NOT-FOR-US: Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) CVE-2019-16263 (The Twitter Kit framework through 3.4.2 for iOS does not properly vali ...) NOT-FOR-US: Twitter Kit framework CVE-2019-16262 RESERVED CVE-2019-16261 (Tripp Lite PDUMH15AT 12.04.0053 devices allow unauthenticated POST req ...) NOT-FOR-US: Tripp Lite PDUMH15AT CVE-2019-16260 RESERVED CVE-2019-16259 RESERVED CVE-2019-16258 (The bootloader of the homee Brain Cube V2 through 2.23.0 allows attack ...) NOT-FOR-US: homee Brain Cube V2 CVE-2019-16257 (Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T ...) NOT-FOR-US: SIMalliance Toolbox Browser CVE-2019-16256 (Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T ...) NOT-FOR-US: SIMalliance Toolbox Browser CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...) {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1} - ruby2.5 2.5.7-1 - ruby2.3 - ruby2.1 - jruby (bug #972230) [buster] - jruby (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/ NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640 CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...) {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1} - ruby2.5 2.5.7-1 - ruby2.3 - ruby2.1 - jruby (bug #972230) [buster] - jruby (Minor issue) NOTE: https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc NOTE: https://hackerone.com/reports/331984 NOTE: https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/ CVE-2019-16253 (The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 ...) NOT-FOR-US: Samsung CVE-2019-16252 (Missing SSL Certificate Validation in the Nutfind.com application thro ...) NOT-FOR-US: Nutfind CVE-2019-16251 (plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework thro ...) NOT-FOR-US: YIT Plugin Framework CVE-2019-16250 (includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for ...) NOT-FOR-US: Ocean Extra plugin for WordPress CVE-2019-16249 (OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core ...) - opencv (Vulnerable code not present) NOTE: https://github.com/opencv/opencv/issues/15481 NOTE: https://github.com/opencv/opencv/commit/cd7fa04985b10db5e66de542725d0da57f0d10b6 NOTE: Issue was present in experimental, but suites up to unstable never were NOTE: shiping the vulnerable code. CVE-2019-16248 (The "delete for" feature in Telegram before 5.11 on Android does not d ...) NOT-FOR-US: Telegram for Android CVE-2019-16247 (Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommL ...) NOT-FOR-US: Delta DCISoft CVE-2019-16246 (Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a differen ...) NOT-FOR-US: Intesync Solismed CVE-2019-16245 (OMERO before 5.6.1 makes the details of each user available to all use ...) NOT-FOR-US: OMERO CVE-2019-16244 (OMERO.server before 5.6.1 allows attackers to bypass the security filt ...) NOT-FOR-US: OMERO CVE-2019-16243 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocument ...) NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices CVE-2019-16242 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineerin ...) NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices CVE-2019-16241 (On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can ...) NOT-FOR-US: TCL Alcatel Cingular Flip 2 B9HUAH1 devices CVE-2019-16240 (A Buffer Overflow and Information Disclosure issue exists in HP Office ...) NOT-FOR-US: HP CVE-2019-16239 (process_http_response in OpenConnect before 8.05 has a Buffer Overflow ...) {DSA-4607-1 DLA-1945-1} - openconnect 8.02-1.1 (bug #940871) NOTE: http://lists.infradead.org/pipermail/openconnect-devel/2019-September/005412.html NOTE: https://github.com/openconnect/openconnect/commit/875f0a65ab73f4fb581ca870fd3a901bd278f8e8 CVE-2019-16378 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a si ...) {DSA-4526-1} - opendmarc 1.3.2-7 (bug #940081) NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/48 CVE-2019-16275 (hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect ...) {DSA-4538-1 DLA-1922-1} - wpa 2:2.9-2 (bug #940080) [stretch] - wpa 2:2.4-1+deb9u6 NOTE: https://www.openwall.com/lists/oss-security/2019/09/11/7 NOTE: https://w1.fi/security/2019-7/ CVE-2019-16238 (Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged ...) NOT-FOR-US: Afterlogic Aurora CVE-2019-16237 (Dino before 2019-09-10 does not properly check the source of an MAM me ...) {DSA-4524-1} - dino-im 0.0.git20190911.2a70a4e-1 NOTE: https://github.com/dino/dino/commit/307f16cc86dd2b95aa02ab8a85110e4a2d5e7363 NOTE: https://gultsch.de/dino_multiple.html CVE-2019-16236 (Dino before 2019-09-10 does not check roster push authorization in mod ...) {DSA-4524-1} - dino-im 0.0.git20190911.2a70a4e-1 NOTE: https://github.com/dino/dino/commit/dd33f5f949248d87d34f399e8846d5ee5b8823d9 NOTE: https://gultsch.de/dino_multiple.html CVE-2019-16235 (Dino before 2019-09-10 does not properly check the source of a carbons ...) {DSA-4524-1} - dino-im 0.0.git20190911.2a70a4e-1 NOTE: https://github.com/dino/dino/commit/e84f2c49567e86d2a261ea264d65c4adc549c930 NOTE: https://gultsch.de/dino_multiple.html CVE-2019-16234 (drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5. ...) - linux (unimportant) NOTE: https://lkml.org/lkml/2019/9/9/487 NOTE: Requires memory allocation failure during device probe, so unlikely to NOTE: be exploitable, and then it's only a local DoS. CVE-2019-16233 (drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not chec ...) - linux (unimportant) NOTE: https://lkml.org/lkml/2019/9/9/487 NOTE: Requires memory allocation failure during device probe, so unlikely to NOTE: be exploitable, and then it's only a local DoS. CVE-2019-16232 (drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5. ...) - linux (unimportant) NOTE: https://lkml.org/lkml/2019/9/9/487 NOTE: Requires memory allocation failure during device probe, so unlikely to NOTE: be exploitable, and then it's only a local DoS. CVE-2019-16231 (drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check ...) - linux (unimportant) NOTE: https://lkml.org/lkml/2019/9/9/487 NOTE: Requires memory allocation failure during device probe, so unlikely to NOTE: be exploitable, and then it's only a local DoS. CVE-2019-16230 (** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux ke ...) - linux (unimportant) NOTE: https://lkml.org/lkml/2019/9/9/487 NOTE: Requires memory allocation failure during device probe, so unlikely to NOTE: be exploitable, and then it's only a local DoS. CVE-2019-16229 (** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux ...) - linux (unimportant) NOTE: https://lkml.org/lkml/2019/9/9/487 NOTE: Requires memory allocation failure during device probe, so unlikely to NOTE: be exploitable, and then it's only a local DoS. CVE-2019-16228 (An issue was discovered in py-lmdb 0.97. There is a divide-by-zero err ...) - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16227 (An issue was discovered in py-lmdb 0.97. For certain values of mn_flag ...) - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16226 (An issue was discovered in py-lmdb 0.97. mdb_node_del does not validat ...) - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16225 (An issue was discovered in py-lmdb 0.97. For certain values of mp_flag ...) - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16224 (An issue was discovered in py-lmdb 0.97. For certain values of md_flag ...) - py-lmdb (unimportant) NOTE: https://github.com/jnwatson/py-lmdb/issues/210 NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023 CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by authenticated us ...) {DSA-4599-1 DLA-1960-1} - wordpress 5.2.3+dfsg1-1 (bug #939543) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 CVE-2019-16222 (WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...) {DSA-4599-1 DLA-1960-1} - wordpress 5.2.3+dfsg1-1 (bug #939543) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 NOTE: https://core.trac.wordpress.org/changeset/45997 NOTE: https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68 CVE-2019-16221 (WordPress before 5.2.3 allows reflected XSS in the dashboard. ...) {DSA-4599-1 DLA-1960-1} - wordpress 5.2.3+dfsg1-1 (bug #939543) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 CVE-2019-16220 (In WordPress before 5.2.3, validation and sanitization of a URL in wp_ ...) {DSA-4599-1 DLA-1960-1} - wordpress 5.2.3+dfsg1-1 (bug #939543) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 NOTE: https://core.trac.wordpress.org/changeset/45971 NOTE: https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28 CVE-2019-16219 (WordPress before 5.2.3 allows XSS in shortcode previews. ...) {DSA-4599-1 DLA-1960-1} - wordpress 5.2.3+dfsg1-1 (bug #939543) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 CVE-2019-16218 (WordPress before 5.2.3 allows XSS in stored comments. ...) {DSA-4599-1 DLA-1960-1} - wordpress 5.2.3+dfsg1-1 (bug #939543) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ...) {DSA-4599-1 DLA-1960-1} - wordpress 5.2.3+dfsg1-1 (bug #939543) [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 NOTE: https://core.trac.wordpress.org/changeset/45936 CVE-2019-16216 (Zulip server before 2.0.5 incompletely validated the MIME types of upl ...) - zulip-server (bug #800052) CVE-2019-16215 (The Markdown parser in Zulip server before 2.0.5 used a regular expres ...) - zulip-server (bug #800052) CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular expression for i ...) NOT-FOR-US: Libra CVE-2019-16213 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authe ...) NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender CVE-2019-16212 (A vulnerability in Brocade SANnav versions before v2.1.0 could allow a ...) NOT-FOR-US: Brocade SANnav CVE-2019-16211 (Brocade SANnav versions before v2.1.0, contain a Plaintext Password St ...) NOT-FOR-US: Brocade SANnav CVE-2019-16210 (Brocade SANnav versions before v2.0, logs plain text database connecti ...) NOT-FOR-US: Brocade CVE-2019-16209 (A vulnerability, in The ReportsTrustManager class of Brocade SANnav ve ...) NOT-FOR-US: Brocade CVE-2019-16208 (Password-based encryption (PBE) algorithm, of Brocade SANnav versions ...) NOT-FOR-US: Brocade CVE-2019-16207 (Brocade SANnav versions before v2.0 use a hard-coded password, which c ...) NOT-FOR-US: Brocade CVE-2019-16206 (The authentication mechanism, in Brocade SANnav versions before v2.0, ...) NOT-FOR-US: Brocade CVE-2019-16205 (A vulnerability, in Brocade SANnav versions before v2.0, could allow r ...) NOT-FOR-US: Brocade CVE-2019-16204 (Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1 ...) NOT-FOR-US: Brocade Fabric OS CVE-2019-16203 (Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the ...) NOT-FOR-US: Brocade Fabric OS CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...) NOT-FOR-US: MISP CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...) {DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1} - ruby2.5 2.5.7-1 - ruby2.3 - ruby2.1 - jruby (bug #972230) [buster] - jruby (Minor issue) NOTE: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03 NOTE: https://hackerone.com/reports/661722 NOTE: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/ CVE-2019-16200 (GNU Serveez through 0.2.2 has an Information Leak. An attacker may sen ...) - serveez CVE-2019-16199 (eQ-3 Homematic CCU2 before 2.47.18 and CCU3 before 3.47.18 allow Remot ...) NOT-FOR-US: eQ-3 Homematic CCU2 CVE-2019-16198 (KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by t ...) NOT-FOR-US: KSLabs KSWEB CVE-2019-16197 (In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-A ...) - dolibarr CVE-2019-16196 RESERVED CVE-2019-16195 (Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 a ...) - centreon-web (bug #913903) CVE-2019-16194 (SQL injection vulnerabilities in Centreon through 19.04 allow attacks ...) - centreon-web (bug #913903) CVE-2019-16193 (In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to t ...) NOT-FOR-US: ArcGIS Enterprise CVE-2019-16192 (upload_model() in /admini/controllers/system/managemodel.php in DocCms ...) NOT-FOR-US: DocCMS CVE-2019-16191 RESERVED CVE-2019-16190 (SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L RE ...) NOT-FOR-US: D-Link CVE-2019-16189 RESERVED CVE-2019-16188 (HCL AppScan Source before 9.03.13 is susceptible to XML External Entit ...) NOT-FOR-US: HCL AppScan Source CVE-2019-16187 (Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnl ...) - limesurvey (bug #472802) CVE-2019-16186 (In Limesurvey before 3.17.14, admin users can access the plugin manage ...) - limesurvey (bug #472802) CVE-2019-16185 (In Limesurvey before 3.17.14, admin users can view, update, or delete ...) - limesurvey (bug #472802) CVE-2019-16184 (A CSV injection vulnerability was found in Limesurvey before 3.17.14 t ...) - limesurvey (bug #472802) CVE-2019-16183 (In Limesurvey before 3.17.14, admin users can run an integrity check w ...) - limesurvey (bug #472802) CVE-2019-16182 (A reflected cross-site scripting (XSS) vulnerability was found in Lime ...) - limesurvey (bug #472802) CVE-2019-16181 (In Limesurvey before 3.17.14, admin users can mark other users' notifi ...) - limesurvey (bug #472802) CVE-2019-16180 (Limesurvey before 3.17.14 allows remote attackers to bruteforce the lo ...) - limesurvey (bug #472802) CVE-2019-16179 (Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the defaul ...) - limesurvey (bug #472802) CVE-2019-16178 (A stored cross-site scripting (XSS) vulnerability was found in Limesur ...) - limesurvey (bug #472802) CVE-2019-16177 (In Limesurvey before 3.17.14, the entire database is exposed through b ...) - limesurvey (bug #472802) CVE-2019-16176 (A path disclosure vulnerability was found in Limesurvey before 3.17.14 ...) - limesurvey (bug #472802) CVE-2019-16175 (A clickjacking vulnerability was found in Limesurvey before 3.17.14. ...) - limesurvey (bug #472802) CVE-2019-16174 (An XML injection vulnerability was found in Limesurvey before 3.17.14 ...) - limesurvey (bug #472802) CVE-2019-16173 (LimeSurvey before v3.17.14 allows reflected XSS for escalating privile ...) - limesurvey (bug #472802) CVE-2019-16172 (LimeSurvey before v3.17.14 allows stored XSS for escalating privileges ...) - limesurvey (bug #472802) CVE-2019-16171 (In JetBrains YouTrack through 2019.2.56594, stored XSS was found on th ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-16170 (An issue was discovered in GitLab Enterprise Edition 11.x and 12.x bef ...) [experimental] - gitlab 12.0.9-1 - gitlab 12.6.8-3 (bug #940007) NOTE: https://about.gitlab.com/2019/09/10/critical-security-release-gitlab-12-dot-2-dot-5-released/ CVE-2019-16169 RESERVED CVE-2019-16167 (sysstat before 12.1.6 has memory corruption due to an Integer Overflow ...) - sysstat 12.1.7-1 (bug #939914) [buster] - sysstat (Minor issue, can be fixed via point release) [stretch] - sysstat (Vulnerable code introduced later) [jessie] - sysstat (Vulnerable code introduced later) NOTE: https://github.com/sysstat/sysstat/issues/230 NOTE: Introduced after: https://github.com/sysstat/sysstat/commit/65ac30359e49ee717397e39950d7c24a6610d57c (v11.7.1) NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/edbf507678bf10914e9804ff8a06737fdcb2e781 CVE-2019-16166 (GNU cflow through 1.6 has a heap-based buffer over-read in the nexttok ...) - cflow (unimportant; bug #939916) NOTE: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00000.html NOTE: Crash in CLI tool, no security impact CVE-2019-16165 (GNU cflow through 1.6 has a use-after-free in the reference function i ...) - cflow (unimportant; bug #939915) NOTE: https://lists.gnu.org/archive/html/bug-cflow/2019-04/msg00001.html NOTE: Crash in CLI tool, no security impact CVE-2019-16164 (MyHTML through 4.0.5 has a NULL pointer dereference in myhtml_tree_nod ...) NOT-FOR-US: MyHTML CVE-2019-16163 (Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of ...) {DLA-2431-1 DLA-1918-1} - libonig 6.9.4-1 (low; bug #939988) [buster] - libonig (Minor issue) NOTE: https://github.com/kkos/oniguruma/issues/147 NOTE: https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180 CVE-2019-16162 (Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class bec ...) NOT-FOR-US: Onigmo (fork of Oniguruma) CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code ...) NOT-FOR-US: Onigmo (fork of Oniguruma) CVE-2019-16160 (An integer underflow in the SMB server of MikroTik RouterOS before 6.4 ...) NOT-FOR-US: MikroTik RouterOS CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 ...) - bird 1.6.8-1 (bug #939990) [buster] - bird 1.6.6-1+deb10u1 [stretch] - bird (Vulnerable code introduced later) [jessie] - bird (Vulnerable code introduced later) - bird2 2.0.6-1 (bug #940522) NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/1657c41c96b3c07d9265b07dd4912033ead4124b (1.6.x) NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c (2.0.x) CVE-2019-16158 RESERVED CVE-2019-16157 (An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI a ...) NOT-FOR-US: Fortiguard CVE-2019-16156 (An Improper Neutralization of Input vulnerability in the Anomaly Detec ...) NOT-FOR-US: Fortiguard CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...) NOT-FOR-US: Fortiguard FortiClient CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...) NOT-FOR-US: FortiAuthenticator WEB UI CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...) NOT-FOR-US: Fortinet CVE-2019-16152 (A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 ...) NOT-FOR-US: Fortiguard FortiClient CVE-2019-16151 RESERVED CVE-2019-16150 (Use of a hard-coded cryptographic key to encrypt security sensitive da ...) NOT-FOR-US: Fortiguard CVE-2019-16149 RESERVED CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can cras ...) {DLA-2340-1} - sqlite3 3.29.0-2 [buster] - sqlite3 3.27.2-3+deb10u1 [jessie] - sqlite3 (Minor issue) NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62 NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6 NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0 NOTE: https://github.com/sqlite/sqlite/commit/725dd72400872da94dcfb6af48128905b93d57fe CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...) NOT-FOR-US: Sakai CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...) NOT-FOR-US: Liferay Portal CVE-2019-16146 (Gophish through 0.8.0 allows XSS via a username. ...) NOT-FOR-US: Gophish CVE-2019-16145 (The breadcrumbs contributed module through 0.2.0 for Padrino Framework ...) NOT-FOR-US: Padrino module CVE-2019-16144 (An issue was discovered in the generator crate before 0.6.18 for Rust. ...) NOT-FOR-US: Rust crate generator CVE-2019-16143 (An issue was discovered in the blake2 crate before 0.8.1 for Rust. The ...) NOT-FOR-US: Rust crate blake CVE-2019-16142 (An issue was discovered in the renderdoc crate before 0.5.0 for Rust. ...) NOT-FOR-US: Rust crate renderdoc CVE-2019-16141 (An issue was discovered in the once_cell crate before 1.0.1 for Rust. ...) - rust-once-cell (Only affects 0.2.5 and later) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0017.html CVE-2019-16140 (An issue was discovered in the chttp crate before 0.1.3 for Rust. Ther ...) NOT-FOR-US: Rust crate chttp CVE-2019-16139 (An issue was discovered in the compact_arena crate before 0.4.0 for Ru ...) NOT-FOR-US: Rust crate renderdoc CVE-2019-16138 (An issue was discovered in the image crate before 0.21.3 for Rust, aff ...) - rust-image (Fixed before initial upload) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0014.html CVE-2019-16137 (An issue was discovered in the spin crate before 0.5.2 for Rust, when ...) - rust-spin 0.5.2-1 [buster] - rust-spin (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0013.html CVE-2019-16136 RESERVED CVE-2019-16135 RESERVED CVE-2019-16134 RESERVED CVE-2019-16133 (An issue was discovered in eteams OA v4.0.34. Because the session is n ...) NOT-FOR-US: eteams CVE-2019-16132 (An issue was discovered in OKLite v1.2.25. framework/admin/tpl_control ...) NOT-FOR-US: OKLite CVE-2019-16131 (framework/admin/modulec_control.php in OKLite v1.2.25 has an Arbitrary ...) NOT-FOR-US: OKLite CVE-2019-16130 (YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.ph ...) NOT-FOR-US: YII2-CMS CVE-2019-16129 (Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 ...) NOT-FOR-US: Microchip CryptoAuthentication Library CryptoAuthLib CVE-2019-16128 (Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 ...) NOT-FOR-US: Microchip CryptoAuthentication Library CryptoAuthLib CVE-2019-16127 (Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. ...) NOT-FOR-US: Atmel Advanced Software Framework (ASF) 4 CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaSc ...) NOT-FOR-US: Grav CMS CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in public/p ...) NOT-FOR-US: Jobberbase CVE-2019-16124 (In YouPHPTube 7.4, the file install/checkConfiguration.php has no acce ...) NOT-FOR-US: YouPHPTube CVE-2019-16123 (In Kartatopia PilusCart 1.4.1, the parameter filename in the file cata ...) NOT-FOR-US: Kartatopia PilusCart CVE-2019-16122 RESERVED CVE-2019-16121 RESERVED CVE-2019-16120 (CSV injection in the event-tickets (Event Tickets) plugin before 4.10. ...) NOT-FOR-US: event-tickets (Event Tickets) plugin for WordPress CVE-2019-16119 (SQL injection in the photo-gallery (10Web Photo Gallery) plugin before ...) NOT-FOR-US: photo-gallery (10Web Photo Gallery) plugin for WordPress CVE-2019-16118 (Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) ...) NOT-FOR-US: photo-gallery (10Web Photo Gallery) plugin for WordPress CVE-2019-16117 (Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) ...) NOT-FOR-US: photo-gallery (10Web Photo Gallery) plugin for WordPress CVE-2019-16116 (EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable ...) NOT-FOR-US: EnterpriseDT CompleteFTP Server CVE-2019-16115 (In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the applicatio ...) NOT-FOR-US: ATutor CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...) NOT-FOR-US: Bludit CVE-2019-16112 (TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting ...) NOT-FOR-US: TylerTech Eagle CVE-2019-16111 RESERVED CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows remote attac ...) NOT-FOR-US: Blade Shadow CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It confi ...) NOT-FOR-US: Plataformatec Devise CVE-2019-16108 (phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) to ...) NOT-FOR-US: phpBB CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...) NOT-FOR-US: phpBB CVE-2019-16106 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...) NOT-FOR-US: Recruitment module in Humanica Humatrix CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...) NOT-FOR-US: Silver Peak EdgeConnect SD-WAN CVE-2019-16104 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via th ...) NOT-FOR-US: Silver Peak EdgeConnect SD-WAN CVE-2019-16103 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalat ...) NOT-FOR-US: Silver Peak EdgeConnect SD-WAN CVE-2019-16102 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with ...) NOT-FOR-US: Silver Peak EdgeConnect SD-WAN CVE-2019-16101 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers ...) NOT-FOR-US: Silver Peak EdgeConnect SD-WAN CVE-2019-16100 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows remote attackers ...) NOT-FOR-US: Silver Peak EdgeConnect SD-WAN CVE-2019-16099 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON dat ...) NOT-FOR-US: Silver Peak EdgeConnect SD-WAN CVE-2019-16098 (The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys ...) NOT-FOR-US: Micro-Star MSI Afterburner CVE-2019-16097 (core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users ...) NOT-FOR-US: Harbor CVE-2019-16096 (Kilo 0.0.1 has a heap-based buffer overflow because there is an intege ...) NOT-FOR-US: Kilo CVE-2019-16095 (Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/rea ...) - libmysofa 0.8~dfsg0-1 (bug #939735) [buster] - libmysofa 0.6~dfsg0-3+deb10u1 CVE-2019-16094 (Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDat ...) - libmysofa 0.8~dfsg0-1 (bug #939735) [buster] - libmysofa 0.6~dfsg0-3+deb10u1 CVE-2019-16093 (Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDa ...) - libmysofa 0.8~dfsg0-1 (bug #939735) [buster] - libmysofa 0.6~dfsg0-3+deb10u1 CVE-2019-16092 (Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hr ...) - libmysofa 0.8~dfsg0-1 (bug #939735) [buster] - libmysofa 0.6~dfsg0-3+deb10u1 CVE-2019-16091 (Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in ...) - libmysofa 0.8~dfsg0-1 (bug #939735) [buster] - libmysofa 0.6~dfsg0-3+deb10u1 CVE-2019-16090 RESERVED CVE-2019-16088 (Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-16087 RESERVED CVE-2019-16086 RESERVED CVE-2019-16085 RESERVED CVE-2019-16084 RESERVED CVE-2019-16083 RESERVED CVE-2019-16082 RESERVED CVE-2019-16081 RESERVED CVE-2019-16080 RESERVED CVE-2019-16079 RESERVED CVE-2019-16078 RESERVED CVE-2019-16077 RESERVED CVE-2019-16076 RESERVED CVE-2019-16075 RESERVED CVE-2019-16074 RESERVED CVE-2019-16073 RESERVED CVE-2019-16072 (An OS command injection vulnerability in the discover_and_manage CGI s ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16071 (Enigma NMS 65.0.0 and prior allows administrative users to create low- ...) NOT-FOR-US: Enigma NMS CVE-2019-16070 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16069 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16068 (A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and pr ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16067 (NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16066 (An unrestricted file upload vulnerability exists in user and system fi ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16065 (A remote SQL injection web vulnerability was discovered in the Enigma ...) NOT-FOR-US: Enigma NMS CVE-2019-16064 (NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16063 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data ren ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16062 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data sto ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are ...) NOT-FOR-US: NETSAS Enigma NMS CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_s ...) - linux [bullseye] - linux (Minor issue, revisit when fixed upstream) [buster] - linux (Minor issue, revisit when fixed upstream) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) CVE-2019-16060 (The Airbrake Ruby notifier 4.2.3 for Airbrake mishandles the blacklist ...) NOT-FOR-US: Airbrake Ruby notifier CVE-2019-16059 (Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker t ...) NOT-FOR-US: Sentrifugo CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for O ...) - pam-p11 0.3.1-1 (bug #939664) [buster] - pam-p11 (Minor issue) [stretch] - pam-p11 (Minor issue) [jessie] - pam-p11 (Minor issue) NOTE: https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c NOTE: PKCS11_sign() is used in Jessie and Stretch and has a similar problem as EVP_SignFinal() everywhere else CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnera ...) NOT-FOR-US: D-Link CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...) {DLA-2337-1 DLA-2280-1 DLA-1925-1 DLA-1924-1} - python3.8 3.8.0~b4-1 - python3.7 3.7.4-4 [buster] - python3.7 3.7.3-2+deb10u1 - python3.5 - python3.4 - python2.7 2.7.17~rc1-1 (bug #940901) [buster] - python2.7 2.7.16-2+deb10u1 NOTE: https://bugs.python.org/issue34155 NOTE: https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 (master) NOTE: https://github.com/python/cpython/commit/217077440a6938a0b428f67cfef6e053c4f8673c (v3.8.0b4) NOTE: https://github.com/python/cpython/commit/c48d606adcef395e59fd555496c42203b01dd3e8 (3.7 branch) NOTE: https://github.com/python/cpython/commit/13a19139b5e76175bc95294d54afc9425e4f36c9 (3.6 branch) NOTE: https://github.com/python/cpython/commit/063eba280a11d3c9a5dd9ee5abe4de640907951b (3.5 branch) NOTE: https://github.com/python/cpython/commit/4cbcd2f8c4e12b912e4d21fd892eedf7a3813d8e (2.7 branch) CVE-2019-16055 RESERVED CVE-2019-16054 RESERVED CVE-2019-16053 RESERVED CVE-2019-16052 RESERVED CVE-2019-16051 RESERVED CVE-2019-16050 RESERVED CVE-2019-16049 RESERVED CVE-2019-16048 RESERVED CVE-2019-16047 RESERVED CVE-2019-16046 RESERVED CVE-2019-16045 RESERVED CVE-2019-16044 RESERVED CVE-2019-16043 RESERVED CVE-2019-16042 RESERVED CVE-2019-16041 RESERVED CVE-2019-16040 RESERVED CVE-2019-16039 RESERVED CVE-2019-16038 RESERVED CVE-2019-16037 RESERVED CVE-2019-16036 RESERVED CVE-2019-16035 RESERVED CVE-2019-16034 RESERVED CVE-2019-16033 RESERVED CVE-2019-16032 RESERVED CVE-2019-16031 RESERVED CVE-2019-16030 RESERVED CVE-2019-16029 (A vulnerability in the application programming interface (API) of Cisc ...) NOT-FOR-US: Cisco CVE-2019-16028 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2019-16027 (A vulnerability in the implementation of the Intermediate System&n ...) NOT-FOR-US: Cisco CVE-2019-16026 (A vulnerability in the implementation of the Stream Control Transmissi ...) NOT-FOR-US: Cisco CVE-2019-16025 (A vulnerability in the web framework of Cisco Emergency Responder coul ...) NOT-FOR-US: Cisco CVE-2019-16024 (A vulnerability in the web-based management interface of Cisco Crosswo ...) NOT-FOR-US: Cisco CVE-2019-16023 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) NOT-FOR-US: Cisco CVE-2019-16022 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) NOT-FOR-US: Cisco CVE-2019-16021 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) NOT-FOR-US: Cisco CVE-2019-16020 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) NOT-FOR-US: Cisco CVE-2019-16019 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...) NOT-FOR-US: Cisco CVE-2019-16018 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...) NOT-FOR-US: Cisco CVE-2019-16017 (A vulnerability in the Operations, Administration, Maintenance and Pro ...) NOT-FOR-US: Cisco CVE-2019-16016 RESERVED CVE-2019-16015 (A vulnerability in the web-based management interface of the Cisco Dat ...) NOT-FOR-US: Cisco CVE-2019-16014 RESERVED CVE-2019-16013 RESERVED CVE-2019-16012 (A vulnerability in the web UI of Cisco SD-WAN Solution vManage softwar ...) NOT-FOR-US: Cisco CVE-2019-16011 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) NOT-FOR-US: Cisco CVE-2019-16010 (A vulnerability in the web UI of the Cisco SD-WAN vManage software cou ...) NOT-FOR-US: Cisco CVE-2019-16009 (A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software c ...) NOT-FOR-US: Cisco CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...) NOT-FOR-US: Cisco CVE-2019-16007 (A vulnerability in the inter-service communication of Cisco AnyConnect ...) NOT-FOR-US: Cisco CVE-2019-16006 RESERVED CVE-2019-16005 (A vulnerability in the web-based management interface of Cisco Webex V ...) NOT-FOR-US: Cisco CVE-2019-16004 (A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signa ...) NOT-FOR-US: Cisco CVE-2019-16003 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) NOT-FOR-US: Cisco CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-W ...) NOT-FOR-US: Cisco CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic link libr ...) NOT-FOR-US: Cisco CVE-2019-16000 (A vulnerability in the automatic update process of Cisco Umbrella Roam ...) NOT-FOR-US: Cisco CVE-2019-15999 (A vulnerability in the application environment of Cisco Data Center Ne ...) NOT-FOR-US: Cisco CVE-2019-15998 (A vulnerability in the access-control logic of the NETCONF over Secure ...) NOT-FOR-US: Cisco CVE-2019-15997 (A vulnerability in Cisco DNA Spaces: Connector could allow an authenti ...) NOT-FOR-US: Cisco CVE-2019-15996 (A vulnerability in Cisco DNA Spaces: Connector could allow an authenti ...) NOT-FOR-US: Cisco CVE-2019-15995 (A vulnerability in the web UI of Cisco DNA Spaces: Connector could all ...) NOT-FOR-US: Cisco CVE-2019-15994 (A vulnerability in the web-based management interface of Cisco Stealth ...) NOT-FOR-US: Cisco CVE-2019-15993 (A vulnerability in the web UI of Cisco Small Business Switches could a ...) NOT-FOR-US: Cisco CVE-2019-15992 (A vulnerability in the implementation of the Lua interpreter integrate ...) NOT-FOR-US: Cisco CVE-2019-15991 RESERVED CVE-2019-15990 (A vulnerability in the web-based management interface of certain Cisco ...) NOT-FOR-US: Cisco CVE-2019-15989 (A vulnerability in the implementation of the Border Gateway Protocol ( ...) NOT-FOR-US: Cisco CVE-2019-15988 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2019-15987 (A vulnerability in web interface of the Cisco Webex Event Center, Cisc ...) NOT-FOR-US: Cisco CVE-2019-15986 (A vulnerability in the CLI of Cisco Unity Express could allow an authe ...) NOT-FOR-US: Cisco CVE-2019-15985 (Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco D ...) NOT-FOR-US: Cisco CVE-2019-15984 (Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco D ...) NOT-FOR-US: Cisco CVE-2019-15983 (A vulnerability in the SOAP API of Cisco Data Center Network Manager ( ...) NOT-FOR-US: Cisco CVE-2019-15982 (Multiple vulnerabilities in the REST and SOAP API endpoints and the Ap ...) NOT-FOR-US: Cisco CVE-2019-15981 (Multiple vulnerabilities in the REST and SOAP API endpoints and the Ap ...) NOT-FOR-US: Cisco CVE-2019-15980 (Multiple vulnerabilities in the REST and SOAP API endpoints and the Ap ...) NOT-FOR-US: Cisco CVE-2019-15979 (Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco D ...) NOT-FOR-US: Cisco CVE-2019-15978 (Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco D ...) NOT-FOR-US: Cisco CVE-2019-15977 (Multiple vulnerabilities in the authentication mechanisms of Cisco Dat ...) NOT-FOR-US: Cisco CVE-2019-15976 (Multiple vulnerabilities in the authentication mechanisms of Cisco Dat ...) NOT-FOR-US: Cisco CVE-2019-15975 (Multiple vulnerabilities in the authentication mechanisms of Cisco Dat ...) NOT-FOR-US: Cisco CVE-2019-15974 (A vulnerability in the web interface of Cisco Managed Services Acceler ...) NOT-FOR-US: Cisco CVE-2019-15973 (A vulnerability in the web-based management interface of Cisco Industr ...) NOT-FOR-US: Cisco CVE-2019-15972 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2019-15971 (A vulnerability in the MP3 detection engine of Cisco AsyncOS Software ...) NOT-FOR-US: Cisco CVE-2019-15970 RESERVED CVE-2019-15969 (A vulnerability in the web-based management interface of Cisco Web Sec ...) NOT-FOR-US: Cisco CVE-2019-15968 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2019-15967 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...) NOT-FOR-US: Cisco CVE-2019-15966 (A vulnerability in the web application of Cisco TelePresence Advanced ...) NOT-FOR-US: Cisco TelePresence Advanced Media Gateway CVE-2019-15965 RESERVED CVE-2019-15964 RESERVED CVE-2019-15963 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...) NOT-FOR-US: Cisco CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus (ClamAV) So ...) {DLA-2108-1} - clamav 0.102.1+dfsg-1 (bug #945265) [buster] - clamav 0.102.1+dfsg-0+deb10u1 [stretch] - clamav 0.102.1+dfsg-0+deb9u2 NOTE: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html CVE-2019-15960 (A vulnerability in the Webex Network Recording Admin page of Cisco Web ...) NOT-FOR-US: Cisco CVE-2019-15959 (A vulnerability in Cisco Small Business SPA500 Series IP Phones could ...) NOT-FOR-US: Cisco CVE-2019-15958 (A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and ...) NOT-FOR-US: Cisco CVE-2019-15957 (A vulnerability in the web-based management interface of certain Cisco ...) NOT-FOR-US: Cisco CVE-2019-15956 (A vulnerability in the web management interface of Cisco AsyncOS Softw ...) NOT-FOR-US: Cisco CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...) NOT-FOR-US: Total.js CMS CVE-2019-15954 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user ...) NOT-FOR-US: Total.js CMS CVE-2019-15953 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user ...) NOT-FOR-US: Total.js CMS CVE-2019-15952 (An issue was discovered in Total.js CMS 12.0.0. An authenticated user ...) NOT-FOR-US: Total.js CMS CVE-2019-15951 RESERVED CVE-2019-15950 (The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard d ...) NOT-FOR-US: Redmine plugin CVE-2019-15949 (Nagios XI before 5.6.6 allows remote command execution as root. The ex ...) NOT-FOR-US: Nagios XI CVE-2019-15948 (Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller dev ...) NOT-FOR-US: Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices CVE-2019-15947 (In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted ...) - bitcoin 0.20.1~dfsg-1 (bug #939608) CVE-2019-15946 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet ...) {DLA-1916-1} - opensc 0.20.0-1 (bug #939669) [buster] - opensc (Minor issue) [stretch] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740 CVE-2019-15945 (OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitst ...) {DLA-1916-1} - opensc 0.20.0-1 (bug #939668) [buster] - opensc (Minor issue) [stretch] - opensc (Minor issue) NOTE: https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68 CVE-2019-15944 (In Counter-Strike: Global Offensive before 8/29/2019, community game s ...) NOT-FOR-US: Counter-Strike: Global Offensive CVE-2019-15943 (vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allow ...) NOT-FOR-US: Counter-Strike: Global Offensive CVE-2019-15942 (FFmpeg through 4.2 has a "Conditional jump or move depends on uninitia ...) - ffmpeg (Only affects 4.2) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=af70bfbeadc0c9b9215cf045ff2a6a31e8ac3a71 CVE-2019-15941 (OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an ...) {DSA-4533-1} - lemonldap-ng 2.0.6+ds-1 [stretch] - lemonldap-ng (Restrictions on OIDC federation added in 2.0) [jessie] - lemonldap-ng (Vulnerable code introduced later) NOTE: Vulnerability exists pre-2.0 versions, but as restrictions on OIDC federation NOTE: were added only in 2.0 the vulnerability has no effect. The vulnerability NOTE: itself exists only with versions >= 1.9.0 (as there is no OIDC before) CVE-2019-15940 (Victure PC530 devices allow unauthenticated TELNET access as root. ...) NOT-FOR-US: Victure PC530 devices CVE-2019-15939 (An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero err ...) {DLA-2799-1} - opencv 4.1.2+dfsg-3 [buster] - opencv (Minor issue) [jessie] - opencv (Minor issue) NOTE: https://github.com/OpenCV/opencv/issues/15287 NOTE: https://github.com/opencv/opencv/pull/15382 CVE-2019-15938 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in ...) NOT-FOR-US: Pengutronix barebox CVE-2019-15937 (Pengutronix barebox through 2019.08.1 has a remote buffer overflow in ...) NOT-FOR-US: Pengutronix barebox CVE-2019-15936 (Intesync Solismed 3.3sp allows Insecure File Upload. ...) NOT-FOR-US: Intesync Solismed CVE-2019-15935 (Intesync Solismed 3.3sp has XSS. ...) NOT-FOR-US: Intesync Solismed CVE-2019-15934 (Intesync Solismed 3.3sp has CSRF. ...) NOT-FOR-US: Intesync Solismed CVE-2019-15933 (Intesync Solismed 3.3sp has SQL Injection. ...) NOT-FOR-US: Intesync Solismed CVE-2019-15932 (Intesync Solismed 3.3sp has Incorrect Access Control. ...) NOT-FOR-US: Intesync Solismed CVE-2019-15931 (Intesync Solismed 3.3sp allows Directory Traversal, a different vulner ...) NOT-FOR-US: Intesync Solismed CVE-2019-15930 (Intesync Solismed 3.3sp allows Clickjacking. ...) NOT-FOR-US: Intesync Solismed CVE-2019-15929 (In Craft CMS through 3.1.7, the elevated session password prompt was n ...) NOT-FOR-US: Craft CMS CVE-2019-15928 RESERVED CVE-2019-15927 (An issue was discovered in the Linux kernel before 4.20.2. An out-of-b ...) - linux 4.19.16-1 [stretch] - linux 4.9.161-1 [jessie] - linux 3.16.68-1 NOTE: https://git.kernel.org/linus/f4351a199cc120ff9d59e06d02e8657d08e6cc46 CVE-2019-15926 (An issue was discovered in the Linux kernel before 5.2.3. Out of bound ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.189-1 NOTE: https://git.kernel.org/linus/5d6751eaff672ea77642e74e92e6c0ac7f9709ab CVE-2019-15925 (An issue was discovered in the Linux kernel before 5.2.3. An out of bo ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/04f25edb48c441fc278ecc154c270f16966cbb90 CVE-2019-15924 (An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_ ...) {DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/01ca667133d019edc9f0a1f70a272447c84ec41f CVE-2019-15923 (An issue was discovered in the Linux kernel before 5.0.9. There is a N ...) - linux (Vulnerability never present) NOTE: https://git.kernel.org/linus/f0d1762554014ce0ae347b9f0d088f2c157c8c72 NOTE: unimportant as CONFIG_PARIDE_PCD not enabled in Debian builds CVE-2019-15922 (An issue was discovered in the Linux kernel before 5.0.9. There is a N ...) - linux (Vulnerability never present) NOTE: https://git.kernel.org/linus/58ccd2d31e502c37e108b285bf3d343eb00c235b NOTE: unimportant as CONFIG_PARIDE_PF not enabled in Debian builds CVE-2019-15921 (An issue was discovered in the Linux kernel before 5.0.6. There is a m ...) - linux 4.19.37-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/ceabee6c59943bdd5e1da1a6a20dc7ee5f8113a2 CVE-2019-15920 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_read i ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/088aaf17aa79300cab14dbee2569c58cfafd7d6e CVE-2019-15919 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_write ...) - linux 4.19.37-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/6a3eb3360667170988f8a6477f6686242061488a CVE-2019-15918 (An issue was discovered in the Linux kernel before 5.0.10. SMB2_negoti ...) - linux 5.2.6-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/b57a55e2200ede754e4dc9cce4ba9402544b9365 CVE-2019-15917 (An issue was discovered in the Linux kernel before 5.0.5. There is a u ...) {DLA-2114-1 DLA-1930-1} - linux 4.19.37-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/56897b217a1d0a91c9920cb418d6b3fe922f590a CVE-2019-15916 (An issue was discovered in the Linux kernel before 5.0.1. There is a m ...) - linux 4.19.28-1 [stretch] - linux 4.9.168-1 [jessie] - linux 3.16.70-1 NOTE: https://git.kernel.org/linus/895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab CVE-2019-15915 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCG ...) NOT-FOR-US: Xiaomi devices CVE-2019-15914 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDC ...) NOT-FOR-US: Xiaomi devices CVE-2019-15913 (An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDC ...) NOT-FOR-US: Xiaomi devices CVE-2019-15912 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, ...) NOT-FOR-US: ASUS devices CVE-2019-15911 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, ...) NOT-FOR-US: ASUS devices CVE-2019-15910 (An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, ...) NOT-FOR-US: ASUS devices CVE-2019-15909 RESERVED CVE-2019-15908 RESERVED CVE-2019-15907 RESERVED CVE-2019-15906 RESERVED CVE-2019-15905 RESERVED CVE-2019-15904 RESERVED CVE-2019-15903 (In libexpat before 2.2.8, crafted XML input could fool the parser into ...) {DSA-4571-1 DSA-4549-1 DSA-4530-1 DLA-1997-1 DLA-1987-1 DLA-1912-1} - expat 2.2.7-2 (bug #939394) - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - chromium (uses system libexpat) - thunderbird 1:68.2.1-1 NOTE: https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 NOTE: https://github.com/libexpat/libexpat/issues/317 NOTE: https://github.com/libexpat/libexpat/pull/318 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-15903 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-15903 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-15903 NOTE: src:hromium uses the system expat library. CVE-2019-15902 (A backporting error was discovered in the Linux stable/longterm kernel ...) {DSA-4531-1 DLA-1940-1} - linux 5.2.17-1 [jessie] - linux (Bug never introduced) NOTE: https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php CVE-2019-15901 (An issue was discovered in slicer69 doas before 6.2 on certain platfor ...) NOT-FOR-US: slicer69 doas CVE-2019-15900 (An issue was discovered in slicer69 doas before 6.2 on certain platfor ...) NOT-FOR-US: slicer69 doas CVE-2019-15899 RESERVED CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the username o ...) NOT-FOR-US: Nagios Log Server CVE-2019-15897 (beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Byp ...) NOT-FOR-US: BeeGFS CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5 for Wor ...) NOT-FOR-US: LifterLMS plugin for WordPress CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 for Wor ...) NOT-FOR-US: "Search Exclude" plugin for WordPress CVE-2019-15894 (An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, ...) NOT-FOR-US: Espressif CVE-2019-15893 (Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Cod ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...) NOT-FOR-US: CKFinder CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ...) {DSA-4616-1 DLA-1927-1} - slirp4netns 0.4.1-1 (bug #939868) [buster] - slirp4netns (Minor issue) - qemu 1:4.1-2 (bug #939869) - qemu-kvm NOTE: https://www.openwall.com/lists/oss-security/2019/09/06/3 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/c59279437eda91841b9d26079c70b8a540d41204 NOTE: 1:4.1-2 switched to system libslirp, marking that version as fixed NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-jx98-2j5v-w265 CVE-2019-15889 (The download-manager plugin before 2.9.94 for WordPress has XSS via th ...) NOT-FOR-US: download-manager plugin for WordPress CVE-2019-15888 REJECTED CVE-2019-15887 REJECTED CVE-2019-15886 REJECTED CVE-2019-15885 REJECTED CVE-2019-15884 REJECTED CVE-2019-15883 REJECTED CVE-2019-15882 REJECTED CVE-2019-15881 REJECTED CVE-2019-15880 (In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, ins ...) NOT-FOR-US: FreeBSD CVE-2019-15879 (In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-ST ...) NOT-FOR-US: FreeBSD CVE-2019-15878 (In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:14.sctp.asc CVE-2019-15877 (In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-REL ...) NOT-FOR-US: FreeBSD CVE-2019-15876 (In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2019-15875 (In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:03.thrmisc.asc CVE-2019-15874 (In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:10.ipfw.asc CVE-2019-15873 (The profilegrid-user-profiles-groups-and-communities plugin before 2.8 ...) NOT-FOR-US: profilegrid-user-profiles-groups-and-communities plugin for WordPress CVE-2019-15872 (The LoginPress plugin before 1.1.4 for WordPress has SQL injection via ...) NOT-FOR-US: LoginPress plugin for WordPress CVE-2019-15871 (The LoginPress plugin before 1.1.4 for WordPress has no capability che ...) NOT-FOR-US: LoginPress plugin for WordPress CVE-2019-15870 (The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Ph ...) NOT-FOR-US: CarSpot theme for WordPress CVE-2019-15869 (The JobCareer theme before 2.5.1 for WordPress has stored XSS. ...) NOT-FOR-US: JobCareer theme for WordPress CVE-2019-15868 (The affiliates-manager plugin before 2.6.6 for WordPress has CSRF. ...) NOT-FOR-US: affiliates-manager plugin for WordPress CVE-2019-15867 (The slick-popup plugin before 1.7.2 for WordPress has a hardcoded Omak ...) NOT-FOR-US: slick-popup plugin for WordPress CVE-2019-15866 (The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file ...) NOT-FOR-US: crelly-slider plugin for WordPress CVE-2019-15865 (The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF. ...) NOT-FOR-US: breadcrumbs-by-menu plugin for WordPress CVE-2019-15864 (The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. ...) NOT-FOR-US: breadcrumbs-by-menu plugin for WordPress CVE-2019-15863 (The ConvertPlus plugin before 3.4.5 for WordPress has an unintended ac ...) NOT-FOR-US: ConvertPlus plugin for WordPress CVE-2019-15892 (An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x a ...) {DSA-4514-1} - varnish 6.2.1-1 (bug #939333) [stretch] - varnish (Only a security issue in 6.0 and later) [jessie] - varnish (Only a security issue in 6.0 and later) NOTE: https://varnish-cache.org/security/VSV00003.html NOTE: https://github.com/varnishcache/varnish-cache/commit/1cb778f6f69737109e8c070a74b8e95b78f46d13 NOTE: https://github.com/varnishcache/varnish-cache/commit/0f0e51e9871ed1bd1236378f8b0dea0d33df4e9e NOTE: https://github.com/varnishcache/varnish-cache/commit/72df38fa8bfc0f5ca4a75d3e32657e8e590d85ab NOTE: https://github.com/varnishcache/varnish-cache/commit/dd47e658a0de9d12c433a4a01fb43ea4fe4d3a41 NOTE: https://github.com/varnishcache/varnish-cache/commit/34717183beda3803e3d54c9826a1a9f026ca2505 NOTE: https://github.com/varnishcache/varnish-cache/commit/ec3997a59a93cbc13a3cba22dfe0b4c4710a8f65 NOTE: https://github.com/varnishcache/varnish-cache/commit/af13de03eaa3d04f60ada52ed3235d545b8d3973 NOTE: https://github.com/varnishcache/varnish-cache/commit/6da64a47beff44ecdb45c82b033811f2d19819af CVE-2019-15862 (An issue was discovered in CKFinder through 2.6.2.1. Improper checks o ...) NOT-FOR-US: CKFinder CVE-2019-15861 RESERVED CVE-2019-15860 (Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2. ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-15859 (Password disclosure in the web interface on socomec DIRIS A-40 devices ...) NOT-FOR-US: DIRIS CVE-2019-15858 (admin/includes/class.import.snippet.php in the "Woody ad snippets" plu ...) NOT-FOR-US: "Woody ad snippets" plugin for WordPress CVE-2019-15857 RESERVED CVE-2019-15856 RESERVED CVE-2019-15855 (An issue was discovered in Maarch RM before 2.5. A path traversal vuln ...) NOT-FOR-US: Maarch RM CVE-2019-15854 (An issue was discovered in Maarch RM before 2.5. A privilege escalatio ...) NOT-FOR-US: Maarch RM CVE-2019-15853 RESERVED CVE-2019-15852 RESERVED CVE-2019-15851 REJECTED CVE-2019-15850 (eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execut ...) NOT-FOR-US: eQ-3 HomeMatic CCU3 CVE-2019-15849 (eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attac ...) NOT-FOR-US: eQ-3 HomeMatic CCU3 CVE-2019-15848 (JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XS ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-15847 (The POWER9 backend in GNU Compiler Collection (GCC) before version 10 ...) - gcc-7 7.4.0-12 [buster] - gcc-7 (minor issue, affects only POWER9 binaries) - gcc-8 8.3.0-22 [buster] - gcc-8 (minor issue, affects only POWER9 binaries) - gcc-9 9.2.1-7 (low) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481 CVE-2019-15846 (Exim before 4.92.2 allows remote attackers to execute arbitrary code a ...) {DSA-4517-1 DLA-1911-1} - exim4 4.92.1-3 NOTE: https://www.openwall.com/lists/oss-security/2019/09/04/1 NOTE: https://git.exim.org/exim.git/commit/2600301ba6dbac5c9d640c87007a07ee6dcea1f4 CVE-2019-15845 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 misha ...) {DSA-4587-1 DSA-4586-1 DLA-2007-1} - ruby2.5 2.5.7-1 - ruby2.3 - ruby2.1 - jruby (Dir.java in JRuby does not have this C string handling bug from dir.c in Ruby) NOTE: https://github.com/ruby/ruby/commit/a0a2640b398cffd351f87d3f6243103add66575b NOTE: https://hackerone.com/reports/449617 NOTE: https://www.ruby-lang.org/en/news/2019/10/01/nul-injection-file-fnmatch-cve-2019-15845/ CVE-2019-15844 RESERVED CVE-2019-15843 (A malicious file upload vulnerability was discovered in Xiaomi Millet ...) NOT-FOR-US: Xiaomi CVE-2019-15842 (The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress ...) NOT-FOR-US: easy-pdf-restaurant-menu-upload plugin for WordPress CVE-2019-15841 (The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CS ...) NOT-FOR-US: facebook-for-woocommerce plugin for WordPress CVE-2019-15840 (The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CS ...) NOT-FOR-US: facebook-for-woocommerce plugin for WordPress CVE-2019-15839 (The sina-extension-for-elementor plugin before 2.2.1 for WordPress has ...) NOT-FOR-US: sina-extension-for-elementor plugin for WordPress CVE-2019-15838 (The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS ...) NOT-FOR-US: custom-404-pro plugin for WordPress CVE-2019-15837 (The webp-express plugin before 0.14.8 for WordPress has stored XSS. ...) NOT-FOR-US: webp-express plugin for WordPress CVE-2019-15836 (The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored X ...) NOT-FOR-US: wp-ultimate-recipe plugin for WordPress CVE-2019-15835 (The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. ...) NOT-FOR-US: wp-better-permalinks plugin for WordPress CVE-2019-15834 (The webp-converter-for-media plugin before 1.0.3 for WordPress has CSR ...) NOT-FOR-US: webp-converter-for-media plugin for WordPress CVE-2019-15833 (The simple-mail-address-encoder plugin before 1.7 for WordPress has re ...) NOT-FOR-US: simple-mail-address-encoder plugin for WordPress CVE-2019-15832 (The visitors-traffic-real-time-statistics plugin before 1.13 for WordP ...) NOT-FOR-US: visitors-traffic-real-time-statistics plugin for WordPress CVE-2019-15831 (The visitors-traffic-real-time-statistics plugin before 1.12 for WordP ...) NOT-FOR-US: visitors-traffic-real-time-statistics plugin for WordPress CVE-2019-15830 (The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. ...) NOT-FOR-US: icegram plugin for WordPress CVE-2019-15829 (The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp ...) NOT-FOR-US: photoblocks-grid-gallery plugin for WordPress CVE-2019-15828 (The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. ...) NOT-FOR-US: one-click-ssl plugin for WordPress CVE-2019-15827 (The onesignal-free-web-push-notifications plugin before 1.17.8 for Wor ...) NOT-FOR-US: onesignal-free-web-push-notifications plugin for WordPress CVE-2019-15826 (The wps-hide-login plugin before 1.5.3 for WordPress has a protection ...) NOT-FOR-US: wps-hide-login plugin for WordPress CVE-2019-15825 (The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp& ...) NOT-FOR-US: wps-hide-login plugin for WordPress CVE-2019-15824 (The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash ...) NOT-FOR-US: wps-hide-login plugin for WordPress CVE-2019-15823 (The wps-hide-login plugin before 1.5.3 for WordPress has an action=con ...) NOT-FOR-US: wps-hide-login plugin for WordPress CVE-2019-15822 (The wps-child-theme-generator plugin before 1.2 for WordPress has clas ...) NOT-FOR-US: wps-child-theme-generator plugin for WordPress CVE-2019-15821 (The bold-page-builder plugin before 2.3.2 for WordPress has no protect ...) NOT-FOR-US: bold-page-builder plugin for WordPress CVE-2019-15820 (The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no ...) NOT-FOR-US: login-or-logout-menu-item plugin for WordPress CVE-2019-15819 (The nd-restaurant-reservations plugin before 1.5 for WordPress has no ...) NOT-FOR-US: nd-restaurant-reservations plugin for WordPress CVE-2019-15818 (The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for ...) NOT-FOR-US: simple-301-redirects-addon-bulk-uploader plugin for WordPress CVE-2019-15817 (The easy-property-listings plugin before 3.4 for WordPress has XSS. ...) NOT-FOR-US: easy-property-listings plugin for WordPress CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress has no pro ...) NOT-FOR-US: wp-private-content-plus plugin for WordPress CVE-2019-15815 (ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and ea ...) NOT-FOR-US: ZyXEL CVE-2019-15814 (Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow auth ...) NOT-FOR-US: Sentrifugo CVE-2019-15813 (Multiple file upload restriction bypass vulnerabilities in Sentrifugo ...) NOT-FOR-US: Sentrifugo CVE-2019-15812 RESERVED CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file reporti ...) NOT-FOR-US: DomainMOD CVE-2019-15810 (Insufficient sanitization during device search in Netdisco 2.042010 al ...) NOT-FOR-US: Netdisco CVE-2019-15809 (Smart cards from the Athena SCS manufacturer, based on the Atmel Toolb ...) NOT-FOR-US: Athena SCS CVE-2019-15808 RESERVED CVE-2019-15806 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 ...) NOT-FOR-US: CommScope ARRIS TR4400 devices CVE-2019-15805 (CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 ...) NOT-FOR-US: CommScope ARRIS TR4400 devices CVE-2019-15804 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) NOT-FOR-US: Zyxel CVE-2019-15803 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) NOT-FOR-US: Zyxel CVE-2019-15802 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) NOT-FOR-US: Zyxel CVE-2019-15801 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) NOT-FOR-US: Zyxel CVE-2019-15800 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) NOT-FOR-US: Zyxel CVE-2019-15799 (An issue was discovered on Zyxel GS1900 devices with firmware before 2 ...) NOT-FOR-US: Zyxel CVE-2019-15798 RESERVED CVE-2019-15797 RESERVED CVE-2019-15796 (Python-apt doesn't check if hashes are signed in `Version.fetch_binary ...) {DSA-4609-1 DLA-2074-1} - python-apt 1.8.5 NOTE: https://salsa.debian.org/apt-team/python-apt/commit/b4eef110b7ba4fb21cc0dd92585756f50e0100c9 (1.8.5) NOTE: https://salsa.debian.org/apt-team/python-apt/commit/e3321eb9792bf3b4cace4cee47dc6da00fbee929 (1.8.5) CVE-2019-15795 (python-apt only checks the MD5 sums of downloaded files in `Version.fe ...) {DSA-4609-1 DLA-2074-1} - python-apt 1.8.5 NOTE: https://salsa.debian.org/apt-team/python-apt/commit/e175130e51c2b0424f3dfeb825e3dc598fec1a24 (1.8.5) CVE-2019-15794 (Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the ...) - linux [stretch] - linux (overlayfs passes through mmap) [jessie] - linux (overlayfs not present) NOTE: https://bugs.launchpad.net/bugs/1850994 CVE-2019-15793 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...) - linux (Ubuntu-specific patch set, shiftfs not in Debian kernels) NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867 CVE-2019-15792 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...) - linux (Ubuntu-specific patch set, shiftfs not in Debian kernels) NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867 CVE-2019-15791 (In shiftfs, a non-upstream patch to the Linux kernel included in the U ...) - linux (Ubuntu-specific patch set, shiftfs not in Debian kernels) NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850867 CVE-2019-15790 (Apport reads and writes information on a crashed process to /proc/pid ...) NOT-FOR-US: Apport CVE-2019-15789 (Privilege escalation vulnerability in MicroK8s allows a low privilege ...) NOT-FOR-US: MicroK8s CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 NOTE: https://git.kernel.org/linus/3b0541791453fbe7f42867e310e0c9eb6295364d CVE-2019-15788 (Clara Genomics Analysis before 0.2.0 has an integer overflow for cudap ...) NOT-FOR-US: Clara Genomics Analysis CVE-2019-15787 (libZetta.rs through 0.1.2 has an integer overflow in the zpool parser ...) NOT-FOR-US: libzetta-rs CVE-2019-15786 (ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large ...) NOT-FOR-US: ROBOTIS Dynamixel SDK CVE-2019-15785 (FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_L ...) - fontforge (Vulnerable code introduced later) NOTE: https://github.com/fontforge/fontforge/pull/3886 CVE-2019-15784 (Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array ov ...) - srt 1.4.0-1 (bug #939040) NOTE: https://github.com/Haivision/srt/pull/811 CVE-2019-15783 (Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. ...) - lute-tab (bug #825785) CVE-2019-15782 (WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or ...) NOT-FOR-US: WebTorrent CVE-2019-15781 (The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. ...) NOT-FOR-US: facebook-by-weblizar plugin for WordPress CVE-2019-15780 (The formidable plugin before 4.02.01 for WordPress has unsafe deserial ...) NOT-FOR-US: formidable plugin for WordPress CVE-2019-15779 (The insta-gallery plugin before 2.4.8 for WordPress has no nonce valid ...) NOT-FOR-US: insta-gallery plugin for WordPress CVE-2019-15778 (The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. ...) NOT-FOR-US: woo-variation-gallery plugin for WordPress CVE-2019-15777 (The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/a ...) NOT-FOR-US: shapepress-dsgvo plugin for WordPress CVE-2019-15776 (The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for W ...) NOT-FOR-US: simple-301-redirects-addon-bulk-uploader plugin for WordPress CVE-2019-15775 (The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX act ...) NOT-FOR-US: nd-learning plugin for WordPress CVE-2019-15774 (The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX acti ...) NOT-FOR-US: nd-booking plugin for WordPress CVE-2019-15773 (The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX actio ...) NOT-FOR-US: nd-travel plugin for WordPress CVE-2019-15772 (The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX ac ...) NOT-FOR-US: nd-donations plugin for WordPress CVE-2019-15771 (The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX a ...) NOT-FOR-US: nd-shortcodes plugin for WordPress CVE-2019-15770 (The woo-address-book plugin before 1.6.0 for WordPress has save calls ...) NOT-FOR-US: woo-address-book plugin for WordPress CVE-2019-15769 (The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via a ...) NOT-FOR-US: handl-utm-grabber plugin for WordPress CVE-2019-15768 RESERVED CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...) - gnuchess 6.2.7-1 (unimportant; bug #936023) NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html NOTE: Neutralised by toolchain hardening, no security impact CVE-2019-15766 (The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android al ...) NOT-FOR-US: KSLABS KSWEB CVE-2019-15765 RESERVED CVE-2019-15764 RESERVED CVE-2019-15763 RESERVED CVE-2019-15762 RESERVED CVE-2019-15761 RESERVED CVE-2019-15760 RESERVED CVE-2019-15759 (An issue was discovered in Binaryen 1.38.32. Two visitors in ir/Expres ...) - binaryen 89-1 (unimportant; bug #936024) NOTE: https://github.com/WebAssembly/binaryen/issues/2288 NOTE: Crash in CLI tool, no security impact CVE-2019-15758 (An issue was discovered in Binaryen 1.38.32. Missing validation rules ...) - binaryen 89-1 (unimportant; bug #936024) NOTE: https://github.com/WebAssembly/binaryen/issues/2288 NOTE: Crash in CLI tool, no security impact CVE-2019-15757 (libMirage 3.2.2 in CDemu has a NULL pointer dereference in the NRG par ...) NOT-FOR-US: libMirage CVE-2019-15756 RESERVED CVE-2019-15755 RESERVED CVE-2019-15754 RESERVED CVE-2019-15753 (In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC ...) - python-os-vif 1.15.2-1 (low; bug #939288) [buster] - python-os-vif (Vulnerable code introduced in 1.15.0) [stretch] - python-os-vif (Vulnerable code introduced in 1.15.0) NOTE: https://security.openstack.org/ossa/OSSA-2019-004.html NOTE: https://launchpad.net/bugs/1837252 CVE-2019-15752 (Docker Desktop Community Edition before 2.1.0.1 allows local users to ...) - docker.io (Issue specific to Docker for Windows) CVE-2019-15751 (An unrestricted file upload vulnerability in SITOS six Build v6.2.1 al ...) NOT-FOR-US: SITOS CVE-2019-15750 (A Cross-Site Scripting (XSS) vulnerability in the blog function in SIT ...) NOT-FOR-US: SITOS CVE-2019-15749 (SITOS six Build v6.2.1 allows a user to change their password and reco ...) NOT-FOR-US: SITOS CVE-2019-15748 (SITOS six Build v6.2.1 permits unauthorised users to upload and import ...) NOT-FOR-US: SITOS CVE-2019-15747 (SITOS six Build v6.2.1 allows a user with the user role of Seminar Coo ...) NOT-FOR-US: SITOS CVE-2019-15746 (SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP comm ...) NOT-FOR-US: SITOS CVE-2019-15745 (The Eques elf smart plug and the mobile app use a hardcoded AES 256 bi ...) NOT-FOR-US: Eques elf smart plug CVE-2019-15744 (The Sony Xperia Xperia XZs Android device with a build fingerprint of ...) NOT-FOR-US: Sony CVE-2019-15743 (The Sony Xperia Touch Android device with a build fingerprint of Sony/ ...) NOT-FOR-US: Sony CVE-2019-15742 (A local privilege-escalation vulnerability exists in the Poly Plantron ...) NOT-FOR-US: Poly Plantronics Hub CVE-2019-15741 (An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsaf ...) NOT-FOR-US: GitLab Omnibus CVE-2019-15740 (An issue was discovered in GitLab Community and Enterprise Edition 7.9 ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15739 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15738 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...) - gitlab (Only affects 12.0 and later) NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15737 (An issue was discovered in GitLab Community and Enterprise Edition thr ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15736 (An issue was discovered in GitLab Community and Enterprise Edition thr ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15735 RESERVED CVE-2019-15734 (An issue was discovered in GitLab Community and Enterprise Edition 8.6 ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15733 (An issue was discovered in GitLab Community and Enterprise Edition 7.1 ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15732 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...) - gitlab (Only affects 12.2 and later) NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15731 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...) - gitlab (Only affects 12.0 and later) NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15730 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15729 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15728 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15727 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15726 (An issue was discovered in GitLab Community and Enterprise Edition thr ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15725 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...) - gitlab (only affects 12.0 and later) NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15724 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15723 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab (Only affects versions 11.9.4-11.10.0) NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15722 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15721 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15720 (CloudBerry Backup v6.1.2.34 allows local privilege escalation via a Pr ...) NOT-FOR-US: CloudBerry Backup CVE-2019-15719 (Altair PBS Professional through 19.1.2 allows Privilege Escalation bec ...) NOT-FOR-US: Altair PBS Professional CVE-2019-15718 (In systemd 240, bus_open_system_watch_bind_with_description in shared/ ...) - systemd 242-7 (bug #939353) [buster] - systemd 241-7~deb10u2 [stretch] - systemd (Vulnerable code introduced later) [jessie] - systemd (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2019/09/03/1 NOTE: https://github.com/systemd/systemd/pull/13457 NOTE: https://github.com/systemd/systemd/commit/35e528018f315798d3bffcb592b32a0d8f5162bd CVE-2019-15717 (Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends ...) - irssi 1.2.2-1 (bug #936074) [buster] - irssi (Minor issue) [stretch] - irssi (Vulnerable code not present) [jessie] - irssi (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2019/08/29/3 NOTE: https://irssi.org/security/irssi_sa_2019_08.txt NOTE: https://github.com/irssi/irssi/commit/5a4e7ab659aba2855895c9f43e9a7a131f4e89b3 CVE-2019-15716 (WTF before 0.19.0 does not set the permissions of config.yml, which mi ...) NOT-FOR-US: wtfutil CVE-2019-15715 (MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command I ...) - mantis CVE-2019-15714 (cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ ...) NOT-FOR-US: Entropic CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. ...) NOT-FOR-US: my-calendar plugin for WordPress CVE-2019-15712 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...) NOT-FOR-US: FortiMail admin webUI CVE-2019-15711 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...) NOT-FOR-US: Fortiguard FortiClient CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...) NOT-FOR-US: FortiExtender CVE-2019-15709 (An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and ...) NOT-FOR-US: Fortiguard CVE-2019-15708 (A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6. ...) NOT-FOR-US: Fortiguard CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...) NOT-FOR-US: FortiMail admin webUI CVE-2019-15706 RESERVED CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN portal of Fo ...) NOT-FOR-US: Fortinet FortiOS CVE-2019-15704 (A clear text storage of sensitive information vulnerability in FortiCl ...) NOT-FOR-US: Fortinet CVE-2019-15703 (An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2. ...) NOT-FOR-US: Fortinet CVE-2019-15702 (In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the pars ...) NOT-FOR-US: RIOT RIOT-OS CVE-2019-15701 (components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote atta ...) NOT-FOR-US: BloodHound CVE-2019-15700 (public/js/frappe/form/footer/timeline.js in Frappe Framework 12 throug ...) NOT-FOR-US: Frappe Framework CVE-2019-15699 (An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon rec ...) - suricata 1:4.1.5-1 (low) [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Vulnerable code introduced later) NOTE: https://suricata-ids.org/2019/09/24/suricata-4-1-5-released/ CVE-2019-15698 (In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, ...) NOT-FOR-US: Octopus Deploy CVE-2019-15697 RESERVED CVE-2019-15696 RESERVED CVE-2019-15695 (TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflo ...) - tigervnc 1.10.1+dfsg-1 (bug #947428) [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 [stretch] - tigervnc 1.7.0+dfsg-7+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/6c47340e095258a959c95db9aa2a6c715d62bf7c (v1.10.1) CVE-2019-15694 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...) - tigervnc 1.10.1+dfsg-1 (bug #947428) [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 [stretch] - tigervnc 1.7.0+dfsg-7+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/0943c006c7d900dfc0281639e992791d6c567438 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/f287032d3643a6437f7de0ed35f4c45bb735522d (v1.10.1) CVE-2019-15693 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...) - tigervnc 1.10.1+dfsg-1 (bug #947428) [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 [stretch] - tigervnc 1.7.0+dfsg-7+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/46c081926efd83c90a45c0a96b1b5bc1927e1346 (v1.10.1) CVE-2019-15692 (TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow ...) - tigervnc 1.10.1+dfsg-1 (bug #947428) [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 [stretch] - tigervnc 1.7.0+dfsg-7+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/996356b6c65ca165ee1ea46a571c32a1dc3c3821 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/ff08ca78b24b5a4ed5263245c7ce8744059ff4ad (v1.10.1) CVE-2019-15691 (TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-retu ...) - tigervnc 1.10.1+dfsg-1 (bug #947428) [buster] - tigervnc 1.9.0+dfsg-3+deb10u1 [stretch] - tigervnc 1.7.0+dfsg-7+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/TigerVNC/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40 (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/042de4642293df9b72a08189c249e2da79cbca91 (v1.10.1) CVE-2019-15690 RESERVED {DLA-2146-1} - libvncserver 0.9.12+dfsg-9 (bug #954163) [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4 NOTE: https://www.openwall.com/lists/oss-security/2019/12/20/2 NOTE: https://github.com/LibVNC/libvncserver/issues/381 NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed CVE-2019-15689 (Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky To ...) NOT-FOR-US: Kaspersky CVE-2019-15688 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) NOT-FOR-US: Kaspersky CVE-2019-15687 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) NOT-FOR-US: Kaspersky CVE-2019-15686 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) NOT-FOR-US: Kaspersky CVE-2019-15685 (Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Sec ...) NOT-FOR-US: Kaspersky CVE-2019-15684 (Kaspersky Protection extension for web browser Google Chrome prior to ...) NOT-FOR-US: Kaspersky Protection extension for web browser Google Chrome CVE-2019-15683 (TurboVNC server code contains stack buffer overflow vulnerability in c ...) NOT-FOR-US: TurboVNC CVE-2019-15682 (RDesktop version 1.8.4 contains multiple out-of-bound access read vuln ...) {DSA-4473-1 DLA-1837-1} - rdesktop 1.8.6-1 NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/ CVE-2019-15681 (LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains ...) {DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-1977-1} [experimental] - libvncserver 0.9.12+dfsg-1 - libvncserver 0.9.12+dfsg-3 (low; bug #943793) [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u1 [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u2 - italc [stretch] - italc 1:3.0.3+dfsg1-1+deb9u1 - tightvnc 1:1.3.9-9.1 [buster] - tightvnc 1:1.3.9-9deb10u1 [stretch] - tightvnc 1:1.3.9-9+deb9u1 - vino 3.22.0-6 (bug #945784) [buster] - vino (Minor issue) [stretch] - vino (Minor issue) NOTE: https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a CVE-2019-15680 (TightVNC code version 1.3.10 contains null pointer dereference in Hand ...) {DLA-2045-1} - tightvnc 1:1.3.9-9.1 (unimportant; bug #945364) [buster] - tightvnc 1:1.3.9-9deb10u1 [stretch] - tightvnc 1:1.3.9-9+deb9u1 - italc (unimportant) - libvncserver (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5 NOTE: https://github.com/sunweaver/libvncserver/commit/85d00057b5daf71675462c9b175d8cb2d47cd0e1 NOTE: Non-issue in libvncserver's case: https://github.com/LibVNC/libvncserver/issues/359#issuecomment-599202068 CVE-2019-15679 (TightVNC code version 1.3.10 contains heap buffer overflow in Initiali ...) {DLA-2045-1} - tightvnc 1:1.3.9-9.1 (bug #945364) [buster] - tightvnc 1:1.3.9-9deb10u1 [stretch] - tightvnc 1:1.3.9-9+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5 NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7 NOTE: part of CVE-2018-20748/libvncserver CVE-2019-15678 (TightVNC code version 1.3.10 contains heap buffer overflow in rfbServe ...) {DLA-2045-1} - tightvnc 1:1.3.9-9.1 (bug #945364) [buster] - tightvnc 1:1.3.9-9deb10u1 [stretch] - tightvnc 1:1.3.9-9+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5 NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a NOTE: part of CVE-2018-20748/libvnvserver CVE-2019-15677 RESERVED CVE-2019-15676 RESERVED CVE-2019-15675 RESERVED CVE-2019-15674 RESERVED CVE-2019-15673 RESERVED CVE-2019-15672 RESERVED CVE-2019-15671 RESERVED CVE-2019-15670 RESERVED CVE-2019-15669 RESERVED CVE-2019-15668 RESERVED CVE-2019-15667 RESERVED CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There is an ...) {DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux 3.16.72-1 NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427 CVE-2019-15665 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) NOT-FOR-US: Rivet Killer Control Center CVE-2019-15664 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) NOT-FOR-US: Rivet Killer Control Center CVE-2019-15663 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) NOT-FOR-US: Rivet Killer Control Center CVE-2019-15662 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) NOT-FOR-US: Rivet Killer Control Center CVE-2019-15661 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) NOT-FOR-US: Rivet Killer Control Center CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...) NOT-FOR-US: wp-members plugin for WordPress CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection, ...) NOT-FOR-US: pie-register plugin for WordPress CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...) NOT-FOR-US: connect-pg-simple CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute ...) NOT-FOR-US: eslint-utils CVE-2019-15656 (D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to ...) NOT-FOR-US: D-Link CVE-2019-15655 (D-Link DSL-2875AL devices through 1.00.05 are prone to password disclo ...) NOT-FOR-US: D-Link CVE-2019-15654 (Comba AC2400 devices are prone to password disclosure via a simple cra ...) NOT-FOR-US: Comba CVE-2019-15653 (Comba AP2600-I devices through A02,0202N00PD2 are prone to password di ...) NOT-FOR-US: Comba CVE-2019-15652 (The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices ...) NOT-FOR-US: NSSLGlobal SatLink VSAT Modem Unit (VMU) devices CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...) - wolfssl 4.1.0+dfsg-2 NOTE: https://github.com/wolfSSL/wolfssl/issues/2421 CVE-2019-15650 (The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPr ...) NOT-FOR-US: stops-core-theme-and-plugin-updates plugin for WordPress CVE-2019-15649 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...) NOT-FOR-US: insert-or-embed-articulate-content-into-wordpress plugin for WordPress CVE-2019-15648 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...) NOT-FOR-US: insert-or-embed-articulate-content-into-wordpress plugin for WordPress CVE-2019-15647 (The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-aj ...) NOT-FOR-US: groundhogg plugin for WordPress CVE-2019-15646 (The rsvpmaker plugin before 6.2 for WordPress has SQL injection. ...) NOT-FOR-US: rsvpmaker plugin for WordPress CVE-2019-15645 (The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. ...) NOT-FOR-US: zoho-salesiq plugin for WordPress CVE-2019-15644 (The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. ...) NOT-FOR-US: zoho-salesiq plugin for WordPress CVE-2019-15643 (The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. ...) NOT-FOR-US: ultimate-faqs plugin for WordPress CVE-2019-15642 (rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execu ...) - webmin CVE-2019-15641 (xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. B ...) - webmin CVE-2019-15640 (Limesurvey before 3.17.10 does not validate both the MIME type and fil ...) - limesurvey (bug #472802) CVE-2019-15639 (main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remot ...) - asterisk (Vulnerable code introduced later) NOTE: https://downloads.asterisk.org/pub/security/AST-2019-005.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28499 NOTE: Issue was introduced specifically only in versions 13.28.0 and 16.5.0 upstream NOTE: and got fixed in 13.28.1 respectively 16.5.1. CVE-2019-15638 (COPA-DATA zenone32 zenon Editor through 8.10 has an Uncontrolled Searc ...) NOT-FOR-US: COPA-DATA zenone32 zenon Editor CVE-2019-15637 (Numerous Tableau products are vulnerable to XXE via a malicious workbo ...) NOT-FOR-US: Tableau CVE-2019-15636 RESERVED CVE-2019-15635 (An issue was discovered in Grafana 5.4.0. Passwords for data sources u ...) - grafana CVE-2019-15634 RESERVED CVE-2019-15633 RESERVED CVE-2019-15632 RESERVED CVE-2019-15631 (Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API ...) NOT-FOR-US: MuleSoft CVE-2019-15630 (Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider com ...) NOT-FOR-US: MuleSoft CVE-2019-15629 (Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is ...) NOT-FOR-US: Trend Micro CVE-2019-15628 (Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affecte ...) NOT-FOR-US: Trend Micro CVE-2019-15627 (Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent ar ...) NOT-FOR-US: Trend Micro CVE-2019-15626 (The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), ...) NOT-FOR-US: Deep Security Manager application (Trend Micro) CVE-2019-15625 (A memory usage vulnerability exists in Trend Micro Password Manager 3. ...) NOT-FOR-US: Trend Micro CVE-2019-15624 (Improper Input Validation in Nextcloud Server 15.0.7 allows group admi ...) - nextcloud-server (bug #941708) CVE-2019-15623 (Exposure of Private Information in Nextcloud Server 16.0.1 causes the ...) - nextcloud-server (bug #941708) CVE-2019-15622 (Not strictly enough sanitization in the Nextcloud Android app 3.6.0 al ...) NOT-FOR-US: Nextcloud Android App CVE-2019-15621 (Improper permissions preservation in Nextcloud Server 16.0.1 causes sh ...) - nextcloud-server (bug #941708) CVE-2019-15620 (Improper access control in Nextcloud Talk 6.0.3 leaks the existance an ...) NOT-FOR-US: Nextcloud Talk CVE-2019-15619 (Improper neutralization of file names, conversation names and board na ...) - nextcloud-server (bug #941708) CVE-2019-15618 (Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a ...) - nextcloud-server (bug #941708) CVE-2019-15617 (A missing check in Nextcloud Server 17.0.0 allowed an attacker to set ...) - nextcloud-server (bug #941708) CVE-2019-15616 (Dangling remote share attempts in Nextcloud 16 allow a DNS pollution w ...) - nextcloud-server (bug #941708) CVE-2019-15615 (A wrong check for the system time in the Android App 3.9.0 causes a by ...) NOT-FOR-US: Nextcloud Android app CVE-2019-15614 (Missing sanitization in the iOS App 2.24.4 causes an XSS when opening ...) NOT-FOR-US: Nextcloud iOS App CVE-2019-15613 (A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend t ...) - nextcloud-server (bug #941708) CVE-2019-15612 (A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be c ...) - nextcloud-server (bug #941708) CVE-2019-15611 (Violation of Secure Design Principles in the iOS App 2.23.0 causes the ...) NOT-FOR-US: Nextcloud iOS App CVE-2019-15610 (Improper authorization in the Circles app 0.17.7 causes retaining acce ...) NOT-FOR-US: Circles app CVE-2019-15609 (The kill-port-process package version < 2.2.0 is vulnerable to a Co ...) NOT-FOR-US: Node kill-port-process CVE-2019-15608 (The package integrity validation in yarn < 1.19.0 contains a TOCTOU ...) - node-yarnpkg 1.19.1-1 [buster] - node-yarnpkg (Minor issue) NOTE: https://hackerone.com/reports/703138 CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: <= ...) NOT-FOR-US: node-red CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...) {DSA-4669-1} - nodejs 10.19.0~dfsg-1 [stretch] - nodejs (Nodejs in stretch not covered by security support) [jessie] - nodejs (Nodejs in jessie not covered by security support) NOTE: https://hackerone.com/reports/730779 NOTE: https://github.com/nodejs/node/commit/2eee90e959ca4abaf53caf238d063c396f2ea17c (v10.19.0) CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payl ...) {DSA-4669-1} - nodejs 10.19.0~dfsg-1 [stretch] - nodejs (Nodejs in stretch not covered by security support) [jessie] - nodejs (Nodejs in jessie not covered by security support) - http-parser 2.9.4-2 (bug #977467) [buster] - http-parser 2.8.1-1+deb10u1 [stretch] - http-parser (Invasive patch, requires prior content-length support and public struct changes that break ABI) [jessie] - http-parser (Invasive patch, requires prior content-length support and public struct changes that break ABI) NOTE: https://hackerone.com/reports/735748 NOTE: https://github.com/nodejs/http-parser/commit/7d5c99d09f6743b055d53fc3f642746d9801479b (http-parser) NOTE: nodejs/10.19.0~dfsg-1 contains both the source fix but switches as well NOTE: back to use shared libhttp-parser again. CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...) {DSA-4669-1} - nodejs 10.19.0~dfsg-1 [stretch] - nodejs (Nodejs in stretch not covered by security support) [jessie] - nodejs (Nodejs in jessie not covered by security support) NOTE: https://hackerone.com/reports/746733 NOTE: https://github.com/nodejs/node/commit/f940bee3b7da865e28093472dee9ce664f273f6d (v10.19.0) CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scriptin ...) NOT-FOR-US: seefl CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and escapin ...) NOT-FOR-US: fileview CVE-2019-15601 REJECTED CVE-2019-15600 (A Path traversal exists in http_server which allows an attacker to rea ...) NOT-FOR-US: Node module http_server CVE-2019-15599 (A Code Injection exists in tree-kill on Windows which allows a remote ...) NOT-FOR-US: Node module tree-kill CVE-2019-15598 (A Code Injection exists in treekill on Windows which allows a remote c ...) NOT-FOR-US: Node module treekill CVE-2019-15597 (A code injection exists in node-df v0.1.4 that can allow an attacker t ...) NOT-FOR-US: Node module node-df CVE-2019-15596 (A path traversal in statics-server exists in all version that allows a ...) NOT-FOR-US: Node module statics-server CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =<3.10.6 th ...) NOT-FOR-US: UniFi Video Controller CVE-2019-15594 (GitLab 11.8 and later contains a security vulnerability that allows a ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a user to ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://hackerone.com/reports/557154 NOTE: https://gitlab.com/gitlab-org/gitlab/commit/5af535d919c50951513f5859730afd924a01c29b CVE-2019-15592 (GitLab 12.2.2 and below contains a security vulnerability that allows ...) [experimental] - gitlab 12.0.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ CVE-2019-15591 (An improper access control vulnerability exists in GitLab <12.3.3 t ...) - gitlab 12.6.8-3 NOTE: https://hackerone.com/reports/676976 CVE-2019-15590 (An access control issue exists in < 12.3.5, < 12.2.8, and < 1 ...) - gitlab (Only affects GitLab EE 11.5 and later) NOTE: https://hackerone.com/reports/701144 NOTE: https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/ CVE-2019-15589 (An improper access control vulnerability exists in Gitlab <v12.3.2, ...) - gitlab 12.6.8-3 NOTE: https://hackerone.com/reports/497047 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15588 (There is an OS Command Injection in Nexus Repository Manager <= 2.1 ...) NOT-FOR-US: Nexus Repository Manager CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...) {DSA-4554-1} - ruby-loofah 2.3.1+dfsg-1 (bug #942894) NOTE: https://github.com/flavorjones/loofah/issues/171 CVE-2019-15586 (A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. ...) - gitlab (Only affects Gitlab 12.1) NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15585 (Improper authentication exists in < 12.3.2, < 12.2.6, and < 1 ...) - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6, and < ...) - gitlab 12.6.8-3 NOTE: https://hackerone.com/reports/670572 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15583 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15582 (An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 f ...) - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15581 (An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLa ...) - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com <v12.3.2 ...) - gitlab (Only affects EE) NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15579 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15578 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...) - gitlab 12.6.8-3 NOTE: https://hackerone.com/reports/636560 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15576 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...) - gitlab 12.6.8-3 NOTE: https://hackerone.com/reports/633001 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15575 (A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, a ...) - gitlab 12.6.8-3 NOTE: https://hackerone.com/reports/682442 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-15574 (Gesior-AAC before 2019-05-01 allows serviceID SQL injection in account ...) NOT-FOR-US: Gesior-AAC CVE-2019-15573 (Gesior-AAC before 2019-05-01 allows SQL injection in tankyou.php. ...) NOT-FOR-US: Gesior-AAC CVE-2019-15572 (Gesior-AAC before 2019-05-01 allows ServiceCategoryID SQL injection in ...) NOT-FOR-US: Gesior-AAC CVE-2019-15571 (The WEB control panel before 2019-04-30 for ClonOS allows SQL injectio ...) NOT-FOR-US: WEB control panel for ClonOS CVE-2019-15570 (BEdita through 4.0.0-RC2 allows SQL injection during a save operation ...) NOT-FOR-US: BEdita CVE-2019-15569 (HM Courts & Tribunals ccd-data-store-api before 2019-06-10 allows ...) NOT-FOR-US: HM Courts CVE-2019-15568 (idseq-web before 2019-07-01 in Infectious Disease Sequencing Platform ...) NOT-FOR-US: idseq-web CVE-2019-15567 (OpenForis Arena before 2019-05-07 allows SQL injection in the sorting ...) NOT-FOR-US: OpenForis Arena CVE-2019-15566 (The Alfresco application before 1.8.7 for Android allows SQL injection ...) NOT-FOR-US: Alfresco application for Android CVE-2019-15565 (The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection ...) NOT-FOR-US: PrestaShop CVE-2019-15564 (The Compassion Switzerland addons 10.01.4 for Odoo allow SQL injection ...) NOT-FOR-US: Compassion Switzerland addons for Odoo CVE-2019-15563 (Observational Health Data Sciences and Informatics (OHDSI) WebAPI befo ...) NOT-FOR-US: Observational Health Data Sciences and Informatics CVE-2019-15562 (** DISPUTED ** GORM before 1.9.10 allows SQL injection via incomplete ...) NOT-FOR-US: GORM CVE-2019-15561 (FlashLingo before 2019-06-12 allows SQL injection, related to flashlin ...) NOT-FOR-US: FlashLingo CVE-2019-15560 (The Reviews Module before 2019-06-14 for OpenSource Table allows SQL i ...) NOT-FOR-US: OpenSource Table addon CVE-2019-15559 (DianoxDragon Hawn before 2019-07-10 allows SQL injection. ...) NOT-FOR-US: DianoxDragon Hawn CVE-2019-15558 (XM^online 2 Common Utils and Endpoints 0.2.1 allows SQL injection, rel ...) NOT-FOR-US: XM^online 2 CVE-2019-15557 (XM^online 2 User Account and Authentication server 1.0.0 allows SQL in ...) NOT-FOR-US: XM^online 2 CVE-2019-15556 (Pvanloon1983 social_network before 2019-07-03 allows SQL injection in ...) NOT-FOR-US: Pvanloon1983 CVE-2019-15555 (FredReinink Wellness-app before 2019-06-19 allows SQL injection, relat ...) NOT-FOR-US: FredReinink Wellness-app CVE-2019-15554 (An issue was discovered in the smallvec crate before 0.6.10 for Rust. ...) - rust-smallvec 0.6.10-1 [buster] - rust-smallvec (Minor issue) NOTE: https://github.com/servo/rust-smallvec/issues/149 NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0012.html CVE-2019-15553 (An issue was discovered in the memoffset crate before 0.5.0 for Rust. ...) - rust-memoffset 0.5.1-1 (bug #936025) [buster] - rust-memoffset (Minor issue) NOTE: https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490 NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0011.html CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for Rust. ...) - rust-libflate 0.1.25-1 (bug #969899) [buster] - rust-libflate (Minor issue) NOTE: https://github.com/sile/libflate/issues/35 NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0010.html CVE-2019-15551 (An issue was discovered in the smallvec crate before 0.6.10 for Rust. ...) - rust-smallvec 0.6.10-1 [buster] - rust-smallvec (Minor issue) NOTE: https://github.com/servo/rust-smallvec/issues/148 NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0009.html CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for Rust. ...) NOT-FOR-US: Rust crate simd-json CVE-2019-15549 (An issue was discovered in the asn1_der crate before 0.6.2 for Rust. A ...) NOT-FOR-US: Rust crate asn1_der CVE-2019-15548 (An issue was discovered in the ncurses crate through 5.99.0 for Rust. ...) - rust-ncurses (bug #972100) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0006.html CVE-2019-15547 (An issue was discovered in the ncurses crate through 5.99.0 for Rust. ...) - rust-ncurses (bug #972100) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0006.html CVE-2019-15546 (An issue was discovered in the pancurses crate through 0.16.1 for Rust ...) NOT-FOR-US: Rust crate pancurses CVE-2019-15545 (An issue was discovered in the libp2p-core crate before 0.8.1 for Rust ...) NOT-FOR-US: Rust crate libp2p-core CVE-2019-15544 (An issue was discovered in the protobuf crate before 2.6.0 for Rust. A ...) NOT-FOR-US: Rust crate protobuf CVE-2019-15543 (An issue was discovered in the slice-deque crate before 0.2.0 for Rust ...) NOT-FOR-US: Rust crate slice-deque CVE-2019-15542 (An issue was discovered in the ammonia crate before 2.1.0 for Rust. Th ...) - rust-ammonia (Fixed before initial upload) CVE-2019-15541 (rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for ...) NOT-FOR-US: Rust crate rustls CVE-2019-15540 (filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2. ...) NOT-FOR-US: libMirage CVE-2019-15539 (The proj_doc_edit_page.php Project Documentation feature in MantisBT b ...) - mantis CVE-2019-15538 (An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in ...) {DLA-1919-1} - linux 5.2.17-1 [buster] - linux 4.19.67-2 [stretch] - linux 4.9.189-2 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/1fb254aa983bf190cfd685d40c64a480a9bafaee CVE-2019-15537 (The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL I ...) NOT-FOR-US: SimpleSAMLphp module proxystatistics CVE-2019-15536 (The Acclaim block plugin before 2019-06-26 for Moodle allows SQL Injec ...) NOT-FOR-US: Acclaim block plugin for Moodle CVE-2019-15535 (Tasking Manager before 3.4.0 allows SQL Injection via custom SQL. ...) NOT-FOR-US: Tasking Manager CVE-2019-15534 (Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.upda ...) NOT-FOR-US: Raml-Module-Builder CVE-2019-15533 (XENFCoreSharp before 2019-07-16 allows SQL injection in web/verify.php ...) NOT-FOR-US: XENFCoreSharp CVE-2019-15532 (CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBrut ...) NOT-FOR-US: CyberChef CVE-2019-15531 (GNU Libextractor through 1.9 has a heap-based buffer over-read in the ...) {DLA-1904-1} - libextractor 1:1.9-2 (bug #935553) [buster] - libextractor (Minor issue) [stretch] - libextractor (Minor issue) NOTE: https://bugs.gnunet.org/view.php?id=5846 NOTE: https://git.gnunet.org/libextractor.git/commit/?id=d2b032452241708bee68d02aa02092cfbfba951a CVE-2019-15530 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) NOT-FOR-US: D-Link CVE-2019-15529 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) NOT-FOR-US: D-Link CVE-2019-15528 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) NOT-FOR-US: D-Link CVE-2019-15527 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) NOT-FOR-US: D-Link CVE-2019-15526 (An issue was discovered on D-Link DIR-823G devices with firmware V1.0. ...) NOT-FOR-US: D-Link CVE-2019-15525 (There is Missing SSL Certificate Validation in the pw3270 terminal emu ...) NOT-FOR-US: pw3270 terminal emulator CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php ...) NOT-FOR-US: CSZ CMS CVE-2019-15523 (An issue was discovered in LINBIT csync2 through 2.0. It does not corr ...) {DLA-2515-1} - csync2 2.0-25-gc0faaf9-1 [buster] - csync2 (Minor issue) NOTE: https://github.com/LINBIT/csync2/pull/13/commits/92742544a56bcbcd9ec99ca15f898b31797e39e2 CVE-2019-15522 (An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_ses ...) - csync2 2.0-25-gc0faaf9-1 (bug #955445) [buster] - csync2 2.0-22-gce67c55-1+deb10u1 [stretch] - csync2 2.0-8-g175a01c-4+deb9u1 [jessie] - csync2 (Minor issue) NOTE: https://github.com/LINBIT/csync2/pull/13/commits/0ecfc333da51575f188dd7cf6ac4974d13a800b1 CVE-2019-15521 (Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and ...) NOT-FOR-US: Spoon Library CVE-2019-15520 (comelz Quark before 2019-03-26 allows directory traversal to locations ...) NOT-FOR-US: comelz Quark CVE-2019-15519 (Power-Response before 2019-02-02 allows directory traversal (up to the ...) NOT-FOR-US: Power-Response CVE-2019-15518 (Swoole before 4.2.13 allows directory traversal in swPort_http_static_ ...) NOT-FOR-US: Swoole CVE-2019-15517 (jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory trav ...) NOT-FOR-US: jc21 Nginx Proxy Manager CVE-2019-15516 (Cuberite before 2019-06-11 allows webadmin directory traversal via ... ...) NOT-FOR-US: Cuberite CVE-2019-15515 (Discourse 2.3.2 sends the CSRF token in the query string. ...) NOT-FOR-US: Discourse CVE-2019-15514 (The Privacy > Phone Number feature in the Telegram app 5.10 for And ...) NOT-FOR-US: Telegram app for Android and iOS CVE-2019-15513 (An issue was discovered in OpenWrt libuci (aka Library for the Unified ...) NOT-FOR-US: OpenWrt libuci CVE-2019-15512 RESERVED CVE-2019-15511 (An exploitable local privilege escalation vulnerability exists in the ...) NOT-FOR-US: GOG Galaxy CVE-2019-15510 (ManageEngine_DesktopCentral.exe in Zoho ManageEngine Desktop Central 1 ...) NOT-FOR-US: Zoho CVE-2019-15509 RESERVED CVE-2019-15508 (In Octopus Tentacle versions 3.0.8 to 5.0.0, when a web request proxy ...) NOT-FOR-US: Octopus Tentacle CVE-2019-15507 (In Octopus Deploy versions 2018.8.4 to 2019.7.6, when a web request pr ...) NOT-FOR-US: Octopus Deploy CVE-2019-15506 (An issue was discovered in Kaseya Virtual System Administrator (VSA) t ...) NOT-FOR-US: Kaseya Virtual System Administrator (VSA) CVE-2019-15505 (drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through ...) {DLA-2114-1 DLA-2068-1} - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 CVE-2019-15504 (drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2 ...) - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) CVE-2019-15503 (cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCM ...) NOT-FOR-US: AltaVoz Prontus CVE-2019-15502 (The TeamSpeak client before 3.3.2 allows remote servers to trigger a c ...) - teamspeak-client CVE-2019-15501 (Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-20 ...) NOT-FOR-US: L-Soft LISTSERV CVE-2019-15500 RESERVED CVE-2019-15499 (CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element wi ...) NOT-FOR-US: CodiMD CVE-2019-15498 (cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows rem ...) NOT-FOR-US: Vera Edge Home Controller CVE-2019-15497 (Black Box iCOMPEL 9.2.3 through 11.1.4, as used in ONELAN Net-Top-Box ...) NOT-FOR-US: Black Box iCOMPEL CVE-2019-15496 (MyT Project Management 1.5.1 lacks CSRF protection and, for example, a ...) NOT-FOR-US: MyT Project Management CVE-2019-15495 RESERVED CVE-2019-15494 (openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. ...) NOT-FOR-US: openITCOCKPIT CVE-2019-15493 (openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21 ...) NOT-FOR-US: openITCOCKPIT CVE-2019-15492 (openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. ...) NOT-FOR-US: openITCOCKPIT CVE-2019-15491 (openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. ...) NOT-FOR-US: openITCOCKPIT CVE-2019-15490 (openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. ...) NOT-FOR-US: openITCOCKPIT CVE-2019-15489 (laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XS ...) NOT-FOR-US: laracom (aka Laravel FREE E-Commerce Software) CVE-2019-15488 (Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP se ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2019-15487 (DfE School Experience before v16333-GA has XSS via a teacher training ...) NOT-FOR-US: DfE School Experience CVE-2019-15486 (django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_ ...) - django-js-reverse (Issue introduced in 0.9.0) NOTE: https://github.com/ierror/django-js-reverse/pull/81 NOTE: https://github.com/ierror/django-js-reverse/commit/a3b57d1e4424e2fadabcd526d170c4868d55159c (0.9.1) CVE-2019-15485 (Bolt before 3.6.10 has XSS via createFolder or createFile in Controlle ...) NOT-FOR-US: Bolt CMS CVE-2019-15484 (Bolt before 3.6.10 has XSS via an image's alt or title field. ...) NOT-FOR-US: Bolt CMS CVE-2019-15483 (Bolt before 3.6.10 has XSS via a title that is mishandled in the syste ...) NOT-FOR-US: Bolt CMS CVE-2019-15482 (selectize-plugin-a11y before 1.1.0 has XSS via the msg field. ...) NOT-FOR-US: selectize-plugin-a11y CVE-2019-15481 (Kimai v2 before 1.1 has XSS via a timesheet description. ...) NOT-FOR-US: Kimai CVE-2019-15480 (Domoticz 4.10717 has XSS via item.Name. ...) - domoticz (bug #899058) CVE-2019-15479 (Status Board 1.1.81 has reflected XSS via dashboard.ts. ...) NOT-FOR-US: Status Board CVE-2019-15478 (Status Board 1.1.81 has reflected XSS via logic.ts. ...) NOT-FOR-US: Status Board CVE-2019-15477 (Jooby before 1.6.4 has XSS via the default error handler. ...) NOT-FOR-US: Jooby CVE-2019-15476 (Former before 4.2.1 has XSS via a checkbox value. ...) NOT-FOR-US: Former CVE-2019-15475 (The Xiaomi Mi A3 Android device with a build fingerprint of xiaomi/onc ...) NOT-FOR-US: Xiaomi Mi A3 Android device CVE-2019-15474 (The Xiaomi Cepheus Android device with a build fingerprint of Xiaomi/c ...) NOT-FOR-US: Xiaomi Cepheus Android device CVE-2019-15473 (The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaom ...) NOT-FOR-US: Xiaomi Mi A2 Lite Android device CVE-2019-15472 (The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaom ...) NOT-FOR-US: Xiaomi Mi A2 Lite Android device CVE-2019-15471 (The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi ...) NOT-FOR-US: Xiaomi Mi Mix 2S Android device CVE-2019-15470 (The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of ...) NOT-FOR-US: Xiaomi Redmi Note 6 Pro Android device CVE-2019-15469 (The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/ ...) NOT-FOR-US: Xiaomi Mi Pad 4 Android device CVE-2019-15468 (The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaom ...) NOT-FOR-US: Xiaomi Mi A2 Lite Android devic CVE-2019-15467 (The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi ...) NOT-FOR-US: Xiaomi Mi Mix 2S Android device CVE-2019-15466 (The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiao ...) NOT-FOR-US: Xiaomi Redmi 6 Pro Android device CVE-2019-15465 (The Samsung J7 Pro Android device with a build fingerprint of samsung/ ...) NOT-FOR-US: Samsung CVE-2019-15464 (The Samsung J7 Pro Android device with a build fingerprint of samsung/ ...) NOT-FOR-US: Samsung CVE-2019-15463 (The Samsung j7popeltemtr Android device with a build fingerprint of sa ...) NOT-FOR-US: Samsung CVE-2019-15462 (The Samsung J7 Duo Android device with a build fingerprint of samsung/ ...) NOT-FOR-US: Samsung CVE-2019-15461 (The Samsung J7 Neo Android device with a build fingerprint of samsung/ ...) NOT-FOR-US: Samsung CVE-2019-15460 (The Samsung J7 Neo Android device with a build fingerprint of samsung/ ...) NOT-FOR-US: Samsung CVE-2019-15459 (The Samsung J7 Neo Android device with a build fingerprint of samsung/ ...) NOT-FOR-US: Samsung CVE-2019-15458 (The Samsung J7 Neo Android device with a build fingerprint of samsung/ ...) NOT-FOR-US: Samsung CVE-2019-15457 (The Samsung J6 Android device with a build fingerprint of samsung/j6lt ...) NOT-FOR-US: Samsung CVE-2019-15456 (The Samsung J6 Android device with a build fingerprint of samsung/j6lt ...) NOT-FOR-US: Samsung CVE-2019-15455 (The Samsung J5 Android device with a build fingerprint of samsung/j5y1 ...) NOT-FOR-US: Samsung CVE-2019-15454 (The Samsung J4 Android device with a build fingerprint of samsung/j4lt ...) NOT-FOR-US: Samsung CVE-2019-15453 (The Samsung J4 Android device with a build fingerprint of samsung/j4lt ...) NOT-FOR-US: Samsung CVE-2019-15452 (The Samsung J3 Android device with a build fingerprint of samsung/j3y1 ...) NOT-FOR-US: Samsung CVE-2019-15451 (The Samsung J3 Android device with a build fingerprint of samsung/j3y1 ...) NOT-FOR-US: Samsung CVE-2019-15450 (The Samsung j3popeltecan Android device with a build fingerprint of sa ...) NOT-FOR-US: Samsung CVE-2019-15449 (The Samsung S7 Edge Android device with a build fingerprint of samsung ...) NOT-FOR-US: Samsung CVE-2019-15448 (The Samsung S7 Edge Android device with a build fingerprint of samsung ...) NOT-FOR-US: Samsung CVE-2019-15447 (The Samsung S7 Edge Android device with a build fingerprint of samsung ...) NOT-FOR-US: Samsung CVE-2019-15446 (The Samsung S7 Android device with a build fingerprint of samsung/hero ...) NOT-FOR-US: Samsung CVE-2019-15445 (The Samsung S7 Android device with a build fingerprint of samsung/hero ...) NOT-FOR-US: Samsung CVE-2019-15444 (The Samsung S7 Android device with a build fingerprint of samsung/hero ...) NOT-FOR-US: Samsung CVE-2019-15443 (The Samsung J7 Max Android device with a build fingerprint of samsung/ ...) NOT-FOR-US: Samsung CVE-2019-15442 (The Samsung on7xelteskt Android device with a build fingerprint of sam ...) NOT-FOR-US: Samsung CVE-2019-15441 (The Samsung on7xeltelgt Android device with a build fingerprint of sam ...) NOT-FOR-US: Samsung CVE-2019-15440 (The Samsung J5 Android device with a build fingerprint of samsung/on5x ...) NOT-FOR-US: Samsung CVE-2019-15439 (The Samsung XCover4 Android device with a build fingerprint of samsung ...) NOT-FOR-US: Samsung CVE-2019-15438 (The Samsung XCover4 Android device with a build fingerprint of samsung ...) NOT-FOR-US: Samsung CVE-2019-15437 (The Samsung XCover4 Android device with a build fingerprint of samsung ...) NOT-FOR-US: Samsung CVE-2019-15436 (The Samsung A8+ Android device with a build fingerprint of samsung/jac ...) NOT-FOR-US: Samsung CVE-2019-15435 (The Samsung A7 Android device with a build fingerprint of samsung/a7y1 ...) NOT-FOR-US: Samsung CVE-2019-15434 (The Samsung A5 Android device with a build fingerprint of samsung/a5y1 ...) NOT-FOR-US: Samsung CVE-2019-15433 (The Samsung A3 Android device with a build fingerprint of samsung/a3y1 ...) NOT-FOR-US: Samsung CVE-2019-15432 (The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6 ...) NOT-FOR-US: Evercoss CVE-2019-15431 (The Evercoss U50A Android device with a build fingerprint of EVERCOSS/ ...) NOT-FOR-US: Evercoss CVE-2019-15430 (The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bl ...) NOT-FOR-US: Bluboo CVE-2019-15429 (The Panasonic ELUGA_I9 Android device with a build fingerprint of Pana ...) NOT-FOR-US: Panasonic CVE-2019-15428 (The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi ...) NOT-FOR-US: Xiaomi Mi Note 2 Android device CVE-2019-15427 (The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/li ...) NOT-FOR-US: Xiaomi Mi Mix Android device CVE-2019-15426 (The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/n ...) NOT-FOR-US: Xiaomi 5S Plus Android device CVE-2019-15425 (The Kata M4s Android device with a build fingerprint of alps/full_hct6 ...) NOT-FOR-US: Kata M4s Android device CVE-2019-15424 (The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL ...) NOT-FOR-US: Doogee BL5000 Android device CVE-2019-15423 (The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO ...) NOT-FOR-US: Bluboo Bluboo_S1 Android device CVE-2019-15422 (The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/M ...) NOT-FOR-US: Doogee Mix Android device CVE-2019-15421 (The Blackview BV7000_Pro Android device with a build fingerprint of Bl ...) NOT-FOR-US: The Blackview CVE-2019-15420 (The Blackview BV9000Pro-F Android device with a build fingerprint of B ...) NOT-FOR-US: Blackview CVE-2019-15419 (The Asus ASUS_X015_1 Android device with a build fingerprint of asus/C ...) NOT-FOR-US: Asus CVE-2019-15418 (The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/C ...) NOT-FOR-US: Asus CVE-2019-15417 (The Tecno Spark Pro Android device with a build fingerprint of TECNO/H ...) NOT-FOR-US: Tecno Spark Pro Android device CVE-2019-15416 (The Sony keyaki_kddi Android device with a build fingerprint of Sony/k ...) NOT-FOR-US: Sony CVE-2019-15415 (The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/v ...) NOT-FOR-US: Xiaomi Redmi 5 Android device CVE-2019-15414 (The Asus ZenFone AR Android device with a build fingerprint of asus/WW ...) NOT-FOR-US: Asus CVE-2019-15413 (The Asus ZenFone 3 Ultra Android device with a build fingerprint of as ...) NOT-FOR-US: Asus CVE-2019-15412 (The Asus ZenFone 4 Selfie Android device with a build fingerprint of a ...) NOT-FOR-US: Asus CVE-2019-15411 (The Asus ZenFone 3 Laser Android device with a build fingerprint of as ...) NOT-FOR-US: Asus CVE-2019-15410 (The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW ...) NOT-FOR-US: Asus CVE-2019-15409 (The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW ...) NOT-FOR-US: Asus CVE-2019-15408 (The Asus ZenFone 5 Lite Android device with a build fingerprint of asu ...) NOT-FOR-US: Asus CVE-2019-15407 (The Asus ASUS_X015_1 Android device with a build fingerprint of asus/C ...) NOT-FOR-US: Asus CVE-2019-15406 (The Asus ASUS_X00LD_3 Android device with a build fingerprint of asus/ ...) NOT-FOR-US: Asus CVE-2019-15405 (The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/C ...) NOT-FOR-US: Asus CVE-2019-15404 (The Asus ZenFone Max 4 Android device with a build fingerprint of asus ...) NOT-FOR-US: Asus CVE-2019-15403 (The Asus ZenFone 3s Max Android device with a build fingerprint of asu ...) NOT-FOR-US: Asus CVE-2019-15402 (The Asus ASUS_A002_2 Android device with a build fingerprint of asus/W ...) NOT-FOR-US: Asus CVE-2019-15401 (The Asus ASUS_A002 Android device with a build fingerprint of asus/WW_ ...) NOT-FOR-US: Asus CVE-2019-15400 (The Asus ZenFone 3 Ultra Android device with a build fingerprint of as ...) NOT-FOR-US: Asus CVE-2019-15399 (The Asus ZenFone 5Q Android device with a build fingerprint of asus/WW ...) NOT-FOR-US: Asus CVE-2019-15398 (The Asus ZenFone 4 Selfie Android device with a build fingerprint of a ...) NOT-FOR-US: Asus CVE-2019-15397 (The Asus ZenFone Max 4 Android device with a build fingerprint of asus ...) NOT-FOR-US: Asus CVE-2019-15396 (The Asus ZenFone 3 Android device with a build fingerprint of asus/WW_ ...) NOT-FOR-US: Asus CVE-2019-15395 (The Asus ZenFone 3s Max Android device with a build fingerprint of asu ...) NOT-FOR-US: Asus CVE-2019-15394 (The Asus ZenFone 5 Selfie Android device with a build fingerprint of a ...) NOT-FOR-US: Asus CVE-2019-15393 (The Asus ZenFone Live Android device with a build fingerprint of asus/ ...) NOT-FOR-US: Asus CVE-2019-15392 (The Asus ZenFone 4 Selfie Android device with a build fingerprint of A ...) NOT-FOR-US: Asus CVE-2019-15391 (The Asus ZenFone 4 Selfie Android device with a build fingerprint of a ...) NOT-FOR-US: Asus CVE-2019-15390 (The Haier G8 Android device with a build fingerprint of Haier/HM-G559- ...) NOT-FOR-US: Haier G8 Android device CVE-2019-15389 (The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8. ...) NOT-FOR-US: Haier A6 Android device CVE-2019-15388 (The Coolpad 1851 Android device with a build fingerprint of Coolpad/an ...) NOT-FOR-US: Coolpad CVE-2019-15387 (The Archos Core 101 Android device with a build fingerprint of archos/ ...) NOT-FOR-US: Archos CVE-2019-15386 (The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60 ...) NOT-FOR-US: Lava CVE-2019-15385 (The Infinix Note 5 Android device with a build fingerprint of Infinix/ ...) NOT-FOR-US: Infinix Note 5 Android device CVE-2019-15384 (The Elephone A4 Android device with a build fingerprint of Elephone/A4 ...) NOT-FOR-US: Elephone CVE-2019-15383 (The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_S ...) NOT-FOR-US: Allview CVE-2019-15382 (The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_ ...) NOT-FOR-US: Cubot Nova CVE-2019-15381 (The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515 ...) NOT-FOR-US: BQ 5515L Android device CVE-2019-15380 (The Fly Photo Pro Android device with a build fingerprint of Fly/Photo ...) NOT-FOR-US: Fly Photo Pro Android device CVE-2019-15379 (The Walton Primo G3 Android device with a build fingerprint of WALTON/ ...) NOT-FOR-US: Walton Primo G3 Android device CVE-2019-15378 (The Panasonic Eluga Ray 600 Android device with a build fingerprint of ...) NOT-FOR-US: Panasonic CVE-2019-15377 (The Cherry Flare S7 Android device with a build fingerprint of Cherry_ ...) NOT-FOR-US: Cherry Flare S7 Android device CVE-2019-15376 (The Panasonic Eluga Ray 530 Android device with a build fingerprint of ...) NOT-FOR-US: Panasonic CVE-2019-15375 (The Haier G8 Android device with a build fingerprint of Haier/HM-G559- ...) NOT-FOR-US: Haier G8 Android device CVE-2019-15374 (The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/ ...) NOT-FOR-US: Lava Iris 88 Lite Android device CVE-2019-15373 (The Symphony i95 Lite Android device with a build fingerprint of LAVA/ ...) NOT-FOR-US: Symphony i95 Lite Android device CVE-2019-15372 (The Hisense F17 Android device with a build fingerprint of Hisense/F17 ...) NOT-FOR-US: Hisense F17 Android device CVE-2019-15371 (The Symphony G100 Android device with a build fingerprint of Symphony/ ...) NOT-FOR-US: Symphony G100 Android device CVE-2019-15370 (The Haier G8 Android device with a build fingerprint of Haier/HM-G559- ...) NOT-FOR-US: Haier G8 Android device CVE-2019-15369 (The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61 ...) NOT-FOR-US: Lava Z61 Turbo Android device CVE-2019-15368 (The Coolpad 1851 Android device with a build fingerprint of Coolpad/an ...) NOT-FOR-US: Coolpad CVE-2019-15367 (The Haier P10 Android device with a build fingerprint of Haier/P10/P10 ...) NOT-FOR-US: Haier P10 Android device CVE-2019-15366 (The Infinix Note 5 Android device with a build fingerprint of Infinix/ ...) NOT-FOR-US: Infinix Note 5 Android device CVE-2019-15365 (The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8 ...) NOT-FOR-US: Lava Z92 Android device CVE-2019-15364 (The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/B ...) NOT-FOR-US: Dexp BL250 Android device CVE-2019-15363 (The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/P ...) NOT-FOR-US: Leagoo Power 5 Android device CVE-2019-15362 (The Lava Iris 88 Go Android device with a build fingerprint of LAVA/ir ...) NOT-FOR-US: Lava Iris 88 Go Android device CVE-2019-15361 (The Infinix Note 5 Android device with a build fingerprint of Infinix/ ...) NOT-FOR-US: Infinix Note 5 Android device CVE-2019-15360 (The Hisense U965 Android device with a build fingerprint of Hisense/U9 ...) NOT-FOR-US: Hisense U965 Android device CVE-2019-15359 (The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8. ...) NOT-FOR-US: Haier A6 Android device CVE-2019-15358 (The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z25 ...) NOT-FOR-US: Dexp Z250 Android device CVE-2019-15357 (The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A ...) NOT-FOR-US: Advan i6A Android device CVE-2019-15356 (The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z ...) NOT-FOR-US: Lava Flair Z1 Android device CVE-2019-15355 (The Tecno Camon iClick Android device with a build fingerprint of TECN ...) NOT-FOR-US: Tecno Camon iClick Android device CVE-2019-15354 (The Ulefone Armor 5 Android device with a build fingerprint of Ulefone ...) NOT-FOR-US: Ulefone Armor 5 Android device CVE-2019-15353 (The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C ...) NOT-FOR-US: Coolpad N3C Android device CVE-2019-15352 (The Coolpad 1851 Android device with a build fingerprint of Coolpad/an ...) NOT-FOR-US: Coolpad 1851 Android device CVE-2019-15351 (The Tecno Camon Android device with a build fingerprint of TECNO/H622/ ...) NOT-FOR-US: Tecno Camon Android device CVE-2019-15350 (The Tecno Camon Android device with a build fingerprint of TECNO/H622/ ...) NOT-FOR-US: Tecno Camon Android device CVE-2019-15349 (The Tecno Camon Android device with a build fingerprint of TECNO/H612/ ...) NOT-FOR-US: Tecno Camon Android device CVE-2019-15348 (The Tecno Camon Android device with a build fingerprint of TECNO/H612/ ...) NOT-FOR-US: Tecno Camon Android device CVE-2019-15347 (The Tecno Camon iClick 2 Android device with a build fingerprint of TE ...) NOT-FOR-US: Tecno Camon iClick 2 Android device CVE-2019-15346 (The Tecno Camon iClick 2 Android device with a build fingerprint of TE ...) NOT-FOR-US: Tecno Camon iClick 2 Android device CVE-2019-15345 (The Tecno Camon iClick Android device with a build fingerprint of TECN ...) NOT-FOR-US: Tecno Camon iClick Android device CVE-2019-15344 (The Tecno Camon iClick Android device with a build fingerprint of TECN ...) NOT-FOR-US: Tecno Camon iClick Android device CVE-2019-15343 (The Tecno Camon iClick Android device with a build fingerprint of TECN ...) NOT-FOR-US: Tecno Camon iClick Android device CVE-2019-15342 (The Tecno Camon iAir 2 Plus Android device with a build fingerprint of ...) NOT-FOR-US: Tecno Camon iAir 2 Plus Android device CVE-2019-15341 (The Tecno Camon iAir 2 Plus Android device with a build fingerprint of ...) NOT-FOR-US: Tecno Camon iAir 2 Plus Android device CVE-2019-15340 (The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiao ...) NOT-FOR-US: Xiaomi Redmi 6 Pro Android device CVE-2019-15339 (The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60 ...) NOT-FOR-US: Lava Z60s Android device CVE-2019-15338 (The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/ ...) NOT-FOR-US: Lava Iris 88 Lite Android device CVE-2019-15337 (The Lava Z81 Android device with a build fingerprint of LAVA/Z81/Z81:8 ...) NOT-FOR-US: Lava Z81 Android device CVE-2019-15336 (The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61 ...) NOT-FOR-US: Lava Z61 Turbo Android device CVE-2019-15335 (The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8 ...) NOT-FOR-US: Lava Z92 Android device CVE-2019-15334 (The Lava Iris 88 Go Android device with a build fingerprint of LAVA/ir ...) NOT-FOR-US: Lava Iris 88 Go Android device CVE-2019-15333 (The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z ...) NOT-FOR-US: Lava Flair Z1 Android device CVE-2019-15332 (The Lava Z61 Android device with a build fingerprint of LAVA/Z61_2GB/Z ...) NOT-FOR-US: Lava Z61 Android device CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for W ...) NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has insufficient ...) NOT-FOR-US: webp-express plugin for WordPress CVE-2019-15329 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPre ...) NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress CVE-2019-15328 (The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPre ...) NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress CVE-2019-15327 (The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPre ...) NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress CVE-2019-15326 (The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPre ...) NOT-FOR-US: import-users-from-csv-with-meta plugin for WordPress CVE-2019-15325 (In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/1 ...) NOT-FOR-US: GalliumOS CVE-2019-15324 (The ad-inserter plugin before 2.4.22 for WordPress has remote code exe ...) NOT-FOR-US: ad-inserter plugin for WordPress CVE-2019-15323 (The ad-inserter plugin before 2.4.20 for WordPress has path traversal. ...) NOT-FOR-US: ad-inserter plugin for WordPress CVE-2019-15322 (The shortcode-factory plugin before 2.8 for WordPress has Local File I ...) NOT-FOR-US: shortcode-factory plugin for WordPress CVE-2019-15321 (The option-tree plugin before 2.7.3 for WordPress has Object Injection ...) NOT-FOR-US: option-tree plugin for WordPress CVE-2019-15320 (The option-tree plugin before 2.7.3 for WordPress has Object Injection ...) NOT-FOR-US: option-tree plugin for WordPress CVE-2019-15319 (The option-tree plugin before 2.7.0 for WordPress has Object Injection ...) NOT-FOR-US: option-tree plugin for WordPress CVE-2019-15318 (The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPres ...) NOT-FOR-US: yikes-inc-easy-mailchimp-extender plugin for WordPress CVE-2019-15317 (The give plugin before 2.4.7 for WordPress has XSS via a donor name. ...) NOT-FOR-US: give plugin for WordPress CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folder perm ...) NOT-FOR-US: Valve Steam Client for Windows CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...) NOT-FOR-US: Valve Steam Client for Windows CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to uplo ...) - tikiwiki CVE-2019-15313 (In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persiste ...) NOT-FOR-US: Zimbra Collaboration CVE-2019-15312 (An issue was discovered on Zolo Halo devices via the Linkplay firmware ...) NOT-FOR-US: Zolo Halo devices CVE-2019-15311 (An issue was discovered on Zolo Halo devices via the Linkplay firmware ...) NOT-FOR-US: Zolo Halo devices CVE-2019-15310 (An issue was discovered on various devices via the Linkplay firmware. ...) NOT-FOR-US: Linkplay CVE-2019-15309 RESERVED CVE-2019-15308 RESERVED CVE-2019-15307 RESERVED CVE-2019-15306 RESERVED CVE-2019-15305 RESERVED CVE-2019-15304 (Lierda Grill Temperature Monitor V1.00_50006 has a default password of ...) NOT-FOR-US: Lierda Grill Temperature Monitor CVE-2019-15303 RESERVED CVE-2019-15302 (The pad management logic in XWiki labs CryptPad before 3.0.0 allows a ...) NOT-FOR-US: CryptPad CVE-2019-15301 (A SQL injection vulnerability in the method Terrasoft.Core.DB.Column.C ...) NOT-FOR-US: Terrasoft Bpm'online CRM-System SDK CVE-2019-15300 (A problem was found in Centreon Web through 19.04.3. An authenticated ...) - centreon-web (bug #913903) CVE-2019-15299 (An issue was discovered in Centreon Web through 19.04.3. When a user c ...) - centreon-web (bug #913903) CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenticated ...) - centreon-web (bug #913903) CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...) - asterisk 1:16.10.0~dfsg-1 (low; bug #940060) [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2 [stretch] - asterisk (Minor issue) [jessie] - asterisk (The vulnerable code is not present) NOTE: https://downloads.asterisk.org/pub/security/AST-2019-004.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28495 CVE-2019-15296 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...) {DSA-4522-1 DLA-1899-1} - faad2 2.8.8-3 NOTE: https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174 CVE-2019-15295 (An Untrusted Search Path vulnerability in the ServiceInstance.dll libr ...) NOT-FOR-US: Bitdefender Antivirus Free CVE-2019-15294 (An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1 ...) NOT-FOR-US: Gallagher Command Centre CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...) NOT-FOR-US: ACDSee CVE-2019-15289 (Multiple vulnerabilities in the video service of Cisco TelePresence Co ...) NOT-FOR-US: Cisco CVE-2019-15288 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...) NOT-FOR-US: Cisco CVE-2019-15287 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-15286 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-15285 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-15284 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-15283 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-15282 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2019-15281 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2019-15280 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2019-15279 RESERVED CVE-2019-15278 (A vulnerability in the web-based management interface of Cisco Finesse ...) NOT-FOR-US: Cisco CVE-2019-15277 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...) NOT-FOR-US: Cisco CVE-2019-15276 (A vulnerability in the web interface of Cisco Wireless LAN Controller ...) NOT-FOR-US: Cisco CVE-2019-15275 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...) NOT-FOR-US: Cisco CVE-2019-15274 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...) NOT-FOR-US: Cisco CVE-2019-15273 (Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboratio ...) NOT-FOR-US: Cisco CVE-2019-15272 (A vulnerability in the web-based interface of Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2019-15271 (A vulnerability in the web-based management interface of certain Cisco ...) NOT-FOR-US: Cisco CVE-2019-15270 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2019-15269 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-15268 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-15267 RESERVED CVE-2019-15266 (A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Soft ...) NOT-FOR-US: Cisco CVE-2019-15265 (A vulnerability in the bridge protocol data unit (BPDU) forwarding fun ...) NOT-FOR-US: Cisco CVE-2019-15264 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2019-15263 RESERVED CVE-2019-15262 (A vulnerability in the Secure Shell (SSH) session management for Cisco ...) NOT-FOR-US: Cisco CVE-2019-15261 (A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN pa ...) NOT-FOR-US: Cisco CVE-2019-15260 (A vulnerability in Cisco Aironet Access Points (APs) Software could al ...) NOT-FOR-US: Cisco CVE-2019-15259 (A vulnerability in Cisco Unified Contact Center Express (UCCX) Softwar ...) NOT-FOR-US: Cisco CVE-2019-15258 (A vulnerability in the web-based management interface of Cisco SPA100 ...) NOT-FOR-US: Cisco CVE-2019-15257 (A vulnerability in the web-based management interface of Cisco SPA100 ...) NOT-FOR-US: Cisco CVE-2019-15256 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...) NOT-FOR-US: Cisco CVE-2019-15255 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2019-15254 RESERVED CVE-2019-15253 (A vulnerability in the web-based management interface of Cisco Digital ...) NOT-FOR-US: Cisco CVE-2019-15252 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15251 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15250 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15249 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15248 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15247 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15246 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15245 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15244 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15243 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15242 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15241 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15240 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There is a u ...) {DLA-1930-1 DLA-1919-1} - linux 4.19.37-1 [stretch] - linux 4.9.184-1 CVE-2019-15291 (An issue was discovered in the Linux kernel through 5.2.9. There is a ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://www.openwall.com/lists/oss-security/2019/08/20/2 CVE-2019-15290 REJECTED CVE-2019-15239 (In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was ...) {DSA-4497-1 DLA-1884-1} - linux 4.15.4-1 NOTE: https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-tcpsocketsuaf NOTE: Workaround entry for main entry as the issue never affected upstream version NOTE: actually and is specific to the stable versions backports. CVE-2019-15238 (The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the ...) NOT-FOR-US: Wordpress plugin CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...) [experimental] - roundcube 1.5~rc+dfsg.1-1 - roundcube 1.5.0+dfsg.1-1 (low; bug #949629) [bullseye] - roundcube (Minor issue) [buster] - roundcube (Minor issue) [stretch] - roundcube (Minor issue) NOTE: https://github.com/roundcube/roundcubemail/issues/6891 CVE-2019-15236 RESERVED CVE-2019-15235 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an att ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-15234 (SHAREit through 4.0.6.177 does not check the full message length from ...) NOT-FOR-US: SHAREit CVE-2019-15233 (The Live:Text Box macro in the Old Street Live Input Macros app before ...) NOT-FOR-US: Old Street Live Input Macros app for Confluence CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...) [experimental] - liblivemedia 2019.08.16-1 - liblivemedia 2019.10.11-2 (low) [buster] - liblivemedia (Can be fixed along in future update) [stretch] - liblivemedia (Can be fixed along in future update) [jessie] - liblivemedia (Can be fixed along with more important patches) NOTE: Fixed upstream in 2019.08.16 according to available information. CVE-2019-15231 REJECTED CVE-2019-15230 (LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Noti ...) NOT-FOR-US: LibreNMS CVE-2019-15229 (FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of ...) NOT-FOR-US: FUEL CMS CVE-2019-15228 (FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin conso ...) NOT-FOR-US: FUEL CMS CVE-2019-15227 (FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and User ...) NOT-FOR-US: FlightPath CVE-2019-15226 (Upon receiving each incoming request header data, Envoy will iterate o ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-15225 (In Envoy through 1.11.1, users may configure a route to match incoming ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-15224 (The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on ...) - ruby-rest-client (Backdoored version not uploaded to Debian) CVE-2019-15223 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...) - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/0b074ab7fc0d575247b9cc9f93bb7e007ca38840 CVE-2019-15222 (An issue was discovered in the Linux kernel before 5.2.8. There is a N ...) - linux (Vulnerable code not present in any released version) NOTE: https://git.kernel.org/linus/5d78e1c2b7f4be00bbe62141603a631dc7812f35 CVE-2019-15221 (An issue was discovered in the Linux kernel before 5.1.17. There is a ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.185-1 NOTE: https://git.kernel.org/linus/3450121997ce872eb7f1248417225827ea249710 CVE-2019-15220 (An issue was discovered in the Linux kernel before 5.2.1. There is a u ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.189-1 NOTE: https://git.kernel.org/linus/6e41e2257f1094acc37618bf6c856115374c6922 CVE-2019-15219 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 NOTE: https://git.kernel.org/linus/9a5729f68d3a82786aea110b1bfe610be318f80a CVE-2019-15218 (An issue was discovered in the Linux kernel before 5.1.8. There is a N ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 NOTE: https://git.kernel.org/linus/31e0456de5be379b10fea0fa94a681057114a96e CVE-2019-15217 (An issue was discovered in the Linux kernel before 5.2.3. There is a N ...) {DLA-2114-1 DLA-2068-1} - linux 5.2.6-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e CVE-2019-15216 (An issue was discovered in the Linux kernel before 5.0.14. There is a ...) {DLA-1919-1 DLA-1884-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 NOTE: https://git.kernel.org/linus/ef61eb43ada6c1d6b94668f0f514e4c268093ff3 CVE-2019-15215 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.189-1 NOTE: https://git.kernel.org/linus/eff73de2b1600ad8230692f00bc0ab49b166512a CVE-2019-15214 (An issue was discovered in the Linux kernel before 5.0.10. There is a ...) {DLA-1884-1} - linux 4.19.37-1 [stretch] - linux 4.9.184-1 CVE-2019-15213 (An issue was discovered in the Linux kernel before 5.2.3. There is a u ...) - linux [bullseye] - linux (Revisit when correctly fixed upstream) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) CVE-2019-15212 (An issue was discovered in the Linux kernel before 5.1.8. There is a d ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 NOTE: https://git.kernel.org/linus/3864d33943b4a76c6e64616280e98d2410b1190f CVE-2019-15211 (An issue was discovered in the Linux kernel before 5.2.6. There is a u ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.189-1 NOTE: https://git.kernel.org/linus/c666355e60ddb4748ead3bdd983e3f7f2224aaf0 CVE-2019-15210 RESERVED CVE-2019-15209 RESERVED CVE-2019-15208 RESERVED CVE-2019-15207 RESERVED CVE-2019-15206 RESERVED CVE-2019-15205 RESERVED CVE-2019-15204 RESERVED CVE-2019-15203 RESERVED CVE-2019-15202 RESERVED CVE-2019-15201 RESERVED CVE-2019-15200 RESERVED CVE-2019-15199 RESERVED CVE-2019-15198 RESERVED CVE-2019-15197 RESERVED CVE-2019-15196 RESERVED CVE-2019-15195 RESERVED CVE-2019-15194 RESERVED CVE-2019-15193 RESERVED CVE-2019-15192 RESERVED CVE-2019-15191 RESERVED CVE-2019-15190 RESERVED CVE-2019-15189 RESERVED CVE-2019-15188 RESERVED CVE-2019-15187 RESERVED CVE-2019-15186 RESERVED CVE-2019-15185 RESERVED CVE-2019-15184 RESERVED CVE-2019-15183 RESERVED CVE-2019-15182 RESERVED CVE-2019-15181 RESERVED CVE-2019-15180 RESERVED CVE-2019-15179 RESERVED CVE-2019-15178 RESERVED CVE-2019-15177 RESERVED CVE-2019-15176 RESERVED CVE-2019-15175 RESERVED CVE-2019-15174 RESERVED CVE-2019-15173 RESERVED CVE-2019-15172 RESERVED CVE-2019-15171 RESERVED CVE-2019-15170 RESERVED CVE-2019-15169 RESERVED CVE-2019-15168 RESERVED CVE-2019-15167 RESERVED CVE-2019-15166 (lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 l ...) {DSA-4547-1 DLA-1955-1} - tcpdump 4.9.3-1 (bug #941698) NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0b661e0aa61850234b64394585cf577aac570bf4 CVE-2019-15165 (sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB ...) {DLA-1967-1} - libpcap 1.9.1-1 (low; bug #941697) [buster] - libpcap (Minor issue) [stretch] - libpcap (Minor issue) NOTE: https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab NOTE: https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6 CVE-2019-15164 (rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may ...) - libpcap 1.9.1-1 (unimportant) [buster] - libpcap (Vulnerable code introduced in 1.9.0) [stretch] - libpcap (Vulnerable code introduced in 1.9.0) [jessie] - libpcap (Vulnerable code introduced in 1.9.0) NOTE: https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a NOTE: rpcapd not build in Debian. CVE-2019-15163 (rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a de ...) - libpcap 1.9.1-1 (unimportant) [buster] - libpcap (Vulnerable code introduced in 1.9.0) [stretch] - libpcap (Vulnerable code introduced in 1.9.0) [jessie] - libpcap (Vulnerable code introduced in 1.9.0) NOTE: https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31 NOTE: rpcapd not build in Debian. CVE-2019-15162 (rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provi ...) - libpcap 1.9.1-1 (unimportant) [buster] - libpcap (Vulnerable code introduced in 1.9.0) [stretch] - libpcap (Vulnerable code introduced in 1.9.0) [jessie] - libpcap (Vulnerable code introduced in 1.9.0) NOTE: https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58 NOTE: rpcapd not build in Debian. CVE-2019-15161 (rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length valu ...) - libpcap 1.9.1-1 (unimportant) [buster] - libpcap (Vulnerable code introduced in 1.9.0) [stretch] - libpcap (Vulnerable code introduced in 1.9.0) [jessie] - libpcap (Vulnerable code introduced in 1.9.0) NOTE: https://github.com/the-tcpdump-group/libpcap/commit/617b12c0339db4891d117b661982126c495439ea NOTE: rpcapd not built in Debian. CVE-2019-15160 (The SweetXml (aka sweet_xml) package through 0.6.6 for Erlang and Elix ...) NOT-FOR-US: SweetXml (aka sweet_xml) package for Erlang and Elixir CVE-2019-15159 RESERVED CVE-2019-15158 RESERVED CVE-2019-15157 RESERVED CVE-2019-15156 RESERVED CVE-2019-15155 RESERVED CVE-2019-15154 RESERVED CVE-2019-15153 RESERVED CVE-2019-15152 RESERVED CVE-2019-15151 (AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. ...) [experimental] - adplug 2.3.3+dfsg-1 - adplug 2.3.3+dfsg-2 (bug #946340) [buster] - adplug (Minor issue) [stretch] - adplug (Minor issue) [jessie] - adplug (Minor issue) NOTE: https://github.com/adplug/adplug/issues/91 CVE-2019-15150 (In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulner ...) NOT-FOR-US: OAuth2 Client MediaWiki extension CVE-2019-15149 (** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that drops t ...) NOT-FOR-US: Mitogen CVE-2019-15148 (GoPro GPMF-parser 1.2.2 has an out-of-bounds write in OpenMP4Source in ...) NOT-FOR-US: gpmf-parser CVE-2019-15147 (GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Nex ...) NOT-FOR-US: gpmf-parser CVE-2019-15146 (GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in ...) NOT-FOR-US: gpmf-parser CVE-2019-15145 (DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack ...) {DLA-2667-1 DLA-1902-1} - djvulibre 3.5.27.1-11 (low) [buster] - djvulibre (Minor issue) NOTE: https://sourceforge.net/p/djvu/bugs/298/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/ CVE-2019-15144 (In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate< ...) {DLA-2667-1 DLA-1902-1} - djvulibre 3.5.27.1-11 (low) [buster] - djvulibre (Minor issue) NOTE: https://sourceforge.net/p/djvu/bugs/299/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/ CVE-2019-15143 (In DjVuLibre 3.5.27, the bitmap reader component allows attackers to c ...) {DLA-2667-1 DLA-1902-1} - djvulibre 3.5.27.1-11 (low) [buster] - djvulibre (Minor issue) NOTE: https://sourceforge.net/p/djvu/bugs/297/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/ CVE-2019-15142 (In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows a ...) {DLA-2667-1 DLA-1902-1} - djvulibre 3.5.27.1-11 (low) [buster] - djvulibre (Minor issue) NOTE: https://sourceforge.net/p/djvu/bugs/296/ NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/ CVE-2019-15141 (WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows att ...) - imagemagick (Incomplete fix for CVE-2019-11597 not applied) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1560 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112 CVE-2019-15140 (coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to ca ...) {DSA-4715-1 DSA-4712-1 DLA-1968-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #941671) NOTE: https://github.com/ImageMagick/ImageMagick/commit/f7206618d27c2e69d977abf40e3035a33e5f6be0 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010 NOTE: followup, previous patch introduced compiler warnings NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5caef6e97f3f575cf7bea497865a4c1e624b8010 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1554 CVE-2019-15139 (The XWD image (X Window System window dumping file) parsing component ...) {DSA-4712-1 DLA-2366-1 DLA-1968-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #941670) NOTE: https://github.com/ImageMagick/ImageMagick/commit/c78993d138bf480ab4652b5a48379d4ff75ba5f7 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6d46f0a046a58e7c4567a86ba1b9cb847d5b1968 NOTE: ImageMagick6: followup, partly reverts previous patch: NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e295b8193a1413a39d5c0b3e18fa7ca952c35cdf NOTE: https://github.com/ImageMagick/ImageMagick/issues/1553 CVE-2019-15138 (The html-pdf package 2.2.0 for Node.js has an arbitrary file read vuln ...) NOT-FOR-US: node html-pdf CVE-2019-15137 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 allows f ...) NOT-FOR-US: eProsima Fast RTPS CVE-2019-15136 (The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not ...) NOT-FOR-US: eProsima Fast RTPS CVE-2019-15135 (The handshake protocol in Object Management Group (OMG) DDS Security 1 ...) NOT-FOR-US: Object Management Group (OMG) DDS Security CVE-2019-15134 (RIOT through 2019.07 contains a memory leak in the TCP implementation ...) NOT-FOR-US: RIOT RIOT-OS CVE-2019-15133 (In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by ...) [experimental] - giflib 5.1.8-1 - giflib 5.1.9-1 [buster] - giflib (Minor issue) [stretch] - giflib (Minor issue) [jessie] - giflib (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13008 NOTE: https://sourceforge.net/p/giflib/code/ci/799eb6a3af8a3dd81e2429bf11a72a57e541f908/ NOTE: https://sourceforge.net/p/giflib/bugs/119/ CVE-2019-15132 (Zabbix through 4.4.0alpha1 allows User Enumeration. With login request ...) {DLA-2631-1} - zabbix 1:5.0.7+dfsg-1 (bug #935027) [buster] - zabbix (Minor issue) [jessie] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-16532 NOTE: https://support.zabbix.com/browse/ZBX-5842 NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/b5a110e4d1c21d865cd03e3ef8dbc6f37221b60f (4.0.27rc1) CVE-2019-15131 (In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 ...) NOT-FOR-US: Code42 CVE-2019-15130 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...) NOT-FOR-US: Recruitment module in Humanica Humatrix CVE-2019-15129 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...) NOT-FOR-US: Recruitment module in Humanica Humatrix CVE-2019-15128 (iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to creat ...) NOT-FOR-US: iF.SVNAdmin CVE-2019-15127 (REDCap before 9.3.0 allows XSS attacks against non-administrator accou ...) NOT-FOR-US: REDCap CVE-2019-15126 (An issue was discovered on Broadcom Wi-Fi client devices. Specifically ...) NOT-FOR-US: Broadcom CVE-2019-15125 RESERVED CVE-2019-15124 (In the MobileFrontend extension for MediaWiki, XSS exists within the e ...) NOT-FOR-US: MobileFrontend extension for MediaWiki CVE-2019-15123 (The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated u ...) NOT-FOR-US: Viki Vera CVE-2019-15122 RESERVED CVE-2019-15121 RESERVED CVE-2019-15120 (The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode. ...) NOT-FOR-US: Kunena extension for Joomla! CVE-2019-15119 (lib/install/install.go in cnlh nps through 0.23.2 uses 0777 permission ...) NOT-FOR-US: cnlh nps CVE-2019-15118 (check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2. ...) {DSA-4531-1 DLA-1940-1 DLA-1930-1} - linux 5.2.17-1 NOTE: Fixed by: https://git.kernel.org/linus/19bce474c45be69a284ecee660aa12d8f1e88f18 CVE-2019-15117 (parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel throug ...) {DSA-4531-1 DLA-1940-1 DLA-1930-1} - linux 5.2.17-1 NOTE: Fixed by: https://git.kernel.org/linus/daac07156b330b18eb5071aec4b3ddca1c377f2c CVE-2019-15116 (The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS ...) NOT-FOR-US: easy-digital-downloads plugin for WordPress CVE-2019-15115 (The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF. ...) NOT-FOR-US: peters-login-redirect plugin for WordPress CVE-2019-15114 (The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. ...) NOT-FOR-US: formcraft-form-builder plugin for WordPress CVE-2019-15113 (The companion-sitemap-generator plugin before 3.7.0 for WordPress has ...) NOT-FOR-US: companion-sitemap-generator plugin for WordPress CVE-2019-15112 (The wp-slimstat plugin before 4.8.1 for WordPress has XSS. ...) NOT-FOR-US: wp-slimstat plugin for WordPress CVE-2019-15111 (The wp-front-end-profile plugin before 0.2.2 for WordPress has a privi ...) NOT-FOR-US: wp-front-end-profile plugin for WordPress CVE-2019-15110 (The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. ...) NOT-FOR-US: wp-front-end-profile plugin for WordPress CVE-2019-15109 (The the-events-calendar plugin before 4.8.2 for WordPress has XSS via ...) NOT-FOR-US: the-events-calendar plugin for WordPress CVE-2019-15108 (An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-P ...) NOT-FOR-US: WSO2 API Manager CVE-2019-15107 (An issue was discovered in Webmin <=1.920. The parameter old in pas ...) - webmin CVE-2019-15106 (An issue was discovered in Zoho ManageEngine OpManager in builds befor ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2019-15105 (An issue was discovered in Zoho ManageEngine Application Manager throu ...) NOT-FOR-US: Zoho ManageEngine Application Manager CVE-2019-15104 (An issue was discovered in Zoho ManageEngine OpManager through 12.4x. ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2019-15103 RESERVED CVE-2019-15102 (An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner ...) NOT-FOR-US: Tyto Sahi Pro CVE-2019-15101 RESERVED CVE-2019-15100 RESERVED CVE-2019-15097 RESERVED CVE-2019-15096 RESERVED CVE-2019-15095 (DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi- ...) NOT-FOR-US: DWSurvey CVE-2019-15094 RESERVED CVE-2019-15093 RESERVED CVE-2019-15092 (The webtoffee "WordPress Users & WooCommerce Customers Import Expo ...) NOT-FOR-US: webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin for WordPress CVE-2019-15091 (filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&am ...) NOT-FOR-US: Artica Integria IMS CVE-2019-15089 (An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protec ...) NOT-FOR-US: PRiSE adAS CVE-2019-15088 (An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compa ...) NOT-FOR-US: PRiSE adAS CVE-2019-15087 (An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can ...) NOT-FOR-US: PRiSE adAS CVE-2019-15086 (An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter ...) NOT-FOR-US: PRiSE adAS CVE-2019-15085 (An issue was discovered in PRiSE adAS 1.7.0. The current database pass ...) NOT-FOR-US: PRiSE adAS CVE-2019-15084 (Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, insta ...) NOT-FOR-US: Realtek CVE-2019-15083 (Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 befor ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...) - linux 5.3.15-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/linux-wireless/20190804003101.11541-1-benquike@gmail.com/T/#u CVE-2019-15098 (drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2. ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.7-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 NOTE: https://lore.kernel.org/linux-wireless/20190804002905.11292-1-benquike@gmail.com/T/#u CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux k ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/c09581a52765a85f19fc35340127396d5e3379cc CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has reflect ...) NOT-FOR-US: Wordpress plugin CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...) NOT-FOR-US: OpenCart CVE-2019-15080 (An issue was discovered in a smart contract implementation for MORPH T ...) NOT-FOR-US: MORPH Token Ethereum token CVE-2019-15079 (A typo exists in the constructor of a smart contract implementation fo ...) NOT-FOR-US: EAI Ethereum token CVE-2019-15078 (An issue was discovered in a smart contract implementation for AIRDROP ...) NOT-FOR-US: AIRDROPX BORN Ethereum token CVE-2019-15077 RESERVED CVE-2019-15076 RESERVED CVE-2019-15075 (An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/ ...) NOT-FOR-US: iNextrix ASTPP CVE-2019-15074 (The Timeline feature in my_view_page.php in MantisBT through 2.21.1 ha ...) - mantis NOTE: https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27 NOTE: https://mantisbt.org/bugs/view.php?id=25995 CVE-2019-15073 (An Open Redirect vulnerability for all browsers in MAIL2000 through ve ...) NOT-FOR-US: Openfind MAIL2000 CVE-2019-15072 (The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 ...) NOT-FOR-US: Openfind MAIL2000 CVE-2019-15071 (The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a c ...) NOT-FOR-US: Openfind MAIL2000 CVE-2019-15070 RESERVED CVE-2019-15069 (An unsafe authentication interface was discovered in Smart Battery A4, ...) NOT-FOR-US: Smart Battery CVE-2019-15068 (A broken access control vulnerability in Smart Battery A4, a multifunc ...) NOT-FOR-US: Smart Battery CVE-2019-15067 (An authentication bypass vulnerability discovered in Smart Battery A2- ...) NOT-FOR-US: Smart Battery CVE-2019-15066 (An “invalid command” handler issue was discovered in HiNet ...) NOT-FOR-US: HiNet GPON firmware CVE-2019-15065 (A service which is hosted on port 6998 in HiNet GPON firmware < I04 ...) NOT-FOR-US: HiNet GPON firmware CVE-2019-15064 (HiNet GPON firmware version < I040GWR190731 allows an attacker logi ...) NOT-FOR-US: HiNet GPON firmware CVE-2019-15063 RESERVED CVE-2019-15062 (An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an ...) - dolibarr NOTE: https://github.com/Dolibarr/dolibarr/issues/11671 CVE-2019-15061 RESERVED CVE-2019-15060 (The traceroute function on the TP-Link TL-WR840N v4 router with firmwa ...) NOT-FOR-US: TP-Link CVE-2019-15059 (In Liberty lisPBX 2.0-4, configuration backup files can be retrieved r ...) NOT-FOR-US: Liberty lisPBX CVE-2019-15058 (stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer ov ...) - libstb (bug #934973) [bullseye] - libstb (Minor issue) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/790 NOTE: Potentially also affects libsixel, mame, libsfml, love, zynaddsubfx, yquake2, ccextractor, zam-plugins, osgearth, catimg, darknet, gem, retroarch, renderdoc, goxel NOTE: https://github.com/nothings/stb/commit/bfaccab17a648b315543d366c63aee575a0756b7 CVE-2019-15057 RESERVED CVE-2019-15056 RESERVED CVE-2019-15055 (MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly ...) NOT-FOR-US: MikroTik RouterOS CVE-2019-15054 (Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before ...) NOT-FOR-US: Mailbird CVE-2019-15053 (The "HTML Include and replace macro" plugin before 1.5.0 for Confluenc ...) NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence Server CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication credentials ...) - gradle (low; bug #941187) [bullseye] - gradle (Minor issue) [buster] - gradle (Minor issue) [stretch] - gradle (Minor issue) [jessie] - gradle (Minor issue, old gradle mainly used for building Debian packages with system libraries) NOTE: https://github.com/gradle/gradle/issues/10278 NOTE: https://github.com/gradle/gradle/pull/10176 NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 CVE-2019-15051 (An issue was discovered in Softing uaGate (SI, MB, 840D) firmware thro ...) NOT-FOR-US: Softing uaGate CVE-2019-15050 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) NOT-FOR-US: Bento4 CVE-2019-15049 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) NOT-FOR-US: Bento4 CVE-2019-15048 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) NOT-FOR-US: Bento4 CVE-2019-15047 (An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffe ...) NOT-FOR-US: Bento4 CVE-2019-15046 (Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthentica ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2019-15045 (** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2019-15044 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2019-15043 (In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow u ...) - grafana CVE-2019-15042 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-15041 (JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-15040 (JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-15039 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possi ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-15038 (An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity s ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-15037 (An issue was discovered in JetBrains TeamCity 2018.2.4. It had several ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-15036 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-15035 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-15034 (hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient ...) {DSA-4665-1} - qemu 1:4.1-1 [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01959.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5e7bcdcfe69ce0fad66012b2cfb2035003c37eef CVE-2019-15033 (Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature dow ...) - ajaxplorer (bug #668381) CVE-2019-15032 (Pydio 6.0.8 mishandles error reporting when a directory allows unauthe ...) - ajaxplorer (bug #668381) CVE-2019-15031 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...) - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/a8318c13e79badb92bc6640704a64cc022a6eb97 CVE-2019-15030 (In the Linux kernel through 5.2.14 on the powerpc platform, a local us ...) - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/8205d5d98ef7f155de211f5e2eb6ca03d95a5a60 CVE-2019-15029 (FusionPBX 4.4.8 allows an attacker to execute arbitrary system command ...) NOT-FOR-US: FusionPBX CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could allow ...) NOT-FOR-US: Joomla! CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on ...) NOT-FOR-US: Mediatek CVE-2019-15026 (memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer ...) {DLA-1913-1} - memcached 1.5.17-1 (bug #939337) [buster] - memcached (Minor issue) [stretch] - memcached (Minor issue) NOTE: Fixed by: https://github.com/memcached/memcached/commit/554b56687a19300a75ec24184746b5512580c819 CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...) NOT-FOR-US: ninja-forms plugin for WordPress CVE-2019-15024 (In all versions of ClickHouse before 19.14.3, an attacker having write ...) NOT-FOR-US: ClickHouse CVE-2019-15023 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15022 (A security vulnerability exists in Zingbox Inspector versions 1.294 an ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15021 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15020 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15019 (A security vulnerability exists in the Zingbox Inspector versions 1.29 ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15018 (A security vulnerability exists in the Zingbox Inspector versions 1.28 ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15017 (The SSH service is enabled on the Zingbox Inspector versions 1.294 and ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15016 (An SQL injection vulnerability exists in the management interface of Z ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15015 (In the Zingbox Inspector, versions 1.294 and earlier, hardcoded creden ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15014 (A command injection vulnerability exists in the Zingbox Inspector vers ...) NOT-FOR-US: Zingbox Inspector CVE-2019-15013 (The WorkflowResource class removeStatus method in Jira before version ...) NOT-FOR-US: Atlassian CVE-2019-15012 (Bitbucket Server and Bitbucket Data Center from version 4.13. before 5 ...) NOT-FOR-US: Bitbucket Server and Bitbucket Data Center CVE-2019-15011 (The ListEntityLinksServlet resource in Application Links before versio ...) NOT-FOR-US: Application Links CVE-2019-15010 (Bitbucket Server and Bitbucket Data Center versions starting from vers ...) NOT-FOR-US: Bitbucket Server and Bitbucket Data Center CVE-2019-15009 (The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2019-15008 (The /plugins/servlet/branchreview resource in Atlassian Fisheye and Cr ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2019-15007 (The review resource in Atlassian Fisheye and Crucible before version 4 ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2019-15006 (There was a man-in-the-middle (MITM) vulnerability present in the Conf ...) NOT-FOR-US: Confluence CVE-2019-15005 (The Atlassian Troubleshooting and Support Tools plugin prior to versio ...) NOT-FOR-US: Atlassian CVE-2019-15004 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...) NOT-FOR-US: Atlassian CVE-2019-15003 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...) NOT-FOR-US: Atlassian CVE-2019-15002 RESERVED CVE-2019-15001 (The Jira Importers Plugin in Atlassian Jira Server and Data Cente from ...) NOT-FOR-US: Atlassian CVE-2019-15000 (The commit diff rest endpoint in Bitbucket Server and Data Center befo ...) NOT-FOR-US: Atlassian CVE-2019-14999 (The Uninstall REST endpoint in Atlassian Universal Plugin Manager befo ...) NOT-FOR-US: Atlassian CVE-2019-14998 (The Webwork action Cross-Site Request Forgery (CSRF) protection implem ...) NOT-FOR-US: Atlassian Jira CVE-2019-14997 (The AccessLogFilter class in Jira before version 8.4.0 allows remote a ...) NOT-FOR-US: Atlassian Jira CVE-2019-14996 (The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and ...) NOT-FOR-US: Atlassian Jira CVE-2019-14995 (The /rest/api/1.0/render resource in Jira before version 8.4.0 allows ...) NOT-FOR-US: Atlassian Jira CVE-2019-14994 (The Customer Context Filter in Atlassian Jira Service Desk Server and ...) NOT-FOR-US: Atlassian CVE-2019-14993 (Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressi ...) NOT-FOR-US: Istio CVE-2019-14992 REJECTED CVE-2019-14991 REJECTED CVE-2019-14990 REJECTED CVE-2019-14989 REJECTED CVE-2019-14988 REJECTED CVE-2019-14987 (Adive Framework through 2.0.7 is affected by XSS in the Create New Tab ...) NOT-FOR-US: Adive Framework CVE-2019-14986 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn before 2.3.0 installe ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14985 (eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remot ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14984 (eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn inst ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14983 RESERVED CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerability in ...) - exiv2 (Vulnerable code not present) NOTE: https://github.com/Exiv2/exiv2/issues/960 NOTE: https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62 CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...) {DSA-4712-1 DLA-2333-1 DLA-1968-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #955025) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256 CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is ...) - imagemagick (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick6/issues/43 NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/6f29b3755748a899145b639195dd3bc640d36bb4 (6.9.10-24) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830 (6.9.10-42) CVE-2019-14979 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Chec ...) NOT-FOR-US: WooCommerce PayPal Checkout Payment Gateway plugin for WordPress CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugi ...) NOT-FOR-US: WooCommerce PayU India Payment Gateway plugin for WordPress CVE-2019-14977 REJECTED CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...) - mupdf (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701292 NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=abcb3e68670ebc2e5127953462a026fe1a5dd321 (1.16.0-rc1) NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=97096297d409ec6f206298444ba00719607e8ba8 (1.16.0) CVE-2019-14974 (SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.h ...) NOT-FOR-US: SugarCRM CVE-2019-14973 (_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through ...) {DSA-4670-1 DSA-4608-1 DLA-1897-1} - tiff 4.0.10+git190814-1 (low; bug #934780) - tiff3 NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/90 NOTE: https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773 CVE-2019-14972 RESERVED CVE-2019-14971 RESERVED CVE-2019-14970 (A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3. ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14969 (Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\N ...) NOT-FOR-US: Netwrix Auditor CVE-2019-14968 (An issue was discovered in imcat 4.9. There is SQL Injection via the i ...) NOT-FOR-US: imcat CVE-2019-14967 (An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and ...) NOT-FOR-US: Frappe Framework CVE-2019-14966 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) NOT-FOR-US: Frappe Framework CVE-2019-14965 (An issue was discovered in Frappe Framework 10 through 12 before 12.0. ...) NOT-FOR-US: Frappe Framework CVE-2019-14964 RESERVED CVE-2019-14963 RESERVED CVE-2019-14962 RESERVED CVE-2019-14961 (JetBrains Upsource before 2019.1.1412 was not properly escaping HTML t ...) NOT-FOR-US: JetBrains Upsource CVE-2019-14960 (JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider. ...) NOT-FOR-US: JetBrains Rider CVE-2019-14959 (JetBrains Toolbox before 1.15.5605 was resolving an internal URL via a ...) NOT-FOR-US: JetBrains Toolbox CVE-2019-14958 (JetBrains PyCharm before 2019.2 was allocating a buffer of unknown siz ...) - pycharm (bug #742394) CVE-2019-14957 (The JetBrains Vim plugin before version 0.52 was storing individual pr ...) NOT-FOR-US: JetBrains Vim plugin CVE-2019-14956 (JetBrains YouTrack before 2019.2.53938 was using incorrect settings, a ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-14955 (In JetBrains Hub versions earlier than 2018.4.11436, there was no opti ...) NOT-FOR-US: JetBrains Hub CVE-2019-14954 (JetBrains IntelliJ IDEA before 2019.2 was resolving the markdown plant ...) - intellij-idea (bug #747616) CVE-2019-14953 (JetBrains YouTrack versions before 2019.2.53938 had a possible XSS thr ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-14952 (JetBrains YouTrack versions before 2019.1.52584 had a possible XSS in ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-14951 (The Telenav Scout GPS Link app 1.x for iOS, as used with Toyota and Le ...) NOT-FOR-US: Telenav Scout GPS Link app CVE-2019-14950 (The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS vi ...) NOT-FOR-US: wp-live-chat-support plugin for WordPress CVE-2019-14949 (The wp-database-backup plugin before 5.1.2 for WordPress has XSS. ...) NOT-FOR-US: wp-database-backup plugin for WordPress CVE-2019-14948 (The woocommerce-product-addon plugin before 18.4 for WordPress has XSS ...) NOT-FOR-US: woocommerce-product-addon plugin for WordPress CVE-2019-14947 (The ultimate-member plugin before 2.0.52 for WordPress has XSS during ...) NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14946 (The ultimate-member plugin before 2.0.52 for WordPress has XSS related ...) NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14945 (The ultimate-member plugin before 2.0.54 for WordPress has XSS. ...) NOT-FOR-US: ultimate-member plugin for WordPress CVE-2019-14944 [Multiple Command-Line Flag Injection Vulnerabilities] RESERVED [experimental] - gitlab 11.11.8+dfsg-1 - gitlab 12.6.8-3 (bug #934708) NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ CVE-2019-14943 (An issue was discovered in GitLab Community and Enterprise Edition 12. ...) - gitlab (Only affects GitLab CE/EE 12.0 and later) NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ CVE-2019-14942 [Insecure Cookie Handling on GitLab Pages] RESERVED [experimental] - gitlab 11.11.8+dfsg-1 - gitlab 12.6.8-3 (bug #934708) NOTE: https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ CVE-2019-14941 (SHAREit through 4.0.6.177 does not check the body length from the rece ...) NOT-FOR-US: SHAREit CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a user of ...) NOT-FOR-US: Storage Performance Development Kit CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...) - node-mysql 2.18.0-1 (bug #934712) [buster] - node-mysql 2.16.0-1+deb10u1 [stretch] - node-mysql (Nodejs in stretch not covered by security support) [jessie] - node-mysql (Nodejs in jessie not covered by security support) NOTE: https://github.com/mysqljs/mysql/issues/2257 CVE-2019-14938 RESERVED CVE-2019-14937 (REDCap before 9.3.0 allows time-based SQL injection in the edit calend ...) NOT-FOR-US: REDCap CVE-2019-14936 (Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Informat ...) NOT-FOR-US: Easy!Appointments plugin for WordPress CVE-2019-14935 (3CX Phone 15 on Windows has insecure permissions on the "%PROGRAMDATA% ...) NOT-FOR-US: 3CX Phone 15 on Windows CVE-2019-14934 (An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_ki ...) {DLA-2475-1} - pdfresurrect 0.18-1 [buster] - pdfresurrect (Minor issue) [jessie] - pdfresurrect (Minor issue) NOTE: https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6 NOTE: https://github.com/enferex/pdfresurrect/issues/6 NOTE: CVE specific to the calloc_some.pdf and malloc_some.pdf issues. CVE-2019-14933 (Bagisto 0.1.5 allows CSRF under /admin URIs. ...) NOT-FOR-US: Bagisto CVE-2019-14932 (The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 ...) NOT-FOR-US: Recruitment module in Humanica Humatrix CVE-2019-14931 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...) NOT-FOR-US: Mitsubishi Electric ME-RTU devices CVE-2019-14930 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...) NOT-FOR-US: Mitsubishi Electric ME-RTU devices CVE-2019-14929 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...) NOT-FOR-US: Mitsubishi Electric ME-RTU devices CVE-2019-14928 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...) NOT-FOR-US: Mitsubishi Electric ME-RTU devices CVE-2019-14927 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...) NOT-FOR-US: Mitsubishi Electric ME-RTU devices CVE-2019-14926 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...) NOT-FOR-US: Mitsubishi Electric ME-RTU devices CVE-2019-14925 (An issue was discovered on Mitsubishi Electric ME-RTU devices through ...) NOT-FOR-US: Mitsubishi Electric ME-RTU devices CVE-2019-14924 (An issue was discovered in GCDWebServer before 3.5.3. The method moveI ...) NOT-FOR-US: GCDWebServer CVE-2019-14923 (EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharac ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2019-14922 RESERVED CVE-2019-14921 RESERVED CVE-2019-14920 (Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authe ...) NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware CVE-2019-14919 (An exposed Telnet Service on the Billion Smart Energy Router SG600R2 w ...) NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware CVE-2019-14918 (XSS in the DHCP lease-status table in Billion Smart Energy Router SG60 ...) NOT-FOR-US: Billion Smart Energy Router SG600R2 Firmware CVE-2019-14917 RESERVED CVE-2019-14916 (An issue was discovered in PRiSE adAS 1.7.0. A file's format is not pr ...) NOT-FOR-US: PRiSE adAS CVE-2019-14915 (An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not ...) NOT-FOR-US: PRiSE adAS CVE-2019-14914 (An issue was discovered in PRiSE adAS 1.7.0. The path is not properly ...) NOT-FOR-US: PRiSE adAS CVE-2019-14913 (An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly ...) NOT-FOR-US: PRiSE adAS CVE-2019-14912 (An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does n ...) NOT-FOR-US: PRiSE adAS CVE-2019-14911 (An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does n ...) NOT-FOR-US: PRiSE adAS CVE-2019-14910 (A vulnerability was found in keycloak 7.x, when keycloak is configured ...) NOT-FOR-US: Keycloak CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user federation LD ...) NOT-FOR-US: Keycloak CVE-2019-14908 REJECTED CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...) {DLA-2668-1} - samba 2:4.11.5+dfsg-1 [buster] - samba (Minor issue) [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14907.html CVE-2019-14906 (A flaw was found with the RHSA-2019:3950 erratum, where it did not fix ...) NOT-FOR-US: Specific CVE assignment for incorrect/incomplete fix of CVE-2019-13616 in RHEL 7 CVE-2019-14905 (A vulnerability was found in Ansible Engine versions 2.9.x before 2.9. ...) - ansible 2.9.4+dfsg-1 (low) [buster] - ansible (Minor issue) [stretch] - ansible (Minor issue) [jessie] - ansible (Vulnerable module first bundled in 2.2) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776943 NOTE: https://github.com/ansible/ansible/pull/65423 NOTE: https://github.com/ansible/ansible/blob/stable-2.2/CHANGELOG.md CVE-2019-14904 (A flaw was found in the solaris_zone module from the Ansible Community ...) {DSA-4950-1 DLA-2535-1} - ansible 2.9.4+dfsg-1 (low) [jessie] - ansible (Vulnerable module first bundled in 2.0) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944 NOTE: https://github.com/ansible/ansible/pull/65686 NOTE: https://github.com/ansible/ansible/blob/stable-2.0/CHANGELOG.md CVE-2019-14903 REJECTED CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...) {DLA-2668-1} - samba 2:4.11.5+dfsg-1 [buster] - samba (Minor issue) [jessie] - samba (difficult and risky backport to 4.2 in jessie) NOTE: https://www.samba.org/samba/security/CVE-2019-14902.html NOTE: Workaround: Use of 'samba-tool drs replicate $DC1 $DC2 $NC --full-sync' will NOTE: cause all ACLs to be syncronised from DC2 to DC1, for the given NC (naming NOTE: context). CVE-2019-14901 (A heap overflow flaw was found in the Linux kernel, all versions 3.x.x ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/2 CVE-2019-14900 (A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 an ...) - libhibernate3-java (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1666499 NOTE: https://github.com/hibernate/hibernate-orm/commit/b658e903d71e34a5be5690a33e6faa21b1db628b NOTE: https://github.com/hibernate/hibernate-orm/commit/7dfb0fdf24fb4a1f757be14ce5806b5a81f20ab8 NOTE: https://github.com/hibernate/hibernate-orm/commit/50a5da07c1e6cb1da630b01c67bce9f7fe49dd8e CVE-2019-14899 (A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, ...) NOTE: https://www.openwall.com/lists/oss-security/2019/12/05/1 CVE-2019-14898 (The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 w ...) - linux (RHEL-7 specific incomplete fix for CVE-2019-11599) CVE-2019-14897 (A stack-based buffer overflow was found in the Linux kernel, version k ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.19-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1 CVE-2019-14896 (A heap-based buffer overflow vulnerability was found in the Linux kern ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.19-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1 CVE-2019-14895 (A heap-based buffer overflow was discovered in the Linux kernel, all v ...) {DLA-2114-1 DLA-2068-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://www.openwall.com/lists/oss-security/2019/11/22/1 CVE-2019-14894 (A flaw was found in the CloudForms management engine version 5.10 and ...) NOT-FOR-US: Red Hat CloudForm CVE-2019-14893 (A flaw was discovered in FasterXML jackson-databind in all versions be ...) - jackson-databind 2.10.0-1 [buster] - jackson-databind 2.9.8-3+deb10u1 [stretch] - jackson-databind 2.8.6-1+deb9u6 [jessie] - jackson-databind 2.4.2-2+deb8u9 NOTE: https://github.com/FasterXML/jackson-databind/issues/2469 NOTE: https://github.com/FasterXML/jackson-databind/commit/998efd708284778f29d83d7962a9bd935c228317 CVE-2019-14892 (A flaw was discovered in jackson-databind in versions before 2.9.10, 2 ...) - jackson-databind 2.10.0-1 [buster] - jackson-databind 2.9.8-3+deb10u1 [stretch] - jackson-databind 2.8.6-1+deb9u6 [jessie] - jackson-databind 2.4.2-2+deb8u9 NOTE: https://github.com/FasterXML/jackson-databind/issues/2462 NOTE: https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65a8261a8deedc7186f6af NOTE: https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb896380f2d46e9b7d4fdc3b CVE-2019-14891 (A flaw was found in cri-o, as a result of all pod-related processes be ...) NOT-FOR-US: Kubernetes CRI-O CVE-2019-14890 (A vulnerability was found in Ansible Tower before 3.6.1 where an attac ...) NOT-FOR-US: Ansible Tower CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in version ...) {DLA-2038-1} - libssh 0.9.3-1 (bug #946548) [buster] - libssh (Minor issue) [stretch] - libssh (Minor issue) NOTE: https://www.libssh.org/security/advisories/CVE-2019-14889.txt NOTE: https://bugs.libssh.org/T181 NOTE: The fix in libssh makes an update in x2goclient necessary, cf: NOTE: https://bugs.debian.org/947129 NOTE: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...) - undertow 2.0.30-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464 NOTE: https://issues.redhat.com/browse/UNDERTOW-1623 NOTE: https://github.com/undertow-io/undertow/commit/846c50ead09f7d0b38965b4726ba0b6c5582bf7f (and followups) NOTE: https://github.com/undertow-io/undertow/pull/828 NOTE: https://github.com/undertow-io/undertow/pull/852 CVE-2019-14887 (A flaw was found when an OpenSSL security provider is used with Wildfl ...) - wildfly (bug #752018) CVE-2019-14886 (A vulnerability was found in business-central, as shipped in rhdm-7.5. ...) NOT-FOR-US: Business central CVE-2019-14885 (A flaw was found in the JBoss EAP Vault system in all versions before ...) NOT-FOR-US: JBoss EAP CVE-2019-14884 (A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 ...) - moodle CVE-2019-14883 (A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3. ...) - moodle CVE-2019-14882 (A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to ...) - moodle CVE-2019-14881 (A vulnerability was found in moodle 3.7 before 3.7.3, where there is b ...) - moodle CVE-2019-14880 (A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 bef ...) - moodle CVE-2019-14879 (A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x ...) - moodle CVE-2019-14878 (In the __d2b function of the newlib libc library, all versions prior t ...) - newlib 3.3.0-1 [buster] - newlib (Minor issue) [stretch] - newlib (Minor issue) [jessie] - newlib (Minor issue) - picolibc 1.4.3-1 NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ NOTE: https://keithp.com/blogs/picolibc-string-float/ CVE-2019-14877 (In the __mdiff function of the newlib libc library, all versions prior ...) - newlib 3.3.0-1 [buster] - newlib (Minor issue) [stretch] - newlib (Minor issue) [jessie] - newlib (Minor issue) - picolibc 1.4.3-1 NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ NOTE: https://keithp.com/blogs/picolibc-string-float/ CVE-2019-14876 (In the __lshift function of the newlib libc library, all versions prio ...) - newlib 3.3.0-1 [buster] - newlib (Minor issue) [stretch] - newlib (Minor issue) [jessie] - newlib (Minor issue) - picolibc (unimportant) NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ CVE-2019-14875 (In the __multiply function of the newlib libc library, all versions pr ...) - newlib 3.3.0-1 [buster] - newlib (Minor issue) [stretch] - newlib (Minor issue) [jessie] - newlib (Minor issue) - picolibc (Affected code not present) NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ CVE-2019-14874 (In the __i2b function of the newlib libc library, all versions prior t ...) - newlib 3.3.0-1 [buster] - newlib (Minor issue) [stretch] - newlib (Minor issue) [jessie] - newlib (Minor issue) - picolibc 1.4.3-1 NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ NOTE: https://keithp.com/blogs/picolibc-string-float/ CVE-2019-14873 (In the __multadd function of the newlib libc library, prior to version ...) - newlib 3.3.0-1 [buster] - newlib (Minor issue) [stretch] - newlib (Minor issue) [jessie] - newlib (Minor issue) - picolibc 1.4.3-1 NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ NOTE: https://keithp.com/blogs/picolibc-string-float/ CVE-2019-14872 (The _dtoa_r function of the newlib libc library, prior to version 3.3. ...) - newlib 3.3.0-1 [buster] - newlib (Minor issue) [stretch] - newlib (Minor issue) [jessie] - newlib (Minor issue) - picolibc 1.4.3-1 NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ NOTE: https://keithp.com/blogs/picolibc-string-float/ CVE-2019-14871 (The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by ...) - newlib 3.3.0-1 [buster] - newlib (Minor issue) [stretch] - newlib (Minor issue) [jessie] - newlib (Minor issue) - picolibc 1.4.3-1 NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/ NOTE: https://keithp.com/blogs/picolibc-string-float/ CVE-2019-14870 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...) {DLA-2668-1} - samba 2:4.11.3+dfsg-1 [buster] - samba (Minor issue) [jessie] - samba (Minor issue) - heimdal 7.7.0+dfsg-1 (bug #946786) [buster] - heimdal (Minor issue) [stretch] - heimdal (Minor issue) [jessie] - heimdal (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14870.html NOTE: https://github.com/heimdal/heimdal/pull/663 NOTE: https://github.com/heimdal/heimdal/pull/664 (port to 7.1 branch) CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.50, where ...) {DSA-4569-1 DLA-1992-1} - ghostscript 9.50~dfsg-3 (bug #944760) NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abfc40f4cef NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701841 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768911 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14868 (In ksh version 20120801, a flaw was found in the way it evaluates cert ...) {DLA-2284-1} - ksh 2020.0.0-2.1 (bug #948989) [buster] - ksh 93u+20120801-3.4+deb10u1 [jessie] - ksh (Minor issue) - ksh93 (bug #964034) NOTE: https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2 CVE-2019-14867 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...) - freeipa 4.8.3-1 [buster] - freeipa (Minor issue; can be fixed via point release) NOTE: https://pagure.io/freeipa/c/4abd2f76d76c4c1a1ec5087ec447f4515b63c2c6 CVE-2019-14866 (In all versions of cpio before 2.13 does not properly validate input f ...) {DLA-1981-1} - cpio 2.13+dfsg-1 (low; bug #941412) [buster] - cpio (Minor issue) [stretch] - cpio (Minor issue) NOTE: https://lists.gnu.org/archive/html/bug-cpio/2019-08/msg00003.html NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=7554e3e42cd72f6f8304410c47fe6f8918e9bfd7 CVE-2019-14865 (A flaw was found in the grub2-set-bootflag utility of grub2. A local a ...) - grub2 (Red Hat-specific patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764925 NOTE: https://seclists.org/oss-sec/2019/q4/101 NOTE: Red Hat-specific patch, get added as 0131-Add-grub-set-bootflag-utility.patch in their SRPM CVE-2019-14864 (Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible v ...) {DSA-4950-1} - ansible 2.9.2+dfsg-1 (low; bug #943768) [stretch] - ansible (Vulnerable code was introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://github.com/ansible/ansible/issues/63522 NOTE: https://github.com/ansible/ansible/pull/63527 NOTE: Introduced in https://github.com/ansible/ansible/commit/91da1653e0b592d4d67c5fb3ecd4fa60c797ff03 (2.6) CVE-2019-14863 (There is a vulnerability in all angular versions before 1.5.0-beta.0, ...) {DLA-1995-1} - angular.js 1.5.3-2 (bug #942833) NOTE: https://snyk.io/vuln/npm:angular:20150807 NOTE: https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a NOTE: https://github.com/angular/angular.js/pull/12524 CVE-2019-14862 (There is a vulnerability in knockout before version 3.5.0-beta, where ...) - node-knockout 3.4.2-3 (unimportant; bug #943560) [buster] - node-knockout 3.4.2-2+deb10u1 NOTE: https://github.com/knockout/knockout/issues/1244 NOTE: https://github.com/knockout/knockout/pull/2345 NOTE: https://github.com/knockout/knockout/commit/7e280b2b8a04cc19176b5171263a5c68bda98efb NOTE: Only impacts browsers which are totally insecure and EOLed anyway CVE-2019-14861 (All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11 ...) {DLA-2668-1} - samba 2:4.11.3+dfsg-1 [buster] - samba (Minor issue) [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14861.html CVE-2019-14860 (It was found that the Syndesis configuration for Cross-Origin Resource ...) NOT-FOR-US: Syndesis CVE-2019-14859 (A flaw was found in all python-ecdsa versions before 0.13.3, where it ...) {DSA-4588-1 DLA-1978-1} - python-ecdsa 0.13.3-1 NOTE: https://github.com/warner/python-ecdsa/issues/114 NOTE: Upstream patches: NOTE: https://github.com/warner/python-ecdsa/pull/115 NOTE: https://github.com/warner/python-ecdsa/pull/124 NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859. CVE-2019-14858 (A vulnerability was found in Ansible engine 2.x up to 2.8 and Ansible ...) - ansible 2.8.6+dfsg-1 (bug #942332) [buster] - ansible (Minor issue) [stretch] - ansible (Vulnerable code was introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760593 NOTE: https://github.com/ansible/ansible/pull/63405 NOTE: Sub-options/sub-specs/sub-parameters introduced in https://github.com/ansible/ansible/commit/25de905c6e05bd6df91f4299628ee6d386d3da50 (2.4) CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An open r ...) {DLA-2298-1 DLA-1996-1} - libapache2-mod-auth-openidc 2.4.0.3-1 (bug #942165) [buster] - libapache2-mod-auth-openidc (Minor issue) NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/5c15dfb08106c2451c2c44ce7ace6813c216ba75 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/451 NOTE: https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4 CVE-2019-14855 (A flaw was found in the way certificate signatures could be forged usi ...) - gnupg2 2.2.19-1 (low; bug #945859) [buster] - gnupg2 (Minor issue) [stretch] - gnupg2 (Minor issue) [jessie] - gnupg2 (No backport to version << 2.2.x, low impact, danger of breaking things) - gnupg1 (low) [bullseye] - gnupg1 (Minor issue) [buster] - gnupg1 (Minor issue) [stretch] - gnupg1 (Minor issue) - gnupg (low) [jessie] - gnupg (No backport to version << 2.2.x, low impact, danger of breaking things) NOTE: https://dev.gnupg.org/T4755 NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4 NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=7d9aad63c4f1aefe97da61baf5acd96c12c0278e NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=dd18be979e138dd3712315ee390463e8ee1fe8c1 NOTE: https://eprint.iacr.org/2020/014.pdf CVE-2019-14854 (OpenShift Container Platform 4 does not sanitize secret data written t ...) NOT-FOR-US: OpenShift CVE-2019-14853 (An error-handling flaw was found in python-ecdsa before version 0.13.3 ...) {DSA-4588-1 DLA-1978-1} - python-ecdsa 0.13.3-1 NOTE: https://github.com/warner/python-ecdsa/issues/114 NOTE: Upstream patches: NOTE: https://github.com/warner/python-ecdsa/pull/115 NOTE: https://github.com/warner/python-ecdsa/pull/124 NOTE: Fix for CVE-2019-14853 fixes as well CVE-2019-14859. CVE-2019-14852 (A flaw was found in 3scale’s APIcast gateway that enabled the TL ...) NOT-FOR-US: Red Hat 3scale API gateway CVE-2019-14851 (A denial of service vulnerability was discovered in nbdkit. A client i ...) - nbdkit 1.14.2-1 [buster] - nbdkit (Issue introduced by the fix for CVE-2019-14850) [stretch] - nbdkit (Issue introduced by the fix for CVE-2019-14850) [jessie] - nbdkit (introduced by CVE-2019-14850) NOTE: https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html NOTE: 1.15 (development branch): NOTE: https://github.com/libguestfs/nbdkit/commit/a6b88b195a959b17524d1c8353fd425d4891dc5f NOTE: 1.14: NOTE: https://github.com/libguestfs/nbdkit/commit/bf0d61883a2f02f4388ec10dc92d4c61c093679e NOTE: 1.12: NOTE: https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3 CVE-2019-14850 (A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.1 ...) - nbdkit 1.14.1-1 [buster] - nbdkit (Minor issue) [stretch] - nbdkit (Minor issue) [jessie] - nbdkit (Minor issue, DoS/amplification for specific configuration, non-trivial backport, low popcon) NOTE: https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html NOTE: 1.15 (development branch): NOTE: https://github.com/libguestfs/nbdkit/commit/c05686f9577fa91b6a3a4d8c065954ca6fc3fd62 NOTE: https://github.com/libguestfs/nbdkit/commit/a6b88b195a959b17524d1c8353fd425d4891dc5f NOTE: 1.14: NOTE: https://github.com/libguestfs/nbdkit/commit/e06cde00659ff97182173d0e33fff784041bcb4a NOTE: https://github.com/libguestfs/nbdkit/commit/bf0d61883a2f02f4388ec10dc92d4c61c093679e NOTE: 1.12: NOTE: https://github.com/libguestfs/nbdkit/commit/22b30adb796bb6dca264a38598f80b8a234ff978 NOTE: https://github.com/libguestfs/nbdkit/commit/b2bc6683ea3cd1f6be694e8a681dfa411b7d15f3 CVE-2019-14849 (A vulnerability was found in 3scale before version 2.6, did not set th ...) NOT-FOR-US: Red Hat 3scale CVE-2019-14848 REJECTED CVE-2019-14847 (A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x b ...) {DLA-2668-1} - samba 2:4.11.0+dfsg-6 [buster] - samba (Minor issue) [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14847.html CVE-2019-14846 (In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, an ...) {DSA-4950-1 DLA-2535-1 DLA-2202-1} - ansible 2.8.6+dfsg-1 (low; bug #942188) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1755373 NOTE: https://github.com/ansible/ansible/pull/63366 NOTE: https://github.com/ansible/ansible/commit/90e74dd2600e5cc42dd9b4f4656f3d651c4ce5c4 CVE-2019-14845 (A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. ...) NOT-FOR-US: OpenShift CVE-2019-14844 (A flaw was found in, Fedora versions of krb5 from 1.16.1 to, including ...) - krb5 (Vulnerable code not present; problematic commit not backported; not present in any MIT krb5 release) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1753589 NOTE: Introduced by: https://github.com/krb5/krb5/commit/a649279727490687d54becad91fde8cf7429d951 NOTE: Fixed by: https://github.com/krb5/krb5/commit/275c9a1aad36a1a7b56042f1a2c21c33e7d16eaf CVE-2019-14843 (A flaw was found in Wildfly Security Manager, running under JDK 11 or ...) - wildfly (bug #752018) CVE-2019-14841 RESERVED NOT-FOR-US: Red Hat Decision Manager CVE-2019-14840 RESERVED CVE-2019-14839 RESERVED NOT-FOR-US: Red Hat / JBoss BPMS Business-central console CVE-2019-14838 (A flaw was found in wildfly-core before 7.2.5.GA. The Management users ...) - wildfly (bug #752018) CVE-2019-14837 (A flaw was found in keycloack before version 8.0.0. The owner of 'plac ...) NOT-FOR-US: Keycloak CVE-2019-14836 (A vulnerability was found that the 3scale dev portal does not employ m ...) NOT-FOR-US: 3scale CVE-2019-14835 (A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in ...) {DSA-4531-1 DLA-1940-1 DLA-1930-1} - linux 5.2.17-1 NOTE: https://www.openwall.com/lists/oss-security/2019/09/17/1 NOTE: https://git.kernel.org/linus/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4 CVE-2019-14834 (A vulnerability was found in dnsmasq before version 2.81, where the me ...) - dnsmasq 2.81-1 (bug #948373) [buster] - dnsmasq (Minor issue) [stretch] - dnsmasq (Minor issue) [jessie] - dnsmasq (Minor issue) NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1764425 CVE-2019-14833 (A flaw was found in Samba, all versions starting samba 4.5.0 before sa ...) {DLA-2668-1} - samba 2:4.11.1+dfsg-2 [buster] - samba (Minor issue) [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-14833.html CVE-2019-14832 (A flaw was found in the Keycloak REST API before version 8.0.0 where i ...) NOT-FOR-US: Keycloak CVE-2019-14831 (A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to ...) - moodle CVE-2019-14830 (A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to ...) - moodle CVE-2019-14829 (A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6 ...) - moodle CVE-2019-14828 (A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6 ...) - moodle CVE-2019-14827 (A vulnerability was found in Moodle where javaScript injection was pos ...) - moodle CVE-2019-14826 (A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies ...) - freeipa (unimportant; bug #940913) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944 NOTE: Introduced by https://pagure.io/freeipa/c/b895f4a34bcbd0b1787d2bfc1db25f34c3584b9c NOTE: due to fix for https://fedorahosted.org/freeipa/ticket/6682. NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1746944#c12 NOTE: Negligible security impact CVE-2019-14825 (A cleartext password storage issue was discovered in Katello, versions ...) NOT-FOR-US: Katello CVE-2019-14824 (A flaw was found in the 'deref' plugin of 389-ds-base where it could u ...) {DLA-2004-1} - 389-ds-base 1.4.2.4-1 (bug #944150) [buster] - 389-ds-base (Minor issue) [stretch] - 389-ds-base (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747448 NOTE: https://pagure.io/freeipa/issue/8050 CVE-2019-14823 (A flaw was found in the "Leaf and Chain" OCSP policy implementation in ...) - jss 4.6.2-1 (bug #942463) [buster] - jss (Vulnerable code backported only in 4.5.3 onwards) [stretch] - jss (Vulnerable code not present) [jessie] - jss (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747435 NOTE: https://github.com/dogtagpki/jss/pull/284 NOTE: https://github.com/dogtagpki/jss/commit/be37ff4738b4696d529a13b6ed33c7ac56d97ba4 CVE-2019-14822 (A flaw was discovered in ibus in versions before 1.5.22 that allows an ...) {DSA-4525-1} - ibus 1.5.21-1 (bug #940267) [jessie] - ibus (Hard to exploit, regression risk) NOTE: https://www.openwall.com/lists/oss-security/2019/09/13/1 NOTE: Fixed by: https://github.com/ibus/ibus/commit/3d442dbf936d197aa11ca0a71663c2bc61696151 NOTE: The original fix introduces regression with Qt applications (the fix uncovered an NOTE: interoperability bug between GLib's implementation of D-Bus and the reference implementation NOTE: libdbus): NOTE: https://bugs.debian.org/941018 NOTE: https://launchpad.net/bugs/1844853 NOTE: https://github.com/ibus/ibus/issues/2137 CVE-2019-14821 (An out-of-bounds access issue was found in the Linux kernel, all versi ...) {DSA-4531-1 DLA-1940-1 DLA-1930-1} - linux 5.2.17-1 NOTE: https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a CVE-2019-14820 (It was found that keycloak before version 8.0.0 exposes internal adapt ...) NOT-FOR-US: Keycloak CVE-2019-14819 (A flaw was found during the upgrade of an existing OpenShift Container ...) NOT-FOR-US: openshift-ansible CVE-2019-14818 (A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x bef ...) {DSA-4567-1} - dpdk 18.11.4-1 NOTE: http://mails.dpdk.org/archives/announce/2019-November/000293.html NOTE: https://bugs.dpdk.org/show_bug.cgi?id=363 CVE-2019-14817 (A flaw was found in, ghostscript versions prior to 9.50, in the .pdfex ...) {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701450 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19 NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14816 (There is heap-based buffer overflow in kernel, all versions up to, exc ...) {DLA-2114-1 DLA-1930-1} - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 CVE-2019-14815 (A vulnerability was found in Linux Kernel, where a Heap Overflow was f ...) {DLA-2114-1 DLA-1930-1} - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Vulnerability introduced later) CVE-2019-14814 (There is heap-based buffer overflow in Linux kernel, all versions up t ...) {DLA-2114-1 DLA-1930-1} - linux 5.2.17-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 CVE-2019-14813 (A flaw was found in ghostscript, versions 9.x before 9.50, in the sets ...) {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701443 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14812 (A flaw was found in all ghostscript versions 9.x before 9.50, in the . ...) {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701444 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14811 (A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_h ...) {DSA-4518-1 DLA-1915-1} - ghostscript 9.28~~rc2~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701445 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33 NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/2 NOTE: For recent versions (9.28~~rc1~dfsg-1) the issue is mitigated starting NOTE: from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff NOTE: which changed the access to file permissions. CVE-2019-14810 (A vulnerability has been found in the implementation of the Label Dist ...) NOT-FOR-US: EOS CVE-2019-14809 (net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ...) {DSA-4503-1} - golang-1.13 1.13~beta1-3 (bug #934954) - golang-1.12 1.12.8-1 - golang-1.11 1.11.13-1 - golang-1.8 [stretch] - golang-1.8 (Minor issue, affects poor validation practice, introduce regressions, requires rebuilding affected go-based packages) - golang-1.7 [stretch] - golang-1.7 (Minor issue, affects poor validation practice, introduce regressions, requires rebuilding affected go-based packages) - golang [jessie] - golang (Fix too invasive to backport, url.go file in jessie too far behind upstream) NOTE: Issue: https://github.com/golang/go/issues/29098 NOTE: https://github.com/golang/go/commit/c1d9ca70995dc232a2145e3214f94e03409f6fcc (golang-1.11) NOTE: https://github.com/golang/go/commit/3226f2d492963d361af9dfc6714ef141ba606713 (golang-1.12) CVE-2019-14808 (An issue was discovered in the RENPHO application 3.0.0 for iOS. It tr ...) NOT-FOR-US: RENPHO CVE-2019-14807 (In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS e ...) NOT-FOR-US: MobileFrontend extension for MediaWiki CVE-2019-14806 (Pallets Werkzeug before 0.15.3, when used with Docker, has insufficien ...) - python-werkzeug 0.15.6+dfsg1-1 (low; bug #940935) [buster] - python-werkzeug 0.14.1+dfsg1-4+deb10u1 [stretch] - python-werkzeug 0.11.15+dfsg1-1+deb9u1 [jessie] - python-werkzeug (Vulnerable code not present) NOTE: https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246 CVE-2019-14805 (studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the ...) NOT-FOR-US: UNA CVE-2019-14804 (studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via t ...) NOT-FOR-US: UNA CVE-2019-14803 RESERVED CVE-2019-14802 RESERVED CVE-2019-14801 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress ...) NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress CVE-2019-14800 (The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress ...) NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress CVE-2019-14799 (The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress ...) NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress CVE-2019-14798 (The 10Web Photo Gallery plugin before 1.5.25 for WordPress has Authent ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2019-14797 (The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authent ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2019-14796 (The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products ...) NOT-FOR-US: mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin for WordPress CVE-2019-14795 (The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress h ...) NOT-FOR-US: toggle-the-title (aka Toggle The Title) plugin for WordPress CVE-2019-14794 (The Meta Box plugin before 4.16.2 for WordPress mishandles the uploadi ...) NOT-FOR-US: Meta Box plugin for WordPress CVE-2019-14793 (The Meta Box plugin before 4.16.3 for WordPress allows file deletion v ...) NOT-FOR-US: Meta Box plugin for WordPress CVE-2019-14792 (The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via ...) NOT-FOR-US: WP Google Maps plugin for WordPress CVE-2019-14791 (The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XS ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2019-14790 (The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS ...) NOT-FOR-US: limb-gallery (aka Limb Gallery) plugin for WordPress CVE-2019-14789 (The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin ...) NOT-FOR-US: Custom 404 Pro plugin for WordPress CVE-2019-14788 (wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribu ...) NOT-FOR-US: Tribulant Newsletters plugin for WordPress CVE-2019-14787 (The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XS ...) NOT-FOR-US: Tribulant Newsletters plugin for WordPress CVE-2019-14786 (The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users t ...) NOT-FOR-US: Rank Math SEO plugin for WordPress CVE-2019-14785 (The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress h ...) NOT-FOR-US: "CP Contact Form with PayPal" plugin for WordPress CVE-2019-14784 (The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress h ...) NOT-FOR-US: "CP Contact Form with PayPal" plugin for WordPress CVE-2019-14783 (On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, Fo ...) NOT-FOR-US: Samsung CVE-2019-14782 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8 ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14781 RESERVED CVE-2019-14780 RESERVED CVE-2019-14779 RESERVED CVE-2019-14778 (The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.c ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14777 (The Control function of demux/mkv/mkv.cpp in VideoLAN VLC media player ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14776 (A heap-based buffer over-read exists in DemuxInit() in demux/asf/asf.c ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14775 RESERVED CVE-2019-12625 (ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnera ...) {DLA-1953-1} - clamav 0.101.4+dfsg-1 (bug #934359) [buster] - clamav 0.101.4+dfsg-0+deb10u1 [stretch] - clamav 0.101.4+dfsg-0+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=12356 NOTE: Partially adressed already in 0.101.2+dfsg-3 but incomplete. NOTE: https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html CVE-2019-14774 (The woo-variation-swatches (aka Variation Swatches for WooCommerce) pl ...) NOT-FOR-US: Wordpress plugin CVE-2019-14773 (admin/includes/class.actions.snippet.php in the "Woody ad snippets" pl ...) NOT-FOR-US: Wordpress plugin CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...) NOT-FOR-US: verdaccio CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the ...) - backdrop (bug #914257) CVE-2019-14770 (In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some me ...) - backdrop (bug #914257) CVE-2019-14769 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't suf ...) - backdrop (bug #914257) CVE-2019-14768 (An Arbitrary File Upload issue in the file browser of DIMO YellowBox C ...) NOT-FOR-US: DIMO YellowBox CRM CVE-2019-14767 (In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence ...) NOT-FOR-US: DIMO YellowBox CRM CVE-2019-14766 (Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 ...) NOT-FOR-US: DIMO YellowBox CRM CVE-2019-14765 (Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBo ...) NOT-FOR-US: DIMO YellowBox CRM CVE-2019-14764 RESERVED CVE-2019-14763 (In the Linux kernel before 4.16.4, a double-locking error in drivers/u ...) - linux 4.16.5-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) CVE-2019-14762 RESERVED CVE-2019-14761 (An issue was discovered in KaiOS 2.5. The pre-installed Note applicati ...) NOT-FOR-US: KaiOS CVE-2019-14760 (An issue was discovered in KaiOS 2.5. The pre-installed Recorder appli ...) NOT-FOR-US: KaiOS CVE-2019-14759 (An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installe ...) NOT-FOR-US: KaiOS CVE-2019-14758 (An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File ...) NOT-FOR-US: KaiOS CVE-2019-14757 (An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Cont ...) NOT-FOR-US: KaiOS CVE-2019-14756 (An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-insta ...) NOT-FOR-US: KaiOS CVE-2019-14755 (The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows U ...) NOT-FOR-US: Leaf Admin CVE-2019-14754 (Open-School 3.0, and Community Edition 2.3, allows SQL Injection via t ...) NOT-FOR-US: Open-School CVE-2019-14753 (SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buff ...) NOT-FOR-US: SICK FX0-GPNT00000 and FX0-GENT00000 devices CVE-2019-14752 (SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. ...) NOT-FOR-US: SuiteCRM CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, a ...) - nltk 3.4.5-1 (low; bug #935201) [buster] - nltk (Minor issue) [stretch] - nltk (Minor issue) [jessie] - nltk (Minor issue; user has to configure a compromised server) NOTE: https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/ NOTE: https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10 CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) NOT-FOR-US: osTicket CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) NOT-FOR-US: osTicket CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...) NOT-FOR-US: osTicket CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-de ...) NOT-FOR-US: DWSurvey CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by ...) NOT-FOR-US: KuaiFanCMS CVE-2019-14745 (In radare2 before 3.7.0, a command injection vulnerability exists in b ...) - radare2 3.9.0+dfsg-1 (bug #934204) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/pull/14690 NOTE: When fixing this ussue make sure to not only apply the initial commits but NOTE: as well the followups to avoid opening CVE-2019-16718: NOTE: https://github.com/radareorg/radare2/commit/5411543a310a470b1257fb93273cdd6e8dfcb3af NOTE: https://github.com/radareorg/radare2/commit/dd739f5a45b3af3d1f65f00fe19af1dbfec7aea7 CVE-2019-14744 (In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...) {DSA-4494-1 DLA-1890-1} - kconfig 5.54.0-2 (bug #934267) - kde4libs 4:4.14.38-4 (bug #934268) [buster] - kde4libs (Minor issue) [stretch] - kde4libs (Minor issue) NOTE: https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt NOTE: https://kde.org/info/security/advisory-20190807-1.txt NOTE: kconfig: https://github.com/KDE/kconfig/commit/5d3e71b1d2ecd2cb2f910036e614ffdfc895aa22 NOTE: kdelibs: https://github.com/KDE/kdelibs/commit/2c3762feddf7e66cf6b64d9058f625a715694a00 CVE-2019-14743 (In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wo ...) NOT-FOR-US: Valve Steam Client for Windows CVE-2019-14742 RESERVED CVE-2019-14741 RESERVED CVE-2019-14740 RESERVED CVE-2019-14739 RESERVED CVE-2019-14738 RESERVED CVE-2019-14737 (Ubisoft Uplay 92.0.0.6280 has Insecure Permissions. ...) NOT-FOR-US: Ubisoft Uplay CVE-2019-14736 RESERVED CVE-2019-14735 RESERVED CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::l ...) - adplug 2.3.3+dfsg-2 [buster] - adplug (Minor issue) [stretch] - adplug (Minor issue) [jessie] - adplug (Minor issue) NOTE: https://github.com/adplug/adplug/issues/90 NOTE: https://github.com/adplug/adplug/commit/8342139c09178823dba3f3bbd8b53d0ea0c72de9 CVE-2019-14733 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::l ...) - adplug 2.3.3+dfsg-2 [buster] - adplug (Minor issue) [stretch] - adplug (Minor issue) [jessie] - adplug (Minor issue) NOTE: https://github.com/adplug/adplug/issues/89 NOTE: https://github.com/adplug/adplug/commit/cb715174f95187bf544c11ca2a2ecd091b7fbb8a (eventually got replaced by rad2.cpp rewrite) CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::l ...) - adplug 2.3.3+dfsg-2 [buster] - adplug (Minor issue) [stretch] - adplug (Minor issue) [jessie] - adplug (Minor issue) NOTE: https://github.com/adplug/adplug/issues/88 NOTE: https://github.com/adplug/adplug/commit/30ddcfe9bd1cce3e02f8135961bceb411419dbdb CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vul ...) NOT-FOR-US: ZenTao CMS CVE-2019-14730 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14729 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14728 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14727 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14726 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14725 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14724 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14723 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14722 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14721 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14720 RESERVED CVE-2019-14719 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow ...) NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals CVE-2019-14718 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have I ...) NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals CVE-2019-14717 (Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 hav ...) NOT-FOR-US: Verifone Verix OS on VerixV Pinpad Payment Terminals CVE-2019-14716 (Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocum ...) NOT-FOR-US: Verifone VerixV Pinpad Payment Terminals CVE-2019-14715 (Verifone Pinpad Payment Terminals allow undocumented physical access t ...) NOT-FOR-US: Verifone Pinpad Payment Terminals CVE-2019-14714 RESERVED CVE-2019-14713 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow ...) NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals CVE-2019-14712 (Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of ...) NOT-FOR-US: Verifone VerixV Pinpad Payment Terminals CVE-2019-14711 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a ...) NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals CVE-2019-14710 RESERVED CVE-2019-14709 (A cleartext password storage issue was discovered on MicroDigital N-se ...) NOT-FOR-US: MicroDigital CVE-2019-14708 (An issue was discovered on MicroDigital N-series cameras with firmware ...) NOT-FOR-US: MicroDigital CVE-2019-14707 (An issue was discovered on MicroDigital N-series cameras with firmware ...) NOT-FOR-US: MicroDigital CVE-2019-14706 (A denial of service issue in HTTPD was discovered on MicroDigital N-se ...) NOT-FOR-US: MicroDigital CVE-2019-14705 (An Incorrect Access Control issue was discovered on MicroDigital N-ser ...) NOT-FOR-US: MicroDigital CVE-2019-14704 (An SSRF issue was discovered in HTTPD on MicroDigital N-series cameras ...) NOT-FOR-US: MicroDigital CVE-2019-14703 (A CSRF issue was discovered in webparam?user&action=set&param= ...) NOT-FOR-US: MicroDigital CVE-2019-14702 (An issue was discovered on MicroDigital N-series cameras with firmware ...) NOT-FOR-US: MicroDigital CVE-2019-14701 (An issue was discovered on MicroDigital N-series cameras with firmware ...) NOT-FOR-US: MicroDigital CVE-2019-14700 (An issue was discovered on MicroDigital N-series cameras with firmware ...) NOT-FOR-US: MicroDigital CVE-2019-14699 (An issue was discovered on MicroDigital N-series cameras with firmware ...) NOT-FOR-US: MicroDigital CVE-2019-14698 (An issue was discovered on MicroDigital N-series cameras with firmware ...) NOT-FOR-US: MicroDigital CVE-2019-14696 (Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/ind ...) NOT-FOR-US: Open-School CVE-2019-14695 (A SQL injection vulnerability exists in the Sygnoos Popup Builder plug ...) NOT-FOR-US: Sygnoos Popup Builder plugin for WordPress CVE-2019-14694 (A use-after-free flaw in the sandbox container implemented in cmdguard ...) NOT-FOR-US: Comodo Antivirus CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External ...) NOT-FOR-US: Zoho ManageEngine AssetExplorer CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...) [experimental] - adplug 2.3.3+dfsg-1 - adplug 2.3.3+dfsg-2 (bug #943927) [buster] - adplug (Minor issue) [stretch] - adplug (Minor issue) [jessie] - adplug (Minor issue) NOTE: https://github.com/adplug/adplug/issues/87 CVE-2019-14691 (AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in ...) [experimental] - adplug 2.3.3+dfsg-1 - adplug 2.3.3+dfsg-2 (bug #943928) [buster] - adplug (Minor issue) [stretch] - adplug (Minor issue) [jessie] - adplug (Minor issue) NOTE: https://github.com/adplug/adplug/issues/86 CVE-2019-14690 (AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_ ...) [experimental] - adplug 2.3.3+dfsg-1 - adplug 2.3.3+dfsg-2 (bug #943929) [buster] - adplug (Minor issue) [stretch] - adplug (Minor issue) [jessie] - adplug (Minor issue) NOTE: https://github.com/adplug/adplug/issues/85 CVE-2019-14697 (musl libc through 1.1.23 has an x87 floating-point stack adjustment im ...) - musl 1.1.23-2 [buster] - musl (Minor issue) [stretch] - musl (Minor issue) [jessie] - musl (Minor issue) NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=f3ed8bfe8a82af1870ddc8696ed4cc1d5aa6b441 NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=6818c31c9bc4bbad5357f1de14bedf781e5b349e NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/1 CVE-2019-14689 RESERVED CVE-2019-14688 (Trend Micro has repackaged installers for several Trend Micro products ...) NOT-FOR-US: Trend Micro CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...) NOT-FOR-US: Trend Micro CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro Security's 201 ...) NOT-FOR-US: Trend Micro CVE-2019-14685 (A local privilege escalation vulnerability exists in Trend Micro Secur ...) NOT-FOR-US: Trend Micro CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...) NOT-FOR-US: Trend Micro CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...) NOT-FOR-US: Wordpress plugin CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for ...) NOT-FOR-US: Wordpress plugin CVE-2019-14681 (The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admi ...) NOT-FOR-US: Wordpress plugin CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 f ...) NOT-FOR-US: Wordpress plugin CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 fo ...) NOT-FOR-US: Wordpress plugin CVE-2019-14678 (SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability tha ...) NOT-FOR-US: SAP CVE-2019-14677 RESERVED CVE-2019-14676 RESERVED CVE-2019-14675 RESERVED CVE-2019-14674 RESERVED CVE-2019-14673 RESERVED CVE-2019-14672 (Firefly III 4.7.17.5 is vulnerable to stored XSS due to the lack of fi ...) NOT-FOR-US: Firefly CVE-2019-14671 (Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attac ...) NOT-FOR-US: Firefly CVE-2019-14670 (Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of fi ...) NOT-FOR-US: Firefly CVE-2019-14669 (Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of fi ...) NOT-FOR-US: Firefly CVE-2019-14668 (Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of fi ...) NOT-FOR-US: Firefly CVE-2019-14667 (Firefly III 4.7.17.4 is vulnerable to multiple stored XSS issues due t ...) NOT-FOR-US: Firefly CVE-2019-14666 (GLPI through 9.4.3 is prone to account takeover by abusing the ajax/au ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-47hq-pfrr-jh5q NOTE: Only supported behind an authenticated HTTP zone CVE-2019-14665 (Brandy 1.20.1 has a heap-based buffer overflow in define_array in vari ...) - brandy (unimportant; bug #933996) NOTE: https://sourceforge.net/p/brandy/bugs/8/ NOTE: Negligible security impact CVE-2019-14664 (In Enigmail below 2.1, an attacker in possession of PGP encrypted emai ...) - enigmail 2:2.1.3+ds1-1 [jessie] - enigmail (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html) NOTE: https://sourceforge.net/p/enigmail/bugs/984/ CVE-2019-14663 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fi ...) - brandy (unimportant; bug #933996) NOTE: https://sourceforge.net/p/brandy/bugs/6/ NOTE: Negligible security impact CVE-2019-14662 (Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in f ...) - brandy (unimportant; bug #933996) NOTE: https://sourceforge.net/p/brandy/bugs/7/ NOTE: Negligible security impact CVE-2019-14661 RESERVED CVE-2019-14660 RESERVED CVE-2019-14659 REJECTED CVE-2019-14658 RESERVED CVE-2019-14657 (Yealink phones through 2019-08-04 have an issue with OpenVPN file uplo ...) NOT-FOR-US: Yealink CVE-2019-14656 (Yealink phones through 2019-08-04 do not properly check user roles in ...) NOT-FOR-US: Yealink CVE-2019-14655 REJECTED CVE-2019-14654 (In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authoris ...) NOT-FOR-US: Joomla! CVE-2019-XXXX [Buffer overflow during processing of large server replies] - pump (bug #933674) [jessie] - pump 0.8.24-7+deb8u1 CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP e ...) NOT-FOR-US: pandao Editor.md CVE-2019-14652 (explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explor ...) NOT-FOR-US: Amazon AWS JavaScript S3 Explorer CVE-2019-14651 RESERVED CVE-2019-14650 RESERVED CVE-2019-14649 RESERVED CVE-2019-14648 RESERVED CVE-2019-14647 RESERVED CVE-2019-14646 RESERVED CVE-2019-14645 RESERVED CVE-2019-14644 RESERVED CVE-2019-14643 RESERVED CVE-2019-14642 RESERVED CVE-2019-14641 RESERVED CVE-2019-14640 RESERVED CVE-2019-14639 RESERVED CVE-2019-14638 RESERVED CVE-2019-14637 RESERVED CVE-2019-14636 RESERVED CVE-2019-14635 RESERVED CVE-2019-14634 RESERVED CVE-2019-14633 RESERVED CVE-2019-14632 RESERVED CVE-2019-14631 RESERVED CVE-2019-14630 (Reliance on untrusted inputs in a security decision in some Intel(R) T ...) NOT-FOR-US: Intel CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold may all ...) NOT-FOR-US: Intel CVE-2019-14628 RESERVED CVE-2019-14627 RESERVED CVE-2019-14626 (Improper access control in PCIe function for the Intel® FPGA Prog ...) NOT-FOR-US: Intel CVE-2019-14625 (Improper access control in on-card storage for the Intel® FPGA Pr ...) NOT-FOR-US: Intel CVE-2019-14624 RESERVED CVE-2019-14623 RESERVED CVE-2019-14622 RESERVED CVE-2019-14621 RESERVED CVE-2019-14620 (Insufficient control flow management for some Intel(R) Wireless Blueto ...) NOT-FOR-US: Intel CVE-2019-14619 RESERVED CVE-2019-14618 RESERVED CVE-2019-14617 RESERVED CVE-2019-14616 RESERVED CVE-2019-14615 (Insufficient control flow in certain data structures for some Intel(R) ...) {DLA-2114-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 [jessie] - linux (Driver doesn't support this hardware) NOTE: https://git.kernel.org/linus/bc8a76a152c5f9ef3b48104154a65a68a8b76946 CVE-2019-14614 RESERVED CVE-2019-14613 (Improper access control in driver for Intel(R) VTune(TM) Amplifier for ...) NOT-FOR-US: Intel CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...) NOT-FOR-US: Intel CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...) NOT-FOR-US: Intel CVE-2019-14610 (Improper access control in firmware for Intel(R) NUC(R) may allow an a ...) NOT-FOR-US: Intel CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may allow a ...) NOT-FOR-US: Intel CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow ...) NOT-FOR-US: Intel CVE-2019-14607 (Improper conditions check in multiple Intel® Processors may allow ...) {DSA-4565-2} - intel-microcode 3.20191115.1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html CVE-2019-14606 RESERVED CVE-2019-14605 (Improper permissions in the installer for the Intel(R) SCS Platform Di ...) NOT-FOR-US: Intel CVE-2019-14604 (Null pointer dereference in the FPGA kernel driver for Intel(R) Quartu ...) NOT-FOR-US: Intel CVE-2019-14603 (Improper permissions in the installer for the License Server software ...) NOT-FOR-US: Intel CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...) NOT-FOR-US: Nuvoton* CIR Driver CVE-2019-14601 (Improper permissions in the installer for Intel(R) RWC 3 for Windows b ...) NOT-FOR-US: Intel CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) SNMP Su ...) NOT-FOR-US: Intel CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier ...) NOT-FOR-US: Intel CVE-2019-14598 (Improper Authentication in subsystem in Intel(R) CSME versions 12.0 th ...) NOT-FOR-US: Intel CVE-2019-14597 RESERVED CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...) NOT-FOR-US: Intel CVE-2019-14595 RESERVED CVE-2019-14594 RESERVED CVE-2019-14593 RESERVED CVE-2019-14592 RESERVED CVE-2019-14591 (Improper input validation in the API for Intel(R) Graphics Driver vers ...) NOT-FOR-US: Intel Windows graphics driver CVE-2019-14590 (Improper access control in the API for the Intel(R) Graphics Driver ve ...) NOT-FOR-US: Intel Windows graphics driver CVE-2019-14589 RESERVED CVE-2019-14588 RESERVED CVE-2019-14587 (Logic issue EDK II may allow an unauthenticated user to potentially en ...) {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 (non-free) CVE-2019-14586 (Use after free vulnerability in EDK II may allow an authenticated user ...) {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 (non-free) CVE-2019-14585 RESERVED CVE-2019-14584 (Null pointer dereference in Tianocore EDK2 may allow an authenticated ...) {DLA-2645-1} - edk2 2020.11-1 (bug #977300) [buster] - edk2 0~20181115.85588389-3+deb10u3 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914 NOTE: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10 CVE-2019-14583 RESERVED CVE-2019-14582 RESERVED CVE-2019-14581 RESERVED CVE-2019-14580 RESERVED CVE-2019-14579 RESERVED CVE-2019-14578 RESERVED CVE-2019-14577 RESERVED CVE-2019-14576 RESERVED CVE-2019-14575 (Logic issue in DxeImageVerificationHandler() for EDK II may allow an a ...) {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 (low; bug #952935) [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 (non-free) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 CVE-2019-14574 (Out of bounds read in a subsystem for Intel(R) Graphics Driver version ...) NOT-FOR-US: Intel Windows graphics driver CVE-2019-14573 RESERVED CVE-2019-14572 RESERVED CVE-2019-14571 RESERVED CVE-2019-14570 (Memory corruption in system firmware for Intel(R) NUC may allow a priv ...) NOT-FOR-US: Intel CVE-2019-14569 (Pointer corruption in system firmware for Intel(R) NUC may allow a pri ...) NOT-FOR-US: Intel CVE-2019-14568 (Improper permissions in the executable for Intel(R) RST before version ...) NOT-FOR-US: Intel CVE-2019-14567 RESERVED CVE-2019-14566 (Insufficient input validation in Intel(R) SGX SDK multiple Linux and W ...) NOT-FOR-US: Intel CVE-2019-14565 (Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.1 ...) NOT-FOR-US: Intel CVE-2019-14564 RESERVED CVE-2019-14563 (Integer truncation in EDK II may allow an authenticated user to potent ...) {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 (low; bug #952934) [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 (non-free) NOTE: https://github.com/tianocore/edk2/commit/322ac05f8bbc1bce066af1dabd1b70ccdbe28891 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2001 CVE-2019-14562 (Integer overflow in DxeImageVerificationHandler() EDK II may allow an ...) {DLA-2645-1} - edk2 2020.05-4 (bug #968819) [buster] - edk2 0~20181115.85588389-3+deb10u2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869245 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2215 CVE-2019-14561 RESERVED CVE-2019-14560 [GetEfiGlobalVariable2() return value not checked] RESERVED - edk2 (bug #967994) [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) [stretch] - edk2 (Minor issue) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2167 CVE-2019-14559 (Uncontrolled resource consumption in EDK II may allow an unauthenticat ...) {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 (bug #952926; low) [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 (non-free) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2550 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031 CVE-2019-14558 (Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ...) {DLA-2645-1} - edk2 0~20200229.4c0f6e34-1 [buster] - edk2 0~20181115.85588389-3+deb10u1 [jessie] - edk2 (non-free) NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1611 NOTE: https://github.com/tianocore/edk2/commit/764e8ba1389a617639d79d2c4f0d53f4ea4a7387 NOTE: https://github.com/tianocore/edk2/commit/f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d CVE-2019-14557 (Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R ...) NOT-FOR-US: Intel CVE-2019-14556 (Improper initialization in BIOS firmware for 8th, 9th, 10th Generation ...) NOT-FOR-US: Intel CVE-2019-14555 RESERVED CVE-2019-14554 RESERVED CVE-2019-14553 (Improper authentication in EDK II may allow a privileged user to poten ...) - edk2 0~20190828.37eef910-4 (unimportant; bug #941775) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1758518 NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=960 NOTE: unimportant, as Debian builds do not enable HTTPSBOOT (via NOTE: -DNETWORK_TLS_ENABLE=TRUE). CVE-2019-14552 RESERVED CVE-2019-14551 (Das Q before 2019-08-02 allows web sites to execute arbitrary code on ...) NOT-FOR-US: Das Keyboard Q CVE-2019-14550 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...) NOT-FOR-US: EspoCRM CVE-2019-14549 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...) NOT-FOR-US: EspoCRM CVE-2019-14548 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS in the bod ...) NOT-FOR-US: EspoCRM CVE-2019-14547 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...) NOT-FOR-US: EspoCRM CVE-2019-14546 (An issue was discovered in EspoCRM before 5.6.9. Stored XSS was execut ...) NOT-FOR-US: EspoCRM CVE-2019-14545 RESERVED CVE-2019-14544 (routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for route ...) NOT-FOR-US: Go Git Service CVE-2019-14543 RESERVED CVE-2019-14542 RESERVED CVE-2019-14541 (GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id ...) - gnucobol 3.0~rc1-2 (low; bug #933884) [buster] - gnucobol (Minor issue) - open-cobol [stretch] - open-cobol (Minor issue) [jessie] - open-cobol (Minor issue) NOTE: https://sourceforge.net/p/gnucobol/bugs/584/ CVE-2019-14540 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DSA-4542-1 DLA-1943-1} - jackson-databind 2.10.0-1 (bug #940498) NOTE: https://github.com/FasterXML/jackson-databind/issues/2410 NOTE: https://github.com/FasterXML/jackson-databind/issues/2449 NOTE: https://github.com/FasterXML/jackson-databind/commit/d4983c740fec7d5576b207a8c30a63d3ea7443de CVE-2019-14539 RESERVED CVE-2019-14538 RESERVED CVE-2019-14537 (YOURLS through 1.7.3 is affected by a type juggling vulnerability in t ...) NOT-FOR-US: YOURLS CVE-2019-14536 RESERVED CVE-2019-14535 (A divide-by-zero error exists in the SeekIndex function of demux/asf/a ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14534 (In VideoLAN VLC media player 3.0.7.1, there is a NULL pointer derefere ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14533 (The Control function of demux/asf/asf.c in VideoLAN VLC media player 3 ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14532 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off ...) - sleuthkit (unimportant) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1575 NOTE: Negligible security impact CVE-2019-14531 (An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out ...) - sleuthkit (unimportant) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1576 NOTE: Negligible security impact CVE-2019-14530 (An issue was discovered in custom/ajax_download.php in OpenEMR before ...) NOT-FOR-US: OpenEMR CVE-2019-14529 (OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/s ...) NOT-FOR-US: OpenEMR CVE-2019-14528 (GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/ ...) - gnucobol 3.0~rc1-2 (low; bug #933884) [buster] - gnucobol (Minor issue) - open-cobol [stretch] - open-cobol (Minor issue) [jessie] - open-cobol (Minor issue) NOTE: https://sourceforge.net/p/gnucobol/bugs/583/ CVE-2019-14527 (An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices befor ...) NOT-FOR-US: NETGEAR CVE-2019-14526 (An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices befor ...) NOT-FOR-US: NETGEAR CVE-2019-14525 (In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019. ...) NOT-FOR-US: Octopus Deploy CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...) - schism 2:20190805-1 (bug #933808) [buster] - schism (Minor issue) [stretch] - schism (Minor issue) [jessie] - schism (Minor issue) NOTE: https://github.com/schismtracker/schismtracker/issues/201 CVE-2019-14523 (An issue was discovered in Schism Tracker through 20190722. There is a ...) - schism 2:20190805-1 (bug #933809) [buster] - schism (Minor issue) [stretch] - schism (Minor issue) [jessie] - schism (Minor issue) NOTE: https://github.com/schismtracker/schismtracker/issues/202 CVE-2019-14522 RESERVED CVE-2019-14521 (The api/admin/logoupload Logo File upload feature in EMCA Energy Logse ...) NOT-FOR-US: EMCA Energy Logserver CVE-2019-14520 RESERVED CVE-2019-14519 RESERVED CVE-2019-14518 (** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and ne ...) NOT-FOR-US: Evolution CMS CVE-2019-14517 (pandao Editor.md 1.5.0 allows XSS via the Javas&#99;ript: string. ...) NOT-FOR-US: pandao Editor.md CVE-2019-14516 (The mAadhaar application 1.2.7 for Android lacks SSL Certificate Valid ...) NOT-FOR-US: mAadhaar application for Android CVE-2019-14515 RESERVED CVE-2019-14514 (An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. ...) NOT-FOR-US: Microvirt MEmu CVE-2019-14513 (Improper bounds checking in Dnsmasq before 2.76 allows an attacker con ...) {DLA-1921-1} - dnsmasq 2.76-1 [buster] - dnsmasq (Minor issue) [stretch] - dnsmasq (Minor issue) NOTE: https://github.com/Slovejoy/dnsmasq-pre2.76 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d3a8b39c7df2f0debf3b5f274a1c37a9e261f94e CVE-2019-14512 (LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/P ...) - limesurvey (bug #472802) CVE-2019-14511 (Sphinx Technologies Sphinx 3.1.1 by default has no authentication and ...) - sphinxsearch (unimportant; bug #939762) NOTE: Issue is just with the default configuration, but can be easily reconfigured NOTE: to listen on localhost only. sphinxsearch will not be started automatically NOTE: and an admin needs first to create anyway a /etc/sphinxsearch/sphinx.conf NOTE: starting from a sample. NOTE: sphinxsearch should ideally update the defaults in sample configs to bind NOTE: listeners to localhost. NOTE: This is not treated as a vulnerability, subject to design choices for deployment CVE-2019-14510 (An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using ...) NOT-FOR-US: Kaseya VSA RMM CVE-2019-14509 RESERVED CVE-2019-14508 REJECTED CVE-2019-14507 REJECTED CVE-2019-14506 REJECTED CVE-2019-14505 REJECTED CVE-2019-14504 REJECTED CVE-2019-14503 REJECTED CVE-2019-14502 REJECTED CVE-2019-14501 REJECTED CVE-2019-14500 REJECTED CVE-2019-14499 REJECTED CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/caf.c i ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...) {DLA-2292-1 DLA-1961-1} - milkytracker 1.02.00+dfsg-2 (bug #933964) [buster] - milkytracker 1.02.00+dfsg-1+deb10u1 NOTE: https://github.com/milkytracker/MilkyTracker/issues/182 NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7 CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...) {DLA-2292-1 DLA-1961-1} - milkytracker 1.02.00+dfsg-2 (bug #933964) [buster] - milkytracker 1.02.00+dfsg-1+deb10u1 NOTE: https://github.com/milkytracker/MilkyTracker/issues/183 NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7 CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...) - 3proxy (bug #718219) CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a divide-b ...) {DLA-2440-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (bug #933812) [buster] - poppler (Minor issue) [jessie] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/802 NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/b224e2f5739fe61de9fa69955d016725b2a4b78d CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...) {DLA-2799-1} [experimental] - opencv 4.1.1+dfsg-1 - opencv 4.1.2+dfsg-3 [buster] - opencv (Minor issue) [jessie] - opencv (Minor issue, DoS, PoC not crashing) NOTE: https://github.com/opencv/opencv/issues/15127 NOTE: https://github.com/opencv/opencv/commit/5691d998ead1d9b0542bcfced36c2dceb3a59023 NOTE: In older versions of opencv missing NULL pointer check(s) are in NOTE: modules/core/src/persistence.cpp (before refactoring). CVE-2019-14492 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...) [experimental] - opencv 4.1.1+dfsg-1 - opencv 4.1.2+dfsg-3 [buster] - opencv (Minor issue; can be fixed via point release) [stretch] - opencv (Minor issue; can be fixed via point release) [jessie] - opencv (Minor issue, DoS, PoC not crashing) NOTE: https://github.com/opencv/opencv/issues/15124 NOTE: https://github.com/opencv/opencv/commit/ac425f67e4c1d0da9afb9203f0918d8d57c067ed CVE-2019-14491 (An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. T ...) [experimental] - opencv 4.1.1+dfsg-1 - opencv 4.1.2+dfsg-3 [buster] - opencv (Minor issue; can be fixed via point release) [stretch] - opencv (Minor issue; can be fixed via point release) [jessie] - opencv (Minor issue, DoS, PoC not crashing) NOTE: https://github.com/opencv/opencv/issues/15125 NOTE: https://github.com/opencv/opencv/commit/ac425f67e4c1d0da9afb9203f0918d8d57c067ed CVE-2019-14490 RESERVED CVE-2019-14489 RESERVED CVE-2019-14488 RESERVED CVE-2019-14487 RESERVED CVE-2019-14486 (GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c ...) - gnucobol 3.0~rc1-2 (low; bug #933884) [buster] - gnucobol (Minor issue) - open-cobol [stretch] - open-cobol (Minor issue) [jessie] - open-cobol (Minor issue) NOTE: https://sourceforge.net/p/gnucobol/bugs/582/ CVE-2019-14485 RESERVED CVE-2019-14484 RESERVED CVE-2019-14483 (AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user ...) NOT-FOR-US: AdRem NetCrunch CVE-2019-14482 (AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerabil ...) NOT-FOR-US: AdRem NetCrunch CVE-2019-14481 (AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vu ...) NOT-FOR-US: AdRem NetCrunch CVE-2019-14480 (AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerabi ...) NOT-FOR-US: AdRem NetCrunch CVE-2019-14479 (AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCr ...) NOT-FOR-US: AdRem NetCrunch CVE-2019-14478 (AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vu ...) NOT-FOR-US: AdRem NetCrunch CVE-2019-14477 (AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the ...) NOT-FOR-US: AdRem NetCrunch CVE-2019-14476 (AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) v ...) NOT-FOR-US: AdRem NetCrunch CVE-2019-14475 (eQ-3 Homematic CCU2 2.47.15 and prior and CCU3 3.47.15 and prior use s ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14474 (eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in ...) NOT-FOR-US: eQ-3 Homematic CCU3 CVE-2019-14473 (eQ-3 Homematic CCU2 and CCU3 use session IDs for authentication but la ...) NOT-FOR-US: eQ-3 Homematic CCU2 and CCU3 CVE-2019-14472 (Zurmo 3.2.7-2 has XSS via the app/index.php/zurmo/default PATH_INFO. ...) NOT-FOR-US: Zumo CVE-2019-14471 (TestLink 1.9.19 has XSS via the error.php message parameter. ...) NOT-FOR-US: TestLink CVE-2019-14470 (cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the ...) NOT-FOR-US: cosenary Instagram-PHP-API CVE-2019-14469 (In Nexus Repository Manager before 3.18.0, users with elevated privile ...) NOT-FOR-US: Nexus Repository Manager CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via c ...) - gnucobol 3.0~rc1-2 (low; bug #933884) [buster] - gnucobol (Minor issue) - open-cobol [stretch] - open-cobol (Minor issue) [jessie] - open-cobol (Minor issue) NOTE: https://sourceforge.net/p/gnucobol/bugs/581/ CVE-2019-14467 (The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code E ...) NOT-FOR-US: Social Photo Gallery plugin for WordPress CVE-2019-14466 (The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable ...) {DLA-1905-1} - gosa 2.7.4+reloaded3-10 [buster] - gosa 2.7.4+reloaded3-8+deb10u2 [stretch] - gosa 2.7.4+reloaded2-13+deb9u3 NOTE: https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b (fix) NOTE: https://github.com/gosa-project/gosa-core/commit/90b674960335d888c76ca5e99027df8e7fa66f3a (fixing the prev commit) NOTE: https://github.com/gosa-project/gosa-core/pull/30#issuecomment-521975100 CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-b ...) - schism 2:20190805-1 (bug #933807) [buster] - schism (Minor issue) [stretch] - schism (Minor issue) [jessie] - schism (Minor issue) NOTE: https://github.com/schismtracker/schismtracker/issues/198 NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42 CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a ...) {DLA-2292-1 DLA-1961-1} - milkytracker 1.02.00+dfsg-2 (bug #933964) [buster] - milkytracker 1.02.00+dfsg-1+deb10u1 NOTE: https://github.com/milkytracker/MilkyTracker/issues/184 NOTE: https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34 CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...) {DLA-2825-1} - libmodbus 3.1.6-1 (bug #933805) [buster] - libmodbus (Minor issue) [jessie] - libmodbus (Minor issue) NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc (3.1.5) NOTE: https://github.com/stephane/libmodbus/commit/6f915d4215c06be3c719761423d9b5e8aa3cb820 (3.1.5) NOTE: https://github.com/stephane/libmodbus/commit/2b5cb5896120d7564f4c34fdc5aaa4f22a97e45c (3.0.7) NOTE: https://github.com/stephane/libmodbus/commit/64cd092bcc421a70431fe1fb6b7f1e6f491f7cf8 (3.0.8) CVE-2019-14462 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...) {DLA-2825-1} - libmodbus 3.1.6-1 (bug #933805) [buster] - libmodbus (Minor issue) [jessie] - libmodbus (Minor issue) NOTE: https://github.com/stephane/libmodbus/commit/5ccdf5ef79d742640355d1132fa9e2abc7fbaefc (3.1.5) NOTE: https://github.com/stephane/libmodbus/commit/6f915d4215c06be3c719761423d9b5e8aa3cb820 (3.1.5) NOTE: https://github.com/stephane/libmodbus/commit/2b5cb5896120d7564f4c34fdc5aaa4f22a97e45c (3.0.7) NOTE: https://github.com/stephane/libmodbus/commit/64cd092bcc421a70431fe1fb6b7f1e6f491f7cf8 (3.0.8) CVE-2019-14461 RESERVED CVE-2019-14460 RESERVED CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...) {DLA-2383-1} - nfdump 1.6.18-1 (bug #933740) [buster] - nfdump (Minor issue) NOTE: https://github.com/phaag/nfdump/issues/171 NOTE: https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b CVE-2019-14458 (VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of ...) NOT-FOR-US: VIVOTEK IP Camera devices CVE-2019-14457 (VIVOTEK IP Camera devices with firmware before 0x20x have a stack-base ...) NOT-FOR-US: VIVOTEK IP Camera devices CVE-2019-14456 (Opengear console server firmware releases prior to 4.5.0 have a stored ...) NOT-FOR-US: Opengear console server firmware CVE-2019-14455 RESERVED CVE-2019-14454 (SuiteCRM 7.11.x and 7.10.x before 7.11.8 and 7.10.20 is vulnerable to ...) NOT-FOR-US: SuiteCRM CVE-2019-14453 (An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It ...) NOT-FOR-US: Comelit "App lejos de casa (web)" CVE-2019-14452 (Sigil before 0.9.16 is vulnerable to a directory traversal, allowing a ...) - sigil 0.9.16+dfsg-1 (bug #933797) [buster] - sigil (Minor issue) [stretch] - sigil (Minor issue) NOTE: https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4 NOTE: https://github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f NOTE: https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4 CVE-2019-14451 (RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not proper ...) NOT-FOR-US: Repetier-Server CVE-2019-14450 (A directory traversal vulnerability was discovered in RepetierServer.e ...) NOT-FOR-US: Repetier-Server CVE-2019-14449 (An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x b ...) NOT-FOR-US: Cloudera CVE-2019-14448 RESERVED CVE-2019-14447 RESERVED CVE-2019-14446 RESERVED CVE-2019-14445 RESERVED CVE-2019-14444 (apply_relocations in readelf.c in GNU Binutils 2.32 contains an intege ...) - binutils 2.32.51.20190813-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24829 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 NOTE: binutils not covered by security support CVE-2019-14443 (An issue was discovered in Libav 12.3. Division by zero in range_decod ...) {DLA-2021-1} - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1161#c1 CVE-2019-14442 (In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file ...) {DLA-1907-1} - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1159 CVE-2019-14441 (** DISPUTED ** An issue was discovered in Libav 12.3. An access violat ...) - libav [jessie] - libav (cf. CVE-2018-19129) NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1161#c0 NOTE: Duplicate of CVE-2018-19129 CVE-2019-14440 RESERVED CVE-2019-14439 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DSA-4542-1 DLA-1879-1} - jackson-databind 2.9.9.3-1 (bug #933393) NOTE: https://github.com/FasterXML/jackson-databind/issues/2389 NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b CVE-2019-14438 (A heap-based buffer over-read in xiph_PackHeaders() in modules/demux/x ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14437 (The xiph_SplitHeaders function in modules/demux/xiph.h in VideoLAN VLC ...) {DSA-4504-1} - vlc 3.0.8-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-14436 RESERVED CVE-2019-14435 RESERVED CVE-2019-14434 RESERVED CVE-2019-14433 (An issue was discovered in OpenStack Nova before 17.0.12, 18.x before ...) - nova 2:19.0.2-1 (low; bug #934114) [buster] - nova (Minor issue) [stretch] - nova (Minor issue) [jessie] - nova (Minor issue) NOTE: https://security.openstack.org/ossa/OSSA-2019-003.html NOTE: https://launchpad.net/bugs/1837877 CVE-2019-14432 (Incorrect authentication of application WebSocket connections in Loom ...) NOT-FOR-US: Loom Desktop for Mac CVE-2019-14431 (In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles ...) - matrixssl CVE-2019-14430 (plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows S ...) NOT-FOR-US: YouPHPTube CVE-2019-14429 RESERVED CVE-2019-14428 RESERVED CVE-2019-14427 (XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch ...) NOT-FOR-US: WEB STUDIO Ultimate Loan Manager CVE-2019-14426 RESERVED CVE-2019-14425 RESERVED CVE-2019-14424 (A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of th ...) NOT-FOR-US: eQ-3 Homematic CCU-Firmware CVE-2019-14423 (A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of t ...) NOT-FOR-US: eQ-3 Homematic CCU-Firmware CVE-2019-14422 (An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI han ...) NOT-FOR-US: TortoiseSVN CVE-2019-14421 RESERVED CVE-2019-14420 RESERVED CVE-2019-14419 RESERVED CVE-2019-14418 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...) NOT-FOR-US: Veritas Resiliency Platform (VRP) CVE-2019-14417 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...) NOT-FOR-US: Veritas Resiliency Platform (VRP) CVE-2019-14416 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...) NOT-FOR-US: Veritas Resiliency Platform (VRP) CVE-2019-14415 (An issue was discovered in Veritas Resiliency Platform (VRP) before 3. ...) NOT-FOR-US: Veritas Resiliency Platform (VRP) CVE-2019-14414 (In cPanel before 78.0.2, a Userdata cache temporary file can conflict ...) NOT-FOR-US: cPanel CVE-2019-14413 (cPanel before 78.0.2 allows certain file-write operations as shared us ...) NOT-FOR-US: cPanel CVE-2019-14412 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...) NOT-FOR-US: cPanel CVE-2019-14411 (cPanel before 78.0.2 does not properly restrict demo accounts from wri ...) NOT-FOR-US: cPanel CVE-2019-14410 (Maketext in cPanel before 78.0.2 allows format-string injection in the ...) NOT-FOR-US: cPanel CVE-2019-14409 (cPanel before 78.0.2 allows arbitrary file-read operations via Passeng ...) NOT-FOR-US: cPanel CVE-2019-14408 (cPanel before 78.0.2 allows a demo account to link with an OpenID prov ...) NOT-FOR-US: cPanel CVE-2019-14407 (cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-41 ...) NOT-FOR-US: cPanel CVE-2019-14406 (cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing ( ...) NOT-FOR-US: cPanel CVE-2019-14405 (cPanel before 78.0.18 allows demo accounts to execute code via securit ...) NOT-FOR-US: cPanel CVE-2019-14404 (cPanel before 78.0.18 allows certain file-read operations in the conte ...) NOT-FOR-US: cPanel CVE-2019-14403 (cPanel before 78.0.18 offers an open mail relay because of incorrect d ...) NOT-FOR-US: cPanel CVE-2019-14402 (cPanel before 78.0.18 unsafely determines terminal capabilities by usi ...) NOT-FOR-US: cPanel CVE-2019-14401 (cPanel before 78.0.18 allows code execution via an addforward API1 cal ...) NOT-FOR-US: cPanel CVE-2019-14400 (cPanel before 78.0.18 allows local users to escalate to root access be ...) NOT-FOR-US: cPanel CVE-2019-14399 (The SSL certificate-storage feature in cPanel before 78.0.18 allows un ...) NOT-FOR-US: cPanel CVE-2019-14398 (cPanel before 80.0.5 allows demo accounts to execute arbitrary code vi ...) NOT-FOR-US: cPanel CVE-2019-14397 (cPanel before 80.0.5 allows demo accounts to modify arbitrary files vi ...) NOT-FOR-US: cPanel CVE-2019-14396 (API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertio ...) NOT-FOR-US: cPanel CVE-2019-14395 (cPanel before 80.0.5 uses world-readable permissions for the Queueproc ...) NOT-FOR-US: cPanel CVE-2019-14394 (cPanel before 80.0.5 allows unsafe file operations in the context of t ...) NOT-FOR-US: cPanel CVE-2019-14393 (cPanel before 80.0.5 allows local code execution in the context of a d ...) NOT-FOR-US: cPanel CVE-2019-14392 (cPanel before 80.0.22 allows remote code execution by a demo account b ...) NOT-FOR-US: cPanel CVE-2019-14391 (cPanel before 82.0.2 does not properly enforce Reseller package creati ...) NOT-FOR-US: cPanel CVE-2019-14390 (cPanel before 82.0.2 has stored XSS in the WHM Modify Account interfac ...) NOT-FOR-US: cPanel CVE-2019-14389 (cPanel before 82.0.2 allows local users to discover the MySQL root pas ...) NOT-FOR-US: cPanel CVE-2019-14388 (cPanel before 82.0.2 allows unauthenticated file creation because Exim ...) NOT-FOR-US: cPanel CVE-2019-14387 (cPanel before 82.0.2 has Self XSS in the cPanel and webmail master tem ...) NOT-FOR-US: cPanel CVE-2019-14386 (cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interfac ...) NOT-FOR-US: cPanel CVE-2019-14385 RESERVED CVE-2019-14384 RESERVED CVE-2019-14383 (J2B in libopenmpt before 0.4.2 allows an assertion failure during file ...) - libopenmpt 0.4.2-1 (unimportant) NOTE: https://lib.openmpt.org/libopenmpt/2019/01/22/security-updates-0.4.2-0.3.15-0.2.11253-beta37-0.2.7561-beta20.5-p13-0.2.7386-beta20.3-p16/ NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=11216 NOTE: Negligible security impact CVE-2019-14382 (DSM in libopenmpt before 0.4.2 allows an assertion failure during file ...) - libopenmpt 0.4.2-1 (unimportant) NOTE: https://lib.openmpt.org/libopenmpt/2019/01/22/security-updates-0.4.2-0.3.15-0.2.11253-beta37-0.2.7561-beta20.5-p13-0.2.7386-beta20.3-p16/ NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=11209 NOTE: Negligible security impact CVE-2019-14381 (libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereferen ...) - libopenmpt 0.4.3-1 [stretch] - libopenmpt (Vulnerable code not present in 0.2.x series) NOTE: https://lib.openmpt.org/libopenmpt/2019/02/11/security-update-0.4.3/ CVE-2019-14380 (libopenmpt before 0.4.5 allows a crash during playback due to an out-o ...) {DSA-4729-1} - libopenmpt 0.4.5-1 (low) [stretch] - libopenmpt (Vulnerable code not present in 0.2 branch) NOTE: https://lib.openmpt.org/libopenmpt/2019/05/27/security-update-0.4.5/ CVE-2019-14379 (SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mis ...) {DSA-4542-1 DLA-1879-1} - jackson-databind 2.9.9.3-1 (bug #933393) NOTE: https://github.com/FasterXML/jackson-databind/issues/2387 NOTE: https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b CVE-2019-14378 (ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overf ...) {DSA-4512-1 DSA-4506-1 DLA-1927-1} - qemu 1:4.1-1 (bug #933741) - qemu-kvm - slirp4netns 0.3.2-1 (bug #933742) [buster] - slirp4netns 0.2.3-1 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/126c04acbabd7ad32c2b018fe10dfac2a3bc1210 NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-gjwp-vf65-3jqf CVE-2019-14377 RESERVED CVE-2019-14376 RESERVED CVE-2019-14375 RESERVED CVE-2019-14374 RESERVED CVE-2019-14373 (An issue was discovered in image_save_png in image/image-png.cpp in Fr ...) - flif NOTE: https://github.com/FLIF-hub/FLIF/issues/541 CVE-2019-14372 (In Libav 12.3, there is an infinite loop in the function wv_read_block ...) {DLA-1907-1} - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1165 CVE-2019-14371 (An issue was discovered in Libav 12.3. There is an infinite loop in th ...) {DLA-1907-1} - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1163 NOTE: fixed through CVE-2018-11102 / https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/7abf394814d818973db562102f21ab9d10540840 CVE-2019-14370 (In Exiv2 0.27.99.0, there is an out-of-bounds read in Exiv2::MrwImage: ...) - exiv2 0.27.2-6 [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (poc not triggered with asan/valgrind, different MemIo::seek bound check) NOTE: https://github.com/Exiv2/exiv2/issues/954 NOTE: fixed through CVE-2019-13504 NOTE: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9 CVE-2019-14369 (Exiv2::PngImage::readMetadata() in pngimage.cpp in Exiv2 0.27.99.0 all ...) - exiv2 0.27.2-6 [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (poc not triggered with asan/valgrind, different MemIo::seek bound check) NOTE: https://github.com/Exiv2/exiv2/issues/953 NOTE: fixed through CVE-2019-13504 NOTE: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9 CVE-2019-14368 (Exiv2 0.27.99.0 has a heap-based buffer over-read in Exiv2::RafImage:: ...) - exiv2 (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/issues/952 NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9 NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/c72d16f4c402a8acc2dfe06fe3d58bf6cf99069e CVE-2019-14367 (Slack-Chat through 1.5.5 leaks a Slack Access Token in source code. An ...) NOT-FOR-US: Slack-Chat CVE-2019-14366 (WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access T ...) NOT-FOR-US: WP SlackSync plugin for WordPress CVE-2019-14365 (The Intercom plugin through 1.2.1 for WordPress leaks a Slack Access T ...) NOT-FOR-US: Intercom plugin for WordPress CVE-2019-14364 (An XSS vulnerability in the "Email Subscribers & Newsletters" plug ...) NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress CVE-2019-14363 (A stack-based buffer overflow in the upnpd binary running on NETGEAR W ...) NOT-FOR-US: NETGEAR CVE-2019-14362 (Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. T ...) NOT-FOR-US: Openbravo ERP CVE-2019-14361 REJECTED CVE-2019-14360 (On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based ...) NOT-FOR-US: Hyundai Pay Kasse HK-1000 devices CVE-2019-14359 (** DISPUTED ** On BC Vault devices, a side channel for the row-based S ...) NOT-FOR-US: BC Vault devices CVE-2019-14358 (On Archos Safe-T devices, a side channel for the row-based OLED displa ...) NOT-FOR-US: Archos Safe-T devices CVE-2019-14357 (** DISPUTED ** On Mooltipass Mini devices, a side channel for the row- ...) NOT-FOR-US: Mooltipass Mini devices CVE-2019-14356 (** DISPUTED ** On Coldcard MK1 and MK2 devices, a side channel for the ...) NOT-FOR-US: Coldcard CVE-2019-14355 (** DISPUTED ** On ShapeShift KeepKey devices, a side channel for the r ...) NOT-FOR-US: ShapeShift KeepKey devices CVE-2019-14354 (On Ledger Nano S and Nano X devices, a side channel for the row-based ...) NOT-FOR-US: Ledger Nano S and Nano X devices CVE-2019-14353 (On Trezor One devices before 1.8.2, a side channel for the row-based O ...) NOT-FOR-US: Trezor One devices CVE-2019-14352 (** DISPUTED ** In Joget Workflow 6.0.20, CSV Injection, also known as ...) NOT-FOR-US: Joget Workflow CVE-2019-14351 (EspoCRM 5.6.4 is vulnerable to user password hash enumeration. A malic ...) NOT-FOR-US: EspoCRM CVE-2019-14350 (EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of ...) NOT-FOR-US: EspoCRM CVE-2019-14349 (EspoCRM version 5.6.4 is vulnerable to stored XSS due to lack of filtr ...) NOT-FOR-US: EspoCRM CVE-2019-14348 (The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to ...) NOT-FOR-US: BearDev JoomSport plugin for WordPress CVE-2019-14347 (Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unpriv ...) NOT-FOR-US: Schben Adive CVE-2019-14346 (Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CS ...) NOT-FOR-US: Schben Adive CVE-2019-14345 (TemaTres 3.0 allows remote unprivileged users to create an administrat ...) NOT-FOR-US: TemaTres CVE-2019-14344 (TemaTres 3.0 has reflected XSS via the replace_string or search_string ...) NOT-FOR-US: TemaTres CVE-2019-14343 (TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin ...) NOT-FOR-US: TemaTres CVE-2019-14342 RESERVED CVE-2019-14341 RESERVED CVE-2019-14340 RESERVED CVE-2019-14339 (The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2 ...) NOT-FOR-US: CANON CVE-2019-14338 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) NOT-FOR-US: D-Link CVE-2019-14337 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) NOT-FOR-US: D-Link CVE-2019-14336 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) NOT-FOR-US: D-Link CVE-2019-14335 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) NOT-FOR-US: D-Link CVE-2019-14334 (An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP ...) NOT-FOR-US: D-Link CVE-2019-14333 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) NOT-FOR-US: D-Link CVE-2019-14332 (An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 2 ...) NOT-FOR-US: D-Link CVE-2019-14331 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...) NOT-FOR-US: EspoCRM CVE-2019-14330 (An issue was discovered in EspoCRM before 5.6.6. Stored XSS exists due ...) NOT-FOR-US: EspoCRM CVE-2019-14329 (An issue was discovered in EspoCRM before 5.6.6. There is stored XSS d ...) NOT-FOR-US: EspoCRM CVE-2019-14328 (The Simple Membership plugin before 3.8.5 for WordPress has CSRF affec ...) NOT-FOR-US: Simple Membership plugin for WordPress CVE-2019-14327 (A CSRF vulnerability in Settings form in the Custom Simple Rss plugin ...) NOT-FOR-US: Custom Simple Rss plugin for WordPress CVE-2019-14326 (An issue was discovered in AndyOS Andy versions up to 46.11.113. By de ...) NOT-FOR-US: AndyOS Andy CVE-2019-14325 RESERVED CVE-2019-14324 RESERVED CVE-2019-14323 (SSDP Responder 1.x through 1.5 mishandles incoming network messages, l ...) NOT-FOR-US: SSDP Responder CVE-2019-14322 (In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles dri ...) - python-werkzeug (Windows-specific) CVE-2019-14321 RESERVED CVE-2019-14320 RESERVED CVE-2019-14319 (The TikTok (formerly Musical.ly) application 12.2.0 for Android and iO ...) NOT-FOR-US: TikTok CVE-2019-14318 (Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA sig ...) [experimental] - libcrypto++ 8.2.0-2 - libcrypto++ 5.6.4-9 (low; bug #934326) [buster] - libcrypto++ (Minor issue) [stretch] - libcrypto++ (Minor issue) [jessie] - libcrypto++ (Minor issue) NOTE: https://github.com/weidai11/cryptopp/issues/869 CVE-2019-14317 (wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) gen ...) - wolfssl 4.2.0+dfsg-1 CVE-2019-14316 RESERVED CVE-2019-14315 (A cross-site scripting (XSS) vulnerability in upload.php in SunHater K ...) NOT-FOR-US: SunHater KCFinder CVE-2019-14314 (A SQL injection vulnerability exists in the Imagely NextGEN Gallery pl ...) NOT-FOR-US: Imagely NextGEN Gallery plugin for WordPress CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulner ...) NOT-FOR-US: Aptana Jaxer CVE-2019-14311 RESERVED CVE-2019-14310 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). U ...) NOT-FOR-US: Ricoh CVE-2019-14309 (Ricoh SP C250DN 1.05 devices have a fixed password. FTP service creden ...) NOT-FOR-US: Ricoh CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing LPD pack ...) NOT-FOR-US: Ricoh CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...) NOT-FOR-US: Ricoh CVE-2019-14306 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...) NOT-FOR-US: Ricoh CVE-2019-14304 (Ricoh SP C250DN 1.06 devices allow CSRF. ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices CVE-2019-14303 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). S ...) NOT-FOR-US: Ricoh CVE-2019-14302 (On Ricoh SP C250DN 1.06 devices, a debug port can be used. ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices CVE-2019-14301 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing HTTP coo ...) NOT-FOR-US: Ricoh CVE-2019-14299 (Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable ...) NOT-FOR-US: Ricoh CVE-2019-14298 (Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(con ...) NOT-FOR-US: Veeam ONE Reporter CVE-2019-14297 (Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with ...) NOT-FOR-US: Veeam ONE Reporter CVE-2019-14296 (canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause ...) - upx-ucl 3.95-2 (unimportant; bug #933232) NOTE: https://github.com/upx/upx/issues/287 NOTE: https://github.com/upx/upx/commit/276b748aa6021c38a2dc699153f61b10e76bc3d2 CVE-2019-14295 (An Integer overflow in the getElfSections function in p_vmlinx.cpp in ...) - upx-ucl 3.95-2 (unimportant; bug #933232) NOTE: https://github.com/upx/upx/issues/286 NOTE: https://github.com/upx/upx/commit/58b122d97da1e02dfec24b10b6b8f56218b5622c NOTE: https://github.com/upx/upx/commit/6a53c0b3d499d62346a5c51034db543a4ef78ea3 CVE-2019-14294 (An issue was discovered in Xpdf 4.01.01. There is a use-after-free in ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/f7990386d268a444c297958e9c50ed27a0825a00 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/2c0f70afff03798165c2b609e115dc7e9c034c57 CVE-2019-14293 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad CVE-2019-14292 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad CVE-2019-14291 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad CVE-2019-14290 (An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/44cd46a6e04a87bd702dab4a662042f69f16c4ad CVE-2019-14289 (An issue was discovered in Xpdf 4.01.01. There is an integer overflow ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13 NOTE: Issue correspond to CVE-2017-9776 for src:poppler CVE-2019-14288 (An issue was discovered in Xpdf 4.01.01. There is an Integer overflow ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13 NOTE: Issue correspond to CVE-2017-9776 for src:poppler CVE-2019-14287 (In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer a ...) {DSA-4543-1 DLA-1964-1} - sudo 1.8.27-1.1 (bug #942322) NOTE: https://www.sudo.ws/alerts/minus_1_uid.html NOTE: Patch: https://www.sudo.ws/repos/sudo/rev/83db8dba09e7 NOTE: Fix test regression: https://www.sudo.ws/repos/sudo/rev/db06a8336c09 NOTE: Patch: https://www.openwall.com/lists/oss-security/2019/10/15/2 (1.8.5, 1.8.10) CVE-2019-14286 (In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnera ...) NOT-FOR-US: MISP CVE-2019-14285 RESERVED CVE-2019-1000033 REJECTED CVE-2019-14284 (In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a deni ...) {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1} - linux 5.2.6-1 NOTE: Fixed by: https://git.kernel.org/linus/f3554aeb991214cbfafd17d55e2bfddb50282e32 CVE-2019-14283 (In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy ...) {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1} - linux 5.2.6-1 NOTE: Fixed by: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6 CVE-2019-1020019 (invenio-previewer before 1.0.0a12 allows XSS. ...) NOT-FOR-US: invenio-previewer CVE-2019-1020018 (Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmati ...) NOT-FOR-US: Discourse CVE-2019-1020017 (Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmati ...) NOT-FOR-US: Discourse CVE-2019-1020016 (ASH-AIO before 2.0.0.3 allows an open redirect. ...) NOT-FOR-US: ASH-AIO CVE-2019-1020015 (graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishand ...) NOT-FOR-US: graphql-engine (aka Hasura GraphQL Engine) CVE-2019-1020014 (docker-credential-helpers before 0.6.3 has a double free in the List f ...) - golang-github-docker-docker-credential-helpers 0.6.1-3 (bug #933801) [buster] - golang-github-docker-docker-credential-helpers 0.6.1-2+deb10u1 [stretch] - golang-github-docker-docker-credential-helpers (Vulnerable code introduced later) NOTE: https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a CVE-2019-1020013 (parse-server before 3.6.0 allows account enumeration. ...) NOT-FOR-US: parse-server CVE-2019-1020012 (parse-server before 3.4.1 allows DoS after any POST to a volatile clas ...) NOT-FOR-US: parse-server CVE-2019-1020011 (SmokeDetector intentionally does automatic deployments of updated copi ...) NOT-FOR-US: SmokeDetector CVE-2019-1020010 (Misskey before 10.102.4 allows hijacking a user's token. ...) NOT-FOR-US: Misskey CVE-2019-1020009 (Fleet before 2.1.2 allows exposure of SMTP credentials. ...) NOT-FOR-US: Fleet (osquery frontend) CVE-2019-1020008 (stacktable.js before 1.0.4 allows XSS. ...) NOT-FOR-US: stacktable.js CVE-2019-1020007 (Dependency-Track before 3.5.1 allows XSS. ...) NOT-FOR-US: Dependency-Track CVE-2019-1020006 (invenio-app before 1.1.1 allows host header injection. ...) NOT-FOR-US: invenio-app CVE-2019-1020005 (invenio-communities before 1.0.0a20 allows XSS. ...) NOT-FOR-US: invenio-communities CVE-2019-1020004 (Tridactyl before 1.16.0 allows fake key events. ...) NOT-FOR-US: Tridactyl CVE-2019-1020003 (invenio-records before 1.2.2 allows XSS. ...) NOT-FOR-US: invenio-records CVE-2019-1020002 (Pterodactyl before 0.7.14 with 2FA allows credential sniffing. ...) NOT-FOR-US: Pterodactyl CVE-2019-1020001 (yard before 0.9.20 allows path traversal. ...) - yard 0.9.20-1 (low; bug #945369) [buster] - yard (Minor issue) [stretch] - yard (Minor issue) [jessie] - yard (Bug was introduced in 0.9.6) NOTE: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr NOTE: Introduced in: https://github.com/lsegal/yard/commit/b32a2efe40e7bd8e5daac7fae119493376a73cde (0.9.6) CVE-2019-14282 (The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org ...) - ruby-simple-captcha2 (Backdoored versions not available in a Debian release) NOTE: https://github.com/rubygems/rubygems.org/issues/2073 CVE-2019-14281 (The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, inclu ...) NOT-FOR-US: Ruby datagrid gem CVE-2019-14280 (In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't ...) NOT-FOR-US: Craft CMS CVE-2019-14279 RESERVED CVE-2019-14278 (In Knowage through 6.1.1, an unauthenticated user can enumerated valid ...) NOT-FOR-US: Knowage CVE-2019-14277 (** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5 ...) NOT-FOR-US: Axway SecureTransport CVE-2019-14276 (WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. ...) NOT-FOR-US: WUSTL XNAT CVE-2019-14275 (Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arro ...) {DLA-2073-1} - fig2dev 1:3.2.7a-7 (unimportant; bug #933075) [buster] - fig2dev 1:3.2.7a-5+deb10u1 [stretch] - fig2dev 1:3.2.6a-2+deb9u2 - transfig (unimportant) NOTE: https://sourceforge.net/p/mcj/tickets/52/ NOTE: Crash in CLI tool, no security impact, hardening build CVE-2019-14274 (MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function i ...) - mcpp 2.7.2-5 (bug #933497) [buster] - mcpp (Minor issue) [stretch] - mcpp (Minor issue) [jessie] - mcpp (Minor issue) NOTE: https://sourceforge.net/p/mcpp/bugs/13/ CVE-2019-14273 (In SilverStripe assets 4.0, there is broken access control on files. ...) NOT-FOR-US: SilverStripe CVE-2019-14272 (In SilverStripe asset-admin 4.0, there is XSS in file titles managed t ...) NOT-FOR-US: SilverStripe CVE-2019-14271 (In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka ...) {DSA-4521-1} - docker.io 18.09.1+dfsg1-9 NOTE: https://github.com/moby/moby/issues/39449 NOTE: https://github.com/moby/moby/pull/39612 (19.03.x) NOTE: Fix needs to be backported to 18.09 as well: NOTE: https://github.com/docker/engine/pull/305 (18.09.x) NOTE: https://github.com/moby/moby/pull/39612#issuecomment-517999360 CVE-2019-14270 (Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6 ...) NOT-FOR-US: Comodo Antivirus CVE-2019-14269 RESERVED CVE-2019-14268 (In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request prox ...) NOT-FOR-US: Octopus Deploy CVE-2019-14267 (PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because ...) - pdfresurrect 0.16-1 (unimportant) NOTE: https://github.com/enferex/pdfresurrect/commit/4ea7a6f4f51d0440da651d099247e2273f811dbc NOTE: Crash in CLI tool, negligible security impact, hardening build CVE-2019-14266 (OpenSNS v6.1.0 allows SQL Injection via the index.php?s=/ucenter/Confi ...) NOT-FOR-US: OpenSNS CVE-2019-14265 RESERVED CVE-2019-14264 RESERVED CVE-2019-14263 RESERVED CVE-2019-14262 (MetadataExtractor 2.1.0 allows stack consumption. ...) NOT-FOR-US: MetadataExtractor CVE-2019-14261 (An issue was discovered on ABUS Secvest FUAA50000 3.01.01 devices. Due ...) NOT-FOR-US: ABUS Secvest FUAA50000 3.01.01 devices CVE-2019-14260 (On the Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone Vo ...) NOT-FOR-US: Alcatel-Lucent Enterprise (ALE) 8008 Cloud Edition Deskphone VoIP phone CVE-2019-14259 (On the Polycom Obihai Obi1022 VoIP phone with firmware 5.1.11, a comma ...) NOT-FOR-US: Polycom Obihai Obi1022 VoIP phone CVE-2019-14258 (The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to ...) - zenoss (bug #361253) CVE-2019-14257 (pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying e ...) - zenoss (bug #361253) CVE-2019-14256 RESERVED CVE-2019-14255 (A Server Side Request Forgery (SSRF) vulnerability in go-camo up to ve ...) NOT-FOR-US: go-camo CVE-2019-14254 (An issue was discovered in the secure portal in Publisure 2.1.2. Becau ...) NOT-FOR-US: Publisure CVE-2019-14253 (An issue was discovered in servletcontroller in the secure portal in P ...) NOT-FOR-US: Publisure CVE-2019-14252 (An issue was discovered in the secure portal in Publisure 2.1.2. Once ...) NOT-FOR-US: Publisure CVE-2019-14251 (An issue was discovered in T24 in TEMENOS Channels R15.01. The login p ...) NOT-FOR-US: T24 in TEMENOS Channels R15.01 CVE-2019-14250 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...) - binutils 2.33-1 (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90924 NOTE: https://gcc.gnu.org/ml/gcc-patches/2019-07/msg01003.html NOTE: binutils not covered by security support CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attacker ...) - dwarfutils (Vulnerable code introduced in 20190505 version) NOTE: https://sourceforge.net/p/libdwarf/code/merge-requests/4/ NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba NOTE: Introduced in: https://sourceforge.net/p/libdwarf/code/ci/4709f63c8b7488241b5b522267a796834a66db3a CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows ...) - nasm 2.15.02-1 (unimportant; bug #932907) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392576 NOTE: https://github.com/netwide-assembler/nasm/commit/93d41d82963b2cfd0b24c906f5a8daf53281b559 NOTE: Crash in CLI tool, no security impact CVE-2019-14247 (The scan() function in mad.c in mpg321 0.3.2 allows remote attackers t ...) - mpg321 0.3.2-2 [stretch] - mpg321 (Minor issue) [jessie] - mpg321 (Minor issue) NOTE: https://sourceforge.net/p/mpg321/bugs/51/ NOTE: Fixed by handle_illegal_bitrate_value.patch CVE-2019-14246 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14245 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-14244 RESERVED CVE-2019-14243 (headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in t ...) NOT-FOR-US: mastercactapus proxyprotocol CVE-2019-14242 (An issue was discovered in Bitdefender products for Windows (Bitdefend ...) NOT-FOR-US: Bitdefender products for Windows CVE-2019-14241 (HAProxy through 2.0.2 allows attackers to cause a denial of service (h ...) - haproxy (Vulnerable code not present) NOTE: https://github.com/haproxy/haproxy/issues/181 CVE-2019-14240 (WCMS v0.3.2 has a CSRF vulnerability, with resultant directory travers ...) NOT-FOR-US: WCMS CVE-2019-14239 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Acce ...) NOT-FOR-US: NXP Kinetis CVE-2019-14238 (On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Prote ...) NOT-FOR-US: STMicroelectronics CVE-2019-14237 (On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Acce ...) NOT-FOR-US: NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices CVE-2019-14236 (On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and ...) NOT-FOR-US: STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices CVE-2019-14235 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...) {DSA-4498-1} - python-django 2:2.2.4-1 (bug #934026) [jessie] - python-django (Vulnerable code not present) NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/ NOTE: https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534 (2.2.x) NOTE: https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79 (1.11.x) CVE-2019-14234 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...) {DSA-4498-1} - python-django 2:2.2.4-1 (bug #934026) [jessie] - python-django (Vulnerable code not present) NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/ NOTE: https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387 (2.2.x) NOTE: https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef (1.11.x) CVE-2019-14233 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...) {DSA-4498-1 DLA-1872-1} - python-django 2:2.2.4-1 (bug #934026) NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/ NOTE: https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7 (2.2.x) NOTE: https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72 (1.11.x) CVE-2019-14232 (An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before ...) {DSA-4498-1 DLA-1872-1} - python-django 2:2.2.4-1 (bug #934026) NOTE: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/ NOTE: https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f (2.2.x) NOTE: https://github.com/django/django/commit/42a66e969023c00536256469f0e8b8a099ef109d (1.11.x) CVE-2019-14231 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin bef ...) NOT-FOR-US: Viral Quiz Maker CVE-2019-14230 (An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin bef ...) NOT-FOR-US: Viral Quiz Maker CVE-2019-14229 RESERVED CVE-2019-14228 (Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based ...) NOT-FOR-US: Xavier PHP Management Panel CVE-2019-14227 (OX App Suite 7.10.1 and 7.10.2 allows XSS. ...) NOT-FOR-US: Open-Xchange App Suite CVE-2019-14226 (OX App Suite through 7.10.2 has Insecure Permissions. ...) NOT-FOR-US: Open-Xchange App Suite CVE-2019-14225 (OX App Suite 7.10.1 and 7.10.2 allows SSRF. ...) NOT-FOR-US: Open-Xchange App Suite CVE-2019-14224 (An issue was discovered in Alfresco Community Edition 5.2 201707. By l ...) NOT-FOR-US: Alfresco CVE-2019-14223 (An issue was discovered in Alfresco Community Edition versions below 5 ...) NOT-FOR-US: Alfresco CVE-2019-14222 (An issue was discovered in Alfresco Community Edition versions 6.0 and ...) NOT-FOR-US: Alfresco CVE-2019-14221 (1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishan ...) NOT-FOR-US: 1CRM On-Premise Software CVE-2019-14220 (An issue was discovered in BlueStacks 4.110 and below on macOS and on ...) NOT-FOR-US: BlueStacks CVE-2019-14219 RESERVED CVE-2019-14218 RESERVED CVE-2019-14217 RESERVED CVE-2019-14216 (An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icon ...) NOT-FOR-US: svg-vector-icon-plugin (aka WP SVG Icons) plugin for WordPress CVE-2019-14215 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-14214 (An issue was discovered in Foxit PhantomPDF before 8.3.10. The applica ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-14213 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-14212 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-14211 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-14210 (An issue was discovered in Foxit PhantomPDF before 8.3.10. The applica ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-14209 (An issue was discovered in Foxit PhantomPDF before 8.3.10. The applica ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-14208 (An issue was discovered in Foxit PhantomPDF before 8.3.10. The applica ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-14207 (An issue was discovered in Foxit PhantomPDF before 8.3.11. The applica ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-14206 (An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images ...) NOT-FOR-US: Nevma Adaptive Images plugin for WordPress CVE-2019-14205 (A Local File Inclusion vulnerability in the Nevma Adaptive Images plug ...) NOT-FOR-US: Nevma Adaptive Images plugin for WordPress CVE-2019-14204 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21 CVE-2019-14203 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21 CVE-2019-14202 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21 CVE-2019-14201 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21 CVE-2019-14200 (An issue was discovered in Das U-Boot through 2019.07. There is a stac ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21 CVE-2019-14199 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725 CVE-2019-14198 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/aa207cf3a6d68f39d64cd29057a4fb63943e9078 CVE-2019-14197 (An issue was discovered in Das U-Boot through 2019.07. There is a read ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/741a8a08ebe5bc3ccfe3cde6c2b44ee53891af21 CVE-2019-14196 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96 CVE-2019-14195 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/cf3a4f1e86ecdd24f87b615051b49d8e1968c230 CVE-2019-14194 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/aa207cf3a6d68f39d64cd29057a4fb63943e9078 CVE-2019-14193 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725 CVE-2019-14192 (An issue was discovered in Das U-Boot through 2019.07. There is an unb ...) - u-boot 2020.01+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://blog.semmle.com/uboot-rce-nfs-vulnerability/ NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/fe7288069d2e6659117049f7d27e261b550bb725 CVE-2019-14191 RESERVED CVE-2019-14190 RESERVED CVE-2019-14189 RESERVED CVE-2019-14188 RESERVED CVE-2019-14187 RESERVED CVE-2019-14186 RESERVED CVE-2019-14185 RESERVED CVE-2019-14184 RESERVED CVE-2019-14183 RESERVED CVE-2019-14182 RESERVED CVE-2019-14181 RESERVED CVE-2019-14180 RESERVED CVE-2019-14179 RESERVED CVE-2019-14178 RESERVED CVE-2019-14177 RESERVED CVE-2019-14176 RESERVED CVE-2019-14175 RESERVED CVE-2019-14174 RESERVED CVE-2019-14173 RESERVED CVE-2019-14172 RESERVED CVE-2019-14171 RESERVED CVE-2019-14170 RESERVED CVE-2019-14169 RESERVED CVE-2019-14168 RESERVED CVE-2019-14167 RESERVED CVE-2019-14166 RESERVED CVE-2019-14165 RESERVED CVE-2019-14164 RESERVED CVE-2019-14163 RESERVED CVE-2019-14162 RESERVED CVE-2019-14161 RESERVED CVE-2019-14160 RESERVED CVE-2019-14159 RESERVED CVE-2019-14158 RESERVED CVE-2019-14157 RESERVED CVE-2019-14156 RESERVED CVE-2019-14155 RESERVED CVE-2019-14154 RESERVED CVE-2019-14153 RESERVED CVE-2019-14152 RESERVED CVE-2019-14151 RESERVED CVE-2019-14150 RESERVED CVE-2019-14149 RESERVED CVE-2019-14148 RESERVED CVE-2019-14147 RESERVED CVE-2019-14146 RESERVED CVE-2019-14145 RESERVED CVE-2019-14144 RESERVED CVE-2019-14143 RESERVED CVE-2019-14142 RESERVED CVE-2019-14141 RESERVED CVE-2019-14140 RESERVED CVE-2019-14139 RESERVED CVE-2019-14138 RESERVED CVE-2019-14137 RESERVED CVE-2019-14136 RESERVED CVE-2019-14135 (Possible integer overflow to buffer overflow in WLAN while parsing non ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14134 (Possible out of bound access in WLAN handler when the received value o ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14133 RESERVED CVE-2019-14132 (Buffer over-write when this 0-byte buffer is typecasted to some other ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14131 (Out of bound write can occur in radio measurement request if STA recei ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14130 (Memory corruption can occurs in trusted application if offset size fro ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14129 RESERVED CVE-2019-14128 RESERVED CVE-2019-14127 (Possible buffer overflow while playing mkv clip due to lack of validat ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14126 RESERVED CVE-2019-14125 RESERVED CVE-2019-14124 (Memory failure in content protection module due to not having pointer ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14123 (Possible buffer overflow and over read possible due to missing bounds ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14122 (Memory failure in SKB if it fails to to add the requested padding to t ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14121 RESERVED CVE-2019-14120 RESERVED CVE-2019-14119 (u'While processing SMCInvoke asynchronous message header, message coun ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14118 RESERVED CVE-2019-14117 (u'Whenever the page list is updated via privileged user, the previous ...) NOT-FOR-US: Snapdragon CVE-2019-14116 (Privilege escalation by using an altered debug policy image can occur ...) NOT-FOR-US: Snapdragon CVE-2019-14115 (u'Information disclosure issue occurs as in current logic as secure to ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14114 (Buffer overflow in WLAN firmware while parsing GTK IE containing GTK k ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14113 (Buffer overflow can occur in In WLAN firmware while unwraping data usi ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14112 (Potential buffer overflow while processing CBF frames due to lack of c ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14111 (Possible buffer overflow while handling NAN reception of NMF in Snapdr ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14110 (Buffer overflow can occur in function wlan firmware while copying asso ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14109 RESERVED CVE-2019-14108 RESERVED CVE-2019-14107 RESERVED CVE-2019-14106 RESERVED CVE-2019-14105 (Kernel was reading the CSL defined reserved field as uint16 instead of ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14104 (Slab-out-of-bounds access can occur if the context pointer is invalid ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14103 RESERVED CVE-2019-14102 RESERVED CVE-2019-14101 (Out of bounds read can happen in diag event set mask command handler w ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14100 (Register write via debugfs is disabled by default to prevent register ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14099 (Device misbehavior may be observed when incorrect offset, length or nu ...) NOT-FOR-US: Snapdragon CVE-2019-14098 (Possible buffer overflow in data offload handler due to lack of check ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14097 (Possible buffer overflow in WLAN Parser due to lack of length check wh ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14096 RESERVED CVE-2019-14095 (Buffer overflow occurs while processing LMP packet in which name lengt ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14094 (Integer overflow in diag command handler when user inputs a large valu ...) NOT-FOR-US: Snapdragon CVE-2019-14093 (Array out of bound access can occur in display module due to lack of b ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14092 (System Services exports services without permission protect and can le ...) NOT-FOR-US: Snapdragon CVE-2019-14091 (Double free issue in NPU due to lack of resource locking mechanism to ...) NOT-FOR-US: Snapdragon CVE-2019-14090 RESERVED CVE-2019-14089 (u'Keymaster attestation key and device IDs provisioning which is a one ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14088 (Possible use after free issue while CRM is accessing the link pointer ...) NOT-FOR-US: Snapdragon CVE-2019-14087 (Failure in buffer management while accessing handle for HDR blit when ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14086 (Possible integer overflow while checking the length of frame which is ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14085 (Possible Integer underflow in WLAN function due to lack of check of da ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14084 RESERVED CVE-2019-14083 (While parsing Service Descriptor Extended Attribute received as part o ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14082 (Potential buffer over-read due to lack of bound check of memory offset ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14081 (Buffer Over-read when WLAN module gets a WMI message for SAR limits wi ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14080 (Out of bound write can happen due to lack of check of array index valu ...) NOT-FOR-US: Snapdragon CVE-2019-14079 (Access to the uninitialized variable when the driver tries to unmap th ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14078 (Out of bound memory access while processing qpay due to not validating ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14077 (Out of bound memory access while processing ese transmit command due t ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14076 (Buffer overflow occurs while processing an subsample data length out o ...) NOT-FOR-US: Snapdragon CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14074 (u'Heap overflow in diag command handler due to lack of check of packet ...) NOT-FOR-US: Snapdragon CVE-2019-14073 (Copying RTCP messages into the output buffer without checking the dest ...) NOT-FOR-US: Snapdragon CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14071 (Compromised reset handler may bypass access control due to AC config i ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14070 (Possible use after free issue in pcm volume controls due to race condi ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14069 RESERVED CVE-2019-14068 (Out of bound access in msm routing due to lack of check of size before ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14067 (Using non-time-constant functions like memcmp to compare sensitive dat ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14066 (Integer overflow in calculating estimated output buffer size when gett ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14065 (u'Pointer double free in HavenSvc due to not setting the pointer to NU ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14064 RESERVED CVE-2019-14063 (Out of bound access due to Invalid inputs to dapm mux settings which r ...) NOT-FOR-US: Snapdragon CVE-2019-14062 (Buffer overflows while decoding setup message from Network due to lack ...) NOT-FOR-US: Snapdragon CVE-2019-14061 (Null-pointer dereference can occur while accessing the segment element ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14060 (Uninitialized stack data gets used If memory is not allocated for blob ...) NOT-FOR-US: Snapdragon CVE-2019-14059 RESERVED CVE-2019-14058 RESERVED CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file due t ...) NOT-FOR-US: Snapdragon CVE-2019-14056 (u'Possible integer overflow in API due to lack of check on large oid r ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14055 (Possibility of use-after-free and double free because of not marking b ...) NOT-FOR-US: Snapdragon CVE-2019-14054 (Improper permissions in XBL_SEC region enable user to update XBL_SEC c ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14053 (When attempting to create a new XFRM policy, a stack out-of-bounds rea ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14052 (u'Accessing an uninitialized data structure could result in partially ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14051 (Subsequent additions performed during Module loading while allocating ...) NOT-FOR-US: Snapdragon CVE-2019-14050 (Out-of-bound writes occurs due to lack of check of buffer size will ca ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14049 (Stage-2 fault will occur while writing to an ION system allocation whi ...) NOT-FOR-US: Snapdragon CVE-2019-14048 (Possible out of bound memory access while playing a crafted clip in me ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14047 (While IPA driver processes route add rule IOCTL, there is no input val ...) NOT-FOR-US: Snapdragon CVE-2019-14046 (Out of bound access while allocating memory for an array in camera due ...) NOT-FOR-US: Snapdragon CVE-2019-14045 (Possible buffer overflow while processing clientlog and serverlog due ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14044 (Out of bound access due to access of uninitialized memory segment in a ...) NOT-FOR-US: Snapdragon CVE-2019-14043 (Out of bound read in Fingerprint application due to requested data is ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14042 (Out of bound read in in fingerprint application due to requested data ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14041 (During listener modified response processing, a buffer overrun occurs ...) NOT-FOR-US: Snapdragon CVE-2019-14040 (Using memory after being freed in qsee due to wrong implementation can ...) NOT-FOR-US: Snapdragon CVE-2019-14039 (Out of bound read in adm call back function due to incorrect boundary ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14038 (Buffer over-read in ADSP parse function due to lack of check for avail ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14037 (Close and bind operations done on a socket can lead to a Use-After-Fre ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14036 (Possible buffer overflow issue in error processing due to improper val ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14035 RESERVED CVE-2019-14034 (Use after free while processing eeprom query as there is a chance to n ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14033 (Multiple Read overflows issue due to improper length check while decod ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14032 (Memory use after free issue in audio due to lack of resource control i ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14031 (Buffer overflow can occur while parsing RSN IE containing list of PMK ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14030 (The size of a buffer is determined by addition and multiplications ope ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14029 (Use-after-free in graphics module due to destroying already queued syn ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14028 (Buffer overwrite during memcpy due to lack of check on SSID length val ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14027 (Buffer overflow due to lack of upper bound check on channel length whi ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14026 (Possible buffer overflow in WLAN WMI handler due to lack of ssid lengt ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14025 (u'When a new session is created, Object is returned that contains TZ a ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14024 (Possible stack-use-after-scope issue in NFC usecase for card emulation ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14023 (String format issue will occur while processing HLOS data as there is ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14022 (Error occurs While extracting the ipv6_header having an invalid length ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14021 (Possible buffer overrun when processing EFS filename and payload sent ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14020 (Multiple Read overflows issue due to improper length check while decod ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14019 (Multiple Read overflows issue due to improper length check while decod ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14018 (Possible out of bound array access as there is no check on carrier ind ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14017 (Heap buffer overflow can occur while parsing invalid MKV clip which is ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14016 (Integer overflow occurs while playing the clip which is nonstandard in ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14015 (A stack-based buffer overflow exists in the initialization of the iden ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14014 (Possible buffer overflow when byte array receives incorrect input from ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14013 (While parsing invalid super index table, elements within super index t ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14012 (Possibility of null pointer deference as the array of video codecs fro ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14011 (Multiple Read overflows issue due to improper length check while decod ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14010 (The device may enter into error state when some tool or application ge ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14009 (Out of bound memory access while processing TZ command handler due to ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14008 (Possible null pointer dereference issue in location assistance data pr ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14007 (Due to the use of non-time-constant comparison functions there is issu ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14006 (Buffer overflow occur while playing the clip which is nonstandard due ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14005 (Buffer overflow occur while playing the clip which is nonstandard due ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14004 (Buffer overflow occurs while processing invalid MKV clip, which has in ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14003 (Null pointer exception can happen while parsing invalid MKV clip where ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14002 (APKs without proper permission may bind to CallEnhancementService and ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14001 (Wrong public key usage from existing oem_keystore for hash generation ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-14000 (Lack of check that the RX FIFO write index that is read from shared RA ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-13999 (u'Lack of check for integer overflow for round up and addition operati ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-13998 (u'Lack of check that the TX FIFO write and read indices that are read ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-13997 RESERVED CVE-2019-13996 RESERVED CVE-2019-13995 (u'Lack of integer overflow check for addition of fragment size and rem ...) NOT-FOR-US: Snapdragon CVE-2019-13994 (u'Lack of check that the current received data fragment size of a part ...) NOT-FOR-US: Snapdragon CVE-2019-13993 RESERVED CVE-2019-13992 (u'Out of bound memory access if stack push and pop operation are perfo ...) NOT-FOR-US: Snapdragon CVE-2019-13991 (Embedded systems based on Arduino before Rev3 allow remote attackers t ...) NOT-FOR-US: Issue on embedded systems based on Arduino before Rev3 CVE-2019-13990 (initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracott ...) - libquartz-java 2.3.0-3 (bug #933169) [buster] - libquartz-java (Minor issue) [stretch] - libquartz-java (Minor issue) [jessie] - libquartz-java (Minor issue) - libquartz2-java 2.3.0-3 (bug #933170) [buster] - libquartz2-java (Minor issue) [stretch] - libquartz2-java (Minor issue) NOTE: https://github.com/quartz-scheduler/quartz/issues/467 NOTE: https://github.com/quartz-scheduler/quartz/commit/a1395ba118df306c7fe67c24fb0c9a95a4473140 CVE-2019-13989 (dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat() func ...) - dpic (Fixed before initial upload to Debian) NOTE: https://gitlab.com/aplevich/dpic/issues/4 NOTE: https://gitlab.com/aplevich/dpic/commit/aa9fc45e207134cbfefa4b9e7a1b49cf11e9397d CVE-2019-13988 RESERVED CVE-2019-13987 RESERVED CVE-2019-13986 RESERVED CVE-2019-13985 RESERVED CVE-2019-13984 (Directus 7 API before 2.3.0 does not validate uploaded files. Regardle ...) NOT-FOR-US: Directus CVE-2019-13983 (Directus 7 API before 2.2.2 has insufficient anti-automation, as demon ...) NOT-FOR-US: Directus CVE-2019-13982 (interfaces/markdown/input.vue in Directus 7 Application before 7.7.0 d ...) NOT-FOR-US: Directus CVE-2019-13981 (In Directus 7 API through 2.3.0, remote attackers can read image files ...) NOT-FOR-US: Directus CVE-2019-13980 (In Directus 7 API through 2.3.0, uploading of PHP files is blocked onl ...) NOT-FOR-US: Directus CVE-2019-13979 (In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, ...) NOT-FOR-US: Directus CVE-2019-13978 (Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php ...) NOT-FOR-US: Ovidentia CVE-2019-13977 (index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&id ...) NOT-FOR-US: Ovidentia CVE-2019-13976 (eGain Chat 15.0.3 allows unrestricted file upload. ...) NOT-FOR-US: eGain Chat CVE-2019-13975 (eGain Chat 15.0.3 allows HTML Injection. ...) NOT-FOR-US: eGain Chat CVE-2019-13974 (LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. ...) NOT-FOR-US: LayerBB CVE-2019-13973 (LayerBB 1.1.3 allows admin/general.php arbitrary file upload because t ...) NOT-FOR-US: LayerBB CVE-2019-13972 (LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title ...) NOT-FOR-US: LayerBB CVE-2019-13971 (OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=aut ...) NOT-FOR-US: OTCMS CVE-2019-13970 (In antSword before 2.1.0, self-XSS in the database configuration leads ...) NOT-FOR-US: antSword CVE-2019-13969 (Metinfo 6.x allows SQL Injection via the id parameter in an admin/inde ...) NOT-FOR-US: Metinfo CVE-2019-13968 RESERVED CVE-2019-13967 (iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: iTop (not the same as src:itop) CVE-2019-13966 (In iTop through 2.6.0, an XSS payload can be delivered in certain fiel ...) NOT-FOR-US: iTop (not the same as src:itop) CVE-2019-13965 (Because of a lack of sanitization around error messages, multiple Refl ...) NOT-FOR-US: iTop (not the same as src:itop) CVE-2019-13964 RESERVED CVE-2019-13963 RESERVED CVE-2019-13962 (lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC medi ...) {DSA-4504-1} - vlc 3.0.8-1 (low) [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=2b4f9d0b0e0861f262c90e9b9b94e7d53b864509 NOTE: https://trac.videolan.org/vlc/ticket/22240 NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-13961 (A CSRF vulnerability was found in flatCore before 1.5, leading to the ...) NOT-FOR-US: flatCore CVE-2019-13960 (** DISPUTED ** In libjpeg-turbo 2.0.2, a large amount of memory can be ...) NOT-FOR-US: Disputed libjpeg issue, issue would be in application using libjpeg CVE-2019-13959 (In Bento4 1.5.1-627, AP4_DataBuffer::SetDataSize does not handle reall ...) NOT-FOR-US: Bento4 CVE-2019-13958 RESERVED CVE-2019-13957 (In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprov ...) NOT-FOR-US: Umbraco CVE-2019-13956 (Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Discuz!ML CVE-2019-13955 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...) NOT-FOR-US: Mikrotik RouterOS CVE-2019-13954 (Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable ...) NOT-FOR-US: Mikrotik RouterOS CVE-2019-13953 (An exploitable authentication bypass vulnerability exists in the Bluet ...) NOT-FOR-US: YI M1 Mirrorless Camera CVE-2019-13952 (The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and ...) - gdnsd 3.5.0-1 (unimportant; bug #932407) [buster] - gdnsd 2.4.3-1 NOTE: https://github.com/gdnsd/gdnsd/issues/185 NOTE: No security impact, data is under administrative control NOTE: Patches: https://github.com/gdnsd/gdnsd/issues/185#issuecomment-513288786 CVE-2019-13951 (The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 ...) - gdnsd (Vulnerable code not present, introduced in 3.x) NOTE: https://github.com/gdnsd/gdnsd/issues/185 NOTE: No security impact, data is under administrative control NOTE: Introduced in https://github.com/gdnsd/gdnsd/commit/15715fc30d5e41e53d4a16d2434fc5c3190e129b NOTE: Patches: https://github.com/gdnsd/gdnsd/issues/185#issuecomment-513288786 CVE-2019-13950 (index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored ...) NOT-FOR-US: SyGuestBook A5 CVE-2019-13949 (SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demons ...) NOT-FOR-US: SyGuestBook A5 CVE-2019-13948 (SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData f ...) NOT-FOR-US: SyGuestBook A5 CVE-2019-13947 (A vulnerability has been identified in Control Center Server (CCS) (Al ...) NOT-FOR-US: Siemens CVE-2019-13946 (A vulnerability has been identified in Development/Evaluation Kits for ...) NOT-FOR-US: Siemens CVE-2019-13945 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...) NOT-FOR-US: Siemens CVE-2019-13944 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...) NOT-FOR-US: Siemens CVE-2019-13943 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...) NOT-FOR-US: Siemens CVE-2019-13942 (A vulnerability has been identified in EN100 Ethernet module DNP3 vari ...) NOT-FOR-US: Siemens CVE-2019-13941 (A vulnerability has been identified in OZW672 (All versions < V10.0 ...) NOT-FOR-US: Siemens CVE-2019-13940 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...) NOT-FOR-US: Siemens CVE-2019-13939 (A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All ve ...) NOT-FOR-US: Nucleus CVE-2019-13938 RESERVED CVE-2019-13937 RESERVED CVE-2019-13936 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Siemens CVE-2019-13935 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Siemens CVE-2019-13934 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: Siemens CVE-2019-13933 (A vulnerability has been identified in SCALANCE X-200RNA switch family ...) NOT-FOR-US: Siemens CVE-2019-13932 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...) NOT-FOR-US: Siemens CVE-2019-13931 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...) NOT-FOR-US: Siemens CVE-2019-13930 (A vulnerability has been identified in XHQ (All versions < V6.0.0.2 ...) NOT-FOR-US: Siemens CVE-2019-13929 (A vulnerability has been identified in SIMATIC IT UADM (All versions & ...) NOT-FOR-US: Siemens CVE-2019-13928 RESERVED CVE-2019-13927 (A vulnerability has been identified in Desigo PX automation controller ...) NOT-FOR-US: Siemens CVE-2019-13926 (A vulnerability has been identified in SCALANCE S602 (All versions > ...) NOT-FOR-US: Siemens CVE-2019-13925 (A vulnerability has been identified in SCALANCE S602 (All versions > ...) NOT-FOR-US: Siemens CVE-2019-13924 (A vulnerability has been identified in SCALANCE S602 (All versions < ...) NOT-FOR-US: Siemens CVE-2019-13923 (A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gat ...) NOT-FOR-US: Siemens CVE-2019-13922 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2019-13921 (A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All ...) NOT-FOR-US: Siemens CVE-2019-13920 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2019-13919 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2019-13918 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2019-13917 (Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution ...) {DSA-4488-1} - exim4 4.92-10 [jessie] - exim4 (Vulnerable code confirmed as introduced in version 4.85) NOTE: https://www.openwall.com/lists/oss-security/2019/07/22/3 NOTE: https://www.exim.org/static/doc/security/CVE-2019-13917.txt NOTE: https://git.exim.org/exim.git/commit/21aa05977abff1eaa69bb97ef99080220915f7c0 CVE-2019-13916 (An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6. ...) NOT-FOR-US: Cypress CVE-2019-13915 (b3log Wide before 1.6.0 allows three types of attacks to access arbitr ...) NOT-FOR-US: b3log Wide CVE-2019-13914 RESERVED CVE-2019-13913 RESERVED CVE-2019-13912 RESERVED CVE-2019-13911 RESERVED CVE-2019-13910 RESERVED CVE-2019-13909 RESERVED CVE-2019-13908 RESERVED CVE-2019-13907 RESERVED CVE-2019-13906 RESERVED CVE-2019-13905 RESERVED CVE-2019-13904 RESERVED CVE-2019-13903 RESERVED CVE-2019-13902 RESERVED CVE-2019-13901 RESERVED CVE-2019-13900 RESERVED CVE-2019-13899 RESERVED CVE-2019-13898 RESERVED CVE-2019-13897 RESERVED CVE-2019-13896 RESERVED CVE-2019-13895 RESERVED CVE-2019-13894 RESERVED CVE-2019-13893 RESERVED CVE-2019-13892 RESERVED CVE-2019-13891 RESERVED CVE-2019-13890 RESERVED CVE-2019-13889 RESERVED CVE-2019-13888 RESERVED CVE-2019-13887 RESERVED CVE-2019-13886 RESERVED CVE-2019-13885 RESERVED CVE-2019-13884 RESERVED CVE-2019-13883 RESERVED CVE-2019-13882 RESERVED CVE-2019-13881 RESERVED CVE-2019-13880 RESERVED CVE-2019-13879 RESERVED CVE-2019-13878 RESERVED CVE-2019-13877 RESERVED CVE-2019-13876 RESERVED CVE-2019-13875 RESERVED CVE-2019-13874 RESERVED CVE-2019-13873 RESERVED CVE-2019-13872 RESERVED CVE-2019-13871 RESERVED CVE-2019-13870 RESERVED CVE-2019-13869 RESERVED CVE-2019-13868 RESERVED CVE-2019-13867 RESERVED CVE-2019-13866 RESERVED CVE-2019-13865 RESERVED CVE-2019-13864 RESERVED CVE-2019-13863 RESERVED CVE-2019-13862 RESERVED CVE-2019-13861 RESERVED CVE-2019-13860 RESERVED CVE-2019-13859 RESERVED CVE-2019-13858 RESERVED CVE-2019-13857 RESERVED CVE-2019-13856 RESERVED CVE-2019-13855 RESERVED CVE-2019-13854 RESERVED CVE-2019-13853 RESERVED CVE-2019-13852 RESERVED CVE-2019-13851 RESERVED CVE-2019-13850 RESERVED CVE-2019-13849 RESERVED CVE-2019-13848 RESERVED CVE-2019-13847 RESERVED CVE-2019-13846 RESERVED CVE-2019-13845 RESERVED CVE-2019-13844 RESERVED CVE-2019-13843 RESERVED CVE-2019-13842 RESERVED CVE-2019-13841 RESERVED CVE-2019-13840 RESERVED CVE-2019-13839 RESERVED CVE-2019-13838 RESERVED CVE-2019-13837 RESERVED CVE-2019-13836 RESERVED CVE-2019-13835 RESERVED CVE-2019-13834 RESERVED CVE-2019-13833 RESERVED CVE-2019-13832 RESERVED CVE-2019-13831 RESERVED CVE-2019-13830 RESERVED CVE-2019-13829 RESERVED CVE-2019-13828 RESERVED CVE-2019-13827 RESERVED CVE-2019-13826 RESERVED CVE-2019-13825 RESERVED CVE-2019-13824 RESERVED CVE-2019-13823 RESERVED CVE-2019-13822 RESERVED CVE-2019-13821 RESERVED CVE-2019-13820 RESERVED CVE-2019-13819 RESERVED CVE-2019-13818 RESERVED CVE-2019-13817 RESERVED CVE-2019-13816 RESERVED CVE-2019-13815 RESERVED CVE-2019-13814 RESERVED CVE-2019-13813 RESERVED CVE-2019-13812 RESERVED CVE-2019-13811 RESERVED CVE-2019-13810 RESERVED CVE-2019-13809 RESERVED CVE-2019-13808 RESERVED CVE-2019-13807 RESERVED CVE-2019-13806 RESERVED CVE-2019-13805 RESERVED CVE-2019-13804 RESERVED CVE-2019-13803 RESERVED CVE-2019-13802 RESERVED CVE-2019-13801 RESERVED CVE-2019-13800 RESERVED CVE-2019-13799 RESERVED CVE-2019-13798 RESERVED CVE-2019-13797 RESERVED CVE-2019-13796 RESERVED CVE-2019-13795 RESERVED CVE-2019-13794 RESERVED CVE-2019-13793 RESERVED CVE-2019-13792 RESERVED CVE-2019-13791 RESERVED CVE-2019-13790 RESERVED CVE-2019-13789 RESERVED CVE-2019-13788 RESERVED CVE-2019-13787 RESERVED CVE-2019-13786 RESERVED CVE-2019-13785 RESERVED CVE-2019-13784 RESERVED CVE-2019-13783 RESERVED CVE-2019-13782 RESERVED CVE-2019-13781 RESERVED CVE-2019-13780 RESERVED CVE-2019-13779 RESERVED CVE-2019-13778 RESERVED CVE-2019-13777 RESERVED CVE-2019-13776 REJECTED CVE-2019-13775 RESERVED CVE-2019-13774 RESERVED CVE-2019-13773 RESERVED CVE-2019-13772 RESERVED CVE-2019-13771 RESERVED CVE-2019-13770 RESERVED CVE-2019-13769 RESERVED CVE-2019-13768 RESERVED CVE-2019-13767 (Use after free in media picker in Google Chrome prior to 79.0.3945.88 ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2019-13766 (Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13765 (Use-after-free in content delivery manager in Google Chrome prior to 7 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13764 (Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 al ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13763 (Insufficient policy enforcement in payments in Google Chrome prior to ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13762 (Insufficient policy enforcement in downloads in Google Chrome on Windo ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13761 (Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.7 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13760 RESERVED CVE-2019-13759 (Incorrect security UI in interstitials in Google Chrome prior to 79.0. ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13758 (Insufficient policy enforcement in navigation in Google Chrome on Andr ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13757 (Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.7 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13756 (Incorrect security UI in printing in Google Chrome prior to 79.0.3945. ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13755 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13754 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13753 (Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 al ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13752 (Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 al ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13751 (Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 al ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13750 (Insufficient data validation in SQLite in Google Chrome prior to 79.0. ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13749 (Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13748 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13747 (Uninitialized data in rendering in Google Chrome on Android prior to 7 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13746 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 7 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13745 (Insufficient policy enforcement in audio in Google Chrome prior to 79. ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13744 (Insufficient policy enforcement in cookies in Google Chrome prior to 7 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13743 (Incorrect security UI in external protocol handling in Google Chrome p ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13742 (Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13741 (Insufficient validation of untrusted input in Blink in Google Chrome p ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13740 (Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.7 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13739 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 7 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13738 (Insufficient policy enforcement in navigation in Google Chrome prior t ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13737 (Insufficient policy enforcement in autocomplete in Google Chrome prior ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13736 (Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allo ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13735 (Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945. ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13734 (Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 a ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13733 RESERVED CVE-2019-13732 (Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allo ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13731 RESERVED CVE-2019-13730 (Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 al ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13729 (Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 al ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13728 (Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945. ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13727 (Insufficient policy enforcement in WebSockets in Google Chrome prior t ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13726 (Buffer overflow in password manager in Google Chrome prior to 79.0.394 ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13725 (Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 all ...) {DSA-4606-1} - chromium 79.0.3945.79-1 [stretch] - chromium (see DSA 4562) CVE-2019-13724 (Out of bounds memory access in WebBluetooth in Google Chrome prior to ...) {DSA-4575-1} - chromium 78.0.3904.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-13723 (Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 ...) {DSA-4575-1} - chromium 78.0.3904.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-13722 (Inappropriate implementation in WebRTC in Google Chrome prior to 79.0. ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-13722 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-13722 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-13722 CVE-2019-13721 (Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowe ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13720 (Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allo ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13719 (Incorrect security UI in full screen mode in Google Chrome prior to 78 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13718 (Insufficient data validation in Omnibox in Google Chrome prior to 78.0 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13717 (Incorrect security UI in full screen mode in Google Chrome prior to 78 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13716 (Insufficient policy enforcement in service workers in Google Chrome pr ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13715 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13714 (Insufficient validation of untrusted input in Color Enhancer extension ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13713 (Insufficient policy enforcement in JavaScript in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13712 RESERVED CVE-2019-13711 (Insufficient policy enforcement in JavaScript in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13710 (Insufficient validation of untrusted input in downloads in Google Chro ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13709 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13708 (Inappropriate implementation in navigation in Google Chrome on iOS pri ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13707 (Insufficient validation of untrusted input in intents in Google Chrome ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13706 (Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13705 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13704 (Insufficient policy enforcement in navigation in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13703 (Insufficient policy enforcement in the Omnibox in Google Chrome on And ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13702 (Inappropriate implementation in installer in Google Chrome on Windows ...) - chromium (debian package disables the installer) CVE-2019-13701 (Incorrect implementation in navigation in Google Chrome prior to 78.0. ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13700 (Out of bounds memory access in the gamepad API in Google Chrome prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13699 (Use after free in media in Google Chrome prior to 78.0.3904.70 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13698 (Out of bounds memory access in JavaScript in Google Chrome prior to 73 ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-13697 (Insufficient policy enforcement in performance APIs in Google Chrome p ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13696 (Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 a ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13695 (Use after free in audio in Google Chrome on Android prior to 77.0.3865 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13694 (Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allow ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13693 (Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 al ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13692 (Insufficient policy enforcement in reader mode in Google Chrome prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13691 (Insufficient validation of untrusted input in navigation in Google Chr ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13690 RESERVED CVE-2019-13689 RESERVED CVE-2019-13688 (Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13687 (Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13686 (Use after free in offline mode in Google Chrome prior to 77.0.3865.90 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13685 (Use after free in sharing view in Google Chrome prior to 77.0.3865.90 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13684 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) {DSA-4395-1} - chromium 72.0.3626.81-1 [stretch] - chromium (see DSA 4562) CVE-2019-13683 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13682 (Insufficient policy enforcement in external protocol handling in Googl ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13681 (Insufficient data validation in downloads in Google Chrome prior to 77 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13680 (Inappropriate implementation in TLS in Google Chrome prior to 77.0.386 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13679 (Insufficient policy enforcement in PDFium in Google Chrome prior to 77 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13678 (Incorrect data validation in downloads in Google Chrome prior to 77.0. ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13677 (Insufficient policy enforcement in site isolation in Google Chrome pri ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13676 (Insufficient policy enforcement in Chromium in Google Chrome prior to ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13675 (Insufficient data validation in extensions in Google Chrome prior to 7 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13674 (IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13673 (Insufficient data validation in developer tools in Google Chrome prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13672 (Incorrect security UI in Omnibox in Google Chrome prior to 77.0.3865.7 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13671 (UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13670 (Insufficient data validation in JavaScript in Google Chrome prior to 7 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13669 (Incorrect data validation in navigation in Google Chrome prior to 77.0 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13668 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13667 (Inappropriate implementation in Omnibox in Google Chrome on iOS prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13666 (Information leak in storage in Google Chrome prior to 77.0.3865.75 all ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13665 (Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13664 (Insufficient policy enforcement in Blink in Google Chrome prior to 77. ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13663 (IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13662 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13661 (UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13660 (UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13659 (IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-13658 (CA Network Flow Analysis 9.x and 10.0.x have a default credential vuln ...) NOT-FOR-US: CA Network Flow Analysis CVE-2019-13657 (CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before ...) NOT-FOR-US: CA Performance Management CVE-2019-13656 (An access vulnerability in CA Common Services DIA of CA Technologies C ...) NOT-FOR-US: CA Technologies Client Automation CVE-2019-13655 (Imgix through 2019-06-19 allows remote attackers to cause a denial of ...) NOT-FOR-US: Imgix CVE-2019-13654 RESERVED CVE-2019-13653 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow trig ...) NOT-FOR-US: TP-Link CVE-2019-13652 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serv ...) NOT-FOR-US: TP-Link CVE-2019-13651 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow port ...) NOT-FOR-US: TP-Link CVE-2019-13650 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow inte ...) NOT-FOR-US: TP-Link CVE-2019-13649 (TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow exte ...) NOT-FOR-US: TP-Link CVE-2019-13648 (In the Linux kernel through 5.2.1 on the powerpc platform, when hardwa ...) {DSA-4497-1 DSA-4495-1 DLA-1885-1} - linux 5.2.6-1 NOTE: https://patchwork.ozlabs.org/patch/1133904/ CVE-2019-13647 (** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to stored XSS ...) NOT-FOR-US: Firefly CVE-2019-13646 (** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to reflected ...) NOT-FOR-US: Firefly CVE-2019-13645 (** DISPUTED ** Firefly III before 4.7.17.3 is vulnerable to stored XSS ...) NOT-FOR-US: Firefly CVE-2019-13644 (** DISPUTED ** Firefly III before 4.7.17.1 is vulnerable to stored XSS ...) NOT-FOR-US: Firefly CVE-2019-13643 (Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute ...) NOT-FOR-US: EspoCRM CVE-2019-13642 RESERVED CVE-2019-13641 RESERVED CVE-2019-13640 (In qBittorrent before 4.1.7, the function Application::runExternalProg ...) {DSA-4650-1} - qbittorrent 4.1.7-1 (bug #932539) [jessie] - qbittorrent (Vulnerable code not present in 3.1.x series) NOTE: https://github.com/qbittorrent/qBittorrent/issues/10925 CVE-2019-13639 RESERVED CVE-2019-13638 (GNU patch through 2.7.6 is vulnerable to OS shell command injection th ...) {DSA-4489-1 DLA-1864-1} - patch 2.7.6-5 NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0 CVE-2019-13637 (In LogMeIn join.me before 3.16.0.5505, an attacker could execute arbit ...) NOT-FOR-US: LogMeIn join.me CVE-2019-13636 (In GNU patch through 2.7.6, the following of symlinks is mishandled in ...) {DSA-4489-1 DLA-1856-1} - patch 2.7.6-5 (bug #932401) NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows wpFas ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2019-13634 RESERVED CVE-2019-13633 (Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attack ...) NOT-FOR-US: Blinger.io CVE-2019-13632 RESERVED CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...) {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1} - linux 5.2.6-1 NOTE: https://patchwork.kernel.org/patch/11040813/ CVE-2019-13630 RESERVED CVE-2019-13629 (MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA si ...) - matrixssl CVE-2019-13628 (wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --ena ...) - wolfssl 4.1.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/pull/2353 CVE-2019-13627 (It was discovered that there was a ECDSA timing attack in the libgcryp ...) {DLA-1931-2 DLA-1931-1} - libgcrypt20 1.8.5-1 (bug #938938) [buster] - libgcrypt20 (Minor issue) [stretch] - libgcrypt20 (Minor issue) - libgcrypt11 NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b9577f7c89b4327edc09f2231bc8b31521102c79 (master) NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=7c2943309d14407b51c8166c4dcecb56a3628567 (master) NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9 (1.8.5) NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60 (1.8.5) CVE-2019-13626 (SDL (Simple DirectMedia Layer) 2.x through 2.0.9 has a heap-based buff ...) - libsdl2 2.0.10+dfsg1-1 [buster] - libsdl2 (Minor issue) [stretch] - libsdl2 (Minor issue) [jessie] - libsdl2 (Minor issue) - libsdl1.2 (Vulnerable code added later) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4522 NOTE: 24-bit PCM WAVE introduced in SDL 2.0 CVE-2019-13625 (NSA Ghidra before 9.0.1 allows XXE when a project is opened or restore ...) - ghidra (bug #923851) CVE-2019-13624 (In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/Y ...) NOT-FOR-US: ONOS CVE-2019-13623 (In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java ...) - ghidra (bug #923851) CVE-2019-13622 RESERVED CVE-2019-13621 RESERVED CVE-2019-13620 RESERVED CVE-2019-13619 (In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ...) {DLA-2547-1} - wireshark 2.6.10-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (vulnerable code not present, binary encoding not yet supported) NOTE: https://www.wireshark.org/security/wnpa-sec-2019-20.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7e90aed666e809c0db5de9d1816802a7dcea28d9 CVE-2019-13618 (In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-bas ...) {DLA-2072-1} - gpac 1.0.1+dfsg1-2 (low; bug #932242) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1250 NOTE: https://github.com/gpac/gpac/commit/c23d54ed15a70b4543e3191e6ead5097cda0878b CVE-2019-13617 (njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in ...) NOT-FOR-US: njs CVE-2019-13616 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2536-1} - libsdl2 2.0.10+dfsg1-1 [buster] - libsdl2 (Minor issue) [jessie] - libsdl2 (can be fixed along with more important patches) - libsdl1.2 1.2.15+dfsg2-5 [buster] - libsdl1.2 (Minor issue) [jessie] - libsdl1.2 (can be fixed along with more important patches) - libsdl2-image 2.0.5+dfsg1-2 (bug #940934) [buster] - libsdl2-image (Minor issue) [stretch] - libsdl2-image (Minor issue) [jessie] - libsdl2-image (can be fixed along with more important patches) - sdl-image1.2 1.2.12-12 [buster] - sdl-image1.2 (Minor issue) [stretch] - sdl-image1.2 (Minor issue) [jessie] - sdl-image1.2 (can be fixed along with more important patches) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4538 NOTE: libsdl2: https://hg.libsdl.org/SDL/rev/e7ba650a643a NOTE: libsdl1.2: https://hg.libsdl.org/SDL/rev/ad1bbfbca760 NOTE: libsdl2-image: https://hg.libsdl.org/SDL_image/rev/ba45f00879ba NOTE: sdl-image1.2: https://hg.libsdl.org/SDL_image/rev/a59bfe382008 CVE-2019-13615 (libebml before 1.3.6, as used in the MKV module in VideoLAN VLC Media ...) - libebml 1.3.6-1 (low; bug #932241) [stretch] - libebml 1.3.4-1+deb9u1 [jessie] - libebml (Minor issue) NOTE: https://trac.videolan.org/vlc/ticket/22474 NOTE: Issue was originally reported to vlc project, but the underlying issue is NOTE: found in the libebml library NOTE: https://github.com/Matroska-Org/libebml/commit/05beb69ba60acce09f73ed491bb76f332849c3a0 NOTE: https://github.com/Matroska-Org/libebml/commit/ff0dc3cc21494578ce731f5d7dcde5fdec23d40f NOTE: https://github.com/Matroska-Org/libebml/commit/b66ca475be967547af9a3784e720fbbacd381be6 NOTE: https://github.com/Matroska-Org/libebml/commit/534dfdb995edc18e528de8ce9fa20b3df88426ae CVE-2019-13614 (CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link ...) NOT-FOR-US: TP-Link CVE-2019-13613 (CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wirel ...) NOT-FOR-US: TP-Link CVE-2019-13612 (MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by de ...) NOT-FOR-US: MDaemon Email Server CVE-2019-13611 (An issue was discovered in python-engineio through 3.8.2. There is a C ...) - python-engineio 3.11.1-1 (bug #932538) [buster] - python-engineio (Minor issue) NOTE: https://github.com/miguelgrinberg/python-engineio/issues/128 NOTE: https://github.com/miguelgrinberg/python-engineio/security/advisories/GHSA-j3jp-gvr5-7hwq CVE-2019-13610 RESERVED CVE-2019-13609 RESERVED CVE-2019-13608 (Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000) ...) NOT-FOR-US: Citrix StoreFront Server CVE-2019-13607 (The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerab ...) NOT-FOR-US: Opera Mini application for iOS CVE-2019-13606 RESERVED CVE-2019-13605 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.8 ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13604 (There is a short key vulnerability in HID Global DigitalPersona (forme ...) NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader CVE-2019-13603 (An issue was discovered in the HID Global DigitalPersona (formerly Cro ...) NOT-FOR-US: HID Global DigitalPersona U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver CVE-2019-13602 (An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4. ...) {DSA-4504-1} - vlc 3.0.7.1-2 (bug #932131) [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=8e8e0d72447f8378244f5b4a3dcde036dbeb1491 NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=b2b157076d9e94df34502dd8df0787deb940e938 NOTE: https://www.videolan.org/security/sb-vlc308.html CVE-2019-13601 RESERVED CVE-2019-13600 RESERVED CVE-2019-13599 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13598 (LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenti ...) NOT-FOR-US: LuaUPnP in Vera Edge Home Controller CVE-2019-13597 (_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command ...) NOT-FOR-US: Sahi Pro CVE-2019-13596 RESERVED CVE-2019-13595 RESERVED CVE-2019-13594 (In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware w ...) NOT-FOR-US: Mirumee Saleor CVE-2019-13593 RESERVED CVE-2019-13592 RESERVED CVE-2019-13591 RESERVED CVE-2019-13590 (An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (start ...) - sox 14.4.2+git20190427-2 (low; bug #932082) [buster] - sox (Minor issue) [stretch] - sox (Minor issue) [jessie] - sox (Minor issue) NOTE: https://sourceforge.net/p/sox/bugs/325/ NOTE: https://sourceforge.net/p/sox/code/ci/7b6a889217d62ed7e28188621403cc7542fd1f7e/ CVE-2019-13589 (The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, incl ...) NOT-FOR-US: backdoor in paranoid_2 gem, different from src:ruby-paranoia CVE-2019-13588 (A cross-site scripting (XSS) vulnerability in getPagingStart() in core ...) NOT-FOR-US: WIKINDX CVE-2019-13587 RESERVED CVE-2019-13586 RESERVED CVE-2019-13585 (The remote admin webserver on FANUC Robotics Virtual Robot Controller ...) NOT-FOR-US: FANUC Robotics Virtual Robot Controller CVE-2019-13584 (The remote admin webserver on FANUC Robotics Virtual Robot Controller ...) NOT-FOR-US: FANUC Robotics Virtual Robot Controller CVE-2019-13583 RESERVED CVE-2019-13582 (An issue was discovered in Marvell 88W8688 Wi-Fi firmware before versi ...) NOT-FOR-US: Tesla CVE-2019-13581 (An issue was discovered in Marvell 88W8688 Wi-Fi firmware before versi ...) NOT-FOR-US: Tesla CVE-2019-13580 RESERVED CVE-2019-13579 RESERVED CVE-2019-13578 (A SQL injection vulnerability exists in the Impress GiveWP Give plugin ...) NOT-FOR-US: Impress GiveWP Give plugin for WordPress CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthe ...) NOT-FOR-US: SnmpAdm.exe in MAPLE WBT SNMP Administrator CVE-2019-13576 RESERVED CVE-2019-13575 (A SQL injection vulnerability exists in WPEverest Everest Forms plugin ...) NOT-FOR-US: WPEverest Everest Forms plugin for WordPress CVE-2019-13574 (In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remo ...) {DSA-4481-1 DLA-1948-1} - ruby-mini-magick 4.9.2-1.1 (bug #931932) CVE-2019-13573 (A SQL injection vulnerability exists in the FolioVision FV Flowplayer ...) NOT-FOR-US: FolioVision FV Flowplayer Video Player plugin for WordPress CVE-2019-13572 (The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL ...) NOT-FOR-US: Adenion Blog2Social plugin for WordPress CVE-2019-13571 (A SQL injection vulnerability exists in the Vsourz Digital Advanced CF ...) NOT-FOR-US: Vsourz Digital Advanced CF7 DB plugin for WordPress CVE-2019-13570 (The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection ...) NOT-FOR-US: WordPress plugin AJdG AdRotate CVE-2019-13569 (A SQL injection vulnerability exists in the Icegram Email Subscribers ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters plugin for WordPress CVE-2019-13568 (CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CI ...) - cimg 2.8.4+dfsg-1 (bug #940952) [buster] - cimg (Minor issue) [stretch] - cimg (Minor issue) [jessie] - cimg (Vulnerable code added later) NOTE: https://github.com/dtschump/CImg/commit/ac8003393569aba51048c9d67e1491559877b1d1 CVE-2019-13567 (The Zoom Client before 4.4.53932.0709 on macOS allows remote code exec ...) NOT-FOR-US: Zoom CVE-2019-13566 (An issue was discovered in the ROS communications-related packages (ak ...) - ros-ros-comm 1.14.3+ds1-10 (bug #945361) [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u1 [stretch] - ros-ros-comm 1.12.6-2+deb9u1 NOTE: https://github.com/ros/ros_comm/issues/1735 NOTE: https://github.com/ros/ros_comm/pull/1771 CVE-2019-13565 (An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL ...) {DLA-1891-1} - openldap 2.4.48+dfsg-1 (low; bug #932998) [buster] - openldap 2.4.47+dfsg-3+deb10u1 [stretch] - openldap 2.4.44+dfsg-5+deb9u3 NOTE: https://openldap.org/its/?findid=9052 CVE-2019-13564 (XSS exists in Ping Identity Agentless Integration Kit before 1.5. ...) NOT-FOR-US: Ping Identity Agentless Integration Kit CVE-2019-13563 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the enti ...) NOT-FOR-US: D-Link CVE-2019-13562 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstra ...) NOT-FOR-US: D-Link CVE-2019-13561 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers ...) NOT-FOR-US: D-Link CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers ...) NOT-FOR-US: D-Link CVE-2019-13559 (GE Mark VIe Controller is shipped with pre-configured hard-coded crede ...) NOT-FOR-US: GE Mark VIe Controller CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed over the ne ...) NOT-FOR-US: WebAccess CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an ...) NOT-FOR-US: Tasy CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buffer ove ...) NOT-FOR-US: WebAccess CVE-2019-13555 (In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial n ...) NOT-FOR-US: Mitsubishi CVE-2019-13554 (GE Mark VIe Controller has an unsecured Telnet protocol that may allow ...) NOT-FOR-US: GE Mark VIe Controller CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...) NOT-FOR-US: Rittal Chiller SK 3232-Series CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...) NOT-FOR-US: WebAccess CVE-2019-13551 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vul ...) NOT-FOR-US: Advantech CVE-2019-13550 (In WebAccess, versions 8.4.1 and prior, an improper authorization vuln ...) NOT-FOR-US: WebAccess CVE-2019-13549 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...) NOT-FOR-US: Rittal Chiller SK 3232-Series CVE-2019-13548 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...) NOT-FOR-US: CODESYS CVE-2019-13547 (Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecu ...) NOT-FOR-US: Advantech CVE-2019-13546 (In IntelliSpace Perinatal, Versions K and prior, a vulnerability withi ...) NOT-FOR-US: IntelliSpace Perinatal CVE-2019-13545 (In Horner Automation Cscape 9.90 and prior, improper validation of dat ...) NOT-FOR-US: Horner Automation Cscape CVE-2019-13544 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-b ...) NOT-FOR-US: Delta Electronics TPEditor CVE-2019-13543 (Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab F ...) NOT-FOR-US: Medtronic CVE-2019-13542 (3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all version ...) NOT-FOR-US: 3S-Smart CVE-2019-13541 (In Horner Automation Cscape 9.90 and prior, an improper input validati ...) NOT-FOR-US: Horner Automation Cscape CVE-2019-13540 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-ba ...) NOT-FOR-US: Delta Electronics TPEditor CVE-2019-13539 (Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab F ...) NOT-FOR-US: Medtronic CVE-2019-13538 (3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versi ...) NOT-FOR-US: 3S-Smart CVE-2019-13537 (The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA an ...) NOT-FOR-US: IEC870IP driver CVE-2019-13536 (Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-bas ...) NOT-FOR-US: Delta Electronics TPEditor CVE-2019-13535 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 ...) NOT-FOR-US: Medtronic Valleylab FT10 Energy Platform CVE-2019-13534 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...) NOT-FOR-US: Philips CVE-2019-13533 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...) NOT-FOR-US: Omron CVE-2019-13532 (CODESYS V3 web server, all versions prior to 3.5.14.10, allows an atta ...) NOT-FOR-US: CODESYS CVE-2019-13531 (In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 ...) NOT-FOR-US: Medtronic Valleylab FT10 Energy Platform CVE-2019-13530 (Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Fi ...) NOT-FOR-US: Philips CVE-2019-13529 (An attacker could send a malicious link to an authenticated operator, ...) NOT-FOR-US: Sunny WebBox Firmware CVE-2019-13528 (A specific utility may allow an attacker to gain read access to privil ...) NOT-FOR-US: Niagara CVE-2019-13527 (In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Version ...) NOT-FOR-US: Rockwell CVE-2019-13526 (Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 ...) NOT-FOR-US: Datalogic AV7000 Linear barcode scanner CVE-2019-13525 (In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrat ...) NOT-FOR-US: IP-AK2 Access Control Panel CVE-2019-13524 (GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/ ...) NOT-FOR-US: GE/Emerson CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the integrat ...) NOT-FOR-US: Honeywell CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the ...) NOT-FOR-US: EZ PLC Editor CVE-2019-13521 (A maliciously crafted program file opened by an unsuspecting user of R ...) NOT-FOR-US: Rockwell CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...) NOT-FOR-US: Fuji Electric CVE-2019-13519 (A maliciously crafted program file opened by an unsuspecting user of R ...) NOT-FOR-US: Rockwell CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...) NOT-FOR-US: EZAutomation CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...) NOT-FOR-US: Pyxis CVE-2019-13516 (In OSIsoft PI Web API and prior, the affected product is vulnerable to ...) NOT-FOR-US: OSIsoft LLC CVE-2019-13515 (OSIsoft PI Web API 2018 and prior may allow disclosure of sensitive in ...) NOT-FOR-US: OSIsoft LLC CVE-2019-13514 (In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, ...) NOT-FOR-US: Delta Industrial Automation DOPSoft CVE-2019-13513 (In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, ...) NOT-FOR-US: Delta Industrial Automation DOPSoft CVE-2019-13512 (Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out- ...) NOT-FOR-US: Fuji Electric FRENIC Loader CVE-2019-13511 (Rockwell Automation Arena Simulation Software versions 16.00.00 and ea ...) NOT-FOR-US: Rockwell Automation Arena Simulation Software CVE-2019-13510 (Rockwell Automation Arena Simulation Software versions 16.00.00 and ea ...) NOT-FOR-US: Rockwell Automation Arena Simulation Software CVE-2019-13509 (In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06. ...) {DSA-4521-1} - docker.io 18.09.1+dfsg1-8 (bug #932673) CVE-2019-13508 (FreeTDS through 1.1.11 has a Buffer Overflow. ...) - freetds 1.1.6-1.1 (bug #944012) [buster] - freetds 1.00.104-1+deb10u1 [stretch] - freetds (Vulnerable code introduced in 0.95 upstream) [jessie] - freetds (Vulnerable code introduced in 0.95 upstream) NOTE: https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac NOTE: https://bugs.launchpad.net/bugs/1835896 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1736255 NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1141132 CVE-2019-13507 (hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection. ...) NOT-FOR-US: hidea.com AZ Admin CVE-2019-13506 (@nuxt/devalue before 1.2.3, as used in Nuxt.js before 2.6.2, mishandle ...) NOT-FOR-US: Nuxt.js CVE-2019-13505 (The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS vi ...) NOT-FOR-US: Appointment Hour Booking plugin for WordPress CVE-2019-13504 (There is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrw ...) {DLA-1855-1} - exiv2 0.27.2-6 (low; bug #932467) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/pull/943 NOTE: https://github.com/Exiv2/exiv2/pull/944 NOTE: https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9 NOTE: https://github.com/Exiv2/exiv2/pull/946 (complementary fix) NOTE: https://github.com/Exiv2/exiv2/commit/54f0bebca032d0286a0e48f47e67dfc6141fedff CVE-2019-13503 (mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2019-13502 RESERVED CVE-2019-13501 RESERVED CVE-2019-13500 RESERVED CVE-2019-13499 RESERVED CVE-2019-13498 (One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Trans ...) NOT-FOR-US: One Identity Cloud Access Manager CVE-2019-13497 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF fo ...) NOT-FOR-US: One Identity Cloud Access Manager CVE-2019-13496 (One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP byp ...) NOT-FOR-US: One Identity Cloud Access Manager CVE-2019-13495 (In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross- ...) NOT-FOR-US: Zyxel CVE-2019-13494 (nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0. ...) NOT-FOR-US: Castle Rock SNMPc CVE-2019-13493 (In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library ...) NOT-FOR-US: Sitecore CVE-2019-13492 RESERVED CVE-2019-13491 RESERVED CVE-2019-13490 RESERVED CVE-2019-13489 (Trape through 2019-05-08 has SQL injection via the data[2] variable in ...) NOT-FOR-US: Trape CVE-2019-13488 (A cross-site scripting (XSS) vulnerability in static/js/trape.js in Tr ...) NOT-FOR-US: Trape CVE-2019-13487 RESERVED CVE-2019-13486 (In Xymon through 4.3.28, a stack-based buffer overflow exists in the s ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon 4.3.28-5+deb10u1 [stretch] - xymon 4.3.28-2+deb9u1 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019-13485 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon 4.3.28-5+deb10u1 [stretch] - xymon 4.3.28-2+deb9u1 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019-13484 (In Xymon through 4.3.28, a buffer overflow exists in the status-log vi ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon 4.3.28-5+deb10u1 [stretch] - xymon 4.3.28-2+deb9u1 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019-13483 (Auth0 Passport-SharePoint before 0.4.0 does not validate the JWT signa ...) NOT-FOR-US: Auth0 Passport-SharePoint CVE-2019-13482 (An issue was discovered on D-Link DIR-818LW devices with firmware 2.06 ...) NOT-FOR-US: D-Link CVE-2019-13481 (An issue was discovered on D-Link DIR-818LW devices with firmware 2.06 ...) NOT-FOR-US: D-Link CVE-2019-13480 RESERVED CVE-2019-13479 RESERVED CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly r ...) NOT-FOR-US: Wordpress plugin CVE-2019-13477 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in t ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13476 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in th ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13475 (In MobaXterm 11.1, the mobaxterm: URI handler has an argument injectio ...) NOT-FOR-US: MobaXterm CVE-2019-13474 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...) NOT-FOR-US: TELESTAR CVE-2019-13473 (TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110 ...) NOT-FOR-US: TELESTAR CVE-2019-13472 (PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the ...) NOT-FOR-US: PHPWind CVE-2019-13471 RESERVED CVE-2019-13470 (MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling ...) - matrixssl CVE-2019-13469 RESERVED CVE-2019-13468 RESERVED CVE-2019-13467 (Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk ...) NOT-FOR-US: Western Digital SSD Dashboard and SanDisk SSD Dashboard applications CVE-2019-13466 (Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard ...) NOT-FOR-US: Western Digital SSD Dashboard and SanDisk SSD Dashboard CVE-2019-13465 (An issue was discovered in the ROS communications-related packages (ak ...) - ros-ros-comm 1.14.3+ds1-10 (bug #947946) [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u1 [stretch] - ros-ros-comm 1.12.6-2+deb9u1 NOTE: https://github.com/ros/ros_comm/issues/1752 NOTE: https://github.com/ros/ros_comm/pull/1763 CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ...) - modsecurity-crs 3.2.0-1 (low; bug #943773) [buster] - modsecurity-crs 3.1.0-1+deb10u1 [stretch] - modsecurity-crs (Minor issue) [jessie] - modsecurity-crs (incorrect rule does not exist) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/6090d6b0a90417f1a60aa68a01eb777cef2e1184 NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386 CVE-2019-13463 (An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Li ...) NOT-FOR-US: Simple Link Directory plugin for WordPress CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...) NOT-FOR-US: Lansweeper CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...) NOT-FOR-US: PrestaShop CVE-2019-13460 RESERVED CVE-2019-13459 RESERVED CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) {DLA-1877-1} - otrs2 6.0.20-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/ NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a NOTE: OTRS 5.0: https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2 CVE-2019-13457 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) - otrs2 (Only affects 7.x series) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-11/ CVE-2019-13456 (In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...) - freeradius 3.0.20+dfsg-1 [buster] - freeradius (Minor issue) [stretch] - freeradius (Minor issue) [jessie] - freeradius (Vulnerable code introduced later in version 3.0.0) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/3ea2a5a026e73d81cd9a3e9bbd4300c433004bfa (release_3_0_20) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1737663 NOTE: https://wpa3.mathyvanhoef.com/#new CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerability e ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon 4.3.28-5+deb10u1 [stretch] - xymon 4.3.28-2+deb9u1 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...) {DSA-4712-1 DLA-2333-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740) [jessie] - imagemagick (low impact issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4 CVE-2019-13453 (Zipios before 0.1.7 does not properly handle certain malformed zip arc ...) - zipios++ 0.1.5.9+cvs.2007.04.28-11 (low; bug #932556) [buster] - zipios++ 0.1.5.9+cvs.2007.04.28-10+deb10u1 [stretch] - zipios++ (Minor issue) [jessie] - zipios++ (Minor issue) NOTE: https://sourceforge.net/p/zipios/news/2019/07/version-017-cve-/ NOTE: Patch: https://sourceforge.net/p/zipios/code-git/ci/96e26640573410709bb863b8916a8216f4c6a546/tree/infinite_loop.patch CVE-2019-13452 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in rep ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon 4.3.28-5+deb10u1 [stretch] - xymon 4.3.28-2+deb9u1 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019-13451 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in his ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon 4.3.28-5+deb10u1 [stretch] - xymon 4.3.28-2+deb9u1 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019-17351 (An issue was discovered in drivers/xen/balloon.c in the Linux kernel b ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.168-1+deb9u5 NOTE: https://xenbits.xen.org/xsa/advisory-300.html CVE-2019-13450 (In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on ma ...) NOT-FOR-US: Zoom Client and RingCentral on MacOS CVE-2019-13449 (In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a ...) NOT-FOR-US: Zoom Client on macOS CVE-2019-13448 (An issue was discovered in Sertek Xpare 3.67. The login form does not ...) NOT-FOR-US: Sertek Xpare CVE-2019-13447 (An issue was discovered in Sertek Xpare 3.67. The login form does not ...) NOT-FOR-US: Sertek Xpare CVE-2019-13446 REJECTED CVE-2019-13445 (An issue was discovered in the ROS communications-related packages (ak ...) - ros-ros-comm 1.14.3+ds1-11 (bug #947947) [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u1 [stretch] - ros-ros-comm 1.12.6-2+deb9u2 NOTE: https://github.com/ros/ros_comm/issues/1738 NOTE: https://github.com/ros/ros_comm/pull/1741 CVE-2019-13444 RESERVED CVE-2019-13443 RESERVED CVE-2019-13442 RESERVED CVE-2019-13441 RESERVED CVE-2019-13440 RESERVED CVE-2019-13439 RESERVED CVE-2019-13438 RESERVED CVE-2019-13437 RESERVED CVE-2019-13436 RESERVED CVE-2019-13435 RESERVED CVE-2019-13434 RESERVED CVE-2019-13433 RESERVED CVE-2019-13432 RESERVED CVE-2019-13431 RESERVED CVE-2019-13430 RESERVED CVE-2019-13429 RESERVED CVE-2019-13428 RESERVED CVE-2019-13427 RESERVED CVE-2019-13426 RESERVED CVE-2019-13425 RESERVED CVE-2019-13424 RESERVED CVE-2019-13423 (Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 ...) NOT-FOR-US: Search Guard CVE-2019-13422 (Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 ...) NOT-FOR-US: Search Guard CVE-2019-13421 (Search Guard versions before 23.1 had an issue that an administrative ...) NOT-FOR-US: Search Guard CVE-2019-13420 (Search Guard versions before 21.0 had an timing side channel issue whe ...) NOT-FOR-US: Search Guard CVE-2019-13419 (Search Guard versions before 23.1 had an issue that for aggregations c ...) NOT-FOR-US: Search Guard CVE-2019-13418 (Search Guard versions before 24.0 had an issue that values of string a ...) NOT-FOR-US: Search Guard CVE-2019-13417 (Search Guard versions before 24.0 had an issue that field caps and map ...) NOT-FOR-US: Search Guard CVE-2019-13416 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...) NOT-FOR-US: Search Guard CVE-2019-13415 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...) NOT-FOR-US: Search Guard CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...) NOT-FOR-US: Wordpress plugin CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...) NOT-FOR-US: Wordpress plugin CVE-2019-13412 (A service which is hosted on port 3097 in HiNet GPON firmware < I04 ...) NOT-FOR-US: HiNet GPON firmware CVE-2019-13411 (An “invalid command” handler issue was discovered in HiNet ...) NOT-FOR-US: HiNet GPON firmware CVE-2019-13410 (TOPMeeting before version 8.8 (2019/08/19) shows attendees account and ...) NOT-FOR-US: TOPMeeting CVE-2019-13409 (A SQL injection vulnerability was discovered in TOPMeeting before vers ...) NOT-FOR-US: TOPMeeting CVE-2019-13408 (A relative path traversal vulnerability found in Advan VD-1 firmware v ...) NOT-FOR-US: Advan VD-1 firmware CVE-2019-13407 (A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses ...) NOT-FOR-US: Advan VD-1 firmware CVE-2019-13406 (A broken access control vulnerability found in Advan VD-1 firmware ver ...) NOT-FOR-US: Advan VD-1 firmware CVE-2019-13405 (A broken access control vulnerability found in Advan VD-1 firmware ver ...) NOT-FOR-US: Advan VD-1 firmware CVE-2019-13404 (** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows ...) NOT-FOR-US: Disputed issue for Windows installer for Python CVE-2019-13403 (Temenos CWX version 8.9 has an Broken Access Control vulnerability in ...) NOT-FOR-US: Temenos CWX CVE-2019-13402 (/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactoryd ...) NOT-FOR-US: Dynacolor CVE-2019-13401 (Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi ...) NOT-FOR-US: Dynacolor CVE-2019-13400 (Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store admin ...) NOT-FOR-US: Dynacolor CVE-2019-13399 (Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that ...) NOT-FOR-US: Dynacolor CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute ...) NOT-FOR-US: Dynacolor CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker ...) NOT-FOR-US: osTicket CVE-2019-13396 (FlightPath 4.x and 5.0-x allows directory traversal and Local File Inc ...) NOT-FOR-US: FlightPath CVE-2019-13395 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF a ...) NOT-FOR-US: Netgear CVE-2019-13394 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Bas ...) NOT-FOR-US: Netgear CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same ...) NOT-FOR-US: Netgear CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...) NOT-FOR-US: MindPalette NateMail CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...) {DSA-4712-1 DLA-2366-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931633) [jessie] - imagemagick (minor, wait for upstream to clear patch-related questions) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1588 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f6ffc702c6eecd963587273a429dcd608c648984 NOTE: Patch is insufficient, partly reverted by the CVE-2019-13308 patch NOTE: which seems to be the actual patch for this issue. CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in l ...) {DSA-4722-1 DLA-2291-1} - ffmpeg 7:4.2.1-1 (low; bug #932535) NOTE: https://trac.ffmpeg.org/ticket/7979 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3 CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...) - rainloop 1.14.0-1 [buster] - rainloop (Minor issue) NOTE: https://github.com/RainLoop/rainloop-webmail/commit/8eb4588917b4741889fdd905d4c32e3e86317693 CVE-2019-13388 RESERVED CVE-2019-13387 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13386 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13385 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13384 RESERVED CVE-2019-13383 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13382 (UploaderService in SnagIT 2019.1.2 allows elevation of privilege by pl ...) NOT-FOR-US: SnagIT CVE-2019-13381 REJECTED CVE-2019-13380 (KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from ...) NOT-FOR-US: KEYNTO Team Password Manager CVE-2019-13379 (On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access ...) NOT-FOR-US: AVTECH Room Alert CVE-2019-13378 RESERVED CVE-2019-13377 (The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2 ...) {DSA-4538-1} - wpa 2:2.9-1 (bug #934180) [stretch] - wpa (Introduced in 2.5) [jessie] - wpa (Introduced in 2.5) NOTE: https://wpa3.mathyvanhoef.com/#new NOTE: Added in v2.5: https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog: NOTE: "added support for Brainpool Elliptic Curves with SAE" NOTE: Patches: https://w1.fi/security/2019-6/ CVE-2019-13376 (phpBB version 3.2.7 allows the stealing of an Administration Control P ...) {DLA-1942-2 DLA-1942-1} - phpbb3 NOTE: https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss NOTE: fixed in 3.2.8 as 'SECURITY-246' NOTE: https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f NOTE: follow-up to incomplete fix for CVE-2019-16993 CVE-2019-16993 (In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper v ...) {DLA-1942-2 DLA-1942-1} - phpbb3 NOTE: https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789 NOTE: https://www.phpbb.com/community/viewtopic.php?t=2352606 CVE-2019-13375 (A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) ...) NOT-FOR-US: D-Link CVE-2019-13374 (A cross-site scripting (XSS) vulnerability in resource view in PayActi ...) NOT-FOR-US: D-Link CVE-2019-13373 (An issue was discovered in the D-Link Central WiFi Manager CWM(100) be ...) NOT-FOR-US: D-Link CVE-2019-13372 (/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager C ...) NOT-FOR-US: D-Link CVE-2019-13371 RESERVED CVE-2019-13370 (index.php/admin/permissions in Ignited CMS through 2017-02-19 allows C ...) NOT-FOR-US: Ignited CMS CVE-2019-13369 REJECTED CVE-2019-13368 REJECTED CVE-2019-13367 REJECTED CVE-2019-13366 RESERVED CVE-2019-13365 RESERVED CVE-2019-13364 (admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat& ...) - piwigo CVE-2019-13363 (admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nb ...) - piwigo CVE-2019-13362 (Codedoc v3.2 has a stack-based buffer overflow in add_variable in code ...) NOT-FOR-US: Codedoc CVE-2019-13361 (Smanos W100 1.0.0 devices have Insecure Permissions, exploitable by an ...) NOT-FOR-US: Smanos W100 1.0.0 devices CVE-2019-13360 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote at ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13359 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv- ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-13358 (lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows ...) NOT-FOR-US: OpenCats CVE-2019-13357 (In Total Defense Anti-virus 9.0.0.773, resource acquisition from the u ...) NOT-FOR-US: Total Defense Anti-virus CVE-2019-13356 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...) NOT-FOR-US: Total Defense Anti-virus CVE-2019-13355 (In Total Defense Anti-virus 9.0.0.773, insecure access control for the ...) NOT-FOR-US: Total Defense Anti-virus CVE-2019-13354 (The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org ...) NOT-FOR-US: strong_password gem CVE-2019-13353 RESERVED CVE-2019-13352 (WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic ...) NOT-FOR-US: WolfVision Cynap CVE-2019-13351 (posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 (as dist ...) - jackd2 1.9.14~dfsg-0.1 (low; bug #931488) [buster] - jackd2 (Minor issue) [stretch] - jackd2 (Minor issue) [jessie] - jackd2 (Minor issue, hard to reproduce crash with theoretically possible file corruption, no sensitive data to leak) NOTE: https://github.com/jackaudio/jack2/pull/480 NOTE: https://github.com/jackaudio/jack2/commit/994e225bbb07a89f56147f7ce7d59beb49f8cfba CVE-2019-13350 RESERVED CVE-2019-13349 (In Knowage through 6.1.1, an authenticated user that accesses the user ...) NOT-FOR-US: Knowage CVE-2019-13348 (In Knowage through 6.1.1, an authenticated user who accesses the datas ...) NOT-FOR-US: Knowage CVE-2019-13347 (An issue was discovered in the SAML Single Sign On (SSO) plugin for se ...) NOT-FOR-US: SAML Single Sign On plugin for several Atlassian products CVE-2019-13346 (In MyT 1.5.1, the User[username] parameter has XSS. ...) NOT-FOR-US: MyT CVE-2019-13345 (The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...) {DSA-4507-1 DLA-2278-1 DLA-1847-1} - squid 4.8-1 (bug #931478) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_6.txt NOTE: https://bugs.squid-cache.org/show_bug.cgi?id=4957 NOTE: https://github.com/squid-cache/squid/pull/429 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-be1dc8614e7514103ba84d4067ed6fd15ab8f82e.patch NOTE: Squid 3.x: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-5730c2b5cb56e7639dc423dd62651c8736a54e35.patch CVE-2019-13344 (An authentication bypass vulnerability in the CRUDLab WP Like Button p ...) NOT-FOR-US: CRUDLab WP Like Button plugin for WordPress CVE-2019-13343 (Butor Portal before 1.0.27 is affected by a Path Traversal vulnerabili ...) NOT-FOR-US: Butor Portal CVE-2019-13342 RESERVED CVE-2019-13341 (In MiniCMS V1.10, stored XSS was found in mc-admin/conf.php (comment b ...) NOT-FOR-US: MiniCMS CVE-2019-13340 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...) NOT-FOR-US: MiniCMS CVE-2019-13339 (In MiniCMS V1.10, stored XSS was found in mc-admin/page-edit.php (cont ...) NOT-FOR-US: MiniCMS CVE-2019-13338 (In WESEEK GROWI before 3.5.0, a remote attacker can obtain the passwor ...) NOT-FOR-US: WESEEK GROWI CVE-2019-13337 (In WESEEK GROWI before 3.5.0, the site-wide basic authentication can b ...) NOT-FOR-US: WESEEK GROWI CVE-2019-13336 (The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attack ...) NOT-FOR-US: dbell Wi-Fi Smart Video Doorbell CVE-2019-13335 (SalesAgility SuiteCRM 7.10.x 7.10.19 and 7.11.x before and 7.11.7 has ...) NOT-FOR-US: SalesAgility SuiteCRM CVE-2019-13334 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-13333 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-13332 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13331 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13330 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13329 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13328 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13327 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13326 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13325 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2019-13324 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2019-13323 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2019-13322 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2019-13321 (This vulnerability allows network adjacent attackers to execute arbitr ...) NOT-FOR-US: Foxit CVE-2019-13320 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13319 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-13318 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-13317 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-13316 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-13315 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit Reader CVE-2019-13314 (virt-bootstrap 1.1.0 allows local users to discover a root password by ...) - virt-bootstrap (bug #871621) CVE-2019-13313 (libosinfo 1.5.0 allows local users to discover credentials by listing ...) - libosinfo 1.6.0-1 (bug #931479) [buster] - libosinfo (Minor issue) [stretch] - libosinfo (Minor issue) [jessie] - libosinfo (Minor issue, local transient password leak in `ps`, affected binary not used by other packages) NOTE: https://www.redhat.com/archives/libosinfo/2019-July/msg00026.html CVE-2019-13312 (block_cmp() in libavcodec/zmbvenc.c in FFmpeg 4.1.3 has a heap-based b ...) - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/7980 NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0321370601833f4ae47e8e11c44570ea4bd382a4 CVE-2019-13311 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1623 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bb812022d0bc12107db215c981cab0b1ccd73d91 CVE-2019-13310 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...) - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51 CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory becau ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1616 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51 CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...) {DSA-4712-1 DLA-2366-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931447) [jessie] - imagemagick (minor, wait for upstream to clear patch-related questions) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01 CVE-2019-13307 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...) {DSA-4715-1 DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #931448) [jessie] - imagemagick (minor issue, patch fairly intrusive) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1615 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/91e58d967a92250439ede038ccfb0913a81e59fe NOTE: incomplete, introduces a memory leak, follow-up patches: NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6d26d4e2f07375ddbf46a857d309d51eeff7ee1 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643921ca69a20b203faebd0b287d8b7012dc749d CVE-2019-13306 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...) {DSA-4715-1 DSA-4712-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #931449) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1612 NOTE: initial fix: NOTE: https://github.com/ImageMagick/ImageMagick6/commit/cb5ec7d98195aa74d5ed299b38eff2a68122f3fa NOTE: later reverted by the CVE-2019-13305 fix which is the right one: NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d CVE-2019-13305 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...) {DSA-4715-1 DSA-4712-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #931452) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1613 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5c7fbf9a14fb83c9685ad69d48899f490a37609d CVE-2019-13304 (ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/p ...) {DSA-4715-1 DSA-4712-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #931453) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1614 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/bfa3b9610c83227894c92b0d312ad327fceb6241 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a2f84f23d064e98f423aa0d050ff98838cf0a1b1 CVE-2019-13303 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCo ...) - imagemagick (Only affects Imagemagick 7) NOTE: https://github.com/ImageMagick/ImageMagick/commit/d29148fae06c01ef215940e084cf41853c117bab NOTE: https://github.com/ImageMagick/ImageMagick/issues/1603 CVE-2019-13302 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read in MagickCo ...) - imagemagick (Only affects Imagemagick 7) NOTE: https://github.com/ImageMagick/ImageMagick/commit/d5089971bd792311aaab5cb73460326d7ef7f32d NOTE: https://github.com/ImageMagick/ImageMagick/issues/1597 CVE-2019-13301 (ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory becau ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/0b7d3675438cbcde824e751895847a0794406e08 CVE-2019-13300 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...) {DSA-4715-1 DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #931454) [jessie] - imagemagick (minor issue, patch fairly intrusive) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1586 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5e409ae7a389cdf2ed17469303be3f3f21cec450 CVE-2019-13299 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...) - imagemagick (Only affects Imagemagick 7) NOTE: https://github.com/ImageMagick/ImageMagick/commit/8187d2d8fd010d2d6b1a3a8edd935beec404dddc NOTE: https://github.com/ImageMagick/ImageMagick/issues/1610 CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCor ...) - imagemagick (Only affects Imagemagick 7) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1611 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3 CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...) {DSA-4712-1 DLA-2333-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931455) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773 NOTE: Some older version before the fixing commit did as well not check for NOTE: width size (cf. CVE-2019-13295). CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemor ...) - imagemagick (Only affects Imagemagick 7) NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1604 CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...) {DSA-4712-1 DLA-2333-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931457) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953 CVE-2019-13294 (AROX School-ERP Pro has a command execution vulnerability. import_stud ...) NOT-FOR-US: AROX School-ERP Pro CVE-2019-13293 RESERVED CVE-2019-13292 (A SQL Injection issue was discovered in webERP 4.15. Payments.php acce ...) NOT-FOR-US: webERP CVE-2019-13291 (In Xpdf 4.01.01, there is a heap-based buffer over-read in the functio ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-13290 (Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_dis ...) {DSA-4753-1 DLA-2289-1} - mupdf 1.15.0+ds1-1 (bug #931475) [jessie] - mupdf (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701118 NOTE: https://git.ghostscript.com/?p=mupdf.git;h=aaf794439e40a2ef544f15b50c20e657414dec7a NOTE: https://git.ghostscript.com/?p=mupdf.git;h=ed19bc806809ad10c4ddce515d375581b86ede85 NOTE: Introduced in 1.6 / https://git.ghostscript.com/?p=mupdf.git;a=commit;f=source/fitz/list-device.c;h=e9411aba2b71b67b8521f55917ab26585c464b88 CVE-2019-13289 (In Xpdf 4.01.01, there is a use-after-free vulnerability in the functi ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-13288 (In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-13287 (In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the f ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-13286 (In Xpdf 4.01.01, there is a heap-based buffer over-read in the functio ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-13285 (CoSoSys Endpoint Protector 5.1.0.2 allows Host Header Injection. ...) NOT-FOR-US: CoSoSys Endpoint Protector CVE-2019-13284 RESERVED CVE-2019-13283 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in s ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-13282 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in S ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-13281 (In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DC ...) - xpdf (xpdf in Debian uses poppler, which is fixed) CVE-2019-13280 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...) NOT-FOR-US: TRENDnet CVE-2019-13279 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...) NOT-FOR-US: TRENDnet CVE-2019-13278 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...) NOT-FOR-US: TRENDnet CVE-2019-13277 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows a ...) NOT-FOR-US: TRENDnet TEW-827DRU CVE-2019-13276 (TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains ...) NOT-FOR-US: TRENDnet CVE-2019-13275 (An issue was discovered in the VeronaLabs wp-statistics plugin before ...) NOT-FOR-US: VeronaLabs wp-statistics plugin for WordPress CVE-2019-13274 (In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CG ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon 4.3.28-5+deb10u1 [stretch] - xymon 4.3.28-2+deb9u1 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019-13273 (In Xymon through 4.3.28, a buffer overflow vulnerability exists in the ...) {DLA-1898-1} - xymon 4.3.29-1 [buster] - xymon 4.3.28-5+deb10u1 [stretch] - xymon 4.3.28-2+deb9u1 NOTE: https://lists.xymon.com/archive/2019-July/046570.html CVE-2019-13272 (In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mish ...) {DSA-4484-1 DLA-1863-1 DLA-1862-1} - linux 4.19.37-6 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1140671 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903 NOTE: https://git.kernel.org/linus/6994eefb0053799d2e07cd140df6c2ea106c41ee CVE-2019-13271 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...) NOT-FOR-US: Edimax BR-6208AC V1 devices CVE-2019-13270 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...) NOT-FOR-US: Edimax BR-6208AC V1 devices CVE-2019-13269 (Edimax BR-6208AC V1 devices have Insufficient Compartmentalization bet ...) NOT-FOR-US: Edimax BR-6208AC V1 devices CVE-2019-13268 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...) NOT-FOR-US: TP-Link CVE-2019-13267 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...) NOT-FOR-US: TP-Link CVE-2019-13266 (TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Com ...) NOT-FOR-US: TP-Link CVE-2019-13265 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...) NOT-FOR-US: D-link CVE-2019-13264 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...) NOT-FOR-US: D-link CVE-2019-13263 (D-link DIR-825AC G1 devices have Insufficient Compartmentalization bet ...) NOT-FOR-US: D-link CVE-2019-13262 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13261 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13260 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13259 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13258 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13257 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13256 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13255 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13254 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13253 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13252 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP ...) NOT-FOR-US: ACDSee Free CVE-2019-13251 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP ...) NOT-FOR-US: ACDSee Free CVE-2019-13250 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP ...) NOT-FOR-US: ACDSee Free CVE-2019-13249 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP ...) NOT-FOR-US: ACDSee Free CVE-2019-13248 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPE ...) NOT-FOR-US: ACDSee Free CVE-2019-13247 (ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPE ...) NOT-FOR-US: ACDSee Free CVE-2019-13246 (FastStone Image Viewer 7.0 has a User Mode Write AV starting at image0 ...) NOT-FOR-US: FastStone Image Viewer CVE-2019-13245 (FastStone Image Viewer 7.0 has a User Mode Write AV starting at image0 ...) NOT-FOR-US: FastStone Image Viewer CVE-2019-13244 (FastStone Image Viewer 7.0 has a User Mode Write AV starting at image0 ...) NOT-FOR-US: FastStone Image Viewer CVE-2019-13243 (IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00 ...) NOT-FOR-US: IrfanView CVE-2019-13242 (IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00 ...) NOT-FOR-US: IrfanView CVE-2019-13241 (FlightCrew v0.9.2 and older are vulnerable to a directory traversal, a ...) - flightcrew 0.7.2+dfsg-14 [buster] - flightcrew 0.7.2+dfsg-13+deb10u1 [stretch] - flightcrew 0.7.2+dfsg-9+deb9u1 NOTE: https://github.com/Sigil-Ebook/flightcrew/issues/52 CVE-2019-13240 (An issue was discovered in GLPI before 9.4.1. After a successful passw ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/commit/5da9f99b2d81713b1e36016b47ce656a33648bc7 NOTE: https://github.com/glpi-project/glpi/commit/86a43ae47b3dd844947f40a2ffcf1a36e53dbba6 NOTE: Only supported behind an authenticated HTTP zone CVE-2019-13239 (inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb NOTE: Only supported behind an authenticated HTTP zone CVE-2019-13238 (An issue was discovered in Bento4 1.5.1.0. A memory allocation failure ...) NOT-FOR-US: Bento4 CVE-2019-13237 (In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vul ...) NOT-FOR-US: Alkacon OpenCms CVE-2019-13236 (In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are m ...) NOT-FOR-US: Alkacon OpenCms CVE-2019-13235 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...) NOT-FOR-US: Alkacon OpenCms CVE-2019-13234 (In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS ...) NOT-FOR-US: Alkacon OpenCms CVE-2019-13232 (Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP co ...) {DLA-1846-1} - unzip 6.0-24 (unimportant; bug #931433) [buster] - unzip 6.0-23+deb10u1 [stretch] - unzip 6.0-21+deb9u2 NOTE: https://www.bamsoftware.com/hacks/zipbomb/ NOTE: Fixed by: https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c NOTE: Fix depends on: https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213 NOTE: Further commit needed: https://github.com/madler/unzip/commit/6d351831be705cc26d897db44f878a978f4138fc NOTE: No security impact, crash in CLI tool, any server implementing automatic extraction needs NOTE: to apply resource limits anyway NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/3 CVE-2019-13231 RESERVED CVE-2019-13230 RESERVED CVE-2019-13229 (deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the ...) - deepin-clone (bug #873045) CVE-2019-13228 (deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootD ...) - deepin-clone (bug #873045) CVE-2019-13227 (In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed ...) - deepin-clone (bug #873045) CVE-2019-13226 (deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/m ...) - deepin-clone (bug #873045) CVE-2019-13233 (In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is ...) {DSA-4495-1} - linux 5.2.6-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1879 NOTE: Fixed by: https://git.kernel.org/linus/de9f869616dd95e95c00bdd6b0fcd3421e8a4323 CVE-2019-13225 (A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9 ...) - libonig 6.9.2-1 (low; bug #931878) [buster] - libonig (Minor issue) [stretch] - libonig (vulnerable code was introduced later) [jessie] - libonig (vulnerable code was introduced later) NOTE: https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c CVE-2019-13224 (A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 a ...) {DSA-4529-1 DSA-4527-1 DLA-2431-1 DLA-1854-1} - libonig 6.9.2-1 (low; bug #931878) [buster] - libonig (Minor issue) - php7.0 NOTE: https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 CVE-2019-13223 (A reachable assertion in the lookup1_values function in stb_vorbis thr ...) - libstb 0.0~git20190817.1.052dce1-1 (bug #934966) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio CVE-2019-13222 (An out-of-bounds read of a global buffer in the draw_line function in ...) - libstb 0.0~git20190817.1.052dce1-1 (bug #934966) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio CVE-2019-13221 (A stack buffer overflow in the compute_codewords function in stb_vorbi ...) - libstb 0.0~git20190817.1.052dce1-1 (bug #934966) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 NOTE: Potentially affects godot, libxmp, pax-britannica, faudio, retroarch, yquake2 CVE-2019-13220 (Use of uninitialized stack variables in the start_decoder function in ...) - libstb 0.0~git20190817.1.052dce1-1 (bug #934966) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio CVE-2019-13219 (A NULL pointer dereference in the get_window function in stb_vorbis th ...) - libstb 0.0~git20190817.1.052dce1-1 (bug #934966) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio CVE-2019-13218 (Division by zero in the predict_point function in stb_vorbis through 2 ...) - libstb 0.0~git20190817.1.052dce1-1 (bug #934966) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 NOTE: Potentially affects godot, libxmp, pax-britannica, faudio, retroarch, yquake2 CVE-2019-13217 (A heap buffer overflow in the start_decoder function in stb_vorbis thr ...) - libstb 0.0~git20190817.1.052dce1-1 (bug #934966) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/commit/98fdfc6df88b1e34a736d5e126e6c8139c8de1a6 NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio CVE-2019-13216 RESERVED CVE-2019-13215 RESERVED CVE-2019-13214 RESERVED CVE-2019-13213 RESERVED CVE-2019-13212 RESERVED CVE-2019-13211 RESERVED CVE-2019-13210 RESERVED CVE-2019-13209 (Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijack ...) NOT-FOR-US: Rancher CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation because th ...) NOT-FOR-US: Waves MAXX Audio CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...) - nsd 4.2.4-1 (low; bug #931476) [buster] - nsd (Minor issue) [stretch] - nsd (Minor issue) [jessie] - nsd (Minor issue, crash on malformed admin-controlled disk configuration) - nsd3 NOTE: https://github.com/NLnetLabs/nsd/issues/20 NOTE: https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5 CVE-2019-13206 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) NOT-FOR-US: Kyocera CVE-2019-13205 (All configuration parameters of certain Kyocera printers (such as the ...) NOT-FOR-US: Kyocera CVE-2019-13204 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) NOT-FOR-US: Kyocera CVE-2019-13203 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) NOT-FOR-US: Kyocera CVE-2019-13202 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) NOT-FOR-US: Kyocera CVE-2019-13201 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) NOT-FOR-US: Kyocera CVE-2019-13200 (The web application of several Kyocera printers (such as the ECOSYS M5 ...) NOT-FOR-US: Kyocera CVE-2019-13199 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) d ...) NOT-FOR-US: Kyocera CVE-2019-13198 (The web application of several Kyocera printers (such as the ECOSYS M5 ...) NOT-FOR-US: Kyocera CVE-2019-13197 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) NOT-FOR-US: Kyocera CVE-2019-13196 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) NOT-FOR-US: Kyocera CVE-2019-13195 (The web application of some Kyocera printers (such as the ECOSYS M5526 ...) NOT-FOR-US: Kyocera CVE-2019-13194 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...) NOT-FOR-US: Brother CVE-2019-13193 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...) NOT-FOR-US: Brother CVE-2019-13192 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...) NOT-FOR-US: Brother CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...) NOT-FOR-US: IntraMaps MapControl CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate a valid ...) NOT-FOR-US: Knowage CVE-2019-13189 (In Knowage through 6.1.1, there is XSS via the start_url or user_id fi ...) NOT-FOR-US: Knowage CVE-2019-13188 (In Knowage through 6.1.1, an unauthenticated user can bypass access co ...) NOT-FOR-US: Knowage CVE-2019-13187 (The Rich Text Formatter (Redactor) extension through v1.1.1 for Sympho ...) NOT-FOR-US: Symphony CMS addon CVE-2019-13186 (In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via t ...) NOT-FOR-US: MiniCMS CVE-2019-13185 RESERVED CVE-2019-13184 RESERVED CVE-2019-13183 (Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as ...) NOT-FOR-US: Flarum CVE-2019-13182 (A stored cross-site scripting (XSS) vulnerability exists in the web UI ...) NOT-FOR-US: SolarWinds CVE-2019-13181 (A CSV injection vulnerability exists in the web UI of SolarWinds Serv- ...) NOT-FOR-US: SolarWinds CVE-2019-13180 RESERVED CVE-2019-13179 (Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile ...) - calamares 3.2.11-1 (bug #931392) [buster] - calamares (Mitigated via calamares-settings-debian in Debian) - calamares-settings-debian 10.0.23-1 (bug #931373) [buster] - calamares-settings-debian 10.0.20-1+deb10u1 NOTE: https://github.com/calamares/calamares/issues/1191 NOTE: https://github.com/calamares/calamares/commit/003096698627a527b589c0c929dda4d58f23fd93 NOTE: The issue itself can be adressed as well via calamares-settings-debian and NOTE: placing a more restrictive umask override in /etc/initramfs-tools/conf.d NOTE: directory. NOTE: https://github.com/calamares/calamares/commit/43eb664e7d44d963bb7b82d03215d84b47100ba0 NOTE: Fixed by: https://github.com/calamares/calamares/commit/c9b675cbc64ac5aab35ddd86a64311abd50f7720 CVE-2019-13178 (modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2. ...) - calamares 3.2.11-1 (unimportant; bug #931391) NOTE: https://github.com/calamares/calamares/issues/1190 NOTE: Fixed by: https://github.com/calamares/calamares/commit/c9b675cbc64ac5aab35ddd86a64311abd50f7720 NOTE: Negligible security impact, Debian live media grant a sudo root shell anyway CVE-2019-13177 (verification.py in django-rest-registration (aka Django REST Registrat ...) NOT-FOR-US: django-rest-registration CVE-2019-13176 (An issue was discovered in the 3CX Phone system (web) management conso ...) NOT-FOR-US: 3CX Phone system CVE-2019-13175 (Read the Docs before 3.5.1 has an Open Redirect if certain user-define ...) NOT-FOR-US: Read the Docs CVE-2019-13174 RESERVED CVE-2019-13173 (fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extra ...) - node-fstream 1.0.12-1 (bug #931408) [buster] - node-fstream 1.0.10-1+deb10u1 [stretch] - node-fstream 1.0.10-1+deb9u1 [jessie] - node-fstream (Nodejs in jessie not covered by security support) NOTE: https://www.npmjs.com/advisories/886 NOTE: https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22 CVE-2019-13172 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) NOT-FOR-US: Xerox CVE-2019-13171 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) NOT-FOR-US: Xerox CVE-2019-13170 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...) NOT-FOR-US: Xerox CVE-2019-13169 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) NOT-FOR-US: Xerox CVE-2019-13168 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) NOT-FOR-US: Xerox CVE-2019-13167 (Multiple Stored XSS vulnerabilities were found in the Xerox Web Applic ...) NOT-FOR-US: Xerox CVE-2019-13166 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...) NOT-FOR-US: Xerox CVE-2019-13165 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) NOT-FOR-US: Xerox CVE-2019-13164 (qemu-bridge-helper.c in QEMU 3.1 and 4.0.0 does not ensure that a netw ...) {DSA-4512-1 DSA-4506-1 DLA-1927-1} - qemu 1:4.1-1 (bug #931351) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg00245.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=6f5d8671225dc77190647f18a27a0d156d4ca97a CVE-2019-13163 (The Fujitsu TLS library allows a man-in-the-middle attack. This affect ...) NOT-FOR-US: Fujitsu CVE-2019-13162 RESERVED CVE-2019-13161 (An issue was discovered in Asterisk Open Source through 13.27.0, 14.x ...) - asterisk 1:16.2.1~dfsg-2 (low; bug #931981) [buster] - asterisk 1:16.2.1~dfsg-1+deb10u1 [stretch] - asterisk (Minor issue) [jessie] - asterisk (Minor issue) NOTE: http://downloads.digium.com/pub/security/AST-2019-003.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28465 CVE-2019-13160 RESERVED CVE-2019-13159 RESERVED CVE-2019-13158 RESERVED CVE-2019-13157 (nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrit ...) NOT-FOR-US: Naver Vaccine CVE-2019-13156 (NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer ove ...) NOT-FOR-US: Naver Cloud Explorer CVE-2019-13155 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13154 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13153 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13152 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13151 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13150 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13149 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13148 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...) NOT-FOR-US: TRENDnet TEW-827DRU firmware CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NULL poi ...) - audiofile (low; bug #931343) [bullseye] - audiofile (Minor issue) [buster] - audiofile (Minor issue) [stretch] - audiofile (Minor issue) [jessie] - audiofile (Minor issue, local DoS) NOTE: https://github.com/mpruett/audiofile/issues/54 CVE-2019-13146 (The field_test gem 0.3.0 for Ruby has unvalidated input. A method call ...) NOT-FOR-US: field_test gem CVE-2019-13145 REJECTED CVE-2019-13144 (myTinyTodo 1.3.3 through 1.4.3 allows CSV Injection. This is fixed in ...) NOT-FOR-US: myTinyTodo CVE-2019-13143 (An HTTP parameter pollution issue was discovered on Shenzhen Dragon Br ...) NOT-FOR-US: Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 CVE-2019-13142 (The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) ...) NOT-FOR-US: Razer Surround CVE-2019-13141 RESERVED CVE-2019-13140 (Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ...) NOT-FOR-US: Inteno CVE-2019-13139 (In Docker before 18.09.4, an attacker who is capable of supplying or m ...) {DSA-4521-1} [experimental] - docker.io 18.09.5+dfsg1-1 - docker.io 18.09.1+dfsg1-8 (bug #933002) NOTE: https://github.com/moby/moby/pull/38944 NOTE: https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/ CVE-2019-13138 RESERVED CVE-2019-13137 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931342) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1601 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7d11230060fa9c8f67e53c85224daf6648805c7b CVE-2019-13136 (ImageMagick before 7.0.8-50 has an integer overflow vulnerability in t ...) - imagemagick (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe5f4b85e6b1b54d3b4588a77133c06ade46d891 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1602 CVE-2019-13135 (ImageMagick before 7.0.8-50 has a "use of uninitialized value" vulnera ...) {DSA-4712-1 DLA-2366-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #932079) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1599 NOTE: https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d (7.x) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1e59b29e520d2beab73e8c78aacd5f1c0d76196d (6.x) CVE-2019-13134 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...) - imagemagick (Only affects Imagemagick 7) NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe3066122ef72c82415811d25e9e3fad622c0a99 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1600 CVE-2019-13133 (ImageMagick before 7.0.8-50 has a memory leak vulnerability in the fun ...) - imagemagick (Only affects Imagemagick 7) NOTE: https://github.com/ImageMagick/ImageMagick/commit/fe3066122ef72c82415811d25e9e3fad622c0a99 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1600 CVE-2019-13132 (In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4. ...) {DSA-4477-1 DLA-1849-1} - zeromq3 4.3.1-5 NOTE: https://github.com/zeromq/libzmq/issues/3558 CVE-2019-13131 (Super Micro SuperDoctor 5, when restrictions are not implemented in ag ...) NOT-FOR-US: Super Micro SuperDoctor CVE-2019-13130 RESERVED CVE-2019-13129 (On the Motorola router CX2L MWR04L 1.01, there is a stack consumption ...) NOT-FOR-US: Motorola CVE-2019-13128 (An issue was discovered on D-Link DIR-823G devices with firmware 1.02B ...) NOT-FOR-US: D-Link CVE-2019-13127 (An issue was discovered in mxGraph through 4.0.0, related to the "draw ...) NOT-FOR-US: mxGraph CVE-2019-13126 (An integer overflow in NATS Server before 2.0.2 allows a remote attack ...) NOT-FOR-US: NATS Server CVE-2019-13125 (HaboMalHunter through 2.0.0.3 in Tencent Habo allows attackers to evad ...) NOT-FOR-US: Tencent CVE-2019-13124 (Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs ...) NOT-FOR-US: Foxit Reader CVE-2019-13123 (Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCall bugs ...) NOT-FOR-US: Foxit Reader CVE-2019-13122 (A Cross Site Scripting (XSS) vulnerability exists in the template tag ...) NOT-FOR-US: Patchwork CVE-2019-13121 (An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0 ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13120 (Amazon FreeRTOS up to and including v1.4.8 lacks length checking in pr ...) NOT-FOR-US: Amazon FreeRTOS CVE-2019-13119 RESERVED CVE-2019-13118 (In numbers.c in libxslt 1.1.33, a type holding grouping characters of ...) {DLA-1860-1} - libxslt 1.1.32-2.1 (low; bug #931320; bug #933743) [buster] - libxslt 1.1.32-2.1~deb10u1 [stretch] - libxslt 1.1.29-2.1+deb9u1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069 NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b NOTE: https://oss-fuzz.com/testcase-detail/5197371471822848 CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain format stri ...) {DLA-1860-1} - libxslt 1.1.32-2.1 (low; bug #931321; bug #933743) [buster] - libxslt 1.1.32-2.1~deb10u1 [stretch] - libxslt 1.1.29-2.1+deb9u1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471 NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1 NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816 CVE-2019-13116 (The MuleSoft Mule Community Edition runtime engine before 3.8 allows r ...) NOT-FOR-US: MuleSoft Mule CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...) {DLA-1730-3} - libssh2 1.9.0-1 (bug #932329) [buster] - libssh2 (Minor issue) [stretch] - libssh2 (Minor issue) NOTE: https://blog.semmle.com/libssh2-integer-overflow/ NOTE: https://github.com/libssh2/libssh2/pull/350 NOTE: https://github.com/libssh2/libssh2/commit/ff1b155731ff8f790f12d980911d9fd84d0e1598 CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...) - exiv2 0.27.2-6 (low) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (HTTP support yet added in 0.25) NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72 NOTE: https://github.com/Exiv2/exiv2/issues/793 CVE-2019-13113 (Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...) - exiv2 0.27.2-6 (unimportant) NOTE: https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933 NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72 NOTE: https://github.com/Exiv2/exiv2/issues/841 NOTE: Negligible security impact CVE-2019-13112 (A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 ...) - exiv2 0.27.2-6 (low) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (Minor issue, clean exception / local DoS) NOTE: https://github.com/Exiv2/exiv2/commit/1ed1e03c83802547585833fa9d4433af94798778 NOTE: https://github.com/Exiv2/exiv2/issues/845 CVE-2019-13111 (A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 all ...) - exiv2 (Only affected 0.27, vulnerable versions were only in experimental) NOTE: https://github.com/Exiv2/exiv2/issues/791 NOTE: https://github.com/Exiv2/exiv2/pull/797/commits CVE-2019-13110 (A CiffDirectory::readDirectory integer overflow and out-of-bounds read ...) - exiv2 0.27.2-6 (low) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (Minor issue, read segfault) NOTE: https://github.com/Exiv2/exiv2/issues/843 NOTE: https://github.com/Exiv2/exiv2/pull/844 NOTE: https://github.com/Exiv2/exiv2/commit/9628f82084ed30d494ddd4f7360d233801e22967 CVE-2019-13109 (An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...) - exiv2 0.27.2-6 (low) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (ICC-specific support added in 0.26, PoC doesn't crash) NOTE: https://github.com/Exiv2/exiv2/commit/491c3ebe3b3faa6d8f75fb28146186792c2439da NOTE: https://github.com/Exiv2/exiv2/issues/790 CVE-2019-13108 (An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...) - exiv2 0.27.2-6 (low) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (ICC-specific support added in 0.26, PoC doesn't crash) NOTE: https://github.com/Exiv2/exiv2/commit/5d1d6981229b5e44401bf5c503100553fc7d877a NOTE: https://github.com/Exiv2/exiv2/issues/789 CVE-2019-13107 (Multiple integer overflows exist in MATIO before 1.5.16, related to ma ...) [experimental] - libmatio 1.5.16-1 - libmatio 1.5.17-3 (bug #931323) [buster] - libmatio (Minor issue) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: Several commits between 1.5.15..1.5.16: https://github.com/tbeu/matio/compare/f8cd397...fabac6c CVE-2019-13106 (Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much ...) - u-boot 2020.01+dfsg-1 (low) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375516.html NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/e205896c5383c938274262524adceb2775fb03ba CVE-2019-13105 (Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a ...) - u-boot 2020.01+dfsg-1 (low) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375513.html NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/6e5a79de658cb1c8012c86e0837379aa6eabd024 CVE-2019-13104 (In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow c ...) - u-boot 2020.01+dfsg-1 (low) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375514.html NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/878269dbe74229005dd7f27aca66c554e31dad8e CVE-2019-13103 (A crafted self-referential DOS partition table will cause all Das U-Bo ...) - u-boot 2020.01+dfsg-1 (low) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2019-July/375512.html NOTE: https://gitlab.denx.de/u-boot/u-boot/commit/232e2f4fd9a24bf08215ddc8c53ccadffc841fb5 CVE-2019-13102 RESERVED CVE-2019-13101 (An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 ...) NOT-FOR-US: D-Link CVE-2019-13100 (The Send Anywhere application 9.4.18 for Android stores confidential i ...) NOT-FOR-US: Send Anywhere application for Android CVE-2019-13099 (The Momo application 2.1.9 for Android stores confidential information ...) NOT-FOR-US: Momo application for Android CVE-2019-13098 (The user password via the registration form of TronLink Wallet 2.2.0 i ...) NOT-FOR-US: TronLink Wallet CVE-2019-13097 (The application API of Cat Runner Decorate Home version 2.8.0 for Andr ...) NOT-FOR-US: Cat Runner Decorate Home CVE-2019-13096 (TronLink Wallet 2.2.0 stores user wallet keystore in plaintext and pla ...) NOT-FOR-US: TronLink Wallet CVE-2019-13095 RESERVED CVE-2019-13094 RESERVED CVE-2019-13093 RESERVED CVE-2019-13092 RESERVED CVE-2019-13091 RESERVED CVE-2019-13090 RESERVED CVE-2019-13089 RESERVED CVE-2019-13088 RESERVED CVE-2019-13087 RESERVED CVE-2019-13086 (core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/log ...) NOT-FOR-US: CSZ CMS CVE-2019-13085 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13084 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13083 (XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000 ...) NOT-FOR-US: XnView CVE-2019-13082 (Chamilo LMS 1.11.8 and 2.x allows remote code execution through an lp_ ...) NOT-FOR-US: Chamilo LMS CVE-2019-13081 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...) NOT-FOR-US: Quest KACE Systems Management Appliance Server Center CVE-2019-13080 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...) NOT-FOR-US: Quest KACE Systems Management Appliance Server Center CVE-2019-13079 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...) NOT-FOR-US: Quest KACE Systems Management Appliance Server Center CVE-2019-13078 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...) NOT-FOR-US: Quest KACE Systems Management Appliance Server Center CVE-2019-13077 (Quest KACE Systems Management Appliance Server Center 9.1.317 has an X ...) NOT-FOR-US: Quest KACE Systems Management Appliance Server Center CVE-2019-13076 (Quest KACE Systems Management Appliance Server Center 9.1.317 is vulne ...) NOT-FOR-US: Quest KACE Systems Management Appliance Server Center CVE-2019-13075 (Tor Browser through 8.5.3 has an information exposure vulnerability. I ...) - firefox-esr 68.2.0esr-1 (unimportant) - firefox 68.0-1 (unimportant) NOTE: https://hackerone.com/reports/588239 NOTE: https://trac.torproject.org/projects/tor/ticket/30657 NOTE: This affects Firefox, but it's not a security issue in Firefox by itself CVE-2019-13074 (A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 c ...) NOT-FOR-US: MikroTik CVE-2019-13073 RESERVED CVE-2019-13072 (Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allow ...) - zoneminder 1.34.6-1 NOTE: https://github.com/ZoneMinder/zoneminder/issues/2642 CVE-2019-13071 (CSRF in the Agent/Center component of CyberPower PowerPanel Business E ...) NOT-FOR-US: CyberPower PowerPanel Business Edition CVE-2019-13070 (A stored XSS vulnerability in the Agent/Center component of CyberPower ...) NOT-FOR-US: CyberPower PowerPanel Business Edition CVE-2019-13069 (extenua SilverSHielD 6.x fails to secure its ProgramData folder, leadi ...) NOT-FOR-US: extenua SilverSHielD CVE-2019-13068 (public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows ...) - grafana NOTE: https://github.com/grafana/grafana/issues/17718 CVE-2019-13067 (njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_d ...) NOT-FOR-US: njs CVE-2019-13066 (Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBRep ...) NOT-FOR-US: Sahi Pro CVE-2019-13065 RESERVED CVE-2019-13064 RESERVED CVE-2019-13063 (Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to ...) NOT-FOR-US: Sahi Pro CVE-2019-13062 RESERVED CVE-2019-13061 RESERVED CVE-2019-13060 RESERVED CVE-2019-13059 RESERVED CVE-2019-13058 RESERVED CVE-2019-13057 (An issue was discovered in the server in OpenLDAP before 2.4.48. When ...) {DLA-1891-1} - openldap 2.4.48+dfsg-1 (low; bug #932997) [buster] - openldap 2.4.47+dfsg-3+deb10u1 [stretch] - openldap 2.4.44+dfsg-5+deb9u3 NOTE: https://openldap.org/its/?findid=9038 CVE-2019-13056 (An issue was discovered in CyberPanel through 1.8.4. On the user edit ...) NOT-FOR-US: CyberPanel CVE-2019-13055 (Certain Logitech Unifying devices allow attackers to dump AES keys and ...) NOT-FOR-US: Logitech CVE-2019-13054 (The Logitech R500 presentation clicker allows attackers to determine t ...) NOT-FOR-US: Logitech CVE-2019-13053 (Logitech Unifying devices allow keystroke injection, bypassing encrypt ...) NOT-FOR-US: Logitech CVE-2019-13052 (Logitech Unifying devices allow live decryption if the pairing of a ke ...) NOT-FOR-US: Logitech CVE-2019-13051 (Pi-Hole 4.3 allows Command Injection. ...) NOT-FOR-US: Pi-Hole CVE-2019-13050 (Interaction between the sks-keyserver code through 1.2.0 of the SKS ke ...) NOT-FOR-US: Conceptual weakness in PGP keyserver design CVE-2019-13049 (An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows user ...) NOT-FOR-US: ToaruOS CVE-2019-13048 (kernel/sys/syscall.c in ToaruOS through 1.10.9 allows a denial of serv ...) NOT-FOR-US: ToaruOS CVE-2019-13047 (kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access co ...) NOT-FOR-US: ToaruOS CVE-2019-13046 (linker/linker.c in ToaruOS through 1.10.9 has insecure LD_LIBRARY_PATH ...) NOT-FOR-US: ToaruOS CVE-2019-13044 REJECTED CVE-2019-13043 RESERVED CVE-2019-13042 RESERVED CVE-2019-13041 RESERVED CVE-2019-13040 RESERVED CVE-2019-13039 RESERVED CVE-2019-13038 (mod_auth_mellon through 0.14.2 has an Open Redirect via the login?Retu ...) - libapache2-mod-auth-mellon 0.15.0-1 (low; bug #931265) [buster] - libapache2-mod-auth-mellon (Minor issue) [stretch] - libapache2-mod-auth-mellon (Minor issue) [jessie] - libapache2-mod-auth-mellon (Open Redirect protection not implemented yet) NOTE: https://github.com/Uninett/mod_auth_mellon/issues/35#issuecomment-503974885 CVE-2019-13037 RESERVED CVE-2019-13036 RESERVED CVE-2019-13035 (Artica Pandora FMS 7.0 NG before 735 suffers from local privilege esca ...) NOT-FOR-US: Artica Pandora FMS CVE-2019-13034 RESERVED CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when S ...) - irssi 1.2.1-1 (low; bug #931264) [buster] - irssi 1.2.0-2+deb10u1 [stretch] - irssi (Minor issue) [jessie] - irssi (vulnerable sasl code is not present) NOTE: https://irssi.org/security/irssi_sa_2019_06.txt NOTE: https://github.com/irssi/irssi/pull/1058 NOTE: https://github.com/irssi/irssi/commit/5a67b983dc97caeb5df1139aabd0bc4f260a47d8 NOTE: Fixed in 1.0.8, 1.1.3, 1.2.1 CVE-2019-13033 (In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by ...) {DLA-2253-1} - lynis 3.0.0-1 (unimportant; bug #963161) NOTE: https://cisofy.com/security/cve/cve-2019-13033/ NOTE: https://github.com/CISOfy/lynis/commit/3b9eda53cc20e851c4456618f027bc9ea794ad30 NOTE: Enabling license system in the packaged version is possible, but enabling it NOTE: makes little sense as users will end-up quitting on all the extra tests that NOTE: are not opensourced (and only present in the enterprise version). CVE-2019-13032 (An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL point ...) - flightcrew 0.7.2+dfsg-14 (unimportant; bug #931246) [buster] - flightcrew 0.7.2+dfsg-13+deb10u1 [stretch] - flightcrew 0.7.2+dfsg-9+deb9u1 NOTE: https://github.com/Sigil-Ebook/flightcrew/issues/53 NOTE: https://github.com/Sigil-Ebook/flightcrew/commit/c75c100218ed5c0e7652947051e28b54a75212ae NOTE: https://github.com/Sigil-Ebook/flightcrew/commit/b4f4a70f604ddcb4e8e343aa0e690764fc46d780 NOTE: Negligible security impact CVE-2019-13030 (eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prio ...) NOT-FOR-US: eQ-3 Homematic CCU3 CVE-2019-13029 (Multiple stored Cross-site scripting (XSS) issues in the admin panel a ...) NOT-FOR-US: REDCap CVE-2019-13028 (An incorrect implementation of a local web server in eID client (Windo ...) NOT-FOR-US: local web server in eID client (Product from the Ministry of Interior of the Slovak Republic) CVE-2019-13027 (Realization Concerto Critical Chain Planner (aka CCPM) 5.10.8071 has S ...) NOT-FOR-US: Realization Concerto Critical Chain Planner CVE-2019-13026 (OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Inject ...) NOT-FOR-US: OXID eShop CVE-2019-13025 (Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices have Incorre ...) NOT-FOR-US: Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH devices CVE-2019-13024 (Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web be ...) - centreon-web (bug #913903) CVE-2019-13023 (An issue was discovered in all versions of Bond JetSelect. Within the ...) NOT-FOR-US: Bond JetSelect CVE-2019-13022 (Bond JetSelect (all versions) has an issue in the Java class (ENCtool. ...) NOT-FOR-US: Bond JetSelect CVE-2019-13021 (The administrative passwords for all versions of Bond JetSelect are st ...) NOT-FOR-US: Bond JetSelect CVE-2019-13020 (The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI ...) NOT-FOR-US: Tightrope Media Carousel CVE-2019-13019 RESERVED NOT-FOR-US: Microsoft .NET CVE-2019-13018 RESERVED CVE-2019-13017 RESERVED CVE-2019-13016 RESERVED CVE-2019-13015 RESERVED CVE-2019-13014 (Little Snitch versions 4.4.0 fixes a vulnerability in a privileged hel ...) NOT-FOR-US: Little Snitch CVE-2019-13013 (Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalatio ...) NOT-FOR-US: Little Snitch CVE-2019-13011 (An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12 ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13010 (An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0. ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13009 (An issue was discovered in GitLab Community and Enterprise Edition 9.2 ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13008 RESERVED CVE-2019-13007 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab (Only affects 11.1 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13006 (An issue was discovered in GitLab Community and Enterprise Edition 9.0 ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13005 (An issue was discovered in GitLab Enterprise Edition and Community Edi ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13004 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab (Only affects 11.1 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13003 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13002 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13001 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab (Only affects 11.9 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13000 (Eclair through 0.3 allows attackers to trigger loss of funds because o ...) NOT-FOR-US: Eclair CVE-2019-12999 (Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger ...) - lnd (bug #886577) CVE-2019-12998 (c-lightning before 0.7.1 allows attackers to trigger loss of funds bec ...) NOT-FOR-US: c-lightning CVE-2019-12997 (In Loopchain through 2.2.1.3, an attacker can escalate privileges from ...) NOT-FOR-US: Loopchain CVE-2019-12996 (In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTY ...) NOT-FOR-US: Mendix CVE-2019-12995 (Istio before 1.2.2 mishandles certain access tokens, leading to "Epoch ...) NOT-FOR-US: Istio CVE-2019-12994 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...) NOT-FOR-US: Zoho ManageEngine AssetExplorer CVE-2019-12993 RESERVED CVE-2019-12992 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix and NetScaler SD-WAN CVE-2019-12991 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix and NetScaler SD-WAN CVE-2019-12990 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix and NetScaler SD-WAN CVE-2019-12989 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix and NetScaler SD-WAN CVE-2019-12988 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix and NetScaler SD-WAN CVE-2019-12987 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix and NetScaler SD-WAN CVE-2019-12986 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix and NetScaler SD-WAN CVE-2019-12985 (Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix and NetScaler SD-WAN CVE-2019-12984 (A NULL pointer dereference vulnerability in the function nfc_genl_deac ...) {DSA-4495-1} - linux 5.2.6-1 NOTE: Fixed by: https://git.kernel.org/linus/385097a3675749cbc9e97c085c0e5dfe4269ca51 CVE-2019-12983 REJECTED CVE-2019-12982 (Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in t ...) - ming NOTE: https://github.com/libming/libming/pull/179/commits/2be22fcf56a223dafe8de0e8a20fe20e8bbdb0b9 CVE-2019-12981 (Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the f ...) - ming NOTE: https://github.com/libming/libming/pull/179/commits/3dc0338e4a36a3092720ebaa5b908ba3dca467d9 CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (caused by a ...) - ming NOTE: https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...) {DSA-4712-1 DLA-2333-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #931189) [jessie] - imagemagick (minor security impact) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805 CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...) {DSA-4712-1 DLA-2333-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931190) [jessie] - imagemagick (minor security impact) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614 CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...) {DSA-4712-1 DLA-2333-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931191) [jessie] - imagemagick (minor security impact) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6103897fae2ed47e24b9cf7de719eea877b0504 CVE-2019-12976 (ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931192) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1520 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ff840181f631b1b7f29160cae24d792fcd176bae CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXIm ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant; bug #931193) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1517 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c01d8b02f3fa912a320ddad07a03212822f267ec NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b9c3aa197020ca091a21145cf46855afd4ddcb07 CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...) {DSA-4712-1 DLA-2333-1 DLA-1888-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931196) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24 CVE-2019-12973 (In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_c ...) {DLA-2277-1} - openjpeg2 2.4.0-1 (bug #931292) [buster] - openjpeg2 (Minor issue) [jessie] - openjpeg2 (vulnerable code is not present) NOTE: https://github.com/uclouvain/openjpeg/pull/1185 NOTE: https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcdf4406d5e88723c4922202aa3 (v2.4.0) NOTE: https://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4931daf6d411e092f76d82e66 (v2.4.0) NOTE: Issue is similar to CVE-2018-6616. CVE-2019-12972 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24689 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031 NOTE: binutils not covered by security support CVE-2019-12971 (BKS EBK Ethernet-Buskoppler Pro before 3.01 allows Unrestricted Upload ...) NOT-FOR-US: BKS EBK Ethernet-Buskoppler Pro CVE-2019-12970 (XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1. ...) {DLA-1868-1} - squirrelmail NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-016.txt NOTE: https://sourceforge.net/p/squirrelmail/code/14828/ CVE-2019-12969 RESERVED CVE-2019-12968 (A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_ ...) NOT-FOR-US: Sonic Robo Blast 2 CVE-2019-12967 (Stephan Mooltipass Moolticute through 0.42.1 (and possibly earlier ver ...) NOT-FOR-US: Stephan Mooltipass Moolticute CVE-2019-12966 (FeHelper through 2019-06-19 allows arbitrary code execution during a J ...) NOT-FOR-US: FeHelper CVE-2019-13031 (LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue whe ...) {DLA-1844-1} - lemonldap-ng 2.0.0+ds-1 (bug #931117) [stretch] - lemonldap-ng 1.9.7-3+deb9u2 NOTE: Upstream issue: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1820 NOTE: Issue explained in: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1818 NOTE: 2.0.0 upstream replaced the (old) feature with a new REST/JSON service, and NOTE: added a "oldXMLFormat" option which is functionwise broken up to 2.0.5. NOTE: By default the notification server is not enabled and has a 'deny all' rule. CVE-2019-12965 RESERVED CVE-2019-12964 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php ...) NOT-FOR-US: LiveZilla Server CVE-2019-12963 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php C ...) NOT-FOR-US: LiveZilla Server CVE-2019-12962 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.p ...) NOT-FOR-US: LiveZilla Server CVE-2019-12961 (LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the ...) NOT-FOR-US: LiveZilla Server CVE-2019-12960 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in func ...) NOT-FOR-US: LiveZilla Server CVE-2019-12959 (Server Side Request Forgery (SSRF) exists in Zoho ManageEngine AssetEx ...) NOT-FOR-US: Zoho ManageEngine AssetExplorer CVE-2019-12958 (In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in F ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: CVE-2017-14976 in poppler CVE-2019-12957 (In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C:: ...) - xpdf (xpdf in Debian uses poppler, which is fixed) - poppler 0.22.5-4 NOTE: poppler fix: https://gitlab.freedesktop.org/poppler/poppler/commit/96931732f343d2bbda9af9488b485da031866c3b CVE-2019-12956 RESERVED CVE-2019-12955 RESERVED CVE-2019-12954 (SolarWinds Network Performance Monitor (Orion Platform 2018, NPM 12.3, ...) NOT-FOR-US: SolarWinds CVE-2019-12953 (Dropbear 2011.54 through 2018.76 has an inconsistent failure delay tha ...) - dropbear 2019.78-1 [buster] - dropbear (Minor issue) [stretch] - dropbear (Minor issue but fixed along next DLA) NOTE: https://hg.ucc.asn.au/dropbear/rev/228b086794b7 CVE-2019-12952 RESERVED CVE-2019-12951 (An issue was discovered in Mongoose before 6.15. The parse_mqtt() func ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2019-12950 (An issue was discovered in TeamPass 2.1.27.35. From the sources/items. ...) - teampass (bug #730180) CVE-2019-12949 (In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authen ...) NOT-FOR-US: pfSense CVE-2019-12948 (A vulnerability in the web-based management interface of VVX, Trio, So ...) NOT-FOR-US: Polycom UC Software CVE-2019-12947 RESERVED CVE-2019-12946 (Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx an ...) NOT-FOR-US: Elcom CMS CVE-2019-12945 REJECTED CVE-2019-12944 (Glue Smart Lock 2.7.8 devices do not properly block guest access in ce ...) NOT-FOR-US: Glue Smart Lock devices CVE-2019-12943 (TTLock devices do not properly restrict password-reset attempts, leadi ...) NOT-FOR-US: TTLock devices CVE-2019-12942 (TTLock devices do not properly block guest access in certain situation ...) NOT-FOR-US: TTLock devices CVE-2019-12941 (AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacke ...) NOT-FOR-US: AutoPi Wi-Fi/NB and 4G/LTE devices CVE-2019-12940 (LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service (me ...) NOT-FOR-US: LiveZilla CVE-2019-12939 (LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in serv ...) NOT-FOR-US: LiveZilla CVE-2019-12938 (The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to p ...) NOT-FOR-US: Roundcube component of Analogic Poste.io CVE-2019-12937 (apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow ...) NOT-FOR-US: gsudo in ToaruOS CVE-2019-12936 (BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for ...) NOT-FOR-US: BlueStacks App Player CVE-2019-12934 (An issue was discovered in the wp-code-highlightjs plugin through 0.6. ...) NOT-FOR-US: wp-code-highlightjs plugin for WordPress CVE-2019-12935 (Shopware before 5.5.8 has XSS via the Query String to the backend/Logi ...) NOT-FOR-US: Shopware CVE-2019-12933 REJECTED CVE-2019-12932 (A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly e ...) NOT-FOR-US: SeedDMS CVE-2019-12931 RESERVED CVE-2019-12930 (A cross-site scripting (XSS) vulnerability in noMenu() and noSubMenu() ...) NOT-FOR-US: WIKINDX CVE-2019-12929 (** DISPUTED ** The QMP guest_exec command in QEMU 4.0.0 and earlier is ...) - qemu (unimportant) - qemu-kvm (unimportant) NOTE: https://fakhrizulkifli.github.io/posts/2019/06/06/CVE-2019-12929/ NOTE: The QEMU machine protocol (QMP) should not be exposed to unprivileged users, NOTE: and is only intended for administrative control of QEMU instances. CVE-2019-12928 (** DISPUTED ** The QMP migrate command in QEMU version 4.0.0 and earli ...) - qemu (unimportant) - qemu-kvm (unimportant) NOTE: https://fakhrizulkifli.github.io/posts/2019/06/05/CVE-2019-12928/ NOTE: The QEMU machine protocol (QMP) should not be exposed to unprivileged users, NOTE: and is only intended for administrative control of QEMU instances. CVE-2019-12927 (MailEnable Enterprise Premium 10.23 was vulnerable to stored and refle ...) NOT-FOR-US: MailEnable Enterprise Premium CVE-2019-12926 (MailEnable Enterprise Premium 10.23 did not use appropriate access con ...) NOT-FOR-US: MailEnable Enterprise Premium CVE-2019-12925 (MailEnable Enterprise Premium 10.23 was vulnerable to multiple directo ...) NOT-FOR-US: MailEnable Enterprise Premium CVE-2019-12924 (MailEnable Enterprise Premium 10.23 was vulnerable to XML External Ent ...) NOT-FOR-US: MailEnable Enterprise Premium CVE-2019-12923 (In MailEnable Enterprise Premium 10.23, the potential cross-site reque ...) NOT-FOR-US: MailEnable Enterprise Premium CVE-2019-12922 (A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in th ...) - phpmyadmin 4:4.9.1+dfsg1-2 [stretch] - phpmyadmin (Minor issue) [jessie] - phpmyadmin (Minor issue, target only accessible is setup is enabled and htpasswd.setup populated) NOTE: https://seclists.org/fulldisclosure/2019/Sep/23 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161 (4.9.1) CVE-2019-12921 (In GraphicsMagick before 1.3.32, the text filename component allows re ...) {DSA-4675-1 DLA-2152-1} - graphicsmagick 1.4~hg16039-1 NOTE: https://github.com/d0ge/data-processing/blob/master/CVE-2019-12921.md NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f780c290b4ab CVE-2019-12920 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...) NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Cameraa DOG-2W and DOG-2W-V4 devices CVE-2019-12919 (On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices ...) NOT-FOR-US: Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices CVE-2019-12918 (Quest KACE Systems Management Appliance Server Center version 9.1.317 ...) NOT-FOR-US: Quest KACE Systems Management Appliance Server Center CVE-2019-12917 (A reflected XSS vulnerability exists in Quest KACE Systems Management ...) NOT-FOR-US: Quest KACE Systems Management Appliance Server Center CVE-2019-12916 REJECTED CVE-2019-12915 REJECTED CVE-2019-12914 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...) NOT-FOR-US: Redbrick Shift CVE-2019-12913 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...) NOT-FOR-US: Redbrick Shift CVE-2019-12912 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...) NOT-FOR-US: Redbrick Shift CVE-2019-12911 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...) NOT-FOR-US: Redbrick Shift CVE-2019-12910 RESERVED CVE-2019-12909 RESERVED CVE-2019-12908 RESERVED CVE-2019-12907 RESERVED CVE-2019-12906 RESERVED CVE-2019-12905 (FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman& ...) NOT-FOR-US: FileRun CVE-2019-12904 (** DISPUTED ** In Libgcrypt 1.8.4, the C implementation of AES is vuln ...) NOTE: Issue disputed by libgcrypt upstream, see https://dev.gnupg.org/T4541 CVE-2019-12903 (Pydio Cells before 1.5.0, when supplied with a Name field in an unexpe ...) NOT-FOR-US: Pydio Cells (relates to Pydio product) CVE-2019-12902 (Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon ...) NOT-FOR-US: Pydio Cells (relates to Pydio product) CVE-2019-12901 (Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing ...) NOT-FOR-US: Pydio Cells (relates to Pydio product) CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bo ...) {DLA-1953-1 DLA-1833-1} - bzip2 1.0.6-9.1 (bug #930886) [stretch] - bzip2 (Not exploitable; potential dangerous parts already guarded) - clamav 0.101.4+dfsg-1 (bug #934359) [buster] - clamav 0.101.4+dfsg-0+deb10u1 [stretch] - clamav 0.101.4+dfsg-0+deb9u1 NOTE: https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc NOTE: The original fix introduces regressions when extracting certain lbzip2 files NOTE: which were created with a buggy libzip2: https://bugs.debian.org/931278 NOTE: Details on followup: https://sourceware.org/ml/bzip2-devel/2019-q3/msg00007.html NOTE: explaining as well why, whilst the issue described by CVE-2019-12900 is definitvely NOTE: an issue, it was not exploitable in the first place. NOTE: Regression fix: https://sourceware.org/git/?p=bzip2.git;a=commit;h=b07b105d1b66e32760095e3602261738443b9e13 NOTE: Clamav: https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html NOTE: clamav uses libbz2 but the "nsis" scanner/decompressor has a decompress.c from bzip2 CVE-2019-12899 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV star ...) NOT-FOR-US: Delta Electronics DeviceNet Builder CVE-2019-12898 (Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV star ...) NOT-FOR-US: Delta Electronics DeviceNet Builder CVE-2019-12897 (Edraw Max 7.9.3 has a Read Access Violation at the Instruction Pointer ...) NOT-FOR-US: Edraw Max CVE-2019-12896 (Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTempor ...) NOT-FOR-US: Edraw Max CVE-2019-12895 (In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted ...) NOT-FOR-US: Alternate Pic View CVE-2019-12894 (Alternate Pic View 2.600 has a Read Access Violation at the Instructio ...) NOT-FOR-US: Alternate Pic View CVE-2019-12893 (Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewe ...) NOT-FOR-US: Alternate Pic View CVE-2019-12892 RESERVED CVE-2019-12891 RESERVED CVE-2019-12890 (RedwoodHQ 2.5.5 does not require any authentication for database opera ...) NOT-FOR-US: RedwoodHQ CVE-2019-12889 (An unauthenticated privilege escalation exists in SailPoint Desktop Pa ...) NOT-FOR-US: SailPoint Desktop Password Reset CVE-2019-12888 REJECTED CVE-2019-12887 (KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue ...) NOT-FOR-US: KeyIdentity LinOTP CVE-2019-12886 RESERVED CVE-2019-12885 RESERVED CVE-2019-12884 RESERVED CVE-2019-12883 RESERVED CVE-2019-12882 REJECTED CVE-2019-12881 (i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c ...) - linux 4.18.6-1 [stretch] - linux 4.9.130-1 NOTE: https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520 NOTE: https://git.kernel.org/linus/c11c7bfd213495784b22ef82a69b6489f8d0092f CVE-2019-12880 (BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking ...) NOT-FOR-US: BCN Quark Quarking Password Manager CVE-2019-12879 RESERVED CVE-2019-12878 RESERVED CVE-2019-12877 RESERVED CVE-2019-12876 (Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and De ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-12875 (Alpine Linux abuild through 3.4.0 allows an unprivileged member of the ...) NOT-FOR-US: Alpine Linux CVE-2019-12874 (An issue was discovered in zlib_decompress_extra in modules/demux/mkv/ ...) {DSA-4459-1} - vlc 3.0.7-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102 CVE-2019-12873 RESERVED CVE-2019-12872 (dotCMS before 5.1.6 is vulnerable to a SQL injection that can be explo ...) NOT-FOR-US: dotCMS CVE-2019-12871 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...) NOT-FOR-US: PHOENIX CONTACT PC Worx CVE-2019-12870 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...) NOT-FOR-US: PHOENIX CONTACT PC Worx CVE-2019-12869 (An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Wo ...) NOT-FOR-US: PHOENIX CONTACT PC Worx CVE-2019-12868 (app/Model/Server.php in MISP 2.4.109 allows remote command execution b ...) NOT-FOR-US: MISP CVE-2019-12867 (Certain actions could cause privilege escalation for issue attachments ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-12866 (An Insecure Direct Object Reference, with Authorization Bypass through ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-12865 (In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a dou ...) - radare2 3.8.0+dfsg-1 (bug #930704) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/issues/14334 NOTE: https://github.com/radare/radare2/commit/40453029179d230cf02ffed205f2d63e33981b8f CVE-2019-12864 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) is vuln ...) NOT-FOR-US: SolarWinds CVE-2019-12863 (SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows ...) NOT-FOR-US: SolarWinds CVE-2019-12862 RESERVED CVE-2019-12861 RESERVED CVE-2019-12860 RESERVED CVE-2019-12859 RESERVED CVE-2019-12858 RESERVED CVE-2019-12857 RESERVED CVE-2019-12856 RESERVED CVE-2019-12855 (In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP su ...) - twisted 18.9.0-7 (bug #930626) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) [jessie] - twisted (Minor issue) NOTE: https://github.com/twisted/twisted/pull/1147 NOTE: https://twistedmatrix.com/trac/ticket/9561 CVE-2019-12854 (Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4. ...) {DSA-4507-1} - squid 4.8-1 - squid3 (Vulnerable code not present; Vulnerable code only in 4.x series) NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_1.txt NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch CVE-2019-12853 RESERVED CVE-2019-12852 (An SSRF attack was possible on a JetBrains YouTrack server. The issue ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-12851 (A CSRF vulnerability was detected in one of the admin endpoints of Jet ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-12850 (A query injection was possible in JetBrains YouTrack. The issue was fi ...) NOT-FOR-US: JetBrains YouTrack CVE-2019-12849 RESERVED CVE-2019-12848 RESERVED CVE-2019-12847 (In JetBrains Hub versions earlier than 2018.4.11298, the audit events ...) NOT-FOR-US: JetBrains Hub CVE-2019-12846 (A user without the required permissions could gain access to some JetB ...) NOT-FOR-US: JetBrains CVE-2019-12845 (The generated Kotlin DSL settings allowed usage of an unencrypted conn ...) NOT-FOR-US: JetBrains CVE-2019-12844 (A possible stored JavaScript injection was detected on one of the JetB ...) NOT-FOR-US: JetBrains CVE-2019-12843 (A possible stored JavaScript injection requiring a deliberate server a ...) NOT-FOR-US: JetBrains CVE-2019-12842 (A reflected XSS on a user page was detected on one of the JetBrains Te ...) NOT-FOR-US: JetBrains CVE-2019-12841 (Incorrect handling of user input in ZIP extraction was detected in Jet ...) NOT-FOR-US: JetBrains CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Updates" ...) - webmin CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...) NOT-FOR-US: OrangeHRM CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...) {DSA-4572-1 DLA-2143-1} - slurm-llnl 19.05.3.2-1 (bug #931880) [stretch] - slurm-llnl (Too intrusive to backport) NOTE: https://github.com/SchedMD/slurm/commit/afa7d743f407c60a7c8a4bd98a10be32c82988b5 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000025.html CVE-2019-12837 (The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attack ...) NOT-FOR-US: Java API in Generalitat de Catalunya accesuniversitat.gencat.cat CVE-2019-12836 (The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker t ...) NOT-FOR-US: Bobronix JEditor editor for Jira CVE-2019-12835 (formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds ...) NOT-FOR-US: Leanify CVE-2019-12834 (In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious ...) NOT-FOR-US: HT2 Labs Learning Locker CVE-2019-12833 RESERVED CVE-2019-12832 RESERVED CVE-2019-12831 (In MyBB before 1.8.21, an attacker can abuse a default behavior of MyS ...) NOT-FOR-US: MyBB CVE-2019-12830 (In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the P ...) NOT-FOR-US: MyBB CVE-2019-12829 (radare2 through 3.5.1 mishandles the RParse API, which allows remote a ...) - radare2 3.8.0+dfsg-1 (bug #930590) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/issues/14303 NOTE: https://github.com/radare/radare2/commit/b282620b7a8818910c42a29b8f0855a2d13eec14 CVE-2019-12828 (An issue was discovered in Electronic Arts Origin before 10.5.39. Due ...) NOT-FOR-US: Electronic Arts Origin CVE-2019-12827 (Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13. ...) - asterisk 1:16.2.1~dfsg-2 (bug #931980) [buster] - asterisk 1:16.2.1~dfsg-1+deb10u1 [stretch] - asterisk (Minor issue) [jessie] - asterisk (Vulnerable code not present) NOTE: https://downloads.asterisk.org/pub/security/AST-2019-002.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28447 CVE-2019-12826 (A Cross-Site-Request-Forgery (CSRF) vulnerability in widget_logic.php ...) NOT-FOR-US: 2by2host Widget Logic plugin for WordPress CVE-2019-12825 (Unauthorized Access to the Container Registry of other groups was disc ...) - gitlab (Only affects Gitlab EE) CVE-2019-12824 RESERVED CVE-2019-12823 (Craft CMS before 3.1.31 does not properly filter XML feeds and thus al ...) NOT-FOR-US: Craft CMS CVE-2019-12822 (In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a he ...) NOT-FOR-US: Embedthis GoAhead CVE-2019-12821 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...) NOT-FOR-US: app of the Shenzhen Jisiwei i3 robot vacuum cleaner CVE-2019-12820 (A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 ro ...) NOT-FOR-US: app of the Shenzhen Jisiwei i3 robot vacuum cleaner CVE-2019-12817 (arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1. ...) {DSA-4495-1} - linux 5.2.6-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) CVE-2019-12816 (Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-ad ...) {DSA-4463-1 DLA-1830-1} - znc 1.7.2-3 NOTE: Versions affected: 0.098 - 1.7.3 NOTE: https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311 CVE-2019-12815 (An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3. ...) {DSA-4491-1 DLA-1873-1} - proftpd-dfsg 1.3.6-6 (low; bug #932453) NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4372 NOTE: https://github.com/proftpd/proftpd/pull/816 NOTE: https://tbspace.de/cve201912815proftpd.html CVE-2019-12814 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DLA-1831-1} - jackson-databind 2.9.8-3 (bug #930750) [stretch] - jackson-databind 2.8.6-1+deb9u6 NOTE: https://github.com/FasterXML/jackson-databind/issues/2341 NOTE: https://github.com/FasterXML/jackson-databind/commit/5f7c69bba07a7155adde130d9dee2e54a54f1fa5 CVE-2019-12813 (An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Re ...) NOT-FOR-US: Digital Persona U.are.U 4500 Fingerprint Reader CVE-2019-12812 (MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbi ...) NOT-FOR-US: MyBuilder CVE-2019-12811 (ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to ...) NOT-FOR-US: MyBuilder CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...) NOT-FOR-US: ALSee CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...) NOT-FOR-US: Yes24ViewerX ActiveX Control CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...) NOT-FOR-US: ALTOOLS update service CVE-2019-12807 (Alzip 10.83 and earlier version contains a stack-based buffer overflow ...) NOT-FOR-US: ALZip CVE-2019-12806 (UniSign 2.0.4.0 and earlier version contains a stack-based buffer over ...) NOT-FOR-US: UniSign CVE-2019-12805 (NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have ...) NOT-FOR-US: NCSOFT Game Launcher CVE-2019-12804 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to ...) NOT-FOR-US: Hunesion i-oneNet CVE-2019-12803 (In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the sp ...) NOT-FOR-US: Hunesion i-oneNet CVE-2019-12802 (In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lan ...) - radare2 3.8.0+dfsg-1 (bug #930510) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/issues/14296 CVE-2019-12801 (out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new ...) NOT-FOR-US: SeedDMS CVE-2019-12800 RESERVED CVE-2019-12819 (An issue was discovered in the Linux kernel before 5.0. The function _ ...) - linux 4.19.37-1 [stretch] - linux 4.9.168-1 [jessie] - linux 3.16.68-1 NOTE: https://git.kernel.org/linus/6ff7b060535e87c2ae14dd8548512abfdda528fb CVE-2019-12818 (An issue was discovered in the Linux kernel before 4.20.15. The nfc_ll ...) - linux 4.19.28-1 [stretch] - linux 4.9.168-1 [jessie] - linux 3.16.68-1 NOTE: https://git.kernel.org/linus/58bdd544e2933a21a51eecf17c3f5f94038261b5 CVE-2019-12799 (In createInstanceFromNamedArguments in Shopware through 5.6.x, a craft ...) NOT-FOR-US: Shopware CVE-2019-12798 (An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c do ...) - mujs (Fixed with initial upload to Debian) NOTE: http://git.ghostscript.com/?p=mujs.git;h=7f50591861525f76e3ec7a63392656ff8c030af9 (1.0.6) CVE-2019-12797 (A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN ...) NOT-FOR-US: ELM327 OBD2 Bluetooth device CVE-2019-12796 RESERVED CVE-2019-12795 (daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...) {DLA-1827-1} - gvfs 1.38.1-5 (bug #930376) [stretch] - gvfs (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a (master) NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f (gnome-3-32) NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe (gnome-3-30) CVE-2019-12794 (An issue was discovered in MISP 2.4.108. Organization admins could res ...) NOT-FOR-US: MISP CVE-2019-XXXX [security issues fixed in 1.8.5] - rdesktop 1.8.6-1 (bug #930387) [stretch] - rdesktop 1.8.6-2~deb9u1 [jessie] - rdesktop 1.8.6-0+deb8u1 NOTE: Workaround entry for DSA-4473-1/DLA-1837-1 until CVEs assigned CVE-2019-12793 RESERVED CVE-2019-12792 (A command injection vulnerability in UploadHandler.php in Vesta Contro ...) NOT-FOR-US: Vesta Control Panel CVE-2019-12791 (A directory traversal vulnerability in the v-list-user script in Vesta ...) NOT-FOR-US: Vesta Control Panel CVE-2019-12790 (In radare2 through 3.5.1, there is a heap-based buffer over-read in th ...) - radare2 3.8.0+dfsg-1 (bug #930344) [jessie] - radare2 (Minor issue) NOTE: https://github.com/radare/radare2/issues/14211 CVE-2019-12789 (An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, ...) NOT-FOR-US: Actiontec devices CVE-2019-12788 (An issue was discovered in Photodex ProShow Producer v9.0.3797 (an app ...) NOT-FOR-US: Photodex ProShow Producer CVE-2019-12787 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2 ...) NOT-FOR-US: D-Link CVE-2019-12786 (An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2 ...) NOT-FOR-US: D-Link CVE-2019-12785 RESERVED CVE-2019-12784 (An issue was discovered in Verint Impact 360 15.1. At wfo/control/sign ...) NOT-FOR-US: Verint Impact CVE-2019-12783 (An issue was discovered in Verint Impact 360 15.1. At wfo/control/sign ...) NOT-FOR-US: Verint Impact CVE-2019-12782 (An authorization bypass vulnerability in pinboard updates in ThoughtSp ...) NOT-FOR-US: ThoughtSpot CVE-2019-12781 (An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1. ...) {DSA-4476-1 DLA-1842-1} - python-django 1:1.11.22-1 (bug #931316) [buster] - python-django 1:1.11.22-1~deb10u1 NOTE: https://www.djangoproject.com/weblog/2019/jul/01/security-releases/ NOTE: https://github.com/django/django/commit/54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 (master) NOTE: https://github.com/django/django/commit/77706a3e4766da5d5fb75c4db22a0a59a28e6cd6 (2.2) NOTE: https://github.com/django/django/commit/1e40f427bb8d0fb37cc9f830096a97c36c97af6f (2.1) NOTE: https://github.com/django/django/commit/32124fc41e75074141b05f10fc55a4f01ff7f050 (1.11) CVE-2019-12780 (The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo ...) NOT-FOR-US: Belkin Wemo Enabled Crock-Pot CVE-2019-5439 (A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which ...) {DSA-4459-1} - vlc 3.0.7-1 (bug #930276) [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://hackerone.com/reports/484398 NOTE: http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security CVE-2019-12779 (libqb before 1.0.5 allows local users to overwrite arbitrary files via ...) - libqb 1.0.4-1 (unimportant; bug #927159) [jessie] - libqb (https://salsa.debian.org/debian/debian-security-support/commit/ba638006d397eda2cc094761ed7a7bfdca9e534b) NOTE: https://github.com/ClusterLabs/libqb/issues/338 NOTE: https://github.com/ClusterLabs/libqb/commit/6a4067c1d1764d93d255eccecfd8bf9f43cb0b4d NOTE: Regression fix: https://github.com/ClusterLabs/libqb/pull/349 NOTE: Neutralised by kernel hardening CVE-2019-12778 RESERVED CVE-2019-12777 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...) NOT-FOR-US: ENTTEC CVE-2019-12776 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...) NOT-FOR-US: ENTTEC CVE-2019-12775 (An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelato ...) NOT-FOR-US: ENTTEC CVE-2019-12774 (A number of stored XSS vulnerabilities have been identified in the web ...) NOT-FOR-US: ENTTEC CVE-2019-12773 (An issue was discovered in Verint Impact 360 15.1. At wfo/help/help_po ...) NOT-FOR-US: Verint Impact CVE-2019-12772 RESERVED CVE-2019-12771 (Command injection is possible in ThinStation through 6.1.1 via shell m ...) NOT-FOR-US: ThinStation CVE-2019-12770 RESERVED CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 ...) NOT-FOR-US: SolarWinds CVE-2019-12768 (An issue was discovered on D-Link DAP-1650 devices through v1.03b07 be ...) NOT-FOR-US: D-Link CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...) NOT-FOR-US: D-Link CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...) NOT-FOR-US: Joomla! CVE-2019-12765 (An issue was discovered in Joomla! before 3.9.7. The CSV export of com ...) NOT-FOR-US: Joomla! CVE-2019-12764 (An issue was discovered in Joomla! before 3.9.7. The update server URL ...) NOT-FOR-US: Joomla! CVE-2019-12763 (The Security Camera CZ application through 1.6.8 for Android stores po ...) NOT-FOR-US: Security Camera CZ application for Android CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anoma ...) NOT-FOR-US: Xiaomi Mi 5s Plus devices CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via crafted ...) {DLA-2727-1 DLA-1819-1} - pyxdg 0.26-1 (low; bug #930099) [buster] - pyxdg (Minor issue) NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562 NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/-/commit/aa4ce1bbc59def6975c9dd1598aafb3ef3fea681 (rel-0.26) NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/issues/14 CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the way parso ...) - parso 0.5.1-0.1 (unimportant; bug #930356) NOTE: https://gist.github.com/dhondta/f71ae7e5c4234f8edfd2f12503a5dcc7 NOTE: https://github.com/davidhalter/parso/issues/75 NOTE: Not considered a security issue by upstream CVE-2019-12759 (Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security ...) NOT-FOR-US: Symantec CVE-2019-12758 (Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to ...) NOT-FOR-US: Symantec CVE-2019-12757 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 M ...) NOT-FOR-US: Symantec CVE-2019-12756 (Symantec Endpoint Protection (SEP), prior to 14.2 RU2 may be susceptib ...) NOT-FOR-US: Symantec CVE-2019-12755 (Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an ...) NOT-FOR-US: Norton CVE-2019-12754 (Symantec My VIP portal, previous version which has already been auto u ...) NOT-FOR-US: Symantec My VIP portal CVE-2019-12753 (An information disclosure vulnerability in Symantec Reporter web UI 10 ...) NOT-FOR-US: Symantec CVE-2019-12752 (The Symantec SONAR component, prior to 12.0.2, may be susceptible to a ...) NOT-FOR-US: Symantec CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a p ...) NOT-FOR-US: Symantec CVE-2019-12750 (Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 an ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, ...) {DSA-4462-1 DLA-1818-1} - dbus 1.12.16-1 (bug #930375) NOTE: https://www.openwall.com/lists/oss-security/2019/06/11/2 NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269 NOTE: https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016 CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. ...) NOT-FOR-US: TYPO3 CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization ...) NOT-FOR-US: TYPO3 CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Community ...) {DLA-1877-1} - otrs2 6.0.20-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/fab16a8e54aaf033f460e5f98c673248f29ea49c NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/cc08cb7df9f6dde05de2f8c6cbd59cd5d0952627 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/7ab33e51a4db9f712e979040f644d0d0c39ff0af CVE-2019-12745 (out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site S ...) NOT-FOR-US: SeedDMS CVE-2019-12744 (SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of ...) NOT-FOR-US: SeedDMS CVE-2019-12743 (HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers t ...) NOT-FOR-US: HumHub Social Network Kit Enterprise CVE-2019-12742 (Bludit prior to 3.9.1 allows a non-privileged user to change the passw ...) NOT-FOR-US: bludit CVE-2019-12741 (XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR l ...) NOT-FOR-US: HAPI FHIR library CVE-2019-12740 RESERVED CVE-2019-12739 (lib/Controller/ExtractionController.php in the Extract add-on before 1 ...) - nextcloud (bug #835086) CVE-2019-12738 RESERVED CVE-2019-12737 (UserHashedTableAuth in JetBrains Ktor framework before 1.2.0-rc uses a ...) NOT-FOR-US: JetBrains Ktor CVE-2019-12736 (JetBrains Ktor framework before 1.2.0-rc does not sanitize the usernam ...) NOT-FOR-US: JetBrains Ktor CVE-2019-12734 (SiteVision 4 has Incorrect Access Control. ...) NOT-FOR-US: SiteVision CVE-2019-12733 (SiteVision 4 allows Remote Code Execution. ...) NOT-FOR-US: SiteVision CVE-2019-12735 (getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote ...) {DSA-4487-1 DSA-4467-1 DLA-1871-1} - vim 2:8.1.0875-4 (bug #930020) - neovim 0.3.4-3 (bug #930024) NOTE: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md NOTE: vim patches: https://github.com/vim/vim/commit/53575521406739cf20bbe4e384d88e7dca11f040 NOTE: neovim pull request: https://github.com/neovim/neovim/pull/10082 CVE-2019-12732 (The Chartkick gem through 3.1.0 for Ruby allows XSS. ...) NOT-FOR-US: Chartkick Ruby gem CVE-2019-12731 (The Windows versions of Snapview Mikogo, versions before 5.10.2 are af ...) NOT-FOR-US: Snapview Mikogo CVE-2019-12730 (aa_read_header in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x ...) {DSA-4502-1 DSA-4449-1} - ffmpeg 7:4.1.4-1 (low; bug #932469) NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b CVE-2019-12729 RESERVED CVE-2019-12728 (Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notific ...) - grails (bug #473213) CVE-2019-12727 (On Ubiquiti airCam 3.1.4 devices, a Denial of Service vulnerability ex ...) NOT-FOR-US: Ubiquiti airCam devices CVE-2019-12726 RESERVED CVE-2019-12725 (Zeroshell 3.9.0 is prone to a remote command execution vulnerability. ...) NOT-FOR-US: Zeroshell CVE-2019-12724 (An issue was discovered in the Teclib News plugin through 1.5.2 for GL ...) NOT-FOR-US: Teclib CVE-2019-12723 (An issue was discovered in the Teclib Fields plugin through 1.9.2 for ...) NOT-FOR-US: Teclib CVE-2019-12722 RESERVED CVE-2019-12721 RESERVED CVE-2019-12720 (AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc ...) NOT-FOR-US: AUO SunVeillance Monitoring System CVE-2019-12719 (An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance ...) NOT-FOR-US: AUO SunVeillance Monitoring System CVE-2019-12718 (A vulnerability in the web-based interface of Cisco Small Business Sma ...) NOT-FOR-US: Cisco CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization manager ...) NOT-FOR-US: Cisco CVE-2019-12716 (A vulnerability in the web-based interface of Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2019-12715 (A vulnerability in the web-based interface of Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2019-12714 (A vulnerability in the web-based management interface of Cisco IC3000 ...) NOT-FOR-US: Cisco CVE-2019-12713 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-12712 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-12711 (A vulnerability in the web-based interface of Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2019-12710 (A vulnerability in the web-based interface of Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2019-12709 (A vulnerability in a CLI command related to the virtualization manager ...) NOT-FOR-US: Cisco CVE-2019-12708 (A vulnerability in the web-based management interface of Cisco SPA100 ...) NOT-FOR-US: Cisco CVE-2019-12707 (A vulnerability in the web-based interface of multiple Cisco Unified C ...) NOT-FOR-US: Cisco CVE-2019-12706 (A vulnerability in the Sender Policy Framework (SPF) functionality of ...) NOT-FOR-US: Cisco CVE-2019-12705 (A vulnerability in the web-based management interface of Cisco Express ...) NOT-FOR-US: Cisco CVE-2019-12704 (A vulnerability in the web-based management interface of Cisco SPA100 ...) NOT-FOR-US: Cisco CVE-2019-12703 (A vulnerability in the web-based management interface of Cisco SPA122 ...) NOT-FOR-US: Cisco CVE-2019-12702 (A vulnerability in the web-based management interface of Cisco SPA100 ...) NOT-FOR-US: Cisco CVE-2019-12701 (A vulnerability in the file and malware inspection feature of Cisco Fi ...) NOT-FOR-US: Cisco CVE-2019-12700 (A vulnerability in the configuration of the Pluggable Authentication M ...) NOT-FOR-US: Cisco CVE-2019-12699 (Multiple vulnerabilities in the CLI of Cisco FXOS Software and Cisco F ...) NOT-FOR-US: Cisco CVE-2019-12698 (A vulnerability in the WebVPN feature of Cisco Adaptive Security Appli ...) NOT-FOR-US: Cisco CVE-2019-12697 (Multiple vulnerabilities in the Cisco Firepower System Software Detect ...) NOT-FOR-US: Cisco CVE-2019-12696 (Multiple vulnerabilities in the Cisco Firepower System Software Detect ...) NOT-FOR-US: Cisco CVE-2019-12695 (A vulnerability in the Clientless SSL VPN (WebVPN) portal of Cisco Ada ...) NOT-FOR-US: Cisco CVE-2019-12694 (A vulnerability in the command line interface (CLI) of Cisco Firepower ...) NOT-FOR-US: Cisco CVE-2019-12693 (A vulnerability in the Secure Copy (SCP) feature of Cisco Adaptive Sec ...) NOT-FOR-US: Cisco CVE-2019-12692 RESERVED CVE-2019-12691 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2019-12690 (A vulnerability in the web UI of the Cisco Firepower Management Center ...) NOT-FOR-US: Cisco CVE-2019-12689 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2019-12688 (A vulnerability in the web UI of the Cisco Firepower Management Center ...) NOT-FOR-US: Cisco CVE-2019-12687 (A vulnerability in the web UI of the Cisco Firepower Management Center ...) NOT-FOR-US: Cisco CVE-2019-12686 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-12685 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-12684 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-12683 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-12682 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-12681 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-12680 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-12679 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-12678 (A vulnerability in the Session Initiation Protocol (SIP) inspection mo ...) NOT-FOR-US: Cisco CVE-2019-12677 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...) NOT-FOR-US: Cisco CVE-2019-12676 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...) NOT-FOR-US: Cisco CVE-2019-12675 (Multiple vulnerabilities in the multi-instance feature of Cisco Firepo ...) NOT-FOR-US: Cisco CVE-2019-12674 (Multiple vulnerabilities in the multi-instance feature of Cisco Firepo ...) NOT-FOR-US: Cisco CVE-2019-12673 (A vulnerability in the FTP inspection engine of Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2019-12672 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...) NOT-FOR-US: Cisco CVE-2019-12671 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2019-12670 (A vulnerability in the filesystem of Cisco IOS XE Software could allow ...) NOT-FOR-US: Cisco CVE-2019-12669 (A vulnerability in the RADIUS Change of Authorization (CoA) code of Ci ...) NOT-FOR-US: Cisco CVE-2019-12668 (A vulnerability in the web framework code of Cisco IOS and Cisco IOS X ...) NOT-FOR-US: Cisco CVE-2019-12667 (A vulnerability in the web framework code of Cisco IOS XE Software cou ...) NOT-FOR-US: Cisco CVE-2019-12666 (A vulnerability in the Guest Shell of Cisco IOS XE Software could allo ...) NOT-FOR-US: Cisco CVE-2019-12665 (A vulnerability in the HTTP client feature of Cisco IOS and IOS XE Sof ...) NOT-FOR-US: Cisco CVE-2019-12664 (A vulnerability in the Dialer interface feature for ISDN connections i ...) NOT-FOR-US: Cisco CVE-2019-12663 (A vulnerability in the Cisco TrustSec (CTS) Protected Access Credentia ...) NOT-FOR-US: Cisco CVE-2019-12662 (A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software coul ...) NOT-FOR-US: Cisco CVE-2019-12661 (A vulnerability in a Virtualization Manager (VMAN) related CLI command ...) NOT-FOR-US: Cisco CVE-2019-12660 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2019-12659 (A vulnerability in the HTTP server code of Cisco IOS XE Software could ...) NOT-FOR-US: Cisco CVE-2019-12658 (A vulnerability in the filesystem resource management code of Cisco IO ...) NOT-FOR-US: Cisco CVE-2019-12657 (A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Softwa ...) NOT-FOR-US: Cisco CVE-2019-12656 (A vulnerability in the IOx application environment of multiple Cisco p ...) NOT-FOR-US: Cisco CVE-2019-12655 (A vulnerability in the FTP application layer gateway (ALG) functionali ...) NOT-FOR-US: Cisco CVE-2019-12654 (A vulnerability in the common Session Initiation Protocol (SIP) librar ...) NOT-FOR-US: Cisco CVE-2019-12653 (A vulnerability in the Raw Socket Transport feature of Cisco IOS XE So ...) NOT-FOR-US: Cisco CVE-2019-12652 (A vulnerability in the ingress packet processing function of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2019-12651 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...) NOT-FOR-US: Cisco CVE-2019-12650 (Multiple vulnerabilities in the web-based user interface (Web UI) of C ...) NOT-FOR-US: Cisco CVE-2019-12649 (A vulnerability in the Image Verification feature of Cisco IOS XE Soft ...) NOT-FOR-US: Cisco CVE-2019-12648 (A vulnerability in the IOx application environment for Cisco IOS Softw ...) NOT-FOR-US: Cisco CVE-2019-12647 (A vulnerability in the Ident protocol handler of Cisco IOS and IOS XE ...) NOT-FOR-US: Cisco CVE-2019-12646 (A vulnerability in the Network Address Translation (NAT) Session Initi ...) NOT-FOR-US: Cisco CVE-2019-12645 (A vulnerability in Cisco Jabber Client Framework (JCF) for Mac Softwar ...) NOT-FOR-US: Cisco CVE-2019-12644 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2019-12643 (A vulnerability in the Cisco REST API virtual service container for Ci ...) NOT-FOR-US: Cisco CVE-2019-12642 RESERVED CVE-2019-12641 RESERVED CVE-2019-12640 RESERVED CVE-2019-12639 RESERVED CVE-2019-12638 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2019-12637 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-12636 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2019-12635 (A vulnerability in the authorization module of Cisco Content Security ...) NOT-FOR-US: Cisco CVE-2019-12634 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-12633 (A vulnerability in Cisco Unified Contact Center Express (Unified CCX) ...) NOT-FOR-US: Cisco CVE-2019-12632 (A vulnerability in Cisco Finesse could allow an unauthenticated, remot ...) NOT-FOR-US: Cisco CVE-2019-12631 (A vulnerability in the web-based guest portal of Cisco Identity Servic ...) NOT-FOR-US: Cisco CVE-2019-12630 (A vulnerability in the Java deserialization function used by Cisco Sec ...) NOT-FOR-US: Cisco CVE-2019-12629 (A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow ...) NOT-FOR-US: Cisco CVE-2019-12628 RESERVED CVE-2019-12627 (A vulnerability in the application policy configuration of the Cisco F ...) NOT-FOR-US: Cisco CVE-2019-12626 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2019-12624 (A vulnerability in the web-based management interface of Cisco IOS XE ...) NOT-FOR-US: Cisco CVE-2019-12623 (A vulnerability in the web server functionality of Cisco Enterprise Ne ...) NOT-FOR-US: Cisco CVE-2019-12622 (A vulnerability in Cisco RoomOS Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2019-12621 (A vulnerability in Cisco HyperFlex Software could allow an unauthentic ...) NOT-FOR-US: Cisco CVE-2019-12620 (A vulnerability in the statistics collection service of Cisco HyperFle ...) NOT-FOR-US: Cisco CVE-2019-12619 (A vulnerability in the web interface for Cisco SD-WAN Solution vManage ...) NOT-FOR-US: Cisco CVE-2019-12618 (HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via t ...) - nomad (Vulnerability introduced in 0.9.0) NOTE: https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2 NOTE: https://github.com/hashicorp/nomad/issues/5783 CVE-2019-12617 (In SilverStripe through 4.3.3, there is access escalation for CMS user ...) NOT-FOR-US: SilverStripe CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...) {DLA-1821-1} - phpmyadmin 4:4.9.1+dfsg1-2 (bug #930017) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec CVE-2019-12613 REJECTED CVE-2019-12612 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...) NOT-FOR-US: Bitdefender BOX firmware CVE-2019-12611 (An issue was discovered in Bitdefender BOX firmware versions before 2. ...) NOT-FOR-US: Bitdefender BOX firmware CVE-2019-12610 RESERVED CVE-2019-12609 RESERVED CVE-2019-12608 RESERVED CVE-2019-12607 RESERVED CVE-2019-12606 RESERVED CVE-2019-12605 RESERVED CVE-2019-12604 RESERVED CVE-2019-12603 RESERVED CVE-2019-12602 RESERVED CVE-2019-12615 (An issue was discovered in get_vdev_port_node_info in arch/sparc/kerne ...) - linux 5.2.6-1 (unimportant) NOTE: https://git.kernel.org/linus/80caf43549e7e41a695c6d1e11066286538b336f NOTE: This is a potential null pointer dereference that looks like it can NOTE: only be invoked by root or the hypervisor. Probably no security impact. CVE-2019-12614 (An issue was discovered in dlpar_parse_cc_property in arch/powerpc/pla ...) - linux 5.3.7-1 (unimportant) [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://lkml.org/lkml/2019/6/3/526 NOTE: This is a potential null pointer dereference that looks like it can NOTE: only be invoked by root or the hypervisor. Probably no security impact. CVE-2019-12601 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...) NOT-FOR-US: SuiteCRM CVE-2019-12600 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...) NOT-FOR-US: SuiteCRM CVE-2019-12599 (SuiteCRM 7.10.x before 7.10.17 and 7.11.x before 7.11.5 allows SQL Inj ...) NOT-FOR-US: SuiteCRM CVE-2019-12598 (SuiteCRM 7.8.x before 7.8.30, 7.10.x before 7.10.17, and 7.11.x before ...) NOT-FOR-US: SuiteCRM CVE-2019-12597 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...) NOT-FOR-US: Zoho ManageEngine AssetExplorer CVE-2019-12596 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...) NOT-FOR-US: Zoho ManageEngine AssetExplorer CVE-2019-12595 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...) NOT-FOR-US: Zoho ManageEngine AssetExplorer CVE-2019-12594 (DOSBox 0.74-2 has Incorrect Access Control. ...) {DSA-4478-1 DLA-1845-1} - dosbox 0.74-3-1 (bug #931222) NOTE: Fixed in 0.74-3 upstream. NOTE: https://github.com/Alexandre-Bartel/CVE-2019-12594 NOTE: Upstream clarification https://sourceforge.net/p/dosbox/bugs/508/ NOTE: Fixed by https://sourceforge.net/p/dosbox/code-0/4246/ CVE-2019-12593 (IceWarp Mail Server through 10.4.4 is prone to a local file inclusion ...) NOT-FOR-US: IceWarp Mail Server CVE-2019-12592 (A universal Cross-site scripting (UXSS) vulnerability in the Evernote ...) NOT-FOR-US: Evernote CVE-2019-12591 (NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote a ...) NOT-FOR-US: NETGEAR CVE-2019-12590 RESERVED CVE-2019-12588 (The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2. ...) NOT-FOR-US: Espressif CVE-2019-12587 (The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 a ...) NOT-FOR-US: Espressif CVE-2019-12586 (The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 a ...) NOT-FOR-US: Espressif CVE-2019-12585 (Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and othe ...) - apcupsd (Vulnerable code in pfSense-specific status page) CVE-2019-12584 (Apcupsd 0.3.91_5, as used in pfSense through 2.4.4-RELEASE-p3 and othe ...) - apcupsd (Vulnerable code in pfSense-specific status page) CVE-2019-12583 (Missing Access Control in the "Free Time" component of several Zyxel U ...) NOT-FOR-US: Zyxel CVE-2019-12582 REJECTED CVE-2019-12581 (A reflective Cross-site scripting (XSS) vulnerability in the free_time ...) NOT-FOR-US: Zyxel CVE-2019-12580 RESERVED CVE-2019-12579 (A vulnerability in the London Trust Media Private Internet Access (PIA ...) NOT-FOR-US: Private Internet Access client CVE-2019-12578 (A vulnerability in the London Trust Media Private Internet Access (PIA ...) NOT-FOR-US: Private Internet Access client CVE-2019-12577 (A vulnerability in the London Trust Media Private Internet Access (PIA ...) NOT-FOR-US: Private Internet Access client CVE-2019-12576 (A vulnerability in the London Trust Media Private Internet Access (PIA ...) NOT-FOR-US: Private Internet Access client CVE-2019-12575 (A vulnerability in the London Trust Media Private Internet Access (PIA ...) NOT-FOR-US: Private Internet Access client CVE-2019-12574 (A vulnerability in the London Trust Media Private Internet Access (PIA ...) NOT-FOR-US: Private Internet Access client CVE-2019-12573 (A vulnerability in the London Trust Media Private Internet Access (PIA ...) NOT-FOR-US: Private Internet Access client CVE-2019-12572 (A vulnerability in the London Trust Media Private Internet Access (PIA ...) NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client CVE-2019-12571 (A vulnerability in the London Trust Media Private Internet Access (PIA ...) NOT-FOR-US: Private Internet Access client CVE-2019-12570 (A SQL injection vulnerability in the Xpert Solution "Server Status by ...) NOT-FOR-US: Xpert Solution "Server Status by Hostname/IP" plugin for WordPress CVE-2019-12569 (A vulnerability in Viber before 10.7.0 for Desktop (Windows) could all ...) NOT-FOR-US: Viber CVE-2019-12568 (Stack-based overflow vulnerability in the logMess function in Open TFT ...) NOT-FOR-US: Open TFTP Server CVE-2019-12567 (Stack-based overflow vulnerability in the logMess function in Open TFT ...) NOT-FOR-US: Open TFTP Server CVE-2019-12566 (The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS i ...) NOT-FOR-US: WP Statistics plugin for WordPress CVE-2019-12565 RESERVED CVE-2019-12564 (In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the d ...) NOT-FOR-US: DouCo DouPHP CVE-2019-12563 RESERVED CVE-2019-12562 (Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 a ...) NOT-FOR-US: DNN CVE-2019-12561 RESERVED CVE-2019-12560 RESERVED CVE-2019-12559 RESERVED CVE-2019-12558 RESERVED CVE-2019-12557 RESERVED CVE-2019-12556 RESERVED CVE-2019-12555 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...) NOT-FOR-US: SweetScape 010 Editor CVE-2019-12554 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...) NOT-FOR-US: SweetScape 010 Editor CVE-2019-12553 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...) NOT-FOR-US: SweetScape 010 Editor CVE-2019-12552 (In SweetScape 010 Editor 9.0.1, an integer overflow during the initial ...) NOT-FOR-US: SweetScape 010 Editor CVE-2019-12551 (In SweetScape 010 Editor 9.0.1, improper validation of arguments in th ...) NOT-FOR-US: SweetScape 010 Editor CVE-2019-12550 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW ...) NOT-FOR-US: WAGO devices CVE-2019-12549 (WAGO 852-303 before FW06, 852-1305 before FW06, and 852-1505 before FW ...) NOT-FOR-US: WAGO devices CVE-2019-12548 (Bludit before 3.9.0 allows remote code execution for an authenticated ...) NOT-FOR-US: bludit CVE-2019-12547 RESERVED CVE-2019-12546 RESERVED CVE-2019-12545 RESERVED CVE-2019-12544 RESERVED CVE-2019-12543 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk CVE-2019-12542 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk CVE-2019-12541 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk CVE-2019-12540 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. Th ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk CVE-2019-12539 (An issue was discovered in the Purchase component of Zoho ManageEngine ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2019-12538 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk CVE-2019-12537 (An issue was discovered in Zoho ManageEngine AssetExplorer. There is X ...) NOT-FOR-US: Zoho ManageEngine AssetExplorer CVE-2019-12536 RESERVED CVE-2019-12535 RESERVED CVE-2019-12534 RESERVED CVE-2019-12533 RESERVED CVE-2019-12532 (Improper access control in the Insyde software tools may allow an auth ...) NOT-FOR-US: Insyde software tools CVE-2019-12531 RESERVED CVE-2019-12530 (Incorrect access control was discovered in the stdonato Dashboard plug ...) NOT-FOR-US: Dashboard plugin for GLPI CVE-2019-12529 (An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through ...) {DSA-4507-1 DLA-2278-1 DLA-1858-1} - squid 4.8-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_2.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch CVE-2019-12528 (An issue was discovered in Squid before 4.10. It allows a crafted FTP ...) {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950925) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_2.txt NOTE: Squid 3: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8cdb18ca1829a0b7faa1c9e472604ed0e7e105ac.patch NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-c1bebac9c1135b7add6589db35c62f16db195b8f.patch CVE-2019-12527 (An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...) {DSA-4507-1} - squid 4.8-1 - squid3 (Vulnerable code introduced in 4.0.23) NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_5.txt NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch NOTE: The code in squid 3.x limits the amount of input data decoded to one byte less NOTE: than the length of the target buffer, whilst in 4.x the entire input is decoded NOTE: without regard for the size of the target buffer. CVE-2019-12526 (An issue was discovered in Squid before 4.9. URN response handling in ...) {DSA-4682-1 DLA-2278-1 DLA-2028-1} - squid 4.9-1 - squid3 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_7.txt CVE-2019-12525 (An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through ...) {DSA-4507-1 DLA-2278-1 DLA-1858-1} - squid 4.8-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_3.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-409956536647b3a05ee1e367424a24ae6b8f13fd.patch NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-ec0d0f39cf28da14eead0ba5e777e95855bc2f67.patch CVE-2019-12524 (An issue was discovered in Squid through 4.7. When handling requests f ...) {DSA-4682-1 DLA-2278-1} - squid 4.8-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch CVE-2019-12523 (An issue was discovered in Squid before 4.9. When handling a URN reque ...) {DSA-4682-1 DLA-2278-1} - squid 4.9-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_8.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch CVE-2019-12522 (An issue was discovered in Squid through 4.7. When Squid is run as roo ...) - squid (unimportant) - squid3 (unimportant) NOTE: Only causes problems if some other vulnerability is used to compromise the proxy. NOTE: There is no upstream plan to fix the issue. The issue here is that some child NOTE: processes run as low-privilege but stay in a state where they can resume root NOTE: privileges. That is needed for reconfigure still. Architectural changes are needed NOTE: to resolve it without breaking some installations. CVE-2019-12521 (An issue was discovered in Squid through 4.7. When Squid is parsing ES ...) {DSA-4682-1 DLA-2278-1} - squid 4.11-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch CVE-2019-12520 (An issue was discovered in Squid through 4.7 and 5. When receiving a r ...) {DSA-4682-1 DLA-2278-1} - squid 4.8-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_4.txt NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2019_4.patch CVE-2019-12519 (An issue was discovered in Squid through 4.7. When handling the tag es ...) {DSA-4682-1 DLA-2278-1} - squid 4.11-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch CVE-2019-12518 (Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 ...) NOT-FOR-US: Anviz CrossChex CVE-2019-12517 (An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 fo ...) NOT-FOR-US: slickquiz plugin for WordPress CVE-2019-12516 (The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injectio ...) NOT-FOR-US: slickquiz plugin for WordPress CVE-2019-12515 (There is an out-of-bounds read vulnerability in the function FlateStre ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) NOTE: https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar CVE-2019-12514 RESERVED CVE-2019-12513 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP dis ...) NOT-FOR-US: Netgear CVE-2019-12512 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execu ...) NOT-FOR-US: Netgear CVE-2019-12511 (In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may exec ...) NOT-FOR-US: Netgear CVE-2019-12510 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypas ...) NOT-FOR-US: Netgear CVE-2019-12509 RESERVED CVE-2019-12508 RESERVED CVE-2019-12507 (An XSS vulnerability exists in PHPRelativePath (aka Relative Path) thr ...) NOT-FOR-US: Relative Path PHP library CVE-2019-12506 (Due to unencrypted and unauthenticated data communication, the wireles ...) NOT-FOR-US: Logitech CVE-2019-12505 (Due to unencrypted and unauthenticated data communication, the wireles ...) NOT-FOR-US: Inateck CVE-2019-12504 (Due to unencrypted and unauthenticated data communication, the wireles ...) NOT-FOR-US: Inateck CVE-2019-12503 (Due to unencrypted and unauthenticated data communication, the wireles ...) NOT-FOR-US: Inateck CVE-2019-12502 (There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 ca ...) NOT-FOR-US: MOBOTIX cameras CVE-2019-12501 RESERVED CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "su ...) NOT-FOR-US: Xiaomi M365 scooter CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress accepts ce ...) NOT-FOR-US: WP Live Chat Support plugin for WordPress CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) {DLA-1816-1} - otrs2 6.0.19-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/f8bcf08dfc5f06915c1352c07e5f626f9b5ecfc2 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4cc3f0e24937fa53870132003aec6af460b9b57 CVE-2019-12496 (An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt ...) NOT-FOR-US: Hybrid Group Gobot CVE-2019-12495 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...) - tcc 0.9.27+git20200814.62c30a4a-1 (bug #929872) [buster] - tcc (Minor issue) [stretch] - tcc (Minor issue) [jessie] - tcc (Minor issue) NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2019-05/msg00044.html NOTE: https://repo.or.cz/tinycc.git/commit/d04ce7772c2bc2781ab2502e0b1f1964488814b5 CVE-2019-12494 (In Gardener before 0.20.0, incorrect access control in seed clusters a ...) NOT-FOR-US: Gardener CVE-2019-12493 (A stack-based buffer over-read exists in PostScriptFunction::transform ...) {DLA-1939-1} - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) - poppler 0.44.0-2 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/37840827c4073dedfd37915a74eb8fe0c44843c3 CVE-2019-12492 (Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and ...) NOT-FOR-US: Gallagher Command Centre CVE-2019-12491 (OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to r ...) NOT-FOR-US: OnApp CVE-2019-12490 (An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. ...) NOT-FOR-US: Simple Machines Forum (SMF) CVE-2019-12489 (An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Aske ...) NOT-FOR-US: Fastweb Askey RTV1907VW devices CVE-2019-12488 RESERVED CVE-2019-12487 RESERVED CVE-2019-12486 RESERVED CVE-2019-12485 RESERVED CVE-2019-12484 RESERVED CVE-2019-12483 (An issue was discovered in GPAC 0.7.1. There is a heap-based buffer ov ...) {DLA-1841-1} - gpac 1.0.1+dfsg1-2 (bug #931088) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1249 NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1 CVE-2019-12482 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...) {DLA-1841-1} - gpac 1.0.1+dfsg1-2 (bug #931088) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1249 NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1 CVE-2019-12481 (An issue was discovered in GPAC 0.7.1. There is a NULL pointer derefer ...) {DLA-1841-1} - gpac 1.0.1+dfsg1-2 (bug #931088) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1249 NOTE: https://github.com/gpac/gpac/commit/f40aaaf959d4d1f7fa0dcd04c0666592e615c8f1 CVE-2019-12480 (BACnet Protocol Stack through 0.8.6 has a segmentation fault leading t ...) NOT-FOR-US: BACnet Protocol Stack CVE-2019-12479 (An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vuln ...) NOT-FOR-US: 20|20 Storage CVE-2019-12478 RESERVED CVE-2019-12477 (Supra Smart Cloud TV allows remote file inclusion in the openLiveURL f ...) NOT-FOR-US: Supra Smart Cloud TV CVE-2019-12476 (An authentication bypass vulnerability in the password reset functiona ...) NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2019-12475 (In MicroStrategy Web before 10.4.6, there is stored XSS in metric due ...) NOT-FOR-US: MicroStrategy Web CVE-2019-12474 (Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Pri ...) {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T212118 CVE-2019-12473 (Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing inv ...) {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T204729 CVE-2019-12472 (An Incorrect Access Control vulnerability was found in Wikimedia Media ...) {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T199540 CVE-2019-12471 (Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaSc ...) {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T207603 CVE-2019-12470 (Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppr ...) {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T222038 CVE-2019-12469 (MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed user ...) {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T222036 CVE-2019-12468 (An Incorrect Access Control vulnerability was found in Wikimedia Media ...) {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T197279 CVE-2019-12467 (MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). ...) {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T209794 CVE-2019-12466 (Wikimedia MediaWiki through 1.32.1 allows CSRF. ...) {DSA-4460-1} - mediawiki 1:1.31.2-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://phabricator.wikimedia.org/T25227 CVE-2019-12465 (An issue was discovered in LibreNMS 1.50.1. A SQL injection flaw was i ...) NOT-FOR-US: LibreNMS CVE-2019-12464 (An issue was discovered in LibreNMS 1.50.1. An authenticated user can ...) NOT-FOR-US: LibreNMS CVE-2019-12463 (An issue was discovered in LibreNMS 1.50.1. The scripts that handle gr ...) NOT-FOR-US: LibreNMS CVE-2019-12462 RESERVED CVE-2019-12461 (Web Port 1.19.1 allows XSS via the /log type parameter. ...) NOT-FOR-US: Web Port CVE-2019-12460 (Web Port 1.19.1 allows XSS via the /access/setup type parameter. ...) NOT-FOR-US: Web Port CVE-2019-12459 (FileRun 2019.05.21 allows customizables/plugins/audio_player Directory ...) NOT-FOR-US: FileRun CVE-2019-12458 (FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has ...) NOT-FOR-US: FileRun CVE-2019-12457 (FileRun 2019.05.21 allows images/extjs Directory Listing. This issue h ...) NOT-FOR-US: FileRun CVE-2019-12499 (Firejail before 0.9.60 allows truncation (resizing to length 0) of the ...) - firejail 0.9.58.2-2 (bug #929733) [stretch] - firejail (Vulnerable code introduced later) NOTE: https://github.com/netblue30/firejail/issues/2401 NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134 CVE-2019-12589 (In Firejail before 0.9.60, seccomp filters are writable inside the jai ...) - firejail 0.9.58.2-2 (bug #929732) [stretch] - firejail (Vulnerable code introduced later) NOTE: https://github.com/netblue30/firejail/issues/2718 NOTE: https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134 CVE-2019-12456 (** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl ...) - linux (unimportant) NOTE: The double-fetched value is not used after the second fetch, thus an invalid issue NOTE: from security impact perspective. CVE should probably be rejected. CVE-2019-12455 (** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in driv ...) - linux (unimportant) NOTE: No/negligible security impact CVE-2019-12454 (** DISPUTED ** An issue was discovered in wcd9335_codec_enable_dec in ...) - linux (Vulnerable code not present, introduced in 5.1-rc1) CVE-2019-12453 (In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in t ...) NOT-FOR-US: MicroStrategy Web CVE-2019-12452 (types/types.go in Containous Traefik 1.7.x through 1.7.11, when the -- ...) NOT-FOR-US: Containous Traefik CVE-2019-12451 RESERVED CVE-2019-13012 (The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 ...) {DLA-1866-2 DLA-1866-1} [experimental] - glib2.0 2.60.0-1 - glib2.0 2.60.5-1 (bug #931234) [buster] - glib2.0 2.58.3-2+deb10u1 [stretch] - glib2.0 2.50.3-2+deb9u1 NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1658 NOTE: https://gitlab.gnome.org/GNOME/glib/merge_requests/450 NOTE: https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429 CVE-2019-12450 (file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 ...) {DLA-1826-1} - glib2.0 2.58.3-2 (bug #929753) [stretch] - glib2.0 2.50.3-2+deb9u1 NOTE: https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 CVE-2019-12449 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...) - gvfs 1.38.1-4 (bug #929755) [stretch] - gvfs (Minor issue) [jessie] - gvfs (Vulnerable code introduced later) NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90 CVE-2019-12448 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...) - gvfs 1.38.1-4 (bug #929755) [stretch] - gvfs (Minor issue) [jessie] - gvfs (Vulnerable code introduced later) NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...) - gvfs 1.38.1-4 (bug #929755) [stretch] - gvfs (Minor issue) [jessie] - gvfs (Vulnerable code introduced later) NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959 NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d CVE-2019-12446 (An issue was discovered in GitLab Community and Enterprise Edition 8.3 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12445 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12444 (An issue was discovered in GitLab Community and Enterprise Edition 8.9 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12443 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12442 (An issue was discovered in GitLab Enterprise Edition 11.7 through 11.1 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12441 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauth ...) NOT-FOR-US: Sitecore CMS CVE-2019-12438 RESERVED CVE-2019-12437 (In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does n ...) NOT-FOR-US: SilverStripe CVE-2019-12436 (Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to ...) - samba (Only affects Samba since 4.10.0) NOTE: https://www.samba.org/samba/security/CVE-2019-12436.html CVE-2019-12435 (Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer d ...) - samba 2:4.9.5+dfsg-5 (bug #930748) [stretch] - samba (Only affects Samba since 4.9) [jessie] - samba (Only affects Samba since 4.9) NOTE: https://www.samba.org/samba/security/CVE-2019-12435.html CVE-2019-12434 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12433 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12432 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12431 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12430 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab (Only affects 11.11) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12429 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab (Only affects 11.9 and later) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12428 (An issue was discovered in GitLab Community and Enterprise Edition 6.8 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab 12.6.8-3 (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-pers ...) NOT-FOR-US: Zimbra Collaboration CVE-2019-12426 (an unauthenticated user could get access to information of some backen ...) NOT-FOR-US: Apache OFBiz CVE-2019-12425 (Apache OFBiz 17.12.01 is vulnerable to Host header injection by accept ...) NOT-FOR-US: Apache OFBiz CVE-2019-12424 REJECTED CVE-2019-12423 (Apache CXF ships with a OpenId Connect JWK Keys service, which allows ...) NOT-FOR-US: Apache CFX CVE-2019-12422 (Apache Shiro before 1.4.2, when using the default "remember me" config ...) - shiro (low; bug #947945) [bullseye] - shiro (Minor issue) [buster] - shiro (Minor issue) [stretch] - shiro (Minor issue) [jessie] - shiro (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/11/18/1 NOTE: Fixed by https://github.com/apache/shiro/commit/44f6548b97610cdf661976969d5735c0be14a57b#diff-a8fc9cf5d6f24966aa18cdf0850a730e CVE-2019-12421 (When using an authentication mechanism other than PKI, when the user c ...) NOT-FOR-US: Apache NiFi CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted in a way ...) {DSA-4584-1 DLA-2037-1} - spamassassin 3.4.3~rc6-1 (bug #946653) NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/2 NOTE: https://markmail.org/message/pyp425yrulfxyhrn NOTE: https://svn.apache.org/r1866128 CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the components that ...) NOT-FOR-US: Apache CFX CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0. ...) {DSA-4680-1 DSA-4596-1 DLA-2155-1 DLA-2077-1} - tomcat9 9.0.31-1 - tomcat8 - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3 (9.0.29) NOTE: https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00 (8.5.48) NOTE: https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b (7.0.98) CVE-2019-12417 (A malicious admin user could edit the state of objects in the Airflow ...) - airflow (bug #819700) CVE-2019-12416 (we got reports for 2 injection attacks against the DeltaSpike windowha ...) NOT-FOR-US: DeltaSpike CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...) - libapache-poi-java (unimportant; bug #943565) NOTE: https://www.openwall.com/lists/oss-security/2019/10/23/1 NOTE: Vulnerable tool not shipped in binary package CVE-2019-12414 (In Apache Incubator Superset before 0.32, a user can view database nam ...) NOT-FOR-US: Apache Superset CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query database met ...) NOT-FOR-US: Apache Superset CVE-2019-12411 REJECTED CVE-2019-12410 (While investigating UBSAN errors in https://github.com/apache/arrow/pu ...) NOT-FOR-US: Apache Arrow CVE-2019-12409 (The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure settin ...) - lucene-solr (Vulnerable code was introduced later) NOTE: https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E CVE-2019-12408 (It was discovered that the C++ implementation (which underlies the R, ...) NOT-FOR-US: Apache Arrow CVE-2019-12407 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...) - jspwiki CVE-2019-12406 (Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of mes ...) NOT-FOR-US: Apache CFX CVE-2019-12405 (Improper authentication is possible in Apache Traffic Control versions ...) NOT-FOR-US: Apache Traffic Control CVE-2019-12404 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...) - jspwiki CVE-2019-12403 REJECTED CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commons Com ...) - libcommons-compress-java 1.18-3 (low; bug #939610) [buster] - libcommons-compress-java 1.18-2+deb10u1 [stretch] - libcommons-compress-java (Vulnerable code introduced later) [jessie] - libcommons-compress-java (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1 NOTE: Fixed in upstream commit: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commitdiff;h=4ad5d80a6272e007f64a6ac66829ca189a8093b9;hp=16a0c84e84b93cc8c107b7ff3080bd11317ab581 CVE-2019-12401 (Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are v ...) - lucene-solr (system libraries of libwoodstox-java and libstax-api-java are used in Debian) NOTE: https://issues.apache.org/jira/browse/SOLR-13750 NOTE: https://www.openwall.com/lists/oss-security/2019/09/10/1 NOTE: Upstream's fix (upgrading dependencies) suggests the issue is in libwoodstox-java: NOTE: https://issues.apache.org/jira/browse/SOLR-6830 NOTE: May be related to the change in the 4.x series of libwoodstox-java to NOTE: disabling coalescing by default which can trigger large memory consumption NOTE: when parsing specially crafted XML data. CVE-2019-12400 (In version 2.0.3 Apache Santuario XML Security for Java, a caching mec ...) - libxml-security-java 2.1.7-1 (bug #935548) [bullseye] - libxml-security-java (Minor issue) [buster] - libxml-security-java (Minor issue) [stretch] - libxml-security-java (Vulnerable code introduced in 2.0.3) [jessie] - libxml-security-java (Vulnerable code introduced in 2.0.3) NOTE: http://santuario.apache.org/secadv.data/CVE-2019-12400.asc NOTE: https://github.com/apache/santuario-xml-security-java/commit/8c88bbe449d073d5bc0626c1719e81e81c2ad9b4 (likely fix) CVE-2019-12399 (When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0 ...) - kafka (bug #786460) CVE-2019-12398 (In Apache Airflow before 1.10.5 when running with the "classic" UI, a ...) - airflow (bug #819700) CVE-2019-12397 (Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnera ...) NOT-FOR-US: Apache Ranger CVE-2019-12396 REJECTED CVE-2019-12395 (In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check ...) NOT-FOR-US: Webbukkit Dynmap CVE-2019-12394 (Anviz access control devices allow unverified password change which al ...) NOT-FOR-US: Anviz CVE-2019-12393 (Anviz access control devices are vulnerable to replay attacks which co ...) NOT-FOR-US: Anviz CVE-2019-12392 (Anviz access control devices allow remote attackers to issue commands ...) NOT-FOR-US: Anviz CVE-2019-12391 (The Anviz Management System for access control has insufficient loggin ...) NOT-FOR-US: Anviz CVE-2019-12390 (Anviz access control devices expose private Information (pin code and ...) NOT-FOR-US: Anviz CVE-2019-12389 (Anviz access control devices expose credentials (names and passwords) ...) NOT-FOR-US: Anviz CVE-2019-12388 (Anviz access control devices perform cleartext transmission of sensiti ...) NOT-FOR-US: Anviz CVE-2019-12387 (In Twisted before 19.2.1, twisted.web did not validate or sanitize URI ...) - twisted 18.9.0-7 (bug #930389) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) [jessie] - twisted (Minor issue) NOTE: https://github.com/twisted/twisted/commit/6c61fc4503ae39ab8ecee52d10f10ee2c371d7e2 CVE-2019-12386 (An issue was discovered in Ampache through 3.9.1. A stored XSS exists ...) {DLA-1988-1} - ampache NOTE: https://github.com/ampache/ampache/issues/1872 NOTE: according to the github issue, it is not really fixed yet CVE-2019-12385 (An issue was discovered in Ampache through 3.9.1. The search engine is ...) {DLA-1988-1} - ampache NOTE: https://github.com/ampache/ampache/issues/1872 NOTE: according to the github issue, it is not really fixed yet CVE-2019-12384 (FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to ...) {DLA-1831-1} - jackson-databind 2.9.8-3 (bug #930750) [stretch] - jackson-databind 2.8.6-1+deb9u6 NOTE: https://github.com/FasterXML/jackson-databind/issues/2334 NOTE: https://github.com/FasterXML/jackson-databind/commit/c9ef4a10d6f6633cf470d6a469514b68fa2be234 CVE-2019-12383 (Tor Browser before 8.0.1 has an information exposure vulnerability. It ...) - firefox-esr (unimportant) - firefox (unimportant) NOTE: https://gitweb.torproject.org/tor-browser.git/commit/?id=cbb04b72c68272c2de42f157d40cd7d29a6b7b55 NOTE: https://hackerone.com/reports/282748 NOTE: https://trac.torproject.org/projects/tor/ticket/24056 NOTE: This affects Firefox, but it's not a security issue in Firefox by itself CVE-2019-12382 (** DISPUTED ** An issue was discovered in drm_load_edid_firmware in dr ...) - linux (unimportant) NOTE: Issue with no security impact, see kernel-sec, invalid issue CVE-2019-12381 (** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip ...) - linux (unimportant) NOTE: Issue with no security impact, see kernel-sec, invalid issue CVE-2019-12380 (**DISPUTED** An issue was discovered in the efi subsystem in the Linux ...) - linux (unimportant) NOTE: No security impact, all code involved runs at boot before userland starts CVE-2019-12379 (** DISPUTED ** An issue was discovered in con_insert_unipair in driver ...) - linux (unimportant) NOTE: No real security issue and fix introduces real security issue, see kernel-sec CVE-2019-12378 (** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/i ...) - linux (unimportant) NOTE: Issue with no security impact, see kernel-sec, invalid issue CVE-2019-12377 (A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK M ...) NOT-FOR-US: LANDESK CVE-2019-12376 (Use of a hard-coded encryption key in Ivanti LANDESK Management Suite ...) NOT-FOR-US: LANDESK CVE-2019-12375 (Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoin ...) NOT-FOR-US: LANDESK CVE-2019-12374 (A SQL Injection vulnerability exists in Ivanti LANDESK Management Suit ...) NOT-FOR-US: LANDESK CVE-2019-12373 (Improper access control and open directories in Ivanti LANDESK Managem ...) NOT-FOR-US: LANDESK CVE-2019-12372 (Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via ...) NOT-FOR-US: Petraware pTransformer ADC CVE-2019-12371 RESERVED CVE-2019-12370 (The Spark application through 2.0.2 for Android allows XSS via an even ...) NOT-FOR-US: some Android application CVE-2019-12369 (The TypeApp application through 1.9.5.35 for Android allows XSS via an ...) NOT-FOR-US: some Android application CVE-2019-12368 (The Edison Mail application through 1.7.1 for Android allows XSS via a ...) NOT-FOR-US: some Android application CVE-2019-12367 (The BlueMail application through 1.9.5.36 for Android allows XSS via a ...) NOT-FOR-US: some Android application CVE-2019-12366 (The Nine application through 4.5.3a for Android allows XSS via an even ...) NOT-FOR-US: some Android application CVE-2019-12365 (The Newton application through 10.0.23 for Android allows XSS via an e ...) NOT-FOR-US: some Android application CVE-2019-12364 RESERVED CVE-2019-12363 (An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2 ...) NOT-FOR-US: MyBB plugin CVE-2019-12362 (EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doacti ...) NOT-FOR-US: EmpireCMS CVE-2019-12361 (EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.ph ...) NOT-FOR-US: EmpireCMS CVE-2019-12360 (A stack-based buffer over-read exists in FoFiTrueType::dumpString in f ...) {DLA-1815-1} - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) - poppler 0.38.0-2 NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/cdb7ad95f7c8fbf63ade040d8a07ec96467042fc (poppler-0.32.0) NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/bf4aae25a244b1033a2479b9a8f633224f7d5de5 (poppler-0.32.0) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=85243 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1136620 CVE-2019-12359 RESERVED CVE-2019-12358 RESERVED CVE-2019-12357 RESERVED CVE-2019-12356 RESERVED CVE-2019-12355 RESERVED CVE-2019-12354 RESERVED CVE-2019-12353 RESERVED CVE-2019-12352 RESERVED CVE-2019-12351 RESERVED CVE-2019-12350 RESERVED CVE-2019-12349 RESERVED CVE-2019-12348 (An issue was discovered in zzcms 2019. SQL Injection exists in user/zt ...) NOT-FOR-US: zzcms CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers ...) NOT-FOR-US: pfSense CVE-2019-12346 (In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for Word ...) NOT-FOR-US: miniOrange SAML SP Single Sign On plugin for WordPress CVE-2019-12345 (XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress. ...) NOT-FOR-US: Kiboko Hostel plugin for WordPress CVE-2019-12344 RESERVED CVE-2019-12343 RESERVED CVE-2019-12342 RESERVED CVE-2019-12341 RESERVED CVE-2019-12340 RESERVED CVE-2019-12339 RESERVED CVE-2019-12338 RESERVED CVE-2019-12337 RESERVED CVE-2019-12336 RESERVED CVE-2019-12335 RESERVED CVE-2019-12334 RESERVED CVE-2019-12333 RESERVED CVE-2019-12332 RESERVED CVE-2019-12331 (PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner ...) NOT-FOR-US: PHPOffice PhpSpreadsheet CVE-2019-12330 RESERVED CVE-2019-12329 RESERVED CVE-2019-12328 (A command injection (missing input validation) issue in the remote pho ...) NOT-FOR-US: Atcom A10W VoIP phone CVE-2019-12327 (Hardcoded credentials in the Akuvox R50P VoIP phone 50.0.6.156 allow a ...) NOT-FOR-US: Akuvox R50P VoIP phone CVE-2019-12326 (Missing file and path validation in the ringtone upload function of th ...) NOT-FOR-US: Akuvox R50P VoIP phone CVE-2019-12325 (The Htek UC902 VoIP phone web management interface contains several bu ...) NOT-FOR-US: Htek UC902 VoIP phone CVE-2019-12324 (A command injection (missing input validation) issue in the IP address ...) NOT-FOR-US: Akuvox R50P VoIP phone CVE-2019-12323 (The HC.Server service in Hosting Controller HC10 10.14 allows an Inval ...) NOT-FOR-US: Hosting Controller HC10 CVE-2019-12322 RESERVED CVE-2019-12321 REJECTED CVE-2019-12320 RESERVED CVE-2019-12319 RESERVED CVE-2019-12318 RESERVED CVE-2019-12317 RESERVED CVE-2019-12316 RESERVED CVE-2019-12315 (Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) ...) NOT-FOR-US: Samsung CVE-2019-12314 (Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute pa ...) NOT-FOR-US: Deltek Maconomy CVE-2019-12313 (XSS exists in Shave before 2.5.3 because output encoding is mishandled ...) NOT-FOR-US: Shave CVE-2019-12312 (In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon ...) [experimental] - libreswan 3.28-1 - libreswan 3.27-5 (bug #929916) NOTE: https://github.com/libreswan/libreswan/issues/246 NOTE: https://github.com/libreswan/libreswan/commit/7142d2c37d58cf024595a7549f0fb0d3946682f8 NOTE: https://libreswan.org/security/CVE-2019-12312/CVE-2019-12312.txt NOTE: https://libreswan.org/security/CVE-2019-12312/libreswan-3.27-CVE-2019-12312.patch CVE-2019-12311 (Sandline Centraleyezer (On Premises) allows Unrestricted File Upload l ...) NOT-FOR-US: Sandline Centraleyezer CVE-2019-12310 (ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monit ...) NOT-FOR-US: ExaGrid appliances CVE-2019-12309 (dotCMS before 5.1.0 has a path traversal vulnerability exploitable by ...) NOT-FOR-US: dotCMS CVE-2019-12308 (An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1. ...) {DSA-4476-1 DLA-1814-1} - python-django 1:1.11.21-1 (bug #929927) NOTE: https://github.com/django/django/commit/deeba6d92006999fee9adfbd8be79bf0a59e8008 (master) NOTE: https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b (1.11.21) CVE-2019-12307 RESERVED CVE-2019-12306 RESERVED CVE-2019-12305 (In EZCast Pro II, the administrator password md5 hash is provided upon ...) NOT-FOR-US: EZCast Pro II CVE-2019-12304 RESERVED CVE-2019-12303 (In Rancher 2 through 2.2.3, Project owners can inject additional fluen ...) NOT-FOR-US: Rancher CVE-2019-12302 RESERVED CVE-2019-12301 (The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffer ...) NOT-FOR-US: Percona server CVE-2019-12300 (Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted au ...) - buildbot 2.0.1-2 (bug #929849) [stretch] - buildbot (Vulnerable code introduced later) [jessie] - buildbot (Vulnerable code got added later) NOTE: https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication CVE-2019-12299 (Sandline Centraleyezer (On Premises) allows Stored XSS using HTML enti ...) NOT-FOR-US: Sandline Centraleyezer CVE-2019-12298 (Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds writ ...) NOT-FOR-US: Leanify CVE-2019-12297 (An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1 ...) NOT-FOR-US: Motorola CVE-2019-12296 RESERVED CVE-2019-12295 (In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the ...) {DLA-2547-1 DLA-2423-1} - wireshark 2.6.8-1.1 (low; bug #929446) [jessie] - wireshark (Minor, can be fixed along in a future update) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-19.html CVE-2019-12294 RESERVED CVE-2019-12293 (In Poppler through 0.76.1, there is a heap-based buffer over-read in J ...) {DLA-2287-1 DLA-1815-1} - poppler 0.71.0-5 (bug #929423) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/768 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/89a5367d49b2556a2635dbb6d48d6a6b182a2c6c CVE-2019-12292 (Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. ...) NOT-FOR-US: Citrix AppDNA CVE-2019-12291 (HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Key ...) - consul 1.4.5+dfsg1-1 [buster] - consul (Vulnerable code introduced in 1.4.0) NOTE: https://github.com/hashicorp/consul/issues/5888 CVE-2019-12290 (GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specifi ...) - libidn2 2.2.0-1 [buster] - libidn2 (Minor issue; intrusive to backport) NOTE: https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5 (2.2.0) NOTE: https://gitlab.com/libidn/libidn2/merge_requests/71 CVE-2019-12289 (An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C782 ...) NOT-FOR-US: VStarcam CVE-2019-12288 (An issue was discovered in upgrade_htmls.cgi on VStarcam 100T (C7824WI ...) NOT-FOR-US: VStarcam CVE-2019-12287 RESERVED CVE-2019-12286 RESERVED CVE-2019-12285 RESERVED CVE-2019-12284 RESERVED CVE-2019-12283 RESERVED CVE-2019-12282 RESERVED CVE-2019-12281 RESERVED CVE-2019-12280 (PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. ...) NOT-FOR-US: PC-Doctor Toolbox CVE-2019-12279 (** DISPUTED ** Nagios XI 5.6.1 allows SQL injection via the username p ...) NOT-FOR-US: Nagios XI CVE-2019-12278 (Opera through 53 on Android allows Address Bar Spoofing. Characters fr ...) NOT-FOR-US: Opera CVE-2019-12277 (Blogifier 2.3 before 2019-05-11 does not properly restrict APIs, as de ...) NOT-FOR-US: Blogifier CVE-2019-12276 (A Path Traversal vulnerability in Controllers/LetsEncryptController.cs ...) NOT-FOR-US: GrandNode CVE-2019-12275 RESERVED CVE-2019-12274 (In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to de ...) NOT-FOR-US: Rancher CVE-2019-12273 (** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceD ...) NOT-FOR-US: OutSystems Platform CVE-2019-12272 (In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/band ...) NOT-FOR-US: OpenWrt LuCI CVE-2019-12271 (Sandline Centraleyezer (On Premises) allows unrestricted File Upload w ...) NOT-FOR-US: Sandline Centraleyezer CVE-2019-12270 (OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configur ...) NOT-FOR-US: OpenText Brava! CVE-2019-12269 (Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PG ...) - enigmail 2:2.0.11+ds1-1 (bug #929363) [buster] - enigmail 2:2.0.12+ds1-1~deb10u1 [jessie] - enigmail (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html) NOTE: https://sourceforge.net/p/enigmail/bugs/983/ CVE-2019-12268 RESERVED CVE-2019-12267 RESERVED CVE-2019-12266 RESERVED CVE-2019-12265 (Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Le ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12264 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12263 (Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP comp ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12262 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Contr ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12261 (Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12260 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP compon ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12259 (Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12258 (Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP com ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12257 (Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP c ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12256 (Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 compo ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12255 (Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 ...) NOT-FOR-US: Wind River VxWorks CVE-2019-12254 RESERVED CVE-2019-12253 (my little forum before 2.4.20 allows CSRF to delete posts, as demonstr ...) NOT-FOR-US: my little forum CVE-2019-12252 (In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the low ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2019-12251 (sadmin/ceditpost.php in UCMS 1.4.7 allows SQL Injection via the index. ...) NOT-FOR-US: UCMS CVE-2019-12250 (** DISPUTED ** IdentityServer IdentityServer4 through 2.4 has stored X ...) NOT-FOR-US: IdentityServer CVE-2019-12249 RESERVED CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) {DLA-1816-1} - otrs2 6.0.19-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/4e06ef439c33e7d90af16451719415c780e0c29c NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/0713999042e3ce7fa60067d3cd165206899224bf NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/edbc7371a52fc5d0032e934d2456b5f39da317f1 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/2d85ce89515db8e94b36ea8ba97f21e27aa66efd CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/comm ...) - qemu (unimportant; bug #929365) - qemu-kvm (unimportant) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html NOTE: Disputed upstream as not beeing exploitable. CVE-2019-12246 (SilverStripe through 4.3.3 allows a Denial of Service on flush and dev ...) NOT-FOR-US: SilverStripe CVE-2019-12245 (SilverStripe through 4.3.3 has incorrect access control for protected ...) NOT-FOR-US: SilverStripe CVE-2019-12244 RESERVED CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...) NOT-FOR-US: Istio CVE-2019-12242 RESERVED CVE-2019-12241 (The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserializat ...) NOT-FOR-US: Wordpress plugin CVE-2019-12240 (The Virim plugin 0.4 for WordPress allows Insecure Deserialization via ...) NOT-FOR-US: Wordpress plugin CVE-2019-12239 (The WP Booking System plugin 1.5.1 for WordPress has no CSRF protectio ...) NOT-FOR-US: Wordpress plugin CVE-2019-12238 RESERVED CVE-2019-12237 RESERVED CVE-2019-12236 RESERVED CVE-2019-12235 RESERVED CVE-2019-12234 RESERVED CVE-2019-12233 RESERVED CVE-2019-12232 RESERVED CVE-2019-12231 RESERVED CVE-2019-12230 RESERVED CVE-2019-12229 RESERVED CVE-2019-12228 RESERVED CVE-2019-12227 RESERVED CVE-2019-12226 RESERVED CVE-2019-12225 RESERVED CVE-2019-12224 RESERVED CVE-2019-12223 (An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1. ...) NOT-FOR-US: Hanwah Techwin SRN-472s devices CVE-2019-12222 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4621 NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34 CVE-2019-12221 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4628 NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34 CVE-2019-12220 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4627 NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34 CVE-2019-12219 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4625 NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34 CVE-2019-12218 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4620 NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb CVE-2019-12217 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4626 NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34 CVE-2019-12216 (An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4619 NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb CVE-2019-12215 (** DISPUTED ** A full path disclosure vulnerability was discovered in ...) - matomo (bug #448532) CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...) - freeimage (bug #947478) [bullseye] - freeimage (Revisit when upstream fixes are available) [buster] - freeimage (Revisit when upstream fixes are available) [stretch] - freeimage (Revisit when upstream fixes are available) [jessie] - freeimage (Revisit when upstream fixes are available) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ NOTE: very few information regarding this vulnerability, which is seemingly located NOTE: in libopenjpeg, not freeimage. Without reproducer or stacktrace, this is NOTE: nearly unfixable. CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory ...) {DSA-4593-1 DLA-2031-1} - freeimage 3.18.0+ds2-3 (bug #929597) [buster] - freeimage (Revisit when upstream fixes are available) [stretch] - freeimage (Revisit when upstream fixes are available) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ NOTE: https://sourceforge.net/p/freeimage/svn/1825/ CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize ...) - freeimage (bug #947477) [bullseye] - freeimage (Revisit when upstream fixes are available) [buster] - freeimage (Revisit when upstream fixes are available) [stretch] - freeimage (Revisit when upstream fixes are available) [jessie] - freeimage (Revisit when upstream fixes are available) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load ...) {DSA-4593-1 DLA-2031-1} - freeimage 3.18.0+ds2-3 (bug #929597) [buster] - freeimage (Revisit when upstream fixes are available) [stretch] - freeimage (Revisit when upstream fixes are available) NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/ NOTE: https://sourceforge.net/p/freeimage/svn/1825/ CVE-2019-12210 (In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug ...) - pam-u2f 1.0.8-1 (low; bug #930023) [buster] - pam-u2f 1.0.7-1+deb10u1 [stretch] - pam-u2f (Minor issue) NOTE: https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62 NOTE: https://www.openwall.com/lists/oss-security/2019/06/05/1 CVE-2019-12209 (Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (defa ...) - pam-u2f 1.0.8-1 (low; bug #930021) [buster] - pam-u2f 1.0.7-1+deb10u1 [stretch] - pam-u2f (Minor issue) NOTE: https://github.com/Yubico/pam-u2f/commit/7db3386fcdb454e33a3ea30dcfb8e8960d4c3aa3 NOTE: https://www.openwall.com/lists/oss-security/2019/06/05/1 CVE-2019-12208 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...) NOT-FOR-US: njs CVE-2019-12207 (njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in ...) NOT-FOR-US: njs CVE-2019-12206 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...) NOT-FOR-US: njs CVE-2019-12205 (SilverStripe through 4.3.3 has Flash Clipboard Reflected XSS. ...) NOT-FOR-US: SilverStripe CVE-2019-12204 (In SilverStripe through 4.3.3, a missing warning about leaving install ...) NOT-FOR-US: SilverStripe CVE-2019-12203 (SilverStripe through 4.3.3 allows session fixation in the "change pass ...) NOT-FOR-US: SilverStripe CVE-2019-12202 RESERVED CVE-2019-12201 RESERVED CVE-2019-12200 RESERVED CVE-2019-12199 RESERVED CVE-2019-12198 (In GoHttp through 2017-07-25, there is a stack-based buffer over-read ...) NOT-FOR-US: GoHttp CVE-2019-12197 RESERVED CVE-2019-12196 (A SQL injection vulnerability in /client/api/json/v2/nfareports/compar ...) NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer CVE-2019-12195 (TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. ...) NOT-FOR-US: TP-Link CVE-2019-12194 RESERVED CVE-2019-12193 (H3C H3Cloud OS all versions allows SQL injection via the ear/grid_even ...) NOT-FOR-US: H3C H3Cloud OS CVE-2019-12192 RESERVED CVE-2019-12191 RESERVED CVE-2019-12190 (XSS was discovered in CentOS-WebPanel.com (aka CWP) CentOS Web Panel t ...) NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel CVE-2019-12189 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. The ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2019-12188 RESERVED CVE-2019-12187 RESERVED CVE-2019-12186 (An issue was discovered in Sylius products. Missing input sanitization ...) NOT-FOR-US: Sylius CVE-2019-12185 (eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/con ...) NOT-FOR-US: eLabFTW CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO Boost ...) NOT-FOR-US: Boostnote CVE-2019-12183 (Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 serie ...) NOT-FOR-US: Safescan Timemoto CVE-2019-12182 (Directory Traversal in Safescan Timemoto and TA-8000 series version 1. ...) NOT-FOR-US: Safescan Timemoto and TA-8000 series CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...) NOT-FOR-US: SolarWinds CVE-2019-12180 (An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 ...) NOT-FOR-US: SmartBear ReadyAPI CVE-2019-12179 RESERVED CVE-2019-12178 RESERVED CVE-2019-12177 (Privilege escalation due to insecure directory permissions affecting V ...) NOT-FOR-US: HTC VIVEPORT CVE-2019-12176 (Privilege escalation in the "HTC Account Service" and "ViveportDesktop ...) NOT-FOR-US: HTC VIVEPORT CVE-2019-12175 (In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, ...) - bro 2.6.4+ds1-1 (low) [buster] - bro (Minor issue) [stretch] - bro (Minor issue) CVE-2019-12174 (hide.me before 2.4.4 on macOS suffers from a privilege escalation vuln ...) NOT-FOR-US: hide.me CVE-2019-12173 (MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, w ...) NOT-FOR-US: MacDown CVE-2019-12172 (Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modifie ...) NOT-FOR-US: Typora CVE-2019-12171 (Dropbox.exe (and QtWebEngineProcess.exe in the Web Helper) in the Drop ...) NOT-FOR-US: Dropbox desktop application CVE-2019-12170 (ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the m ...) NOT-FOR-US: ATutor CVE-2019-12169 (ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, res ...) NOT-FOR-US: ATutor CVE-2019-12168 (Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code ...) NOT-FOR-US: Four-Faith Wireless Mobile Router F3x24 devices CVE-2019-12167 (httpGetSet/httpGet.htm on Emerson Network Power Liebert Challenger 5.1 ...) NOT-FOR-US: Emerson Network Power Liebert Challenger CVE-2019-12166 RESERVED CVE-2019-12165 (MiCollab 7.3 PR2 (7.3.0.204) and earlier, 7.2 (7.2.2.13) and earlier, ...) NOT-FOR-US: MiCollab CVE-2019-12164 (ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ ...) NOT-FOR-US: Status React Native Desktop CVE-2019-12163 (GAT-Ship Web Module through 1.30 allows remote attackers to obtain pot ...) NOT-FOR-US: GAT-Ship Web Module CVE-2019-12162 (Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the do ...) NOT-FOR-US: Upwork Time Tracker CVE-2019-12161 (WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.p ...) NOT-FOR-US: WPO WebPageTest CVE-2019-12160 (GoHTTP through 2017-07-25 has a sendHeader use-after-free. ...) NOT-FOR-US: GoHTTP CVE-2019-12159 (GoHTTP through 2017-07-25 has a stack-based buffer over-read in the sc ...) NOT-FOR-US: GoHTTP CVE-2019-12158 (GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflo ...) NOT-FOR-US: GoHTTP CVE-2019-12157 (In JetBrains UpSource versions before 2018.2 build 1293, there is cred ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-12156 (Server metadata could be exposed because one of the error messages ref ...) NOT-FOR-US: JetBrains TeamCity CVE-2019-12155 (interface_release_resource in hw/display/qxl.c in QEMU 3.1.x through 4 ...) {DSA-4454-1 DLA-1927-1} - qemu 1:3.1+dfsg-8 (bug #929353) [buster] - qemu 1:3.1+dfsg-8~deb10u1 - qemu-kvm NOTE: https://www.openwall.com/lists/oss-security/2019/05/22/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 CVE-2019-12154 (XXE in the XML parser library in RealObjects PDFreactor before 10.1.10 ...) NOT-FOR-US: PDFreactor CVE-2019-12153 (Lack of validation in the HTML parser in RealObjects PDFreactor before ...) NOT-FOR-US: PDFreactor CVE-2019-12152 RESERVED CVE-2019-12151 RESERVED CVE-2019-12150 (Karamasoft UltimateEditor 1 does not ensure that an uploaded file is a ...) NOT-FOR-US: Karamasoft UltimateEditor CVE-2019-12149 (SQL injection vulnerability in silverstripe/restfulserver module 1.0.x ...) NOT-FOR-US: SilverStripe CVE-2019-12148 (The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interfac ...) NOT-FOR-US: Sangoma Session Border Controller CVE-2019-12147 (The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interfac ...) NOT-FOR-US: Sangoma Session Border Controller CVE-2019-12146 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...) NOT-FOR-US: Progress ipswitch WS_FTP Server CVE-2019-12145 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...) NOT-FOR-US: Progress ipswitch WS_FTP Server CVE-2019-12144 (An issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FT ...) NOT-FOR-US: Progress ipswitch WS_FTP Server CVE-2019-12143 (A Directory Traversal issue was discovered in SSHServerAPI.dll in Prog ...) NOT-FOR-US: Progress ipswitch WS_FTP Server CVE-2019-12142 RESERVED CVE-2019-12141 RESERVED CVE-2019-12140 RESERVED CVE-2019-12139 (An XSS issue was discovered in the Admin UI in eZ Platform 2.x. This a ...) NOT-FOR-US: eZ Platform CVE-2019-12138 (MacDown 0.7.1 allows directory traversal, for execution of arbitrary p ...) NOT-FOR-US: MacDown CVE-2019-12137 (Typora 0.9.9.24.6 on macOS allows directory traversal, for execution o ...) NOT-FOR-US: Typora CVE-2019-12136 (There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, a ...) NOT-FOR-US: Boostnote CVE-2019-12135 (An unspecified vulnerability in the application server in PaperCut MF ...) NOT-FOR-US: PaperCut CVE-2019-12134 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) NOT-FOR-US: Workday CVE-2019-12133 (Multiple Zoho ManageEngine products suffer from local privilege escala ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-12132 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/d ...) NOT-FOR-US: ONAP CVE-2019-12131 (An issue was detected in ONAP APPC through Dublin and SDC through Dubl ...) NOT-FOR-US: ONAP CVE-2019-12130 (In ONAP CLI through Dublin, by accessing an applicable port (30234, 30 ...) NOT-FOR-US: ONAP CVE-2019-12129 (In ONAP MSB through Dublin, by accessing an applicable port (30234, 30 ...) NOT-FOR-US: ONAP CVE-2019-12128 (In ONAP SO through Dublin, by accessing an applicable port (30234, 302 ...) NOT-FOR-US: ONAP CVE-2019-12127 (In ONAP OOM through Dublin, by accessing an applicable port (30234, 30 ...) NOT-FOR-US: ONAP CVE-2019-12126 (In ONAP DCAE through Dublin, by accessing an applicable port (30234, 3 ...) NOT-FOR-US: ONAP CVE-2019-12125 (In ONAP Logging through Dublin, by accessing an applicable port (30234 ...) NOT-FOR-US: ONAP CVE-2019-12124 (An issue was discovered in ONAP APPC before Dublin. By using an expose ...) NOT-FOR-US: ONAP CVE-2019-12123 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...) NOT-FOR-US: ONAP CVE-2019-12122 (An issue was discovered in ONAP Portal through Dublin. By executing a ...) NOT-FOR-US: ONAP CVE-2019-12121 (An issue was detected in ONAP Portal through Dublin. By executing a pa ...) NOT-FOR-US: ONAP CVE-2019-12120 (An issue was discovered in ONAP VNFSDK through Dublin. By accessing po ...) NOT-FOR-US: ONAP CVE-2019-12119 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) NOT-FOR-US: ONAP CVE-2019-12118 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) NOT-FOR-US: ONAP CVE-2019-12117 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) NOT-FOR-US: ONAP CVE-2019-12116 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) NOT-FOR-US: ONAP CVE-2019-12115 (An issue was discovered in ONAP SDC through Dublin. By accessing port ...) NOT-FOR-US: ONAP CVE-2019-12114 (An issue was discovered in ONAP HOLMES before Dublin. By accessing por ...) NOT-FOR-US: ONAP CVE-2019-12113 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...) NOT-FOR-US: ONAP CVE-2019-12112 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/u ...) NOT-FOR-US: ONAP CVE-2019-12111 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...) {DLA-1811-1} - miniupnpd 2.1-6 (bug #930050) [stretch] - miniupnpd (Minor issue) NOTE: copyIPv6IfDifferent helper introduced in https://github.com/miniupnp/miniupnp/commit/3b12b8fb4e64e90a6319ae0aef3c240a44093439 NOTE: but possible NULL pointer dereference on the respective argument is present before. NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/cb8a02af7a5677cf608e86d57ab04241cf34e24f CVE-2019-12110 (An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnP ...) {DLA-1811-1} - miniupnpd 2.1-6 (bug #930050) [stretch] - miniupnpd 1.8.20140523-4.1+deb9u2 NOTE: https://github.com/miniupnp/miniupnp/commit/f321c2066b96d18afa5158dfa2d2873a2957ef38 CVE-2019-12109 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...) {DLA-1811-1} - miniupnpd 2.1-6 (bug #930050) [stretch] - miniupnpd 1.8.20140523-4.1+deb9u2 NOTE: https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c NOTE: https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692 CVE-2019-12108 (A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 ex ...) {DLA-1811-1} - miniupnpd 2.1-6 (bug #930050) [stretch] - miniupnpd 1.8.20140523-4.1+deb9u2 NOTE: https://github.com/miniupnp/miniupnp/commit/13585f15c7f7dc28bbbba1661efb280d530d114c NOTE: https://github.com/miniupnp/miniupnp/commit/86030db849260dd8fb2ed975b9890aef1b62b692 CVE-2019-12107 (The upnp_event_prepare function in upnpevents.c in MiniUPnP MiniUPnPd ...) {DLA-1811-1} - miniupnpd 2.1-6 (bug #930050) [stretch] - miniupnpd 1.8.20140523-4.1+deb9u2 NOTE: https://github.com/miniupnp/miniupnp/commit/bec6ccec63cadc95655721bc0e1dd49dac759d94 CVE-2019-12106 (The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and ...) {DLA-1805-1} - minissdpd 1.5.20190210-1 (bug #929297) [stretch] - minissdpd 1.2.20130907-4.1+deb9u1 NOTE: https://github.com/miniupnp/miniupnp/commit/cd506a67e174a45c6a202eff182a712955ed6d6f CVE-2019-12105 (** DISPUTED ** In Supervisor through 4.0.2, an unauthenticated user ca ...) - supervisor (unimportant) NOTE: https://github.com/Supervisor/supervisor/issues/1245 NOTE: Disupted upstream to be vulnerability. inet_http_server is not enabled by NOTE: default (neither upstream nor in Debian packaging). Details in the upstream NOTE: issue. CVE-2019-12104 (The web-based configuration interface of the TP-Link M7350 V3 with fir ...) NOT-FOR-US: TP-Link CVE-2019-12103 (The web-based configuration interface of the TP-Link M7350 V3 with fir ...) NOT-FOR-US: TP-Link CVE-2019-12102 (** DISPUTED ** Kentico 11 through 12 lets attackers upload and explore ...) NOT-FOR-US: Kentico CVE-2019-12101 (coap_decode_option in coap.c in LibNyoci 0.07.00rc1 mishandles certain ...) NOT-FOR-US: LibNyoci CVE-2019-12100 RESERVED CVE-2019-12099 (In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated us ...) NOT-FOR-US: PHP-Fusion CVE-2019-12098 (In the client side of Heimdal before 7.6.0, failure to verify anonymou ...) {DSA-4455-1} - heimdal 7.5.0+dfsg-3 (bug #929064) [jessie] - heimdal (Minor issue) NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf (7.6.0) NOTE: Introduced by: https://github.com/heimdal/heimdal/commit/a1ef548600c5bb51cf52a9a9ea12676506ede19f (1.4.0) CVE-2019-12097 (Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoop ...) NOT-FOR-US: Telerik Fiddler CVE-2019-12096 RESERVED CVE-2019-12095 (Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 ...) {DLA-2033-1} - php-horde-trean (unimportant) - php-horde 5.2.21+debian0-1 [buster] - php-horde 5.2.20+debian0-1+deb10u1 [stretch] - php-horde 5.2.13+debian0-1+deb9u1 NOTE: https://github.com/horde/base/commit/81a7b53973506856db67e7f0b0263be29528aa75 NOTE: https://bugs.horde.org/ticket/14926 (for the stored XSS) NOTE: Negligible impact for php-horde-trean, and unlikely that upstream will address CVE-2019-12094 (Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin ...) - php-horde (unimportant) NOTE: https://bugs.horde.org/ticket/14926 (for the reflected XSS) NOTE: Negligible impact and unlikely that upstream will address after fixes NOTE: for CVE-2019-12095 CVE-2019-12093 RESERVED CVE-2019-12092 RESERVED CVE-2019-12091 (The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2 ...) NOT-FOR-US: Netskope CVE-2019-12090 RESERVED CVE-2019-12089 RESERVED CVE-2019-12088 RESERVED CVE-2019-12087 (** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can becom ...) NOT-FOR-US: Samsung devices CVE-2019-12086 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DSA-4452-1 DLA-1798-1} - jackson-databind 2.9.8-2 (bug #929177) NOTE: https://github.com/FasterXML/jackson-databind/issues/2326 NOTE: https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b60b1c13740e3b5a43024 CVE-2019-12085 RESERVED CVE-2019-12084 RESERVED CVE-2019-12083 (The Rust Programming Language Standard Library 1.34.x before 1.34.2 co ...) - rustc (Introduced in 1.34) NOTE: https://blog.rust-lang.org/2019/05/13/Security-advisory.html CVE-2019-12082 RESERVED CVE-2019-12081 RESERVED CVE-2019-12080 RESERVED CVE-2019-12079 RESERVED CVE-2019-12078 RESERVED CVE-2019-12077 RESERVED CVE-2019-12076 RESERVED CVE-2019-12075 RESERVED CVE-2019-12074 RESERVED CVE-2019-12073 RESERVED CVE-2019-12072 RESERVED CVE-2019-12071 RESERVED CVE-2019-12070 RESERVED CVE-2019-12069 RESERVED CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg ...) {DSA-4665-1 DLA-2288-1 DLA-1927-1} - qemu 1:4.1-2 (low) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01518.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08 CVE-2019-12067 (The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to ...) - qemu (low; bug #972099) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Minor issue, revisit when fixed upstream) [stretch] - qemu (Minor issue, can be fixed along in future update) [jessie] - qemu (Minor issue, can be fixed along in future update) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html NOTE: patch not sanctioned as of 20210202 NOTE: patched function introduced in 2014/2.1.50 but affected code pre-existed NOTE: https://github.com/qemu/qemu/commit/659142ecf71a0da240ab0ff7cf929ee25c32b9bc CVE-2019-12066 RESERVED CVE-2019-12065 RESERVED CVE-2019-12064 RESERVED CVE-2019-12063 RESERVED CVE-2019-12062 RESERVED CVE-2019-12061 RESERVED CVE-2019-12060 RESERVED CVE-2019-12059 RESERVED CVE-2019-12058 RESERVED CVE-2019-12057 RESERVED CVE-2019-12056 RESERVED CVE-2019-12055 RESERVED CVE-2019-12054 RESERVED CVE-2019-12053 RESERVED CVE-2019-12052 RESERVED CVE-2019-12051 RESERVED CVE-2019-12050 RESERVED CVE-2019-12049 RESERVED CVE-2019-12048 RESERVED CVE-2019-12047 (Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module ...) NOT-FOR-US: Gridea CVE-2019-12045 RESERVED CVE-2019-12044 (A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10. ...) NOT-FOR-US: Citrix NetScaler Gateway CVE-2019-12043 (In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, wh ...) NOT-FOR-US: remarkable CVE-2019-12042 (Insecure permissions of the section object Global\PandaDevicesAgentSha ...) NOT-FOR-US: Panda products CVE-2019-12041 (lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression De ...) NOT-FOR-US: remarkable CVE-2019-12040 REJECTED CVE-2019-12039 REJECTED CVE-2019-12038 REJECTED CVE-2019-12037 REJECTED CVE-2019-12036 REJECTED CVE-2019-12035 REJECTED CVE-2019-12034 REJECTED CVE-2019-12033 REJECTED CVE-2019-12032 REJECTED CVE-2019-12031 REJECTED CVE-2019-12030 REJECTED CVE-2019-12029 REJECTED CVE-2019-12028 REJECTED CVE-2019-12027 REJECTED CVE-2019-12026 REJECTED CVE-2019-12025 REJECTED CVE-2019-12024 REJECTED CVE-2019-12023 REJECTED CVE-2019-12022 REJECTED CVE-2019-12021 REJECTED CVE-2019-12020 REJECTED CVE-2019-12019 REJECTED CVE-2019-12018 REJECTED CVE-2019-12017 (A remote code execution vulnerability exists in MapR CLDB code, specif ...) NOT-FOR-US: MapR CVE-2019-12016 REJECTED CVE-2019-12015 REJECTED CVE-2019-12014 REJECTED CVE-2019-12013 REJECTED CVE-2019-12012 REJECTED CVE-2019-12011 REJECTED CVE-2019-12010 REJECTED CVE-2019-12009 REJECTED CVE-2019-12008 REJECTED CVE-2019-12007 REJECTED CVE-2019-12006 REJECTED CVE-2019-12005 REJECTED CVE-2019-12004 REJECTED CVE-2019-12003 REJECTED CVE-2019-12002 (A remote session reuse vulnerability leading to access restriction byp ...) NOT-FOR-US: HPE CVE-2019-12001 (A remote session reuse vulnerability leading to access restriction byp ...) NOT-FOR-US: HPE CVE-2019-12000 (HPE has found a potential Remote Access Restriction Bypass in HPE MSE ...) NOT-FOR-US: HPE CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE OpenCal ...) NOT-FOR-US: HPE CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...) NOT-FOR-US: HPE Superdome Flex Server CVE-2019-11997 (A potential security vulnerability has been identified in HPE enhanced ...) NOT-FOR-US: HPE CVE-2019-11996 (Potential security vulnerabilities have been identified with HPE Nimbl ...) NOT-FOR-US: HPE CVE-2019-11995 (Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unaut ...) NOT-FOR-US: HPE UIoT CVE-2019-11994 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...) NOT-FOR-US: HPE CVE-2019-11993 (A security vulnerability has been identified in HPE SimpliVity 380 Gen ...) NOT-FOR-US: HPE CVE-2019-11992 (A security vulnerability in HPE OneView for VMware vCenter 9.5 could b ...) NOT-FOR-US: HPE OneView for VMware vCenter CVE-2019-11991 (HPE has identified a vulnerability in HPE 3PAR Service Processor (SP) ...) NOT-FOR-US: HPE 3PAR Service Processor CVE-2019-11990 (Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, ...) NOT-FOR-US: HPE IceWall CVE-2019-11989 (A security vulnerability in HPE IceWall SSO Agent Option and IceWall M ...) NOT-FOR-US: HPE IceWall CVE-2019-11988 (A Remote Unauthorized Access vulnerability was identified in HPE Smart ...) NOT-FOR-US: HPE CVE-2019-11987 (A security vulnerability in HPE Smart Update Manager (SUM) prior to v8 ...) NOT-FOR-US: HPE CVE-2019-11986 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11985 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11984 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11983 (A remote buffer overflow vulnerability was identified in HPE Integrate ...) NOT-FOR-US: HPE CVE-2019-11982 (A remote cross site scripting vulnerability was identified in HPE Inte ...) NOT-FOR-US: HPE CVE-2019-11981 REJECTED CVE-2019-11980 (A remote code exection vulnerability was identified in HPE Intelligent ...) NOT-FOR-US: HPE CVE-2019-11979 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11978 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11977 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11976 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11975 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11974 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11973 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11972 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11971 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11970 (A SQL injection code execution vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11969 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11968 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11967 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11966 (A remote privilege escalation vulnerability was identified in HPE Inte ...) NOT-FOR-US: HPE CVE-2019-11965 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11964 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11963 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11962 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11961 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11960 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11959 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11958 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11957 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11956 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11955 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11954 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11953 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11952 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11951 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11950 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11949 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11948 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11947 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11946 (A remote credential disclosure vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-11945 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11944 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11943 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11942 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11941 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-11940 (In the course of decompressing HPACK inside the HTTP2 protocol, an une ...) NOT-FOR-US: Facebook Proxygen CVE-2019-11939 (Golang Facebook Thrift servers would not error upon receiving messages ...) - thrift (bug #988948) [bullseye] - thrift (Minor issue) [buster] - thrift (Minor issue) NOTE: https://github.com/facebook/fbthrift/commit/483ed864d69f307e9e3b9dadec048216100c0757 CVE-2019-11938 (Java Facebook Thrift servers would not error upon receiving messages d ...) NOT-FOR-US: Facebook Java Thrift (Debian packages Apache Thrift) CVE-2019-11937 (In Mcrouter prior to v0.41.0, a large struct input provided to the Car ...) NOT-FOR-US: mcrouter NOTE: https://github.com/facebook/mcrouter/releases CVE-2019-11936 (Various APC functions accept keys containing null bytes as input, lead ...) - hhvm CVE-2019-11935 (Insufficient boundary checks when processing a string in mb_ereg_repla ...) - hhvm CVE-2019-11934 (Improper handling of close_notify alerts can result in an out-of-bound ...) NOT-FOR-US: Facebook folly CVE-2019-11933 (A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, a ...) NOT-FOR-US: libpl_droidsonroids_gif CVE-2019-11932 (A double free vulnerability in the DDGifSlurp function in decoding.c i ...) NOT-FOR-US: libpl_droidsonroids_gif CVE-2019-11931 (A stack-based buffer overflow could be triggered in WhatsApp by sendin ...) NOT-FOR-US: WhatsApp CVE-2019-11930 (An invalid free in mb_detect_order can cause the application to crash ...) - hhvm CVE-2019-11929 (Insufficient boundary checks when formatting numbers in number_format ...) - hhvm CVE-2019-11928 (An input validation issue in WhatsApp Desktop versions prior to v0.3.4 ...) NOT-FOR-US: WhatsApp CVE-2019-11927 (An integer overflow in WhatsApp media parsing libraries allows a remot ...) NOT-FOR-US: WhatsApp CVE-2019-11926 (Insufficient boundary checks when processing M_SOFx markers from JPEG ...) - hhvm CVE-2019-11925 (Insufficient boundary checks when processing the JPEG APP12 block mark ...) - hhvm CVE-2019-11924 (A peer could send empty handshake fragments containing only padding wh ...) NOT-FOR-US: fizz CVE-2019-11923 (In Mcrouter prior to v0.41.0, the deprecated ASCII parser would alloca ...) NOT-FOR-US: mcrouter NOTE: https://github.com/facebook/mcrouter/releases CVE-2019-11922 (A race condition in the one-pass compression functions of Zstandard pr ...) - libzstd 1.3.8+dfsg-2 [stretch] - libzstd (Vulnerable code not present) NOTE: https://github.com/facebook/zstd/commit/3e5cdf1b6a85843e991d7d10f6a2567c15580da0 CVE-2019-11921 (An out of bounds write is possible via a specially crafted packet in c ...) NOT-FOR-US: Facebook Proxygen CVE-2019-11920 RESERVED CVE-2019-11919 RESERVED CVE-2019-11918 RESERVED CVE-2019-11917 RESERVED CVE-2019-11916 RESERVED CVE-2019-11915 RESERVED CVE-2019-11914 RESERVED CVE-2019-11913 RESERVED CVE-2019-11912 RESERVED CVE-2019-11911 RESERVED CVE-2019-11910 RESERVED CVE-2019-11909 RESERVED CVE-2019-11908 RESERVED CVE-2019-11907 RESERVED CVE-2019-11906 RESERVED CVE-2019-11905 RESERVED CVE-2019-11904 RESERVED CVE-2019-11903 RESERVED CVE-2019-11902 RESERVED CVE-2019-11901 RESERVED CVE-2019-11900 RESERVED CVE-2019-11899 (An unauthenticated attacker can achieve unauthorized access to sensiti ...) NOT-FOR-US: Bosch Access Professional Edition CVE-2019-11898 (Unauthorized APE administration privileges can be achieved by reverse ...) NOT-FOR-US: Bosch Access Professional Edition CVE-2019-11897 (A Server-Side Request Forgery (SSRF) vulnerability in the backup & ...) NOT-FOR-US: proSyst CVE-2019-11896 (A potential incorrect privilege assignment vulnerability exists in the ...) NOT-FOR-US: Bosch CVE-2019-11895 (A potential improper access control vulnerability exists in the JSON-R ...) NOT-FOR-US: Bosch CVE-2019-11894 (A potential improper access control vulnerability exists in the backup ...) NOT-FOR-US: Bosch CVE-2019-11893 (A potential incorrect privilege assignment vulnerability exists in the ...) NOT-FOR-US: Bosch CVE-2019-11892 (A potential improper access control vulnerability exists in the JSON-R ...) NOT-FOR-US: Bosch CVE-2019-11891 (A potential incorrect privilege assignment vulnerability exists in the ...) NOT-FOR-US: Bosch CVE-2019-12046 (LemonLDAP::NG -2.0.3 has Incorrect Access Control. ...) {DSA-4446-1 DLA-1790-1} - lemonldap-ng 2.0.2+ds-7+deb10u1 (bug #928944) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742 CVE-2019-11890 (Sony Bravia Smart TV devices allow remote attackers to cause a denial ...) NOT-FOR-US: Sony Bravia Smart TV devices CVE-2019-11889 (Sony BRAVIA Smart TV devices allow remote attackers to cause a denial ...) NOT-FOR-US: Sony BRAVIA Smart TV devices CVE-2019-11888 (Go through 1.12.5 on Windows mishandles process creation with a nil en ...) - golang-1.12 (Only affects Go on Windows) - golang-1.11 (Only affects Go on Windows) NOTE: https://go-review.googlesource.com/c/go/+/176619 CVE-2019-11887 (SimplyBook.me through 2019-05-11 does not properly restrict File Uploa ...) NOT-FOR-US: SimplyBook.me CVE-2019-11886 (The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme ...) NOT-FOR-US: WaspThemes Visual CSS Style Editor plugin for WordPress CVE-2019-11885 (eyeDisk implements the unlock feature by sending a cleartext password. ...) NOT-FOR-US: eyeDisk CVE-2019-11884 (The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Li ...) {DSA-4465-1 DLA-1824-1 DLA-1823-1} - linux 4.19.37-4 NOTE: https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16 CVE-2019-11883 RESERVED CVE-2019-11882 RESERVED CVE-2019-11881 (A vulnerability exists in Rancher 2.1.4 in the login component, where ...) NOT-FOR-US: Rancher CVE-2019-11880 (CommSy through 8.6.5 has SQL Injection via the cid parameter. This is ...) NOT-FOR-US: CommSy CVE-2019-11879 (** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory travers ...) NOT-FOR-US: Non issue in webrick gem CVE-2019-11878 (An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.1 ...) NOT-FOR-US: XiongMai Besder IP20H1 cameras CVE-2019-11877 (XSS on the PIX-Link Repeater/Router LV-WR09 with firmware v28K.MiniRou ...) NOT-FOR-US: PIX-Link Repeater/Router LV-WR09 CVE-2019-11876 (In PrestaShop 1.7.5.2, the shop_country parameter in the install/index ...) NOT-FOR-US: PrestaShop CVE-2019-11875 (In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0. ...) NOT-FOR-US: Blue Prism Robotic Process Automation CVE-2019-11874 RESERVED CVE-2019-11873 (wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when ...) - wolfssl 4.1.0+dfsg-1 (bug #929468) CVE-2019-11872 (The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnera ...) NOT-FOR-US: Hustle (aka wordpress-popup) plugin for WordPress CVE-2019-11871 (The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for ...) NOT-FOR-US: Custom Field Suite plugin for WordPress CVE-2019-11870 (Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in t ...) - serendipity CVE-2019-11869 (The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it ...) NOT-FOR-US: WordPress plugin yuzo-related-post CVE-2019-11868 (See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or ...) NOT-FOR-US: SoftEther VPN Server CVE-2019-11867 (Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to ...) NOT-FOR-US: Realtek NDIS driver rt640x64.sys CVE-2019-11866 RESERVED CVE-2019-11865 RESERVED CVE-2019-11864 RESERVED CVE-2019-11863 RESERVED CVE-2019-11862 (The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic pr ...) NOT-FOR-US: ALEOS CVE-2019-11861 RESERVED CVE-2019-11860 RESERVED CVE-2019-11859 (A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0 ...) NOT-FOR-US: ALEOS CVE-2019-11858 (Multiple buffer overflow vulnerabilities exist in the AceManager Web A ...) NOT-FOR-US: ALEOS CVE-2019-11857 (Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 ...) NOT-FOR-US: ALEOS CVE-2019-11856 (A nonce reuse vulnerability exists in the ACEView service of ALEOS bef ...) NOT-FOR-US: ALEOS CVE-2019-11855 (An RPC server is enabled by default on the gateway's LAN of ALEOS befo ...) NOT-FOR-US: ALEOS CVE-2019-11854 RESERVED CVE-2019-11853 (Several potential command injections vulnerabilities exist in the AT c ...) NOT-FOR-US: ALEOS CVE-2019-11852 (An out-of-bounds reads vulnerability exists in the ACEView Service of ...) NOT-FOR-US: ALEOS CVE-2019-11851 RESERVED CVE-2019-11850 (A stack overflow vulnerabiltity exist in the AT command interface of A ...) NOT-FOR-US: ALEOS CVE-2019-11849 (A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS ...) NOT-FOR-US: ALEOS CVE-2019-11848 (An API abuse vulnerability exists in the AT command API of ALEOS befor ...) NOT-FOR-US: ALEOS CVE-2019-11847 (An improper privilege management vulnerabitlity exists in ALEOS before ...) NOT-FOR-US: ALEOS CVE-2019-11846 (/servlets/ajax_file_upload?fieldName=binary3 in dotCMS 5.1.1 allows XS ...) NOT-FOR-US: dotCMS CVE-2019-11845 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...) NOT-FOR-US: RICOH CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH SP 45 ...) NOT-FOR-US: RICOH CVE-2019-11843 (The MailPoet plugin before 3.23.2 for WordPress allows remote attacker ...) NOT-FOR-US: MailPoet plugin for WordPress CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...) {DLA-2402-1 DLA-1920-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442 NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text") NOTE: but not the first ("ignores the value of [the Hash] header"), as hinted at reporter's 2019-05-09 note: NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200. CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...) {DLA-2527-1 DLA-2454-1 DLA-2442-1 DLA-2402-1 DLA-1840-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 NOTE: https://github.com/golang/go/issues/30965 NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d NOTE: https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ CVE-2019-11839 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...) NOT-FOR-US: njs CVE-2019-11838 (njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in ...) NOT-FOR-US: njs CVE-2019-11837 (njs through 0.3.1, used in NGINX, has a segmentation fault in String.p ...) NOT-FOR-US: njs CVE-2019-11836 (The Rediffmail (aka com.rediff.mail.and) application 2.2.6 for Android ...) NOT-FOR-US: Rediffmail CVE-2019-11842 (An issue was discovered in Matrix Sydent before 1.0.3 and Synapse befo ...) - matrix-synapse 0.99.2-5 NOTE: https://matrix.org/blog/2019/05/03/security-updates-sydent-1-0-3-synapse-0-99-3-1-and-riot-android-0-9-0-0-8-99-0-8-28-a/ CVE-2019-11835 (cJSON before 1.7.11 allows out-of-bounds access, related to multiline ...) - cjson 1.7.10-1.1 (bug #928726) NOTE: https://github.com/DaveGamble/cJSON/issues/338 CVE-2019-11834 (cJSON before 1.7.11 allows out-of-bounds access, related to \x00 in a ...) - cjson 1.7.10-1.1 (bug #928726) NOTE: https://github.com/DaveGamble/cJSON/issues/337 CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out ...) {DSA-4465-1 DLA-1824-1 DLA-1823-1} - linux 4.19.37-4 NOTE: Fixed by: https://git.kernel.org/linus/592acbf16821288ecdc4192c47e3774a4c48bb64 CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...) NOT-FOR-US: TYPO3 CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...) {DSA-4445-1 DLA-1797-1} - drupal7 (bug #928688) NOTE: https://www.drupal.org/SA-CORE-2019-007 CVE-2019-11830 (PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrap ...) NOT-FOR-US: phar-stream-wrapper CVE-2019-11829 (OS command injection vulnerability in drivers_syno_import_user.php in ...) NOT-FOR-US: Synology CVE-2019-11828 (Cross-site scripting (XSS) vulnerability in Chart in Synology Office b ...) NOT-FOR-US: Synology CVE-2019-11827 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Shard in ...) NOT-FOR-US: Synology CVE-2019-11826 (Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in ...) NOT-FOR-US: Synology CVE-2019-11825 (Cross-site scripting (XSS) vulnerability in Event Editor in Synology C ...) NOT-FOR-US: Synology CVE-2019-11824 RESERVED CVE-2019-11823 (CRLF injection vulnerability in Network Center in Synology Router Mana ...) NOT-FOR-US: Synology CVE-2019-11822 (Relative path traversal vulnerability in SYNO.PhotoStation.File in Syn ...) NOT-FOR-US: Synology CVE-2019-11821 (SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Pho ...) NOT-FOR-US: Synology CVE-2019-11820 (Information exposure through process environment vulnerability in Syno ...) NOT-FOR-US: Synology Calendar CVE-2019-11819 (Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro ...) NOT-FOR-US: Alkacon OpenCMS CVE-2019-11818 (Alkacon OpenCMS v10.5.4 and before is affected by stored cross site sc ...) NOT-FOR-US: Alkacon OpenCMS CVE-2019-11817 RESERVED CVE-2019-11816 (Incorrect access control in the WebUI in OPNsense before version 19.1. ...) NOT-FOR-US: OPNsense CVE-2019-11814 (An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.1 ...) NOT-FOR-US: MISP CVE-2019-11813 (An issue was discovered in app/View/Elements/Events/View/value_field.c ...) NOT-FOR-US: MISP CVE-2019-11812 (A persistent XSS issue was discovered in app/View/Helper/CommandHelper ...) NOT-FOR-US: MISP CVE-2019-11815 (An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the L ...) {DSA-4465-1 DLA-1824-1} - linux 4.19.37-1 (bug #928989) [jessie] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/cb66ddd156203daefb8d71158036b27b0e2caf63 CVE-2019-11811 (An issue was discovered in the Linux kernel before 5.0.4. There is a u ...) - linux 4.19.37-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/401e7e88d4ef80188ffa07095ac00456f901b8c4 CVE-2019-11810 (An issue was discovered in the Linux kernel before 5.0.7. A NULL point ...) {DLA-1823-1} - linux 4.19.37-1 [stretch] - linux 4.9.168-1 NOTE: Fixed by: https://git.kernel.org/linus/bcf3b67d16a4c8ffae0aa79de5853435e683945c CVE-2019-11809 (An issue was discovered in Joomla! before 3.9.6. The debug views of co ...) NOT-FOR-US: Joomla! CVE-2019-11808 (Ratpack versions before 1.6.1 generate a session ID using a cryptograp ...) NOT-FOR-US: Ratpack CVE-2019-11807 (The WooCommerce Checkout Manager plugin before 4.3 for WordPress allow ...) NOT-FOR-US: WooCommerce Checkout Manager plugin for WordPress CVE-2019-11806 (OX App Suite 7.10.1 and earlier has Insecure Permissions. ...) NOT-FOR-US: OX App Suite CVE-2019-11805 RESERVED CVE-2019-11804 RESERVED CVE-2019-11803 RESERVED CVE-2019-11802 RESERVED CVE-2019-11801 RESERVED CVE-2019-11800 RESERVED CVE-2019-11799 RESERVED CVE-2019-11798 RESERVED CVE-2019-11797 RESERVED CVE-2019-11796 RESERVED CVE-2019-11795 RESERVED CVE-2019-11794 RESERVED CVE-2019-11793 RESERVED CVE-2019-11792 RESERVED CVE-2019-11791 RESERVED CVE-2019-11790 RESERVED CVE-2019-11789 RESERVED CVE-2019-11788 RESERVED CVE-2019-11787 RESERVED CVE-2019-11786 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/63711 CVE-2019-11785 (Improper access control in mail module (followers) in Odoo Community 1 ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/63710 CVE-2019-11784 (Improper access control in mail module (notifications) in Odoo Communi ...) - odoo 14.0.0+dfsg.2-1 NOTE: https://github.com/odoo/odoo/issues/63709 CVE-2019-11783 (Improper access control in mail module (channel partners) in Odoo Comm ...) - odoo 14.0.0+dfsg.2-1 NOTE: https://github.com/odoo/odoo/issues/63708 CVE-2019-11782 (Improper access control in Odoo Community 14.0 and earlier and Odoo En ...) - odoo 14.0.0+dfsg.2-1 NOTE: https://github.com/odoo/odoo/issues/63707 CVE-2019-11781 (Improper input validation in portal component in Odoo Community 12.0 a ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/63706 CVE-2019-11780 (Improper access control in the computed fields system of the framework ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/42196 CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...) {DSA-4570-1 DLA-1972-1} - mosquitto 1.6.6-1 (bug #940654) [stretch] - mosquitto (Vulnerable code introduced later) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160 NOTE: https://github.com/eclipse/mosquitto/issues/1412 NOTE: Introduced by: https://github.com/eclipse/mosquitto/commit/883af8af5379092097c6552a7a4a8c52409d2566 (v1.5) NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/106675093177335b18521bc0e5ad1d95343ad652 (1.6.6) NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/84681d9728ceb7f6ea2b6751b4d87200d8a62f14 (1.5.9) NOTE: https://mosquitto.org/blog/2019/09/version-1-6-6-released/ NOTE: The issue manifests in versions 1.5.0 and onwards only, because some structs NOTE: increased in size enough to cause the stack overflow vulnerability for excessive NOTE: topic hierarchies. In earlier versions, the maximum possible hierarchy depth of NOTE: 65535 wouldn't cause a stack overflow. CVE-2019-11778 (If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1 ...) - mosquitto 1.6.6-1 [buster] - mosquitto (Session expiry interval support introduced in 1.6) [stretch] - mosquitto (Session expiry interval support introduced in 1.6) [jessie] - mosquitto (Session expiry interval support introduced in 1.6) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=551162 NOTE: https://github.com/eclipse/mosquitto/issues/1401 NOTE: https://github.com/eclipse/mosquitto/commit/8407c6d146d1e8299127737d9735afc782e04ea8 NOTE: https://github.com/eclipse/mosquitto/commit/6f3e7b9ceb43e2626a32340c26b69ac8ae5e9c8c NOTE: https://mosquitto.org/blog/2019/09/version-1-6-6-released/ CVE-2019-11777 (In the Eclipse Paho Java client library version 1.2.0, when connecting ...) NOT-FOR-US: Eclipse Paho Java client CVE-2019-11776 (In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflecte ...) NOT-FOR-US: Eclipse BIRT CVE-2019-11775 (All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loo ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2019-11774 (Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop v ...) NOT-FOR-US: Eclipe OMR CVE-2019-11773 (Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which ma ...) NOT-FOR-US: Eclipe OMR CVE-2019-11772 (In Eclipse OpenJ9 prior to 0.15, the String.getBytes(int, int, byte[], ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2019-11771 (AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files indicate ...) NOT-FOR-US: Eclipse Buildship CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the product ...) NOT-FOR-US: TeamViewer CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability ...) - phpmyadmin 4:4.9.1+dfsg1-2 (bug #930048) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 [jessie] - phpmyadmin (vulnerable code is not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86 NOTE: Code in earlier versions in js/pmd/move.js. CVE-2019-11767 (Server side request forgery (SSRF) in phpBB before 3.2.6 allows checki ...) - phpbb3 [jessie] - phpbb3 (Minor issue, solution/workaround is to disable the remote avatar function) NOTE: https://www.phpbb.com/community/viewtopic.php?f=14&t=2509941 CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over ...) - dhcpcd5 7.1.0-2 (bug #928440) [stretch] - dhcpcd5 (Minor issue) [jessie] - dhcpcd5 (Vulnerable code not present; D6_OPTION_PD_EXCLUDE support added later) NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b CVE-2019-11765 (A compromised content process could send a message to the parent proce ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765 CVE-2019-11764 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764 CVE-2019-11763 (Failure to correctly handle null bytes when processing HTML entities r ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763 CVE-2019-11762 (If two same-origin documents set document.domain differently to become ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762 CVE-2019-11761 (By using a form with a data URI it was possible to gain access to the ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761 CVE-2019-11760 (A fixed-size stack buffer could overflow in nrappkit when doing WebRTC ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760 CVE-2019-11759 (An attacker could have caused 4 bytes of HMAC output to be written pas ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11759 CVE-2019-11758 (Mozilla community member Philipp reported a memory safety bug present ...) - firefox-esr (Only an issue in combination with 360 Total Security) - thunderbird (Only an issue in combination with 360 Total Security) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758 CVE-2019-11757 (When following the value's prototype chain, it was possible to retain ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 - thunderbird 1:68.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757 CVE-2019-11756 (Improper refcounting of soft token session objects could cause a use-a ...) - firefox 71.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756 CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...) {DSA-4571-1 DLA-1997-1} [experimental] - thunderbird 1:68.1.1-1~exp1 - thunderbird 1:68.2.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-32/#CVE-2019-11755 CVE-2019-11754 (When the pointer lock is enabled by a website though requestPointerLoc ...) - firefox 69.0.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-31/#CVE-2019-11754 CVE-2019-11753 (The Firefox installer allows Firefox to be installed to a custom user ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11753 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11753 CVE-2019-11752 (It is possible to delete an IndexedDB key value and subsequently try t ...) {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 - thunderbird 1:60.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11752 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11742 CVE-2019-11751 (Logging-related command line parameters are not properly sanitized whe ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11751 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11751 CVE-2019-11750 (A type confusion vulnerability exists in Spidermonkey, which results i ...) - firefox 69.0-1 - firefox-esr 68.1.0esr-1 [buster] - firefox-esr (Doesn't affect ESR60) [stretch] - firefox-esr (Doesn't affect ESR60) [jessie] - firefox-esr (Doesn't affect ESR60) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11750 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11750 CVE-2019-11749 (A vulnerability exists in WebRTC where malicious web content can use p ...) - firefox 69.0-1 - firefox-esr 68.1.0esr-1 [buster] - firefox-esr (Doesn't affect ESR60) [stretch] - firefox-esr (Doesn't affect ESR60) [jessie] - firefox-esr (Doesn't affect ESR60) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11749 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11749 CVE-2019-11748 (WebRTC in Firefox will honor persisted permissions given to sites for ...) - firefox 69.0-1 - firefox-esr 68.1.0esr-1 [buster] - firefox-esr (Doesn't affect ESR60) [stretch] - firefox-esr (Doesn't affect ESR60) [jessie] - firefox-esr (Doesn't affect ESR60) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11748 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11748 CVE-2019-11747 (The "Forget about this site" feature in the History pane is intended t ...) - firefox 69.0-1 - firefox-esr 68.1.0esr-1 [buster] - firefox-esr (Doesn't affect ESR60) [stretch] - firefox-esr (Doesn't affect ESR60) [jessie] - firefox-esr (Doesn't affect ESR60) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11747 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11747 CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating video elem ...) {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 - thunderbird 1:60.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746 CVE-2019-11745 (When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...) {DSA-4579-1 DLA-2388-1 DLA-2008-1} - nss 2:3.47.1-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public) NOTE: https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda NOTE: Fixed in 3.44.3 and 3.47.1 upstream. CVE-2019-11744 (Some HTML elements, such as &lt;title&gt; and &lt;textarea ...) {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 - thunderbird 1:60.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11744 CVE-2019-11743 (Navigation events were not fully adhering to the W3C's "Navigation-Tim ...) {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 - thunderbird 1:60.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11743 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743 CVE-2019-11742 (A same-origin policy violation occurs allowing the theft of cross-orig ...) {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 - thunderbird 1:60.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11742 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11742 CVE-2019-11741 (A compromised sandboxed content process can perform a Universal Cross- ...) - firefox 69.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11741 CVE-2019-11740 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4523-1 DSA-4516-1 DLA-1926-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 - thunderbird 1:60.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11740 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11740 CVE-2019-11739 (Encrypted S/MIME parts in a crafted multipart/alternative message can ...) {DSA-4523-1 DLA-1926-1} - thunderbird 1:60.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11739 CVE-2019-11738 (If a Content Security Policy (CSP) directive is defined that uses a ha ...) - firefox 69.0-1 - firefox-esr 68.1.0esr-1 [buster] - firefox-esr (Doesn't affect ESR60) [stretch] - firefox-esr (Doesn't affect ESR60) [jessie] - firefox-esr (Doesn't affect ESR60) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11738 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11738 CVE-2019-11737 (If a wildcard ('*') is specified for the host in Content Security Poli ...) - firefox 69.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11737 CVE-2019-11736 (The Mozilla Maintenance Service does not guard against files being har ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11736 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11736 CVE-2019-11735 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 69.0-1 - firefox-esr 68.1.0esr-1 [buster] - firefox-esr (Doesn't affect ESR60) [stretch] - firefox-esr (Doesn't affect ESR60) [jessie] - firefox-esr (Doesn't affect ESR60) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11735 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11735 CVE-2019-11734 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 69.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-11734 CVE-2019-11733 (When a master password is set, it is required to be entered again befo ...) - firefox 68.0.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733 CVE-2019-11732 RESERVED CVE-2019-11731 RESERVED CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved HTML file ...) {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1} - firefox 68.0-1 - firefox-esr 60.8.0esr-1 - thunderbird 1:60.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11730 CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...) {DLA-2388-1 DLA-1857-1} - firefox 68.0-1 (unimportant) - firefox-esr 60.8.0esr-1 (unimportant) [buster] - firefox-esr 60.8.0esr-1~deb10u1 [stretch] - firefox-esr 60.8.0esr-1~deb9u1 - thunderbird 1:60.8.0-1 (unimportant) [buster] - thunderbird 1:60.8.0-1~deb10u1 [stretch] - thunderbird 1:60.8.0-1~deb9u1 - nss 2:3.45-1 [buster] - nss 2:3.42.1-1+deb10u1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11729 NOTE: https://hg.mozilla.org/projects/nss/rev/dabfe1160c682b4d1d19c5a7a13ab3828bb9d37f NOTE: https://hg.mozilla.org/projects/nss/rev/ebc93d6daeaa9001d31fd18b5199779da99ae9aa NOTE: firefox-esr in older suites than buster use the embedded copy and thus issue NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others an update to NOTE: src:nss is needed as firefox-esr uses the system library. CVE-2019-11728 (The HTTP Alternative Services header, Alt-Svc, can be used by a malici ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11728 CVE-2019-11727 (A vulnerability exists where it possible to force Network Security Ser ...) - firefox 68.0-1 (unimportant) - nss 2:3.45-1 [buster] - nss 2:3.42.1-1+deb10u1 [stretch] - nss (Issue is specific to TLS 1.3 and support was not really complete in 3.26; code has diverged significantly since and applying the fix would be very disruptive) [jessie] - nss (Issue is specific to TLS 1.3 and support was not really complete in 3.26; code has diverged significantly since and applying the fix would be very disruptive) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727 NOTE: https://hg.mozilla.org/projects/nss/rev/0a4e8b72a92e144663c2f35d3836f7828cfc97f2 NOTE: firefox-esr in older suites than buster use the embedded copy and thus issue NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others an update to NOTE: src:nss is needed as firefox-esr uses the system library. CVE-2019-11726 RESERVED CVE-2019-11725 (When a user navigates to site marked as unsafe by the Safebrowsing API ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11725 CVE-2019-11724 (Application permissions give additional remote troubleshooting permiss ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11724 CVE-2019-11723 (A vulnerability exists during the installation of add-ons where the in ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11723 CVE-2019-11722 REJECTED CVE-2019-11721 (The unicode latin 'kra' character can be used to spoof a standard 'k' ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11721 CVE-2019-11720 (Some unicode characters are incorrectly treated as whitespace during t ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720 CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with leading 0 ...) {DLA-2388-1 DLA-1857-1} - firefox 68.0-1 (unimportant) - firefox-esr 60.8.0esr-1 (unimportant) [buster] - firefox-esr 60.8.0esr-1~deb10u1 [stretch] - firefox-esr 60.8.0esr-1~deb9u1 - thunderbird 1:60.8.0-1 (unimportant) [buster] - thunderbird 1:60.8.0-1~deb10u1 [stretch] - thunderbird 1:60.8.0-1~deb9u1 - nss 2:3.45-1 [buster] - nss 2:3.42.1-1+deb10u1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11719 NOTE: https://hg.mozilla.org/projects/nss/rev/6cfb54d262d030783137aa6478b45ecb3cbfc624 NOTE: firefox-esr in older suites than buster use the embedded copy and thus issue NOTE: is just fixed by updating firefox-esr to 60.8.0. For the others an update to NOTE: src:nss is needed as firefox-esr uses the system library. CVE-2019-11718 (Activity Stream can display content from sent from the Snippet Service ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11718 CVE-2019-11717 (A vulnerability exists where the caret ("^") character is improperly e ...) {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1} - firefox 68.0-1 - firefox-esr 60.8.0esr-1 - thunderbird 1:60.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11717 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11717 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11717 CVE-2019-11716 (Until explicitly accessed by script, window.globalThis is not enumerab ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11716 CVE-2019-11715 (Due to an error while parsing page content, it is possible for properl ...) {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1} - firefox 68.0-1 - firefox-esr 60.8.0esr-1 - thunderbird 1:60.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11715 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11715 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11715 CVE-2019-11714 (Necko can access a child on the wrong thread during UDP connections, r ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11714 CVE-2019-11713 (A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/ ...) {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1} - firefox 68.0-1 - firefox-esr 60.8.0esr-1 - thunderbird 1:60.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11713 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11713 CVE-2019-11712 (POST requests made by NPAPI plugins, such as Flash, that receive a sta ...) {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1} - firefox 68.0-1 - firefox-esr 60.8.0esr-1 - thunderbird 1:60.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11712 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11712 CVE-2019-11711 (When an inner window is reused, it does not consider the use of docume ...) {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1} - firefox 68.0-1 - firefox-esr 60.8.0esr-1 - thunderbird 1:60.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11711 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11711 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11711 CVE-2019-11710 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 68.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11710 CVE-2019-11709 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1} - firefox 68.0-1 - firefox-esr 60.8.0esr-1 - thunderbird 1:60.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11709 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11709 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11709 CVE-2019-11708 (Insufficient vetting of parameters passed with the Prompt:Open IPC mes ...) {DSA-4474-1 DSA-4471-1 DLA-1836-1} - firefox 67.0.4-1 - firefox-esr 60.7.2esr-1 - thunderbird 1:60.7.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11708 CVE-2019-11707 (A type confusion vulnerability can occur when manipulating JavaScript ...) {DSA-4471-1 DSA-4466-1 DLA-1836-1 DLA-1829-1} - firefox 67.0.3-1 - firefox-esr 60.7.1esr-1 - thunderbird 1:60.7.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/#CVE-2019-11707 CVE-2019-11706 (A flaw in Thunderbird's implementation of iCal causes a type confusion ...) {DSA-4464-1 DLA-1820-1} - thunderbird 1:60.7.1-1 NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/4 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1555646 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11706 CVE-2019-11705 (A flaw in Thunderbird's implementation of iCal causes a stack buffer o ...) {DSA-4464-1 DLA-1820-1} - thunderbird 1:60.7.1-1 NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/3 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553808 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11705 CVE-2019-11704 (A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ...) {DSA-4464-1 DLA-1820-1} - thunderbird 1:60.7.1-1 NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11704 CVE-2019-11703 (A flaw in Thunderbird's implementation of iCal causes a heap buffer ov ...) {DSA-4464-1 DLA-1820-1} - thunderbird 1:60.7.1-1 NOTE: https://www.openwall.com/lists/oss-security/2019/06/13/2 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1553820 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-17/#CVE-2019-11703 CVE-2019-11702 (A hyperlink using protocols associated with Internet Explorer, such as ...) - firefox (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-16/#CVE-2019-11702 CVE-2019-11701 (The default webcal: protocol handler will load a web site vulnerable t ...) [experimental] - firefox 67.0-1 - firefox 67.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11701 CVE-2019-11700 (A hyperlink using the res: protocol can be used to open local files at ...) - firefox (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11700 CVE-2019-11699 (A malicious page can briefly cause the wrong name to be highlighted as ...) [experimental] - firefox 67.0-1 - firefox 67.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11699 CVE-2019-11698 (If a crafted hyperlink is dragged and dropped to the bookmark bar or s ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11698 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11698 CVE-2019-11697 (If the ALT and "a" keys are pressed when users receive an extension in ...) [experimental] - firefox 67.0-1 - firefox 67.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11697 CVE-2019-11696 (Files with the .JNLP extension used for "Java web start" applications ...) [experimental] - firefox 67.0-1 - firefox 67.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11696 CVE-2019-11695 (A custom cursor defined by scripting on a site can position itself ove ...) [experimental] - firefox 67.0-1 - firefox 67.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11695 CVE-2019-11694 (A vulnerability exists in the Windows sandbox where an uninitialized v ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11694 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11694 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11694 CVE-2019-11693 (The bufferdata function in WebGL is vulnerable to a buffer overflow wi ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11693 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11693 CVE-2019-11692 (A use-after-free vulnerability can occur when listeners are removed fr ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11692 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11692 CVE-2019-11691 (A use-after-free vulnerability can occur when working with XMLHttpRequ ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-11691 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-11691 CVE-2019-11690 (gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 la ...) - u-boot 2019.01+dfsg-6 (low; bug #928557) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://patchwork.ozlabs.org/patch/1092945 CVE-2019-11689 (An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. Whe ...) NOT-FOR-US: ASUSTOR CVE-2019-11688 (An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. Whe ...) NOT-FOR-US: ASUSTOR CVE-2019-11687 (An issue was discovered in the DICOM Part 10 File Format in the NEMA D ...) NOT-FOR-US: DICOM CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnera ...) NOT-FOR-US: Western Digital CVE-2019-11685 RESERVED CVE-2019-11684 (Improper Access Control in the RCP+ server of the Bosch Video Recordin ...) NOT-FOR-US: Bosch CVE-2019-11683 (udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel ...) - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/4dd2b82d5adfbe0b1587ccad7a8f76d826120f37 CVE-2019-11682 (A buffer overflow in the SMTP response service in MailCarrier 2.51 all ...) NOT-FOR-US: MailCarrier CVE-2019-11681 RESERVED CVE-2019-11680 (KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a ...) NOT-FOR-US: KonaKart CVE-2019-11679 RESERVED CVE-2019-11678 (The "default reports" feature in Zoho ManageEngine Firewall Analyzer b ...) NOT-FOR-US: Zoho ManageEngine Firewall Analyzer CVE-2019-11677 (The Custom Report import function in Zoho ManageEngine Firewall Analyz ...) NOT-FOR-US: Zoho ManageEngine Firewall Analyzer CVE-2019-11676 (The user defined DNS name in Zoho ManageEngine Firewall Analyzer befor ...) NOT-FOR-US: Zoho ManageEngine Firewall Analyzer CVE-2019-11674 (Man-in-the-middle vulnerability in Micro Focus Self Service Password R ...) NOT-FOR-US: Micro Focus CVE-2019-11673 RESERVED CVE-2019-11672 RESERVED CVE-2019-11671 RESERVED CVE-2019-11670 RESERVED CVE-2019-11669 (Modifiable read only check box In Micro Focus Service Manager, version ...) NOT-FOR-US: Micro Focus CVE-2019-11668 (HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, ...) NOT-FOR-US: Micro Focus CVE-2019-11667 (Unauthorized access to contact information in Micro Focus Service Mana ...) NOT-FOR-US: Micro Focus CVE-2019-11666 (Insecure deserialization of untrusted data in Micro Focus Service Mana ...) NOT-FOR-US: Micro Focus CVE-2019-11665 (Data exposure in Micro Focus Service Manager product versions 9.30, 9. ...) NOT-FOR-US: Micro Focus CVE-2019-11664 (Clear text password in browser in Micro Focus Service Manager product ...) NOT-FOR-US: Micro Focus CVE-2019-11663 (Clear text credentials are used to access managers app in Tomcat in Mi ...) NOT-FOR-US: Micro Focus CVE-2019-11662 (Class and method names in error message in Micro Focus Service Manager ...) NOT-FOR-US: Micro Focus CVE-2019-11661 (Allow changes to some table by non-SysAdmin in Micro Focus Service Man ...) NOT-FOR-US: Micro Focus CVE-2019-11660 (Privileges manipulation in Micro Focus Data Protector, versions 10.00, ...) NOT-FOR-US: Micro Focus CVE-2019-11659 RESERVED CVE-2019-11658 (Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 ...) NOT-FOR-US: Micro Focus CVE-2019-11657 (Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight L ...) NOT-FOR-US: Micro Focus CVE-2019-11656 (Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versi ...) NOT-FOR-US: Micro Focus CVE-2019-11655 (Unrestricted file upload vulnerability in Micro Focus ArcSight Logger, ...) NOT-FOR-US: Micro Focus CVE-2019-11654 (Path traversal vulnerability in Micro Focus Verastream Host Integrator ...) NOT-FOR-US: Micro Focus CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...) NOT-FOR-US: Micro Focus CVE-2019-11652 (A potential authorization bypass issue was found in Micro Focus Self S ...) NOT-FOR-US: Micro Focus CVE-2019-11651 (Reflected XSS on Micro Focus Enterprise Developer and Enterprise Serve ...) NOT-FOR-US: Micro Focus CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ Advance ...) NOT-FOR-US: NetIQ Advanced Authentication Framework CVE-2019-11649 (Cross-Site Scripting vulnerability in Micro Focus Fortify Software Sec ...) NOT-FOR-US: Micro Focus Fortify software security center server CVE-2019-11648 (An information leakage exists in Micro Focus NetIQ Self Service Passwo ...) NOT-FOR-US: Micro Focus NetIQ CVE-2019-11647 (A potential XSS exists in Self Service Password Reset, in Micro Focus ...) NOT-FOR-US: Micro Focus NetIQ CVE-2019-11646 (Remote unauthorized command execution and unauthorized disclosure of i ...) NOT-FOR-US: Micro Focus Service Manager CVE-2019-11645 RESERVED CVE-2019-11675 (The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ...) - groonga 9.0.1-2 (bug #928304) [buster] - groonga 9.0.0-1+deb10u1 [stretch] - groonga 6.1.5-1+deb9u1 CVE-2019-11644 (In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F- ...) NOT-FOR-US: F-Secure CVE-2019-11643 (Persistent XSS has been found in the OneShield Policy (Dragon Core) fr ...) NOT-FOR-US: OneShield Policy (Dragon Core) framework CVE-2019-11642 (A log poisoning vulnerability has been discovered in the OneShield Pol ...) NOT-FOR-US: OneShield Policy (Dragon Core) framework CVE-2019-11641 (Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerpri ...) NOT-FOR-US: Anomali Agave CVE-2019-11640 (An issue was discovered in GNU recutils 1.8. There is a heap-based buf ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-11639 (An issue was discovered in GNU recutils 1.8. There is a stack-based bu ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-11638 (An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-11637 (An issue was discovered in GNU recutils 1.8. There is a NULL pointer d ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-11636 (Zcash 2.x allows an inexpensive approach to "fill all transactions of ...) - zcash (bug #842388) CVE-2019-11635 RESERVED CVE-2019-11634 (Citrix Workspace App before 1904 for Windows has Incorrect Access Cont ...) NOT-FOR-US: Citrix Workspace App CVE-2019-11633 (HoneyPress through 2016-09-27 can be fingerprinted by attackers becaus ...) NOT-FOR-US: HoneyPress CVE-2019-11632 (In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019. ...) NOT-FOR-US: Octopus Deploy CVE-2019-11631 REJECTED CVE-2019-11630 RESERVED CVE-2019-11629 (Sonatype Nexus Repository Manager 2.x before 2.14.13 allows XSS. ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2019-11628 (An issue was discovered in QlikView Server before 11.20 SR19, 12.00 an ...) NOT-FOR-US: Qlik products CVE-2019-11626 (routers/ajaxRouter.php in doorGets 7.0 has a web site physical path le ...) NOT-FOR-US: doorGets CVE-2019-11625 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...) NOT-FOR-US: doorGets CVE-2019-11624 (doorGets 7.0 has an arbitrary file deletion vulnerability in /doorgets ...) NOT-FOR-US: doorGets CVE-2019-11623 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...) NOT-FOR-US: doorGets CVE-2019-11622 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...) NOT-FOR-US: doorGets CVE-2019-11621 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...) NOT-FOR-US: doorGets CVE-2019-11620 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...) NOT-FOR-US: doorGets CVE-2019-11619 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/reques ...) NOT-FOR-US: doorGets CVE-2019-11618 (doorGets 7.0 has a default administrator credential vulnerability. A r ...) NOT-FOR-US: doorGets CVE-2019-11617 (doorGets 7.0 has a CSRF vulnerability in /doorgets/app/requests/user/c ...) NOT-FOR-US: doorGets CVE-2019-11616 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...) NOT-FOR-US: doorGets CVE-2019-11615 (/fileman/php/upload.php in doorGets 7.0 has an arbitrary file upload v ...) NOT-FOR-US: doorGets CVE-2019-11614 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ ...) NOT-FOR-US: doorGets CVE-2019-11613 (doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ ...) NOT-FOR-US: doorGets CVE-2019-11612 (doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/ ...) NOT-FOR-US: doorGets CVE-2019-11611 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...) NOT-FOR-US: doorGets CVE-2019-11610 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...) NOT-FOR-US: doorGets CVE-2019-11609 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...) NOT-FOR-US: doorGets CVE-2019-11608 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...) NOT-FOR-US: doorGets CVE-2019-11607 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...) NOT-FOR-US: doorGets CVE-2019-11606 (doorGets 7.0 has a sensitive information disclosure vulnerability in / ...) NOT-FOR-US: doorGets CVE-2019-11605 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab 11.8.10+dfsg-1 NOTE: https://about.gitlab.com/2019/04/30/security-release-gitlab-11-dot-10-dot-3-released/ CVE-2019-11604 (An issue was discovered in Quest KACE Systems Management Appliance bef ...) NOT-FOR-US: Quest KACE Systems Management Appliance CVE-2019-11603 (A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 ...) NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software CVE-2019-11602 (Leakage of stack traces in remote access to backup & restore in ea ...) NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software CVE-2019-11601 (A directory traversal vulnerability in remote access to backup & r ...) NOT-FOR-US: ProSyst mBS SDK and Bosch IoT Gateway Software CVE-2019-11600 (A SQL injection vulnerability in the activities API in OpenProject bef ...) NOT-FOR-US: OpenProject CVE-2019-11627 (gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an un ...) {DLA-1773-1} - signing-party 2.10-1 (bug #928256) [stretch] - signing-party 2.5-1+deb9u1 NOTE: https://salsa.debian.org/signing-party-team/signing-party/commit/cd69b6c0426a6160ef3de03fce9c7f112166d5a8 CVE-2019-11599 (The coredump implementation in the Linux kernel before 5.0.10 does not ...) {DSA-4465-1 DLA-1824-1 DLA-1799-1} - linux 4.19.37-1 NOTE: https://marc.info/?l=linux-mm&m=155355419911404&w=2 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1790 CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in ...) {DSA-4712-1 DLA-2366-1 DLA-1785-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #928206) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e2a21735e3a3f3930bd431585ec36334c4c2eb77 NOTE: patch introduces new (potentially security relevant) bugs, see: NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540#issuecomment-491504100 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dd8efbac0b7fa9dd2da527ea3f629f39bf1c02cb CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...) {DSA-4712-1 DLA-2333-1 DLA-1785-1} - imagemagick 8:6.9.11.24+dfsg-1 (bug #928207) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c979b348d64a25a04f12ea7fe7888b2b23f230a7 NOTE: fix appears to be insufficient: https://github.com/ImageMagick/ImageMagick/issues/1560 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/3c53413eb544cc567309b4c86485eae43e956112 NOTE: The followup-fix got assigned CVE-2019-15141 (which is only applicable if incomplete NOTE: fix is applied). Make sure to fix issue completely when addressing this issue. CVE-2019-11596 (In memcached before 1.5.14, a NULL pointer dereference was found in th ...) - memcached 1.5.6-1.1 (bug #928205) [stretch] - memcached (Vulnerable code introduced later) [jessie] - memcached (Vulnerable code introduced later) NOTE: https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02 NOTE: https://github.com/memcached/memcached/issues/474 CVE-2019-11595 (In uBlock before 0.9.5.15, the $rewrite filter option allows filter-li ...) NOT-FOR-US: uBlock CVE-2019-11594 (In AdBlock before 3.45.0, the $rewrite filter option allows filter-lis ...) NOT-FOR-US: AdBlock CVE-2019-11593 (In Adblock Plus before 3.5.2, the $rewrite filter option allows filter ...) NOT-FOR-US: AdBlock Plus CVE-2019-11592 (WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews ...) NOT-FOR-US: WeBid Auction Script CVE-2019-11589 (The ChangeSharedFilterOwner resource in Jira before version 7.13.6, fr ...) NOT-FOR-US: Atlassian Jira CVE-2019-11588 (The ViewSystemInfo class doGarbageCollection method in Jira before ver ...) NOT-FOR-US: Atlassian Jira CVE-2019-11587 (Various exposed resources of the ViewLogging class in Jira before vers ...) NOT-FOR-US: Atlassian Jira CVE-2019-11586 (The AddResolution.jspa resource in Jira before version 7.13.6, from ve ...) NOT-FOR-US: Atlassian Jira CVE-2019-11585 (The startup.jsp resource in Jira before version 7.13.6, from version 8 ...) NOT-FOR-US: Atlassian Jira CVE-2019-11584 (The MigratePriorityScheme resource in Jira before version 8.3.2 allows ...) NOT-FOR-US: Atlassian Jira CVE-2019-11583 (The issue searching component in Jira before version 8.1.0 allows remo ...) NOT-FOR-US: issue searching component in Jira CVE-2019-11582 (An argument injection vulnerability in Atlassian Sourcetree for Window ...) NOT-FOR-US: Atlassian Sourcetree CVE-2019-11581 (There was a server-side template injection vulnerability in Jira Serve ...) NOT-FOR-US: Atlassian Jira CVE-2019-11580 (Atlassian Crowd and Crowd Data Center had the pdkinstall development p ...) NOT-FOR-US: Atlassian Crowd and Crowd Data Center CVE-2019-11591 (The WebDorado Contact Form plugin before 1.13.5 for WordPress allows C ...) NOT-FOR-US: WordPress plugin contact-form-maker CVE-2019-11590 (The 10Web Form Maker plugin before 1.13.5 for WordPress allows CSRF vi ...) NOT-FOR-US: WordPress plugin form-maker CVE-2019-11577 (dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp ...) - dhcpcd5 7.1.0-2 (bug #928105) [stretch] - dhcpcd5 (Vulnerable code not present) [jessie] - dhcpcd5 (Vulnerable code not present) NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6 CVE-2019-11579 (dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO ...) {DLA-1793-1} - dhcpcd5 7.1.0-2 (low; bug #928104) [stretch] - dhcpcd5 (Minor issue) NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=4b67f6f1038fd4ad5ca7734eaaeba1b2ec4816b8 CVE-2019-11578 (auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by pe ...) - dhcpcd5 7.1.0-2 (low; bug #928056) [stretch] - dhcpcd5 (Minor issue) [jessie] - dhcpcd5 (Authentication code added in later versions) NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=7121040790b611ca3fbc400a1bbcd4364ef57233 NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=cfde89ab66cb4e5957b1c4b68ad6a9449e2784da NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=aee631aadeef4283c8a749c1caf77823304acf5e CVE-2019-11576 (Gitea before 1.8.0 allows 1FA for user accounts that have completed 2F ...) - gitea CVE-2019-11575 RESERVED CVE-2019-11574 (An issue was discovered in Simple Machines Forum (SMF) before release ...) NOT-FOR-US: Simple Machines Forum CVE-2019-11573 RESERVED CVE-2019-11572 RESERVED CVE-2019-11571 RESERVED CVE-2019-11570 RESERVED CVE-2019-11569 (Veeam ONE Reporter 9.5.0.3201 allows CSRF. ...) NOT-FOR-US: Veeam ONE Reporter CVE-2019-11568 (An issue was discovered in AikCms v2.0. There is a File upload vulnera ...) NOT-FOR-US: AikCms CVE-2019-11567 (An issue was discovered in AikCms v2.0. There is a SQL Injection vulne ...) NOT-FOR-US: AikCms CVE-2019-11566 RESERVED CVE-2019-11565 (Server Side Request Forgery (SSRF) exists in the Print My Blog plugin ...) NOT-FOR-US: Print My Blog plugin for WordPress CVE-2019-11564 (A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows rem ...) NOT-FOR-US: HumHub CVE-2019-11563 REJECTED CVE-2019-11562 RESERVED CVE-2019-11561 (The Chuango 433 MHz burglar-alarm product line is vulnerable to a Deni ...) NOT-FOR-US: Chuango CVE-2019-11560 (A buffer overflow vulnerability in the streaming server provided by hi ...) NOT-FOR-US: hisilicon CVE-2019-11559 (A reflected Cross-site scripting (XSS) vulnerability in HRworks V 1.16 ...) NOT-FOR-US: HRworks CVE-2019-11558 RESERVED CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress ...) NOT-FOR-US: WebDorado Contact Form Builder plugi for WordPress CVE-2019-11556 (Pagure before 5.6 allows XSS via the templates/blame.html blame view. ...) - pagure (Fixed before initial release) CVE-2019-11554 (The Audible application through 2.34.0 for Android has Missing SSL Cer ...) NOT-FOR-US: Audible application for Android CVE-2019-11553 (In Code42 for Enterprise through 6.8.4, an administrator without web r ...) NOT-FOR-US: Code42 for Enterprise CVE-2019-11552 (Code42 Enterprise and Crashplan for Small Business Client version 6.7 ...) NOT-FOR-US: Code42 CVE-2019-11551 (In Code42 Enterprise and Crashplan for Small Business through Client v ...) NOT-FOR-US: Code42 Enterprise and Crashplan for Small Business CVE-2019-11550 (Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before ...) NOT-FOR-US: Citrix CVE-2019-11549 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11548 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11547 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11546 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11545 (An issue was discovered in GitLab Community Edition 11.9.x before 11.9 ...) - gitlab (Vulnerable code introduced in 11.9) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11544 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...) - gitlab 11.8.9+dfsg-1 (bug #928221) NOTE: https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/ CVE-2019-11543 (XSS exists in the admin web console in Pulse Secure Pulse Connect Secu ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11542 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11541 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11540 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11539 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11538 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/ ...) NOT-FOR-US: osTicket CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3 ...) NOT-FOR-US: Kalki Kalkitech CVE-2019-11535 (Unsanitized user input in the web interface for Linksys WiFi extender ...) NOT-FOR-US: Linksys CVE-2019-11534 RESERVED CVE-2019-11533 (Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 a ...) NOT-FOR-US: ProjectSend CVE-2019-11532 RESERVED CVE-2019-11531 RESERVED CVE-2019-11530 RESERVED CVE-2019-11529 RESERVED CVE-2019-11528 (An issue was discovered in Softing uaGate SI 1.60.01. A system default ...) NOT-FOR-US: Softing uaGate CVE-2019-11527 (An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is ...) NOT-FOR-US: Softing uaGate CVE-2019-11526 (An issue was discovered in Softing uaGate SI 1.60.01. A maintenance sc ...) NOT-FOR-US: Softing uaGate CVE-2019-11525 RESERVED CVE-2019-11524 RESERVED CVE-2019-11523 (Anviz Global M3 Outdoor RFID Access Control executes any command recei ...) NOT-FOR-US: Anviz Global M3 Outdoor RFID Access Control CVE-2019-11522 (OX App Suite 7.10.0 to 7.10.2 allows XSS. ...) NOT-FOR-US: OX App Suite CVE-2019-11521 (OX App Suite 7.10.1 allows Content Spoofing. ...) NOT-FOR-US: OX App Suite CVE-2019-11520 RESERVED CVE-2019-11519 (Libraries/Nop.Services/Localization/LocalizationService.cs in nopComme ...) NOT-FOR-US: nopCommerce CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] ...) NOT-FOR-US: SEMCMS CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the synchron ...) NOT-FOR-US: WampServer CVE-2019-11516 (An issue was discovered in the Bluetooth component of the Cypress (for ...) NOT-FOR-US: Cypress CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?d ...) NOT-FOR-US: Gila CMS CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mis ...) NOT-FOR-US: Flarum CVE-2019-11513 (The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS v ...) NOT-FOR-US: CMS Made Simple CVE-2019-11512 (Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7 ...) NOT-FOR-US: Contao CVE-2019-11511 (Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the ...) NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2019-11510 (In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 be ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11509 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11508 (In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9. ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, the ...) {DLA-1795-1} - graphicsmagick 1.4~hg15968-1 [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a NOTE: https://sourceforge.net/p/graphicsmagick/bugs/604/ CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, ther ...) {DLA-1795-1} - graphicsmagick 1.4~hg15968-1 [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/85f5bdcd246a NOTE: https://sourceforge.net/p/graphicsmagick/bugs/605/ CVE-2019-11504 (Zotonic before version 0.47 has mod_admin XSS. ...) NOT-FOR-US: Zotonic CVE-2019-11503 (snap-confine as included in snapd before 2.39 did not guard against sy ...) - snapd 2.40-1 (low; bug #928052) [buster] - snapd (Minor issue) [stretch] - snapd (Minor issue) NOTE: https://github.com/snapcore/snapd/pull/6642 CVE-2019-11502 (snap-confine in snapd before 2.38 incorrectly set the ownership of a s ...) - snapd 2.40-1 (low; bug #928052) [buster] - snapd (Minor issue) [stretch] - snapd (Minor issue) NOTE: https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1 CVE-2019-11501 RESERVED CVE-2019-11500 (In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole be ...) {DSA-4510-1 DLA-1901-1} - dovecot 1:2.3.7.2-1 (bug #936014) NOTE: https://dovecot.org/pipermail/dovecot-news/2019-August/000418.html NOTE: core: https://github.com/dovecot/core/commit/85fcb895ca7f0bcb8ee72047fe0e1e78532ff90b NOTE: core: https://github.com/dovecot/core/commit/f904cbdfec25582bc5e2a7435bf82ff769f2526a NOTE: pigeonhole: https://github.com/dovecot/pigeonhole/commit/7ce9990a5e6ba59e89b7fe1c07f574279aed922c NOTE: pigeonhole: https://github.com/dovecot/pigeonhole/commit/4a299840cdb51f61f8d1ebc0210b19c40dfbc1cc CVE-2019-11499 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...) - dovecot 1:2.3.4.1-5 (bug #928235) [stretch] - dovecot (Vulnerable code not present, introduced in 2.3) [jessie] - dovecot (Vulnerable code not present, introduced in 2.3) NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115758.html CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...) {DLA-2525-1} - wavpack 5.1.0-6 (low; bug #927903) [jessie] - wavpack (Vulnerable code not present, introduced in 5.0.0) NOTE: https://github.com/dbry/WavPack/issues/67 NOTE: https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4 CVE-2019-11497 (In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate ...) NOT-FOR-US: Couchbase CVE-2019-11496 (In versions of Couchbase Server prior to 5.0, the bucket named "defaul ...) NOT-FOR-US: Couchbase CVE-2019-11495 (In Couchbase Server 5.1.1, the cookie used for intra-node communicatio ...) NOT-FOR-US: Couchbase CVE-2019-11494 (In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ...) - dovecot 1:2.3.4.1-5 (bug #928235) [stretch] - dovecot (Vulnerable code not present, introduced in 2.3) [jessie] - dovecot (Vulnerable code not present, introduced in 2.3) NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115757.html CVE-2019-11493 (VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pd ...) NOT-FOR-US: VeryPDF CVE-2019-11492 (ProjectSend before r1070 writes user passwords to the server logs. ...) NOT-FOR-US: ProjectSend CVE-2019-11491 RESERVED CVE-2019-11490 (An issue was discovered in Npcap 0.992. Sending a malformed .pcap file ...) NOT-FOR-US: Npcap CVE-2019-11489 (Incorrect Access Control in the Administrative Management Interface in ...) NOT-FOR-US: SimplyBook.me Enterprise CVE-2019-11488 (Incorrect Access Control in the Account Access / Password Reset Link i ...) NOT-FOR-US: SimplyBook.me Enterprise CVE-2019-11487 (The Linux kernel before 5.1-rc5 allows page->_refcount reference co ...) {DLA-1919-1} - linux 4.19.37-1 [stretch] - linux 4.9.184-1 [jessie] - linux (Minor issue and high risk of regression) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1752 NOTE: https://lwn.net/Articles/786044/ CVE-2019-11486 (The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in t ...) {DSA-4465-1 DLA-1824-1 DLA-1799-1} - linux 4.19.37-1 NOTE: https://git.kernel.org/linus/c7084edc3f6d67750f50d4183134c4fb5712a5c8 NOTE: Upstream commits marks driver as BROKEN and can be considered fixed starting NOTE: from versions including this commit (or backport) or versions which disable NOTE: CONFIG_R3964 already. CVE-2019-11485 (Sander Bos discovered Apport's lock file was in a world-writable direc ...) NOT-FOR-US: Apport CVE-2019-11484 (Kevin Backhouse discovered an integer overflow in bson_ensure_space, a ...) NOT-FOR-US: whoopsie CVE-2019-11483 (Sander Bos discovered Apport mishandled crash dumps originating from c ...) NOT-FOR-US: Apport CVE-2019-11482 (Sander Bos discovered a time of check to time of use (TOCTTOU) vulnera ...) NOT-FOR-US: Apport CVE-2019-11481 (Kevin Backhouse discovered that apport would read a user-supplied conf ...) NOT-FOR-US: Apport CVE-2019-11480 (The pc-kernel snap build process hardcoded the --allow-insecure-reposi ...) NOT-FOR-US: Ubuntu tooling for Linux snaps CVE-2019-11479 (Jonathan Looney discovered that the Linux kernel default MSS is hard-c ...) {DSA-4465-1 DLA-1824-1 DLA-1823-1} - linux 4.19.37-4 CVE-2019-11478 (Jonathan Looney discovered that the TCP retransmission queue implement ...) {DSA-4465-1 DLA-1824-1 DLA-1823-1} - linux 4.19.37-4 CVE-2019-11477 (Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs v ...) {DSA-4465-1 DLA-1824-1 DLA-1823-1} - linux 4.19.37-4 CVE-2019-11476 (An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2 ...) NOT-FOR-US: whoopsie CVE-2019-11475 RESERVED CVE-2019-11474 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...) {DLA-1795-1} - graphicsmagick 1.4~hg15976-1 [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a deni ...) {DLA-1795-1} - graphicsmagick 1.4~hg15976-1 [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/5402c5cbd8bd NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...) {DSA-4712-1 DLA-2333-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927828) [jessie] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1546 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/f663dfb8431c97d95682a2b533cca1c8233d21b4 CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_al ...) - libheif 1.3.2-2 (bug #928210) [buster] - libheif 1.3.2-2~deb10u1 NOTE: https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014 NOTE: https://github.com/strukturag/libheif/issues/123 CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...) {DSA-4712-1 DLA-2333-1 DLA-1968-1} - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927830) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0 CVE-2019-11469 (Zoho ManageEngine Applications Manager 12 through 14 allows FaultTempl ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2019-11468 RESERVED CVE-2019-11467 (In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the en ...) NOT-FOR-US: Couchbase CVE-2019-11466 (In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes syst ...) NOT-FOR-US: Couchbase CVE-2019-11465 (An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6. ...) NOT-FOR-US: Couchbase CVE-2019-11464 (Some enterprises require that REST API endpoints include security-rela ...) NOT-FOR-US: Couchbase CVE-2019-11463 (A memory leak in archive_read_format_zip_cleanup in archive_read_suppo ...) - libarchive (Vulnerable code not present) NOTE: Introduced in https://github.com/libarchive/libarchive/commit/121035c83e18b70d3128e9ac966109ebedb7e516 NOTE: Fix: https://github.com/libarchive/libarchive/commit/ba641f73f3d758d9032b3f0e5597a9c6e593a505 CVE-2019-11462 RESERVED CVE-2019-11461 (An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.3 ...) - nautilus 3.30.5-2 (bug #928054) [stretch] - nautilus (Vulnerable embedded gnome-desktop thumbnail script introduced later) [jessie] - nautilus (Vulnerable embedded gnome-desktop thumbnail script introduced later) NOTE: https://gitlab.gnome.org/GNOME/nautilus/issues/987 NOTE: https://gitlab.gnome.org/GNOME/nautilus/commit/2ddba428ef2b13d0620bd599c3635b9c11044659 CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 pr ...) [experimental] - gnome-desktop3 3.32.2-1 - gnome-desktop3 3.30.2.1-2 (low; bug #928732) [buster] - gnome-desktop3 (Minor issue) [stretch] - gnome-desktop3 (Vulnerable embedded gnome-desktop thumbnail script introduced later) [jessie] - gnome-desktop3 (Vulnerable embedded gnome-desktop thumbnail script introduced later) NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112 CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...) {DSA-4624-1 DLA-1882-1 DLA-1881-1} - atril 1.22.3-1 (unimportant; bug #927821) [buster] - atril 1.20.3-1+deb10u1 [stretch] - atril 1.16.1-2+deb9u2 - evince 3.32.0-3 (unimportant; bug #927820) [buster] - evince 3.30.2-3+deb10u1 NOTE: https://gitlab.gnome.org/GNOME/evince/issues/1129 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/evince/commit/3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7 NOTE: Negligible security impact CVE-2019-11458 (An issue was discovered in SmtpTransport in CakePHP 3.7.6. An unserial ...) - cakephp (Vulnerable code introduced in 3.0.0) NOTE: https://github.com/cakephp/cakephp/commit/1a74e798309192a9895c9cedabd714ceee345f4e NOTE: https://github.com/cakephp/cakephp/pull/13153 CVE-2019-11457 (Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /chang ...) NOT-FOR-US: MicroPyramid Django CRM CVE-2019-11456 (Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code. ...) NOT-FOR-US: Gila CMS CVE-2019-11455 (A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit bef ...) {DLA-1767-1} - monit 1:5.25.3-1 (bug #927775) [stretch] - monit (Minor issue) NOTE: https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a CVE-2019-11454 (Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash ...) {DLA-1767-1} - monit 1:5.25.3-1 (bug #927775) [stretch] - monit (Minor issue) NOTE: https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3 NOTE: https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c CVE-2019-11453 RESERVED CVE-2019-11452 (whatsns 4.0 allows index.php?admin_category/remove.html cid[] SQL inje ...) NOT-FOR-US: whatsns CVE-2019-11451 (whatsns 4.0 allows index.php?inform/add.html qid SQL injection. ...) NOT-FOR-US: whatsns CVE-2019-11450 (whatsns 4.0 allows index.php?question/ajaxadd.html title SQL injection ...) NOT-FOR-US: whatsns CVE-2019-11449 (I, Librarian 4.10 has XSS via the notes.php notes parameter. ...) - i-librarian (bug #649291) CVE-2019-11448 (An issue was discovered in Zoho ManageEngine Applications Manager 11.0 ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2019-11447 (An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can inf ...) NOT-FOR-US: CuteNews CVE-2019-11446 (An issue was discovered in ATutor through 2.2.4. It allows the user to ...) NOT-FOR-US: ATutor CVE-2019-11445 (OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JS ...) NOT-FOR-US: OpenKM CVE-2019-11444 (** DISPUTED ** An issue was discovered in Liferay Portal CE 7.1.2 GA3. ...) NOT-FOR-US: Liferay Portal CE CVE-2019-11443 RESERVED CVE-2019-11442 RESERVED CVE-2019-11441 RESERVED CVE-2019-11440 RESERVED CVE-2019-11439 RESERVED CVE-2019-11438 RESERVED CVE-2019-11437 RESERVED CVE-2019-11436 RESERVED CVE-2019-11435 RESERVED CVE-2019-11434 RESERVED CVE-2019-11433 RESERVED CVE-2019-11432 RESERVED CVE-2019-11431 RESERVED CVE-2019-11430 RESERVED CVE-2019-11429 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2019-11428 (I, Librarian 4.10 has XSS via the export.php export_files parameter. ...) - i-librarian (bug #649291) CVE-2019-11427 (An XSS issue was discovered in app/search/search.app.php in idreamsoft ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-11426 (An XSS issue was discovered in app/admincp/template/admincp.header.php ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-11425 RESERVED CVE-2019-11424 RESERVED CVE-2019-11423 RESERVED CVE-2019-11422 RESERVED CVE-2019-11421 RESERVED CVE-2019-11420 RESERVED CVE-2019-11419 (vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application th ...) NOT-FOR-US: WeChat CVE-2019-11418 (apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer over ...) NOT-FOR-US: TRENDnet router CVE-2019-11417 (system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused ...) NOT-FOR-US: TRENDnet cameras CVE-2019-11416 (A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, lead ...) NOT-FOR-US: Intelbras IWR 3000N 1.5.0 devices CVE-2019-11415 (An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malfor ...) NOT-FOR-US: Intelbras IWR 3000N 1.5.0 devices CVE-2019-11414 (An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the ...) NOT-FOR-US: Intelbras IWR 3000N 1.5.0 devices CVE-2019-11413 (An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recurs ...) - mujs (Fixed with initial upload to Debian) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700937 NOTE: https://github.com/ccxvii/mujs/commit/00d4606c3baf813b7b1c176823b2729bf51002a2 CVE-2019-11412 (An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a ...) - mujs (Fixed with initial upload to Debian) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700947 NOTE: https://github.com/ccxvii/mujs/commit/1e5479084bc9852854feb1ba9bf68b52cd127e02 CVE-2019-11411 (An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() an ...) - mujs (Fixed with initial upload to Debian) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700938 NOTE: https://github.com/ccxvii/mujs/commit/da632ca08f240590d2dec786722ed08486ce1be6 CVE-2019-11410 (app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers f ...) NOT-FOR-US: FreePBX CVE-2019-11409 (app/operator_panel/exec.php in the Operator Panel module in FusionPBX ...) NOT-FOR-US: FreePBX CVE-2019-11408 (XSS in app/operator_panel/index_inc.php in the Operator Panel module i ...) NOT-FOR-US: FusionPBX CVE-2019-11407 (app/operator_panel/index_inc.php in the Operator Panel module in Fusio ...) NOT-FOR-US: FusionPBX CVE-2019-11406 (Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, o ...) NOT-FOR-US: Subrion CMS CVE-2019-11405 (OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses ...) NOT-FOR-US: OpenAPI Tools OpenAPI Generator CVE-2019-11404 (arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compi ...) NOT-FOR-US: arrow-kt Arrow CVE-2019-11403 (In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect ...) NOT-FOR-US: Gradle Enterprise CVE-2019-11402 (In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store ...) NOT-FOR-US: Gradle Enterprise CVE-2019-11401 (A issue was discovered in SiteServer CMS 6.9.0. It allows remote attac ...) NOT-FOR-US: SiteServer CMS CVE-2019-11400 (An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b ...) NOT-FOR-US: TRENDnet CVE-2019-11399 (An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b ...) NOT-FOR-US: TRENDnet CVE-2019-11398 (Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 a ...) NOT-FOR-US: UliCMS CVE-2019-11397 (GetFile.aspx in Rapid4 RapidFlows Enterprise Application Builder 4.5M. ...) NOT-FOR-US: Rapid4 CVE-2019-11396 (An issue was discovered in Avira Free Security Suite 10. The permissiv ...) NOT-FOR-US: Avira Free Security Suite CVE-2019-11395 (A buffer overflow in MailCarrier 2.51 allows remote attackers to execu ...) NOT-FOR-US: MailCarrier CVE-2019-11394 RESERVED CVE-2019-11393 (An issue was discovered in /admin/users/update in M/Monit before 3.7.3 ...) NOT-FOR-US: M/Monit CVE-2019-11392 (BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndic ...) NOT-FOR-US: BlogEngine.NET CVE-2019-11391 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ...) - modsecurity-crs (unimportant; bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1357 NOTE: Negligible security impact, doesn't affect the CRS rule set as used NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings CVE-2019-11390 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ...) - modsecurity-crs (unimportant; bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1358 NOTE: Negligible security impact, doesn't affect the CRS rule set as used NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings CVE-2019-11389 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ...) - modsecurity-crs (unimportant; bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1356 NOTE: Negligible security impact, doesn't affect the CRS rule set as used NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings CVE-2019-11388 (** DISPUTED ** An issue was discovered in OWASP ModSecurity Core Rule ...) - modsecurity-crs (unimportant; bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1354 NOTE: Negligible security impact, doesn't affect the CRS rule set as used NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings CVE-2019-11387 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ...) - modsecurity-crs 3.1.1-1 (unimportant; bug #928053) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1359 NOTE: Negligible security impact, doesn't affect the CRS rule set as used NOTE: by libapache2-mod-security2, only affects libmodsecurity3 in non-standard settings CVE-2019-11386 RESERVED CVE-2019-11385 RESERVED CVE-2019-11384 (The Zalora application 6.15.1 for Android stores confidential informat ...) NOT-FOR-US: Zalora application for Android CVE-2019-11383 (An issue was discovered in the Medha WiFi FTP Server application 1.8.3 ...) NOT-FOR-US: Medha WiFi FTP Server application for Android CVE-2019-11382 RESERVED CVE-2019-11381 RESERVED CVE-2019-11380 (The master-password feature in the ES File Explorer File Manager appli ...) NOT-FOR-US: ES File Explorer File Manager application for Android CVE-2019-11379 RESERVED CVE-2019-11378 (An issue was discovered in ProjectSend r1053. upload-process-form.php ...) NOT-FOR-US: ProjectSend CVE-2019-11377 (wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload ...) NOT-FOR-US: WCMS CVE-2019-11376 (** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbit ...) NOT-FOR-US: SOY CMS CVE-2019-11375 (Msvod v10 has a CSRF vulnerability to change user information via the ...) NOT-FOR-US: Msvod CVE-2019-11374 (74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the ...) NOT-FOR-US: 74CMS CVE-2019-11373 (An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer ...) {DLA-2603-1} [experimental] - libmediainfo 19.04+dfsg-1 - libmediainfo 18.12-2 (low; bug #927672) [jessie] - libmediainfo (Minor issue) NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111 NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/ CVE-2019-11372 (An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test ...) {DLA-2603-1} [experimental] - libmediainfo 19.04+dfsg-1 - libmediainfo 18.12-2 (low; bug #927672) [jessie] - libmediainfo (Minor issue) NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111 NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/ CVE-2019-11371 (BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow vi ...) - bwa (unimportant) NOTE: https://github.com/lh3/bwa/issues/239 NOTE: Neutralised by toolchain hardening CVE-2019-11370 (Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstr ...) NOT-FOR-US: Carel pCOWeb CVE-2019-11369 (An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw ...) NOT-FOR-US: Carel pCOWeb CVE-2019-11368 (Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via ...) NOT-FOR-US: AUO Solar Data Recorder CVE-2019-11367 (An issue was discovered in AUO Solar Data Recorder before 1.3.0. The w ...) NOT-FOR-US: AUO Solar Data Recorder CVE-2019-11364 (An OS Command Injection vulnerability in Snare Central before 7.4.5 al ...) NOT-FOR-US: Snare Central CVE-2019-11363 (A SQL injection vulnerability in Snare Central before 7.4.5 allows rem ...) NOT-FOR-US: Snare Central CVE-2019-11362 (app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL ...) NOT-FOR-US: ROCBOSS CVE-2019-11361 (Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user p ...) NOT-FOR-US: Zoho CVE-2019-11366 (An issue was discovered in atftpd in atftp 0.7.1. It does not lock the ...) {DSA-4438-1 DLA-1783-1} - atftp 0.7.git20120829-3.1 (bug #927553) NOTE: https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities NOTE: https://sourceforge.net/p/atftp/code/ci/382f76a90b44f81fec00e2f609a94def4a5d3580/ CVE-2019-11365 (An issue was discovered in atftpd in atftp 0.7.1. A remote attacker ma ...) {DSA-4438-1 DLA-1783-1} - atftp 0.7.git20120829-3.1 (bug #927553) NOTE: https://pulsesecurity.co.nz/advisories/atftpd-multiple-vulnerabilities NOTE: https://sourceforge.net/p/atftp/code/ci/abed7d245d8e8bdfeab24f9f7f55a52c3140f96b/ CVE-2019-11360 (A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allo ...) - iptables 1.8.3-2 (unimportant) NOTE: https://git.netfilter.org/iptables/commit/iptables/xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e (1.8.3) NOTE: https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/ NOTE: Negligible security impact CVE-2019-11359 (Cross-site scripting (XSS) vulnerability in display.php in I, Libraria ...) - i-librarian (bug #649291) CVE-2019-11357 RESERVED CVE-2019-11356 (The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0 ...) {DSA-4458-1} - cyrus-imapd 3.0.8-6 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1717828 NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/a5779db8163b99463e25e7c476f9cbba438b65f3 CVE-2019-11355 (An issue was discovered in Poly (formerly Polycom) HDX 3.1.13. A featu ...) NOT-FOR-US: Poly (formerly Polycom) HDX CVE-2019-11354 (The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows te ...) NOT-FOR-US: client in Electronic Arts (EA) Origin on Windows CVE-2019-11353 (The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker ...) NOT-FOR-US: EnGenius EWS660AP CVE-2019-11352 RESERVED CVE-2019-11351 (TeamSpeak 3 Client before 3.2.5 allows remote code execution in the Qt ...) - teamspeak-client CVE-2019-11350 (CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial l ...) NOT-FOR-US: CloudBees Jenkins Operations Center CVE-2019-11349 RESERVED CVE-2019-11348 RESERVED CVE-2019-11347 RESERVED CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_ ...) {DSA-4450-1 DLA-1867-1} - wpa 2:2.7+git20190128+0c1e29f-5 (bug #927463) NOTE: https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt NOTE: Patches: https://w1.fi/security/2019-5/ CVE-2019-11346 RESERVED CVE-2019-11345 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center ...) NOT-FOR-US: Citrix CVE-2019-11344 (data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute a ...) NOT-FOR-US: Pluck CMS CVE-2019-11343 (Torpedo Query before 2.5.3 mishandles the LIKE operator in ConditionBu ...) NOT-FOR-US: Torpedo Query CVE-2019-11342 RESERVED CVE-2019-11341 (On certain Samsung P(9.0) phones, an attacker with physical access can ...) NOT-FOR-US: Samsung CVE-2019-11340 (util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registrati ...) NOT-FOR-US: Matrix Sydent CVE-2019-11339 (The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 ...) - ffmpeg 7:4.1.3-1 [stretch] - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb NOTE: https://github.com/FFmpeg/FFmpeg/commit/d227ed5d598340e719eff7156b1aa0a4469e9a6a CVE-2019-11338 (libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of d ...) {DSA-4449-1 DLA-1809-1} - ffmpeg 7:4.1.3-1 - libav NOTE: https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e CVE-2019-11337 RESERVED CVE-2019-11336 (Sony Bravia Smart TV devices allow remote attackers to retrieve the st ...) NOT-FOR-US: Sony Bravia Smart TV devices CVE-2019-11335 RESERVED CVE-2019-11334 (An authentication bypass in website post requests in the Tzumi Electro ...) NOT-FOR-US: Tzumi Electronics Klic Lock application for mobile devices CVE-2019-11333 RESERVED CVE-2019-11332 (MKCMS 5.0 allows remote attackers to take over arbitrary user accounts ...) NOT-FOR-US: MKCMS CVE-2019-11331 (Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 e ...) NOT-FOR-US: Generic NTP protocol flaw CVE-2019-11330 RESERVED CVE-2019-11329 RESERVED CVE-2019-11328 (An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious ...) - singularity-container (No released Debian version contains the issue, cf bug #929042) NOTE: https://www.openwall.com/lists/oss-security/2019/05/16/1 CVE-2019-11327 (An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver dev ...) NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver CVE-2019-11326 (An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver dev ...) NOT-FOR-US: Topcon Positioning Net-G5 GNSS Receiver CVE-2019-11325 (An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3. ...) - symfony 4.3.8+dfsg-1 [buster] - symfony (Vulnerable code not present) [stretch] - symfony (Vulnerable code not present) [jessie] - symfony (Vulnerable code not present) NOTE: https://symfony.com/blog/cve-2019-11325-fix-escaping-of-strings-in-varexporter NOTE: https://github.com/symfony/symfony/commit/0524868cbf3d3a36e0af804432016d5a6d98169a CVE-2019-11323 (HAProxy before 1.9.7 mishandles a reload with rotated keys, which trig ...) - haproxy (Vulnerable code introduced in 1.9.x series in v1.9.2) NOTE: Introduced in: https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547740cc2d0a6851de8ca9ac57488bdbb8bf2 NOTE: Fixed by: https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d CVE-2019-11324 (The urllib3 library before 1.24.2 for Python mishandles certain cases ...) {DLA-2686-1} - python-urllib3 1.25.6-4 (bug #927412) [buster] - python-urllib3 (Minor issue) [jessie] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1 NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/3 CVE-2019-11322 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...) NOT-FOR-US: Motorola CVE-2019-11321 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router o ...) NOT-FOR-US: Motorola CVE-2019-11320 (In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_ ...) NOT-FOR-US: Motorola CVE-2019-11319 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...) NOT-FOR-US: Motorola CVE-2019-11318 (Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. ...) NOT-FOR-US: Zimbra Collaboration CVE-2019-11317 REJECTED CVE-2019-11316 REJECTED CVE-2019-11315 REJECTED CVE-2019-11314 REJECTED CVE-2019-11313 REJECTED CVE-2019-11312 REJECTED CVE-2019-11311 REJECTED CVE-2019-11310 REJECTED CVE-2019-11309 REJECTED CVE-2019-11308 REJECTED CVE-2019-11307 REJECTED CVE-2019-11306 REJECTED CVE-2019-11305 REJECTED CVE-2019-11304 REJECTED CVE-2019-11303 REJECTED CVE-2019-11302 REJECTED CVE-2019-11301 REJECTED CVE-2019-11300 REJECTED CVE-2019-11299 REJECTED CVE-2019-11298 REJECTED CVE-2019-11297 REJECTED CVE-2019-11296 REJECTED CVE-2019-11295 REJECTED CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows spac ...) NOT-FOR-US: Cloud Foundry CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...) NOT-FOR-US: Cloud Foundry UAA Release CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2. ...) NOT-FOR-US: Pivotal CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...) - rabbitmq-server 3.8.3-1 (bug #945601) [buster] - rabbitmq-server (Minor issue) [stretch] - rabbitmq-server (Vulnerable code not present) [jessie] - rabbitmq-server (Minor issue) NOTE: https://github.com/rabbitmq/rabbitmq-shovel-management/commit/c22992b289dddadba866ac2b7fc697bc66847e4f NOTE: https://github.com/rabbitmq/rabbitmq-federation-management/commit/52bf0ffbb8695060b1ae909266b9b62717e7ba2d NOTE: https://pivotal.io/security/cve-2019-11291 CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query p ...) NOT-FOR-US: Cloud Foundry CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not properly ...) NOT-FOR-US: Cloud Foundry Routing CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions pr ...) NOT-FOR-US: Pivotal CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...) {DLA-2710-1} - rabbitmq-server 3.8.3-1 (bug #945600) [buster] - rabbitmq-server (Minor issue) [jessie] - rabbitmq-server (Minor issue) NOTE: https://pivotal.io/security/cve-2019-11287 CVE-2019-11286 (VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and ...) NOT-FOR-US: VMware CVE-2019-11285 REJECTED CVE-2019-11284 (Pivotal Reactor Netty, versions prior to 0.8.11, passes headers throug ...) NOT-FOR-US: Pivotal CVE-2019-11283 (Cloud Foundry SMB Volume, versions prior to v2.0.3, accidentally outpu ...) NOT-FOR-US: Cloud Foundry CVE-2019-11282 (Cloud Foundry UAA, versions prior to v74.3.0, contains an endpoint tha ...) NOT-FOR-US: Cloud Foundry CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...) {DLA-2710-1} - rabbitmq-server 3.7.18-1 (low) [buster] - rabbitmq-server (Minor issue) [jessie] - rabbitmq-server (Minor issue; one plugin not vulnerable, the other only exploitable by malicious admin) NOTE: https://pivotal.io/security/cve-2019-11281 NOTE: fix for vhost limit feature: https://github.com/rabbitmq/rabbitmq-management/commit/42def1b51243397c1cb9192d6d064351e358bacc NOTE: which was only introduced in 3.7.0-beta.19 NOTE: federation management plugin: exploitable only by a remote authenticated malicious user NOTE: with administrative access NOTE: https://github.com/rabbitmq/rabbitmq-federation-management/commit/d4d4cb2d3ecd7b6c8a51e50c3565c9a431c086b3 CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...) NOT-FOR-US: Pivotal CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...) NOT-FOR-US: Cloud Foundry CVE-2019-11278 (CF UAA versions prior to 74.1.0, allow external input to be directly q ...) NOT-FOR-US: Cloud Foundry CVE-2019-11277 (Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2 ...) NOT-FOR-US: Cloud Foundry CVE-2019-11276 (Pivotal Apps Manager, included in Pivotal Application Service versions ...) NOT-FOR-US: Pivotal CVE-2019-11275 (Pivotal Application Manager, versions 666.0.x prior to 666.0.36, versi ...) NOT-FOR-US: Pivotal Application Manager CVE-2019-11274 (Cloud Foundry UAA, versions prior to 74.0.0, is vulnerable to an XSS a ...) NOT-FOR-US: Cloud Foundry UAA CVE-2019-11273 (Pivotal Container Services (PKS) versions 1.3.x prior to 1.3.7, and ve ...) NOT-FOR-US: Pivotal Container Services CVE-2019-11272 (Spring Security, versions 4.2.x up to 4.2.12, and older unsupported ve ...) {DLA-1848-1} - libspring-security-2.0-java NOTE: https://github.com/spring-projects/spring-security/commit/b2d4fec3617c497c5a8eb9c7e5270e0c7db293ee CVE-2019-11271 (Cloud Foundry BOSH 270.x versions prior to v270.1.1, contain a BOSH Di ...) NOT-FOR-US: Cloud Foundry CVE-2019-11270 (Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability wh ...) NOT-FOR-US: Cloud Foundry CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, ...) NOT-FOR-US: Spring Security OAuth CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...) NOT-FOR-US: Cloud Foundry UAA CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...) {DSA-4460-1 DSA-4434-1 DLA-2118-1 DLA-1797-1 DLA-1777-1} - drupal7 (bug #927330) - jquery 3.3.1~dfsg-2 (bug #927385) [stretch] - jquery 3.1.1-2+deb9u1 - node-jquery 2.2.4+dfsg-4 (bug #927466) - mediawiki 1:1.31.2-1 - otrs2 6.0.26-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://www.drupal.org/sa-core-2019-006 NOTE: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ NOTE: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1 NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-174006 NOTE: https://phabricator.wikimedia.org/T221739 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html NOTE: https://community.otrs.com/security-advisory-2020-05/ CVE-2019-11267 REJECTED CVE-2019-11266 REJECTED CVE-2019-11265 REJECTED CVE-2019-11264 REJECTED CVE-2019-11263 REJECTED CVE-2019-11262 REJECTED CVE-2019-11261 REJECTED CVE-2019-11260 REJECTED CVE-2019-11259 REJECTED CVE-2019-11258 REJECTED CVE-2019-11257 REJECTED CVE-2019-11256 REJECTED CVE-2019-11255 (Improper input validation in Kubernetes CSI sidecar containers for ext ...) NOT-FOR-US: kubernetes-csi CVE-2019-11254 (The Kubernetes API Server component in versions 1.1-1.14, and versions ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89535 CVE-2019-11253 (Improper input validation in the Kubernetes API server in versions v1. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/83253 CVE-2019-11252 (The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulne ...) - kubernetes 1.18.0-1 NOTE: https://github.com/kubernetes/kubernetes/pull/88684 CVE-2019-11251 (The Kubernetes kubectl cp command in versions 1.1-1.12, and versions p ...) - kubernetes (Vulnerable code not present) CVE-2019-11250 (The Kubernetes client-go library logs request headers at verbosity lev ...) - kubernetes 1.17.4-1 (bug #934801) NOTE: https://github.com/kubernetes/kubernetes/issues/81114 CVE-2019-11249 (The kubectl cp command allows copying files between containers and the ...) - kubernetes (Vulnerable code not present; incomplete fix not applied) NOTE: https://github.com/kubernetes/kubernetes/issues/80984 CVE-2019-11248 (The debugging endpoint /debug/pprof is exposed over the unauthenticate ...) - kubernetes 1.17.4-1 (bug #934182) NOTE: https://github.com/kubernetes/kubernetes/issues/81023 NOTE: https://groups.google.com/forum/#!topic/kubernetes-security-announce/pKELclHIov8 CVE-2019-11247 (The Kubernetes kube-apiserver mistakenly allows access to a cluster-sc ...) - kubernetes 1.17.4-1 (bug #933988) NOTE: https://github.com/kubernetes/kubernetes/issues/80983 CVE-2019-11246 (The kubectl cp command allows copying files between containers and the ...) - kubernetes (Vulnerable code not present; incomplete fix not applied) NOTE: https://github.com/kubernetes/kubernetes/pull/76788 CVE-2019-11245 (In kubelet v1.13.6 and v1.14.2, containers for pods that do not specif ...) - kubernetes (Vulnerable code not present) NOTE: https://discuss.kubernetes.io/t/security-regression-in-kubernetes-kubelet-v1-13-6-and-v1-14-2-only-cve-2019-11245/6584 NOTE: https://github.com/kubernetes/kubernetes/issues/78308 CVE-2019-11244 (In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the ...) - kubernetes (Vulnerable code introduced in 1.8.x onwards) NOTE: https://github.com/kubernetes/kubernetes/issues/76676 CVE-2019-11243 (In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientCon ...) - kubernetes (Only affects v1.12.0-v1.12.4 and v1.13.0 upstream) NOTE: https://github.com/kubernetes/kubernetes/issues/76797 CVE-2019-11242 (A man-in-the-middle vulnerability related to vCenter access was found ...) NOT-FOR-US: Cohesity DataPlatform CVE-2019-11241 RESERVED CVE-2019-11240 RESERVED CVE-2019-11239 RESERVED CVE-2019-11238 RESERVED CVE-2019-11237 RESERVED CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...) {DLA-2686-1 DLA-1828-1} [experimental] - python-urllib3 1.25.6-1 - python-urllib3 1.25.6-4 (bug #927172) [buster] - python-urllib3 (Minor issue) NOTE: https://github.com/urllib3/urllib3/issues/1553 NOTE: https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d NOTE: https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162 CVE-2019-11235 (FreeRADIUS before 3.0.19 mishandles the "each participant verifies tha ...) - freeradius 3.0.17+dfsg-1.1 (bug #926958) [stretch] - freeradius (Minor issue; plugin not enabled by default) [jessie] - freeradius (EAP-PWD only introduced in 3.0.0) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769 CVE-2019-11234 (FreeRADIUS before 3.0.19 does not prevent use of reflection for authen ...) - freeradius 3.0.17+dfsg-1.1 (bug #926958) [stretch] - freeradius (Minor issue; plugin not enabled by default) [jessie] - freeradius (EAP-PWD only introduced in 3.0.0) NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769 CVE-2019-11233 (EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user i ...) NOT-FOR-US: EXCELLENT INFOTEK BiYan CVE-2019-11232 (EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user i ...) NOT-FOR-US: EXCELLENT INFOTEK BiYan CVE-2019-11231 (An issue was discovered in GetSimple CMS through 3.3.15. insufficient ...) NOT-FOR-US: GetSimple CMS CVE-2019-11230 (In Avast Antivirus before 19.4, a local administrator can trick the pr ...) NOT-FOR-US: Avast Antivirus CVE-2019-11229 (models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 m ...) - gitea CVE-2019-11228 (repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does no ...) - gitea CVE-2019-11227 RESERVED CVE-2019-11226 (CMS Made Simple 2.2.10 has XSS via the m1_name parameter in "Add Artic ...) NOT-FOR-US: CMS Made Simple CVE-2019-11225 RESERVED CVE-2019-11224 (HARMAN AMX MVP5150 v2.87.13 devices allow remote OS Command Injection. ...) NOT-FOR-US: HARMAN AMX MVP5150 devices CVE-2019-11223 (An Unrestricted File Upload Vulnerability in the SupportCandy plugin t ...) NOT-FOR-US: SupportCandy plugin for WordPress CVE-2019-11222 (gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overfl ...) {DLA-1765-1} - gpac 0.5.2-426-gc5ad4e4+dfsg5-5 (bug #926961) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/f36525c5beafb78959c3a07d6622c9028de348da NOTE: https://github.com/gpac/gpac/issues/1204 NOTE: https://github.com/gpac/gpac/issues/1205 CVE-2019-11221 (GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media ...) {DLA-1765-1} - gpac 0.5.2-426-gc5ad4e4+dfsg5-5 (bug #926963) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/f4616202e5578e65746cf7e7ceeba63bee1b094b NOTE: https://github.com/gpac/gpac/issues/1203 CVE-2019-11220 (An authentication flaw in Shenzhen Yunni Technology iLnkP2P allows rem ...) NOT-FOR-US: Shenzhen Yunni Technology iLnkP2P CVE-2019-11219 (The algorithm used to generate device IDs (UIDs) for devices that util ...) NOT-FOR-US: Shenzhen Yunni Technology iLnkP2P CVE-2019-11218 (Improper handling of extra parameters in the AccountController (User P ...) NOT-FOR-US: Bonobo Git Server CVE-2019-11217 (The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 a ...) NOT-FOR-US: Bonobo Git Server CVE-2019-11216 (BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the i ...) NOT-FOR-US: BMC Smart Reporting CVE-2019-11215 (In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writ ...) NOT-FOR-US: iTop (not the same as src:itop) CVE-2019-11214 RESERVED CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an attacker ...) NOT-FOR-US: Pulse Secure Pulse Desktop Client and Network Connect CVE-2019-11212 (The MDM server component of TIBCO Software Inc's TIBCO MDM contains mu ...) NOT-FOR-US: TIBCO CVE-2019-11211 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...) NOT-FOR-US: TIBCO CVE-2019-11210 (The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime ...) NOT-FOR-US: TIBCO CVE-2019-11209 (The realm configuration component of TIBCO Software Inc.'s TIBCO FTL C ...) NOT-FOR-US: TIBCO CVE-2019-11208 (The authorization component of TIBCO Software Inc.'s TIBCO API Exchang ...) NOT-FOR-US: TIBCO CVE-2019-11207 (The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enter ...) NOT-FOR-US: TIBCO CVE-2019-11206 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2019-11205 (The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...) NOT-FOR-US: TIBCO CVE-2019-11204 (The web interface component of TIBCO Software Inc.'s TIBCO Spotfire St ...) NOT-FOR-US: TIBCO CVE-2019-11203 (The workspace client, openspace client, app development client, and RE ...) NOT-FOR-US: TIBCO CVE-2019-11202 (An issue was discovered that affects the following versions of Rancher ...) NOT-FOR-US: Rancher CVE-2019-11201 (Dolibarr ERP/CRM 9.0.1 provides a module named website that provides f ...) - dolibarr CVE-2019-11200 (Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs u ...) - dolibarr CVE-2019-11199 (Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded file ...) - dolibarr CVE-2019-11198 (Multiple cross-site scripting (XSS) vulnerabilities in Sitecore CMS 9. ...) NOT-FOR-US: Sitecore CMS CVE-2019-11197 RESERVED CVE-2019-11196 (An authentication bypass vulnerability in all versions of ValuePLUS In ...) NOT-FOR-US: ValuePLUS Integrated University Management System (IUMS) CVE-2019-11195 RESERVED CVE-2019-11194 RESERVED CVE-2019-11193 (The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via ...) NOT-FOR-US: DirectAdmin CVE-2019-11192 RESERVED CVE-2019-11189 (Authentication Bypass by Spoofing in org.onosproject.acl (access contr ...) NOT-FOR-US: Open Network Operating System (ONOS) CVE-2019-11191 (** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ...) - linux (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4 CVE-2019-11190 (The Linux kernel before 4.8 allows local users to bypass ASLR on setui ...) {DLA-1799-1} - linux 4.8.5-1 NOTE: https://git.kernel.org/linus/9f834ec18defc369d73ccf9e87a2790bfa05bf46 (4.8-rc5) NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4 CVE-2019-11188 RESERVED CVE-2019-11187 (Incorrect Access Control in the LDAP class of GONICUS GOsa through 201 ...) {DLA-1876-1 DLA-1875-1} - fusiondirectory 1.2.3-5 [buster] - fusiondirectory 1.2.3-4+deb10u1 [stretch] - fusiondirectory 1.0.19-1+deb9u1 - gosa 2.7.4+reloaded3-9 [buster] - gosa 2.7.4+reloaded3-8+deb10u1 [stretch] - gosa 2.7.4+reloaded2-13+deb9u2 CVE-2019-11186 RESERVED CVE-2019-11185 (The WP Live Chat Support Pro plugin through 8.0.26 for WordPress conta ...) NOT-FOR-US: WP Live Chat Support Pro plugin for WordPress CVE-2019-11184 (A race condition in specific microprocessors using Intel (R) DDIO cach ...) NOT-FOR-US: HW Issue with processors supporting Intel Data-Direct I/O Technology (Intel DDIO) and Remote Direct Memory Access (RDMA) CVE-2019-11183 RESERVED CVE-2019-11182 (Memory corruption in Intel(R) Baseboard Management Controller firmware ...) NOT-FOR-US: Intel CVE-2019-11181 (Out of bound read in Intel(R) Baseboard Management Controller firmware ...) NOT-FOR-US: Intel CVE-2019-11180 (Insufficient input validation in Intel(R) Baseboard Management Control ...) NOT-FOR-US: Intel CVE-2019-11179 (Insufficient input validation in Intel(R) Baseboard Management Control ...) NOT-FOR-US: Intel CVE-2019-11178 (Stack overflow in Intel(R) Baseboard Management Controller firmware ma ...) NOT-FOR-US: Intel CVE-2019-11177 (Unhandled exception in Intel(R) Baseboard Management Controller firmwa ...) NOT-FOR-US: Intel CVE-2019-11176 RESERVED CVE-2019-11175 (Insufficient input validation in Intel(R) Baseboard Management Control ...) NOT-FOR-US: Intel CVE-2019-11174 (Insufficient access control in Intel(R) Baseboard Management Controlle ...) NOT-FOR-US: Intel CVE-2019-11173 (Insufficient session validation in Intel(R) Baseboard Management Contr ...) NOT-FOR-US: Intel CVE-2019-11172 (Out of bound read in Intel(R) Baseboard Management Controller firmware ...) NOT-FOR-US: Intel CVE-2019-11171 (Heap corruption in Intel(R) Baseboard Management Controller firmware m ...) NOT-FOR-US: Intel CVE-2019-11170 (Authentication bypass in Intel(R) Baseboard Management Controller firm ...) NOT-FOR-US: Intel CVE-2019-11169 RESERVED CVE-2019-11168 (Insufficient session validation in Intel(R) Baseboard Management Contr ...) NOT-FOR-US: Intel CVE-2019-11167 (Improper file permission in software installer for Intel(R) Smart Conn ...) NOT-FOR-US: Intel CVE-2019-11166 (Improper file permissions in the installer for Intel(R) Easy Streaming ...) NOT-FOR-US: Intel CVE-2019-11165 (Improper conditions check in the Linux kernel driver for the Intel(R) ...) NOT-FOR-US: Intel, driver doesn't seem to be upstreamed CVE-2019-11164 RESERVED CVE-2019-11163 (Insufficient access control in a hardware abstraction driver for Intel ...) NOT-FOR-US: Intel(R) Processor Identification Utility for Windows CVE-2019-11162 (Insufficient access control in hardware abstraction in SEMA driver for ...) NOT-FOR-US: Intel CVE-2019-11161 RESERVED CVE-2019-11160 RESERVED CVE-2019-11159 RESERVED CVE-2019-11158 RESERVED CVE-2019-11157 (Improper conditions check in voltage settings for some Intel(R) Proces ...) NOT-FOR-US: Intel CVE-2019-11156 (Logic errors in Intel(R) PROSet/Wireless WiFi Software before version ...) NOT-FOR-US: Intel CVE-2019-11155 (Improper directory permissions in Intel(R) PROSet/Wireless WiFi Softwa ...) NOT-FOR-US: Intel CVE-2019-11154 (Improper directory permissions in Intel(R) PROSet/Wireless WiFi Softwa ...) NOT-FOR-US: Intel CVE-2019-11153 (Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software ext ...) NOT-FOR-US: Intel CVE-2019-11152 (Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 ...) NOT-FOR-US: Intel CVE-2019-11151 (Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 ...) NOT-FOR-US: Intel CVE-2019-11150 RESERVED CVE-2019-11149 RESERVED CVE-2019-11148 (Improper permissions in the installer for Intel(R) Remote Displays SDK ...) NOT-FOR-US: Intel CVE-2019-11147 (Insufficient access control in hardware abstraction driver for MEInfo ...) NOT-FOR-US: Intel CVE-2019-11146 (Improper file verification in Intel® Driver & Support Assista ...) NOT-FOR-US: Intel CVE-2019-11145 (Improper file verification in Intel® Driver & Support Assista ...) NOT-FOR-US: Intel CVE-2019-11144 RESERVED CVE-2019-11143 (Improper permissions in the software installer for Intel(R) Authentica ...) NOT-FOR-US: Intel CVE-2019-11142 RESERVED CVE-2019-11141 RESERVED CVE-2019-11140 (Insufficient session validation in system firmware for Intel(R) NUC ma ...) NOT-FOR-US: Intel CVE-2019-11139 (Improper conditions check in the voltage modulation interface for some ...) {DSA-4565-1 DLA-2051-1} - intel-microcode 3.20191112.1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html NOTE: The 3.20191112.1 release for intel-microcode did contain most updates, additional NOTE: update for CFL-S was added in 3.20191113.1. CVE-2019-11138 RESERVED CVE-2019-11137 (Insufficient input validation in system firmware for Intel(R) Xeon(R) ...) NOT-FOR-US: Intel CVE-2019-11136 (Insufficient access control in system firmware for Intel(R) Xeon(R) Sc ...) NOT-FOR-US: Intel CVE-2019-11135 (TSX Asynchronous Abort condition on some CPUs utilizing speculative ex ...) {DSA-4602-1 DSA-4565-1 DSA-4564-1 DLA-2051-1 DLA-1990-1 DLA-1989-1} - linux 5.3.9-2 - intel-microcode 3.20191112.1 - xen 4.11.3+24-g14b62ab3e5-1 (bug #947944) [jessie] - xen (Not supported in jessie LTS) NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort NOTE: https://xenbits.xen.org/xsa/advisory-305.html NOTE: The 3.20191112.1 release for intel-microcode did contain most updates, additional NOTE: update for CFL-S was added in 3.20191113.1. CVE-2019-11134 RESERVED CVE-2019-11133 (Improper access control in the Intel(R) Processor Diagnostic Tool befo ...) NOT-FOR-US: Intel CVE-2019-11132 (Cross site scripting in subsystem in Intel(R) AMT before versions 11.8 ...) NOT-FOR-US: Intel CVE-2019-11131 (Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.1 ...) NOT-FOR-US: Intel CVE-2019-11130 RESERVED CVE-2019-11129 (Out of bound read/write in system firmware for Intel(R) NUC Kit may al ...) NOT-FOR-US: Intel CVE-2019-11128 (Insufficient input validation in system firmware for Intel(R) NUC Kit ...) NOT-FOR-US: Intel CVE-2019-11127 (Buffer overflow in system firmware for Intel(R) NUC Kit may allow a pr ...) NOT-FOR-US: Intel CVE-2019-11126 (Pointer corruption in system firmware for Intel(R) NUC Kit may allow a ...) NOT-FOR-US: Intel CVE-2019-11125 (Insufficient input validation in system firmware for Intel(R) NUC Kit ...) NOT-FOR-US: Intel CVE-2019-11124 (Out of bound read/write in system firmware for Intel(R) NUC Kit may al ...) NOT-FOR-US: Intel CVE-2019-11123 (Insufficient session validation in system firmware for Intel(R) NUC Ki ...) NOT-FOR-US: Intel CVE-2019-11122 RESERVED CVE-2019-11121 (Improper file permissions in the installer for the Intel(R) Media SDK ...) NOT-FOR-US: Intel CVE-2019-11120 (Insufficient path checking in the installer for Intel(R) Active System ...) NOT-FOR-US: Intel CVE-2019-11119 (Insufficient session validation in the service API for Intel(R) RWC3 v ...) NOT-FOR-US: Intel CVE-2019-11118 RESERVED CVE-2019-11117 (Improper permissions in the installer for Intel(R) Omni-Path Fabric Ma ...) NOT-FOR-US: Intel CVE-2019-11116 RESERVED CVE-2019-11115 RESERVED CVE-2019-11114 (Insufficient input validation in Intel(R) Driver & Support Assista ...) NOT-FOR-US: Intel(R) Driver & Support Assistant CVE-2019-11113 (Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver bef ...) NOT-FOR-US: Intel Windows graphics driver CVE-2019-11112 (Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver be ...) NOT-FOR-US: Intel Windows graphics driver CVE-2019-11111 (Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics ...) NOT-FOR-US: Intel Windows graphics driver CVE-2019-11110 (Authentication bypass in the subsystem for Intel(R) CSME before versio ...) NOT-FOR-US: Intel CVE-2019-11109 (Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_0 ...) NOT-FOR-US: Intel CVE-2019-11108 (Insufficient input validation in subsystem for Intel(R) CSME before ve ...) NOT-FOR-US: Intel CVE-2019-11107 (Insufficient input validation in the subsystem for Intel(R) AMT before ...) NOT-FOR-US: Intel CVE-2019-11106 (Insufficient session validation in the subsystem for Intel(R) CSME bef ...) NOT-FOR-US: Intel CVE-2019-11105 (Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13 ...) NOT-FOR-US: Intel CVE-2019-11104 (Insufficient input validation in MEInfo software for Intel(R) CSME bef ...) NOT-FOR-US: Intel CVE-2019-11103 (Insufficient input validation in firmware update software for Intel(R) ...) NOT-FOR-US: Intel CVE-2019-11102 (Insufficient input validation in Intel(R) DAL software for Intel(R) CS ...) NOT-FOR-US: Intel CVE-2019-11101 (Insufficient input validation in the subsystem for Intel(R) CSME befor ...) NOT-FOR-US: Intel CVE-2019-11100 (Insufficient input validation in the subsystem for Intel(R) AMT before ...) NOT-FOR-US: Intel CVE-2019-11099 RESERVED CVE-2019-11098 (Insufficient input validation in MdeModulePkg in EDKII may allow an un ...) [experimental] - edk2 2021.02-1 - edk2 2020.11-5 (bug #991495) [bullseye] - edk2 (Minor issue) [buster] - edk2 (Minor issue) [stretch] - edk2 (Minor issue) NOTE: https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1614 NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=316 CVE-2019-11097 (Improper directory permissions in the installer for Intel(R) Managemen ...) NOT-FOR-US: Intel CVE-2019-11096 (Insufficient memory protection for Intel(R) Ethernet I218 Adapter driv ...) NOT-FOR-US: Intel(R) Ethernet I218 Adapter driver for Windows CVE-2019-11095 (Insufficient access control in Intel(R) Driver & Support Assistant ...) NOT-FOR-US: Intel(R) Driver & Support Assistant CVE-2019-11094 (Insufficient input validation in system firmware for Intel (R) NUC Kit ...) NOT-FOR-US: Intel (R) NUC Kit CVE-2019-11093 (Unquoted service path in the installer for the Intel(R) SCS Discovery ...) NOT-FOR-US: Intel(R) SCS Discovery Utility CVE-2019-11092 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheab ...) {DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1} - intel-microcode 3.20190514.1 - linux 4.19.37-2 - xen 4.11.1+92-g6c33308a8d-1 (bug #929129) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5 NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling NOTE: https://xenbits.xen.org/xsa/advisory-297.html NOTE: libvirt support for md-clear CPUID bit: NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85 NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt CVE-2019-11090 (Cryptographic timing conditions in the subsystem for Intel(R) PTT befo ...) NOT-FOR-US: Intel CVE-2019-11089 (Insufficient input validation in Kernel Mode module for Intel(R) Graph ...) NOT-FOR-US: Intel Windows graphics driver CVE-2019-11088 (Insufficient input validation in subsystem in Intel(R) AMT before vers ...) NOT-FOR-US: Intel CVE-2019-11087 (Insufficient input validation in the subsystem for Intel(R) CSME befor ...) NOT-FOR-US: Intel CVE-2019-11086 (Insufficient input validation in subsystem for Intel(R) AMT before ver ...) NOT-FOR-US: Intel CVE-2019-11085 (Insufficient input validation in Kernel Mode Driver in Intel(R) i915 G ...) - linux 4.19.20-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/51b00d8509dc69c98740da2ad07308b630d3eb7d NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html CVE-2019-11084 (GAuth 0.9.9 beta has stored XSS that shows a popup repeatedly and disc ...) NOT-FOR-US: GAuth CVE-2019-11083 RESERVED CVE-2019-11082 (core/api/datasets/internal/actions/Explode.java in the Dataset API in ...) NOT-FOR-US: DKPro Core CVE-2019-11081 (A default username and password in Dentsply Sirona Sidexis 4.3.1 and e ...) NOT-FOR-US: Dentsply Sirona Sidexis CVE-2019-11080 (Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remo ...) NOT-FOR-US: Sitecore Experience Platform CVE-2019-11079 RESERVED CVE-2019-11078 (MKCMS V5.0 has a CSRF vulnerability to add a new admin user via the uc ...) NOT-FOR-US: MKCMS CVE-2019-11077 (FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new a ...) NOT-FOR-US: FastAdmin CVE-2019-11076 (Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via a ...) NOT-FOR-US: Cribl UI CVE-2019-11075 RESERVED CVE-2019-11074 (A Write to Arbitrary Location in Disk vulnerability exists in PRTG Net ...) NOT-FOR-US: PRTG Network Monitor CVE-2019-11073 (A Remote Code Execution vulnerability exists in PRTG Network Monitor b ...) NOT-FOR-US: PRTG Network Monitor CVE-2019-11072 (** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, w ...) - lighttpd 1.4.53-4 (bug #926885) [stretch] - lighttpd (Vulnerable code introduced later) [jessie] - lighttpd (Vulnerable code introduced later) NOTE: https://redmine.lighttpd.net/issues/2945 NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/32120d5b8b3203fc21ccb9eafb0eaf824bb59354 NOTE: Introduced with: https://github.com/lighttpd/lighttpd1.4/commit/3eb7902e10ba75b3f2eb159e244d0d8e5037ccd2 CVE-2019-11070 (WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly ap ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-11069 (Sequelize version 5 before 5.3.0 does not properly ensure that standar ...) NOT-FOR-US: Sequelize CVE-2019-11068 (libxslt through 1.1.33 allows bypass of a protection mechanism because ...) {DLA-1756-1} - libxslt 1.1.32-2.1 (bug #926895; bug #933743) [buster] - libxslt 1.1.32-2.1~deb10u1 [stretch] - libxslt 1.1.29-2.1+deb9u1 NOTE: https://gitlab.gnome.org/GNOME/libxslt/issues/12 NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6 CVE-2019-11067 RESERVED CVE-2019-1003050 (The f:validateButton form control for the Jenkins UI did not properly ...) - jenkins CVE-2019-1003049 (Users who cached their CLI authentication before Jenkins was updated t ...) - jenkins CVE-2019-11066 (openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted Open ...) NOT-FOR-US: LightOpenID CVE-2019-11065 (Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download ...) - gradle 4.4.1-10 (bug #926923) [buster] - gradle (Minor issue) [stretch] - gradle (Minor issue) [jessie] - gradle (Minor issue) NOTE: https://github.com/gradle/gradle/pull/8927 NOTE: https://lists.debian.org/debian-lts/2019/05/msg00021.html CVE-2019-11071 (SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visit ...) {DSA-4429-1} - spip 3.2.4-1 (bug #926764) [jessie] - spip (SPIP 3.0 and earlier are not affected) NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-1-10-et-SPIP-3-2-4.html NOTE: https://github.com/spip/SPIP/commit/3ef87c525bc0768c926646f999a54222b37b5d36 NOTE: https://github.com/spip/SPIP/commit/824d17f424bf77d17af89c18c3dc807a3199567e CVE-2019-11064 (A vulnerability of remote credential disclosure was discovered in Adva ...) NOT-FOR-US: Advan VD-1 firmware CVE-2019-11063 (A broken access control vulnerability in SmartHome app (Android versio ...) NOT-FOR-US: SmartHome app CVE-2019-11062 (The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Inj ...) NOT-FOR-US: SUNNET WMPro for eLearning system CVE-2019-11061 (A broken access control vulnerability in HG100 firmware versions up to ...) NOT-FOR-US: HG100 firmware CVE-2019-11060 (The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, ...) NOT-FOR-US: ASUS HG100 firmware CVE-2019-11059 (Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit exte ...) - u-boot 2019.01+dfsg-6 (bug #928800) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://git.denx.de/?p=u-boot.git;a=commit;h=febbc583319b567fe3d83e521cc2ace9be8d1501 CVE-2019-11058 RESERVED CVE-2019-11057 (SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows ...) NOT-FOR-US: Vtiger CRM CVE-2019-11056 RESERVED CVE-2019-11055 RESERVED CVE-2019-11054 RESERVED CVE-2019-11053 RESERVED CVE-2019-11052 RESERVED CVE-2019-11051 RESERVED CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) {DSA-4628-1 DSA-4626-1 DLA-2050-1} - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: https://bugs.php.net/78793 CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...) - php7.3 (Windows specific issue) - php7.0 (Windows specific issue) - php5 (Windows specific issue) NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: https://bugs.php.net/78943 CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2261-1} - php7.4 7.4.9-1 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.2.31, 7.3.18, 7.4.6 NOTE: PHP Bug: https://bugs.php.net/78875 NOTE: PHP Bug: https://bugs.php.net/78876 NOTE: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 NOTE: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 NOTE: php-7.4: https://github.com/php/php-src/commit/a3924ab6542a358a3099de992b63b932a9570add NOTE: php-7.3: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 NOTE: php-7.2: https://github.com/php/php-src/commit/f43041250f82ed69bd4575655984fbfc842da266 NOTE: php-7.2: https://github.com/php/php-src/commit/1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) {DSA-4628-1 DSA-4626-1 DLA-2050-1} - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: https://bugs.php.net/78910 CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...) {DSA-4628-1 DSA-4626-1 DLA-2050-1} - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: https://bugs.php.net/78878 NOTE: https://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...) {DSA-4628-1 DSA-4626-1 DLA-2050-1} - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: https://bugs.php.net/78863 NOTE: https://git.php.net/?p=php-src.git;a=patch;h=d74907b8575e6edb83b728c2a94df434c23e1f79 CVE-2019-11044 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Wi ...) - php7.3 (Windows specific issue) - php7.0 (Windows specific issue) - php5 (Windows specific issue) NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: https://bugs.php.net/78862 CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ...) {DSA-4553-1 DSA-4552-1 DLA-1970-1} - php7.3 7.3.11-1~deb10u1 (bug #943468; bug #943764) - php7.0 - php5 NOTE: Fixed in PHP 7.3.11, 7.2.24 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78599 NOTE: https://www.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx NOTE: https://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) {DSA-4529-1 DSA-4527-1 DLA-1878-1} - php7.3 7.3.8-1 - php7.0 - php5 NOTE: Fixed in 7.1.31, 7.2.21, 7.3.8 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78256 CVE-2019-11041 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) {DSA-4529-1 DSA-4527-1 DLA-1878-1} - php7.3 7.3.8-1 - php7.0 - php5 NOTE: Fixed in 7.1.31, 7.2.21, 7.3.8 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78222 CVE-2019-11040 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) {DSA-4529-1 DSA-4527-1 DLA-1813-1} - php7.3 7.3.6-1 - php7.0 - php5 NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77988 CVE-2019-11039 (Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.3 ...) {DSA-4529-1 DSA-4527-1 DLA-1813-1} - php7.3 7.3.6-1 - php7.0 - php5 NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78069 CVE-2019-11038 (When using the gdImageCreateFromXbm() function in the GD Graphics Libr ...) {DSA-4529-1 DLA-1817-1} - libgd2 2.2.5-5.2 (low; bug #929821) [stretch] - libgd2 2.2.4-2+deb9u5 - php7.3 7.3.6-1 (unimportant) - php7.0 (unimportant) - php5 (unimportant) NOTE: Fixed in 7.1.30, 7.2.19, 7.3.6 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77973 NOTE: https://github.com/libgd/libgd/issues/501 NOTE: https://github.com/libgd/libgd/commit/e13a342c079aeb73e31dfa19eaca119761bac3f3 CVE-2019-11037 (In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing ...) {DSA-4576-1} - php-imagick 3.4.3-4.1 (bug #928420) [jessie] - php-imagick (vulnerable code is not present) NOTE: https://bugs.php.net/bug.php?id=77791 NOTE: https://github.com/mkoppanen/imagick/commits/bugfix_77791 NOTE: Introduced by: https://github.com/mkoppanen/imagick/commit/a3cc177f8ed38937960e27765816e2f7a6de7391 NOTE: Fixed by: https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445 CVE-2019-11036 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...) {DSA-4529-1 DSA-4527-1 DLA-1803-1} - php7.3 7.3.6-1 (bug #928421) - php7.0 - php5 NOTE: Fixed in 7.1.29, 7.2.18, 7.3.5 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77950 CVE-2019-11035 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...) {DSA-4529-1 DLA-1803-1} - php7.3 7.3.4-1 - php7.0 - php5 NOTE: Fixed in 7.1.28, 7.2.17, 7.3.4 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77831 CVE-2019-11034 (When processing certain files, PHP EXIF extension in versions 7.1.x be ...) {DSA-4529-1 DLA-1803-1} - php7.3 7.3.4-1 - php7.0 - php5 NOTE: Fixed in 7.1.28, 7.2.17, 7.3.4 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77753 CVE-2019-11033 (Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. Th ...) NOT-FOR-US: Applaud HCM CVE-2019-11032 (In EasyToRecruit (E2R) before 2.11, the upload feature and the Candida ...) NOT-FOR-US: EasyToRecruit CVE-2019-11031 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-up ...) NOT-FOR-US: Mirasys VMS CVE-2019-11030 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys ...) NOT-FOR-US: Mirasys VMS CVE-2019-11029 (Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Downloa ...) NOT-FOR-US: Mirasys VMS CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing ...) NOT-FOR-US: GAT-Ship Web Module CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable ...) {DLA-1956-1} - ruby-openid 2.9.2debian-1 (bug #930388) [buster] - ruby-openid (Minor issue) [stretch] - ruby-openid (Minor issue) NOTE: https://github.com/openid/ruby-openid/issues/122 NOTE: https://github.com/openid/ruby-openid/issues/122#issuecomment-520304211 NOTE: https://github.com/openid/ruby-openid/commit/8a4c31a6740a949cdc29d956c276ba3c4021dfa8 NOTE: https://github.com/openid/ruby-openid/commit/f526132c6cb5d9195351c16ed36dced4ca3db496 CVE-2019-11026 (FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infini ...) [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #926721) [buster] - poppler (Minor issue) [stretch] - poppler (Minor issue) [jessie] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/752 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8051f678b3b43326e5fdfd7c03f39de21059f426 CVE-2019-11025 (In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...) {DLA-1757-1} - cacti 1.2.2+ds1-2 (low; bug #926700) [stretch] - cacti (Minor issue) NOTE: https://github.com/Cacti/cacti/issues/2581 CVE-2019-11024 (The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has ...) - libsixel 1.8.6-1 (unimportant) NOTE: https://github.com/saitoha/libsixel/issues/85 NOTE: Negligible security impact CVE-2019-11023 (The agroot() function in cgraph\obj.c in libcgraph.a in Graphviz 2.39. ...) - graphviz (unimportant; bug #926724) NOTE: https://gitlab.com/graphviz/graphviz/issues/1517 NOTE: https://gitlab.com/graphviz/graphviz/commit/839085f8026afd6f6920a0c31ad2a9d880d97932 NOTE: Crash in CLI tool, no security impact CVE-2019-11022 RESERVED CVE-2019-11021 (** DISPUTED ** admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Aut ...) NOT-FOR-US: Schlix CMS CVE-2019-11020 (Lack of authentication in file-viewing components in DDRT Dashcom Live ...) NOT-FOR-US: DDRT Dashcom CVE-2019-11019 (Lack of authentication in case-exporting components in DDRT Dashcom Li ...) NOT-FOR-US: DDRT Dashcom CVE-2019-11018 (application\admin\controller\User.php in ThinkAdmin V4.0 does not prev ...) NOT-FOR-US: ThinkAdmin CVE-2019-11017 (On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vu ...) NOT-FOR-US: D-Link CVE-2019-11016 (Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. ...) NOT-FOR-US: Elgg CVE-2019-11015 (A vulnerability was found in the MIUI OS version 10.1.3.0 that allows ...) NOT-FOR-US: MIUI OS CVE-2019-11014 (The VStarCam vstc.vscam.client library and vstc.vscam shared object, a ...) NOT-FOR-US: VStarCam CVE-2019-11013 (Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal ...) NOT-FOR-US: Nimble Streamer CVE-2019-11012 RESERVED CVE-2019-11011 (Akamai CloudTest before 58.30 allows remote code execution. ...) NOT-FOR-US: Akamai CloudTest CVE-2019-11010 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in ...) {DLA-1755-1} - graphicsmagick 1.4~hg15968-1 (bug #927029) [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/601/ CVE-2019-11009 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...) {DLA-1755-1} - graphicsmagick 1.4~hg15968-1 (bug #927029) [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/7cff2b1792de NOTE: https://sourceforge.net/p/graphicsmagick/bugs/597/ CVE-2019-11008 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...) {DLA-1755-1} - graphicsmagick 1.4~hg15968-1 (bug #927029) [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d823d23a474b NOTE: https://sourceforge.net/p/graphicsmagick/bugs/599/ CVE-2019-11007 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...) {DLA-1755-1} - graphicsmagick 1.4~hg15968-1 (bug #927029) [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/40fc71472b98 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/86a9295e7c83 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/596/ CVE-2019-11006 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buff ...) {DLA-1755-1} - graphicsmagick 1.4~hg15968-1 (bug #927029) [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/598/ CVE-2019-11005 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buf ...) - graphicsmagick 1.4~hg15968-1 (bug #927029) [stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3 [jessie] - graphicsmagick (The vulnerable code is not present) NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d NOTE: https://sourceforge.net/p/graphicsmagick/bugs/600/ CVE-2019-11004 (In Materialize through 1.0.0, XSS is possible via the Toast feature. ...) NOT-FOR-US: Materialize CVE-2019-11003 (In Materialize through 1.0.0, XSS is possible via the Autocomplete fea ...) NOT-FOR-US: Materialize CVE-2019-11002 (In Materialize through 1.0.0, XSS is possible via the Tooltip feature. ...) NOT-FOR-US: Materialize CVE-2019-11001 (On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices th ...) NOT-FOR-US: Reolink devices CVE-2019-11000 (An issue was discovered in GitLab Enterprise Edition before 11.7.11, 1 ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/2019/04/10/critical-security-release-gitlab-11-dot-9-dot-7-released/ CVE-2019-10999 (The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer o ...) NOT-FOR-US: D-Link CVE-2019-10998 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...) NOT-FOR-US: Phoenix Contact CVE-2019-10997 (An issue was discovered on Phoenix Contact AXC F 2152 (No.2404267) bef ...) NOT-FOR-US: Phoenix Contact CVE-2019-10996 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...) NOT-FOR-US: Red Lion Controls Crimson CVE-2019-10995 (ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hid ...) NOT-FOR-US: ABB CP651 HMI products CVE-2019-10994 (Processing a specially crafted project file in LAquis SCADA 4.3.1.71 m ...) NOT-FOR-US: LAquis SCADA CVE-2019-10993 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointe ...) NOT-FOR-US: WebAccess/SCADA CVE-2019-10992 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...) NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor CVE-2019-10991 (In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buf ...) NOT-FOR-US: WebAccess/SCADA CVE-2019-10990 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...) NOT-FOR-US: Red Lion Controls Crimson CVE-2019-10989 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffe ...) NOT-FOR-US: WebAccess/SCADA CVE-2019-10988 (In Philips HDI 4000 Ultrasound Systems, all versions running on old, u ...) NOT-FOR-US: Philips HDI 4000 Ultrasound Systems CVE-2019-10987 (In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds wr ...) NOT-FOR-US: WebAccess/SCADA CVE-2019-10986 RESERVED CVE-2019-10985 (In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnera ...) NOT-FOR-US: WebAccess/SCADA CVE-2019-10984 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...) NOT-FOR-US: Red Lion Controls Crimson CVE-2019-10983 (In WebAccess/SCADA Versions 8.3.5 and prior, an out-of-bounds read vul ...) NOT-FOR-US: WebAccess/SCADA CVE-2019-10982 (Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Mu ...) NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor CVE-2019-10981 (In Vijeo Citect 7.30 and 7.40, and CitectSCADA 7.30 and 7.40, a vulner ...) NOT-FOR-US: AVEVA CVE-2019-10980 (A type confusion vulnerability may be exploited when LAquis SCADA 4.3. ...) NOT-FOR-US: LAquis SCADA CVE-2019-10979 (SICK MSC800 all versions prior to Version 4.0, the affected firmware v ...) NOT-FOR-US: SICK MSC800 CVE-2019-10978 (Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior ...) NOT-FOR-US: Red Lion Controls Crimson CVE-2019-10977 (In Mitsubishi Electric MELSEC-Q series Ethernet module QJ71E71-100 ser ...) NOT-FOR-US: Mitsubishi CVE-2019-10976 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vu ...) NOT-FOR-US: Mitsubishi Electric FR Configurator2 CVE-2019-10975 (An out-of-bounds read vulnerability has been identified in Fuji Electr ...) NOT-FOR-US: Fuji Electric CVE-2019-10974 (NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The appli ...) NOT-FOR-US: NREL EnergyPlus CVE-2019-10973 (Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, all ...) NOT-FOR-US: Quest KACE CVE-2019-10972 (Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vu ...) NOT-FOR-US: Mitsubishi Electric FR Configurator2 CVE-2019-10971 (The application (Network Configurator for DeviceNet Safety 3.41 and pr ...) NOT-FOR-US: Omron CVE-2019-10970 (In Rockwell Automation PanelView 5510 (all versions manufactured befor ...) NOT-FOR-US: Rockwell Automation PanelView CVE-2019-10969 (Moxa EDR 810, all versions 5.1 and prior, allows an authenticated atta ...) NOT-FOR-US: Moxa CVE-2019-10968 (Philips Holter 2010 Plus, all versions. A vulnerability has been ident ...) NOT-FOR-US: Philips Holter 2010 Plus CVE-2019-10967 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based ...) NOT-FOR-US: Emerson CVE-2019-10966 (In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exis ...) NOT-FOR-US: GE Aestiva and Aespire CVE-2019-10965 (In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a heap-based b ...) NOT-FOR-US: Emerson CVE-2019-10964 (In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, ...) NOT-FOR-US: Medtronic CVE-2019-10963 (Moxa EDR 810, all versions 5.1 and prior, allows an unauthenticated at ...) NOT-FOR-US: Moxa CVE-2019-10962 (BD Alaris Gateway versions, 1.0.13,1.1.3 Build 10,1.1.3 MR Build 11,1. ...) NOT-FOR-US: BD Alaris Gateway CVE-2019-10961 (In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, proces ...) NOT-FOR-US: Advantech WebAccess HMI Designer CVE-2019-10960 (Zebra Industrial Printers All Versions, Zebra printers are shipped wit ...) NOT-FOR-US: Zebra Industrial Printers CVE-2019-10959 (BD Alaris Gateway Workstation Versions, 1.1.3 Build 10, 1.1.3 MR Build ...) NOT-FOR-US: BD Alaris Gateway CVE-2019-10958 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...) NOT-FOR-US: Geutebruck IP Cameras CVE-2019-10957 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...) NOT-FOR-US: Geutebruck IP Cameras CVE-2019-10956 (Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-2 ...) NOT-FOR-US: Geutebruck IP Cameras CVE-2019-10955 (In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versi ...) NOT-FOR-US: Rockwell Automation CVE-2019-10954 (An attacker could send crafted SMTP packets to cause a denial-of-servi ...) NOT-FOR-US: Rockwell Automation CVE-2019-10953 (ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable ...) NOT-FOR-US: Programmable Logic Controllers of various vendors CVE-2019-10952 (An attacker could send a crafted HTTP/HTTPS request to render the web ...) NOT-FOR-US: Rockwell Automation CVE-2019-10951 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...) NOT-FOR-US: Delta Electronics CVE-2019-10950 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...) NOT-FOR-US: Fujifilm CVE-2019-10949 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...) NOT-FOR-US: Delta Electronics CVE-2019-10948 (Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 F ...) NOT-FOR-US: Fujifilm CVE-2019-10947 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...) NOT-FOR-US: Delta Electronics CVE-2019-10946 (An issue was discovered in Joomla! before 3.9.5. The "refresh list of ...) NOT-FOR-US: Joomla! CVE-2019-10945 (An issue was discovered in Joomla! before 3.9.5. The Media Manager com ...) NOT-FOR-US: Joomla! CVE-2019-10944 RESERVED CVE-2019-10943 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) NOT-FOR-US: Siemens CVE-2019-10942 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2019-10941 (A vulnerability has been identified in SINEMA Server (All versions < ...) NOT-FOR-US: Siemens CVE-2019-10940 (A vulnerability has been identified in SINEMA Server (All versions < ...) NOT-FOR-US: Siemens CVE-2019-10939 (A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET var ...) NOT-FOR-US: Siemens CVE-2019-10938 (A vulnerability has been identified in SIPROTEC 5 devices with CPU var ...) NOT-FOR-US: Ethernet plug-in communication modules for SIPROTEC 5 devices CVE-2019-10937 (A vulnerability has been identified in SIMATIC TDC CP51M1 (All version ...) NOT-FOR-US: SIMATIC TDC CP51M1 CVE-2019-10936 (A vulnerability has been identified in Development/Evaluation Kits for ...) NOT-FOR-US: Siemens CVE-2019-10935 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) NOT-FOR-US: Siemens CVE-2019-10934 (A vulnerability has been identified in TIA Portal V14 (All versions &l ...) NOT-FOR-US: Siemens CVE-2019-10933 (A vulnerability has been identified in Spectrum Power 3 (Corporate Use ...) NOT-FOR-US: Siemens CVE-2019-10932 RESERVED CVE-2019-10931 (A vulnerability has been identified in All other SIPROTEC 5 device typ ...) NOT-FOR-US: Siemens CVE-2019-10930 (A vulnerability has been identified in All other SIPROTEC 5 device typ ...) NOT-FOR-US: Siemens CVE-2019-10929 (A vulnerability has been identified in SIMATIC CP 1626 (All versions), ...) NOT-FOR-US: Siemens CVE-2019-10928 (A vulnerability has been identified in SCALANCE SC-600 (V2.0). An auth ...) NOT-FOR-US: Siemens CVE-2019-10927 (A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANC ...) NOT-FOR-US: Siemens CVE-2019-10926 (A vulnerability has been identified in SIMATIC MV400 family (All Versi ...) NOT-FOR-US: Siemens CVE-2019-10925 (A vulnerability has been identified in SIMATIC MV400 family (All Versi ...) NOT-FOR-US: Siemens CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...) NOT-FOR-US: Siemens CVE-2019-10923 (A vulnerability has been identified in Development/Evaluation Kits for ...) NOT-FOR-US: Siemens CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) NOT-FOR-US: Siemens CVE-2019-10921 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2019-10920 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2019-10919 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2019-10918 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) NOT-FOR-US: Siemens CVE-2019-10917 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) NOT-FOR-US: Siemens CVE-2019-10916 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) NOT-FOR-US: Siemens CVE-2019-10915 (A vulnerability has been identified in TIA Administrator (All versions ...) NOT-FOR-US: Siemens CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Insi ...) - matrixssl NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1785 NOTE: https://github.com/matrixssl/matrixssl/issues/26 CVE-2019-10913 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...) {DSA-4441-1 DLA-1778-1} - symfony 3.4.22+dfsg-2 NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides CVE-2019-10912 (In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4. ...) {DSA-4441-1} - symfony 3.4.22+dfsg-2 [jessie] - symfony (vulnerable code is not present) NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized CVE-2019-10911 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...) {DSA-4441-1 DLA-1778-1} - drupal7 (Drupal 7 core not affected) - symfony 3.4.22+dfsg-2 NOTE: https://www.drupal.org/SA-CORE-2019-005 NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash CVE-2019-10910 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...) {DSA-4441-1 DLA-1778-1} - drupal7 (Drupal 7 core not affected) - symfony 3.4.22+dfsg-2 NOTE: https://www.drupal.org/SA-CORE-2019-005 NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid CVE-2019-10909 (In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...) {DSA-4441-1 DLA-1778-1} - drupal7 (Drupal 7 core not affected) - symfony 3.4.22+dfsg-2 NOTE: https://www.drupal.org/SA-CORE-2019-005 NOTE: https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine CVE-2019-10908 (In Airsonic 10.2.1, RecoverController.java generates passwords via org ...) NOT-FOR-US: Airsonic CVE-2019-10907 (Airsonic 10.2.1 uses Spring's default remember-me mechanism based on M ...) NOT-FOR-US: Airsonic CVE-2019-10906 (In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape ...) - jinja2 2.10-2 (bug #926602) [stretch] - jinja2 (Minor issue) [jessie] - jinja2 (Minor issue) NOTE: https://palletsprojects.com/blog/jinja-2-10-1-released/ NOTE: https://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26 CVE-2019-10905 (Parsedown before 1.7.2, when safe mode is used and HTML markup is disa ...) NOT-FOR-US: Parsedown CVE-2019-10904 (Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and r ...) {DLA-1750-1} - roundup (bug #926587) NOTE: https://github.com/python/bugs.python.org/issues/34 NOTE: https://issues.roundup-tracker.org/issue2551035 NOTE: https://bitbucket.org/python/roundup/commits/51682dc2cd7e28421d749117c25bec58f632ee5f CVE-2019-10903 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SP ...) {DLA-2423-1 DLA-1802-1} - wireshark 2.6.8-1 (low; bug #926718) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eafdcfa4b6d5187a5326442a82608ab03d9dddcb NOTE: https://www.wireshark.org/security/wnpa-sec-2019-18.html CVE-2019-10902 (In Wireshark 3.0.0, the TSDNS dissector could crash. This was addresse ...) - wireshark (Vulnerable code never present in the archive in released version) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15619 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=95571f17d5e2de39735e62e5251583f930c06d51 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-16.html NOTE: bug was never in Debian apart experimental released versions: NOTE: Dissector introduced in 3.0.0 and CVE fixed in 3.0.1 CVE-2019-10901 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS diss ...) {DLA-2423-1 DLA-1802-1} - wireshark 2.6.8-1 (low; bug #926718) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15620 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cf801a25074f76dc3ae62d8ec53ace75f56ce2cd NOTE: https://www.wireshark.org/security/wnpa-sec-2019-17.html CVE-2019-10900 (In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. ...) - wireshark (Vulnerable code introduced later in 3.0.0) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15612 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=26eee01f57f0a86fb375892c7937eac24ede4610 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-13.html CVE-2019-10899 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC di ...) {DLA-2423-1 DLA-1802-1} - wireshark 2.6.8-1 (low; bug #926718) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b16fea2f175a3297edac118c8844c7987d31c1cb NOTE: https://www.wireshark.org/security/wnpa-sec-2019-10.html CVE-2019-10898 (In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. ...) - wireshark (Vulnerable code introduced later; GSUP dissector introduced in 3.0.0) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15585 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f80b7d1b279fb6c13f640019a1bbc42b18bf7469 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-12.html CVE-2019-10897 (In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinit ...) - wireshark (Vulnerable code introduced in 3.0.0) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15553 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=00d5e9e9fb377f52ab7696f25c1dbc011ef0244d NOTE: https://www.wireshark.org/security/wnpa-sec-2019-11.html CVE-2019-10896 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF disse ...) {DLA-2423-1} - wireshark 2.6.8-1 (low; bug #926718) [jessie] - wireshark (vulnerable code is not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=441b6d9071d6341e58dfe10719375489c5b8e3f0 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-15.html CVE-2019-10895 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler ...) {DLA-2423-1 DLA-1802-1} - wireshark 2.6.8-1 (low; bug #926718) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2fbbde780e5d5d82e31dca656217daf278cf62bb NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=38680c4c69f9f4e0f39e29b66fe2b02d88eb629d NOTE: introduced bug: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1660f7437198113c0c90cec22daa6abcd3af22cc NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-09.html CVE-2019-10894 (In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API d ...) {DLA-2423-1 DLA-1802-1} - wireshark 2.6.8-1 (low; bug #926718) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa NOTE: https://www.wireshark.org/security/wnpa-sec-2019-14.html CVE-2019-10893 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open So ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2019-10892 (An issue was discovered in D-Link DIR-806 devices. There is a stack-ba ...) NOT-FOR-US: D-Link CVE-2019-10891 (An issue was discovered in D-Link DIR-806 devices. There is a command ...) NOT-FOR-US: D-Link CVE-2019-10890 RESERVED CVE-2019-10889 RESERVED CVE-2019-10888 (A CSRF Issue that can add an admin user was discovered in UKcms v1.1.1 ...) NOT-FOR-US: UKcms CVE-2019-10887 (A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) de ...) NOT-FOR-US: Salicru SLC-20-cube3(5) devices CVE-2019-10886 (An incorrect access control exists in the Sony Photo Sharing Plus appl ...) NOT-FOR-US: Sony Photo Sharing Plus application CVE-2019-10885 (An issue was discovered in Ivanti Workspace Control before 10.3.90.0. ...) NOT-FOR-US: Ivanti Workspace Control CVE-2019-10884 (Uniqkey Password Manager 1.14 contains a vulnerability because it fail ...) NOT-FOR-US: Uniqkey Password Manager CVE-2019-10883 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center ...) NOT-FOR-US: Citrix CVE-2019-10882 (The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2 ...) NOT-FOR-US: Netskope CVE-2019-10881 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C80 ...) NOT-FOR-US: Xerox CVE-2019-10880 (Within multiple XEROX products a vulnerability allows remote command e ...) NOT-FOR-US: XEROX CVE-2019-10879 (In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::O ...) - teeworlds 0.7.2-4 (bug #927152) [jessie] - teeworlds (Not supported in jessie LTS) NOTE: https://github.com/teeworlds/teeworlds/issues/2070 NOTE: https://github.com/teeworlds/teeworlds/commit/4d529dcd2d01022e979ebfa0b91167dee37cdb8e CVE-2019-10878 (In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader: ...) - teeworlds 0.7.2-5 (bug #927152) [jessie] - teeworlds (Not supported in jessie LTS) NOTE: https://github.com/teeworlds/teeworlds/issues/2073 NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988 NOTE: https://github.com/teeworlds/teeworlds/commit/cc3d59ae706752956d6cb8acc4187c8398b61c5c CVE-2019-10877 (In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in en ...) - teeworlds 0.7.2-4 (bug #927152) [jessie] - teeworlds (Not supported in jessie LTS) NOTE: https://github.com/teeworlds/teeworlds/issues/2071 NOTE: https://github.com/teeworlds/teeworlds/commit/d25869626a8cfbdd320929ba93ce73abed1402ce NOTE: https://github.com/teeworlds/teeworlds/commit/e086f4b35b1adf7edc35b4ad332dc7ed1edc5988 CVE-2019-10876 (An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x ...) - neutron 2:13.0.2-15 (bug #926502) [stretch] - neutron (Vulnerable code introduced later; Around Pike Openstack release) [jessie] - neutron (Vulnerable code introduced later; Around Pike Openstack release) NOTE: https://bugs.launchpad.net/ossa/+bug/1813007 NOTE: https://review.openstack.org/#/q/topic:bug/1813007 CVE-2019-10875 (A URL spoofing vulnerability was found in all international versions o ...) NOT-FOR-US: Xiaomi Mi browser CVE-2019-10874 (Cross Site Request Forgery (CSRF) in the bolt/upload File Upload featu ...) NOT-FOR-US: Bolt CMS CVE-2019-10873 (An issue was discovered in Poppler 0.74.0. There is a NULL pointer der ...) - poppler 0.71.0-4 (low; bug #926532) [stretch] - poppler (Minor issue) [jessie] - poppler (vulnerable code is not present) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/748 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05 CVE-2019-10872 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...) {DLA-2287-1 DLA-1815-1} - poppler 0.71.0-5 (low; bug #926530) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/750 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6a1580e84f492b5671d23be98192267bb73de250 CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based buffe ...) [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #926529) [buster] - poppler (Minor issue) [stretch] - poppler (Revisit when fixed upstream) [jessie] - poppler (Revisit when fixed upstream) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751 NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/266 (rejected in favor of always enabling SPLASH_CMYK) NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/341 (always enable SPLASH_CMYK) NOTE: Enabling SPLASH_CMYK in older releases causes regressions, see https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1905741 CVE-2019-10870 RESERVED CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja Forms ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2019-10867 (An issue was discovered in Pimcore before 5.7.1. An attacker with clas ...) NOT-FOR-US: Pimcore CVE-2019-10866 (In the Form Maker plugin before 1.13.3 for WordPress, it's possible to ...) NOT-FOR-US: Form Maker plugin for WordPress CVE-2019-10865 RESERVED CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowin ...) NOT-FOR-US: Wordpress plugin CVE-2019-10863 (A command injection vulnerability exists in TeemIp versions before 2.4 ...) NOT-FOR-US: TeemIp IPAM CVE-2019-10862 RESERVED CVE-2019-10861 RESERVED CVE-2019-10860 RESERVED CVE-2019-10859 RESERVED CVE-2019-10858 RESERVED CVE-2019-10857 RESERVED CVE-2019-10856 (In Jupyter Notebook before 5.7.8, an open redirect can occur via an em ...) - jupyter-notebook (Incomplete fix for CVE-2019-10255 not applied) NOTE: https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 NOTE: https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99 CVE-2019-10855 (Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 ...) NOT-FOR-US: Computrols CBAS CVE-2019-10854 (Computrols CBAS 18.0.0 allows Authenticated Command Injection. ...) NOT-FOR-US: Computrols CBAS CVE-2019-10853 (Computrols CBAS 18.0.0 allows Authentication Bypass. ...) NOT-FOR-US: Computrols CBAS CVE-2019-10852 (Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via th ...) NOT-FOR-US: Computrols CBAS CVE-2019-10851 (Computrols CBAS 18.0.0 has hard-coded encryption keys. ...) NOT-FOR-US: Computrols CBAS CVE-2019-10850 (Computrols CBAS 18.0.0 has Default Credentials. ...) NOT-FOR-US: Computrols CBAS CVE-2019-10849 (Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / ...) NOT-FOR-US: Computrols CBAS CVE-2019-10848 (Computrols CBAS 18.0.0 allows Username Enumeration. ...) NOT-FOR-US: Computrols CBAS CVE-2019-10847 (Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. ...) NOT-FOR-US: Computrols CBAS CVE-2019-10846 (Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scr ...) NOT-FOR-US: Computrols CBAS CVE-2019-10845 (An issue was discovered in Uniqkey Password Manager 1.14. When enterin ...) NOT-FOR-US: Uniqkey Password Manager CVE-2019-10844 (nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka n ...) NOT-FOR-US: Sony CVE-2019-10843 REJECTED CVE-2019-10842 (Arbitrary code execution (via backdoor code) was discovered in bootstr ...) NOT-FOR-US: backdoored version of bootstrap-sass CVE-2019-10841 RESERVED CVE-2019-10840 RESERVED CVE-2019-10839 RESERVED CVE-2019-10838 RESERVED CVE-2019-10837 RESERVED CVE-2019-10836 RESERVED CVE-2019-10835 RESERVED CVE-2019-10834 RESERVED CVE-2019-10833 RESERVED CVE-2019-10832 RESERVED CVE-2019-10831 RESERVED CVE-2019-10830 RESERVED CVE-2019-10829 RESERVED CVE-2019-10828 RESERVED CVE-2019-10827 RESERVED CVE-2019-10826 RESERVED CVE-2019-10825 RESERVED CVE-2019-10824 RESERVED CVE-2019-10823 RESERVED CVE-2019-10822 RESERVED CVE-2019-10821 RESERVED CVE-2019-10820 RESERVED CVE-2019-10819 RESERVED CVE-2019-10818 RESERVED CVE-2019-10817 RESERVED CVE-2019-10816 RESERVED CVE-2019-10815 RESERVED CVE-2019-10814 RESERVED CVE-2019-10813 RESERVED CVE-2019-10812 RESERVED CVE-2019-10811 RESERVED CVE-2019-10810 RESERVED CVE-2019-10809 RESERVED CVE-2019-10808 (utilitify prior to 1.0.3 allows modification of object properties. The ...) NOT-FOR-US: utilitify CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary commands. ...) NOT-FOR-US: Node blamer CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object prototype. The ...) NOT-FOR-US: Node vega-util CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously ...) NOT-FOR-US: Node valib CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary commands. Th ...) NOT-FOR-US: Node serial-number CVE-2019-10803 (push-dir through 0.4.1 allows execution of arbritary commands. Argumen ...) NOT-FOR-US: Node push-dir CVE-2019-10802 (giting version prior to 0.0.8 allows execution of arbritary commands. ...) NOT-FOR-US: Node giting CVE-2019-10801 (enpeem through 2.2.0 allows execution of arbitrary commands. The "opti ...) NOT-FOR-US: Node enpeem CVE-2019-10800 RESERVED CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary commands. Th ...) NOT-FOR-US: Node module compile-sass CVE-2019-10798 (rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects r ...) NOT-FOR-US: Node module rdf-graph-array CVE-2019-10797 (Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Respo ...) NOT-FOR-US: WSO2 CVE-2019-10796 (rpi through 0.0.3 allows execution of arbritary commands. The variable ...) NOT-FOR-US: Node module rpi CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...) NOT-FOR-US: undefsafe CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node module component-flatten CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set ...) NOT-FOR-US: Node module dot-object CVE-2019-10792 (bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler ...) NOT-FOR-US: Node module bodymen CVE-2019-10791 (promise-probe before 0.10.0 allows remote attackers to perform a comma ...) NOT-FOR-US: Node module promise-probe CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...) NOT-FOR-US: Node module taffy CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...) NOT-FOR-US: curling.js CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...) NOT-FOR-US: im-metadata node module CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute arbitrary c ...) NOT-FOR-US: im-resize node module CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to execute arbit ...) NOT-FOR-US: network-manager node module CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions before ver ...) {DLA-2127-1} - dojo 1.15.2+dfsg1-1 (bug #952771) [buster] - dojo 1.14.2+dfsg1-1+deb10u1 NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-pg97-ww7h-5mjr NOTE: https://snyk.io/vuln/SNYK-JS-DOJOX-548257 NOTE: https://github.com/dojo/dojox/pull/315 CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...) - phppgadmin (bug #953945) [bullseye] - phppgadmin (Minor issue) [buster] - phppgadmin (Minor issue) [stretch] - phppgadmin (Minor issue) [jessie] - phppgadmin (Minor issue) NOTE: https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885 NOTE: https://github.com/phppgadmin/phppgadmin/issues/94 CVE-2019-10783 (All versions including 0.0.4 of lsof npm module are vulnerable to Comm ...) NOT-FOR-US: lsof node module CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...) NOT-FOR-US: schema-inspector node module CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...) NOT-FOR-US: BibTeX-ruby CVE-2019-10779 (All versions of stroom:stroom-app before 5.5.12 and all versions of th ...) NOT-FOR-US: Stroom CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...) NOT-FOR-US: devcert-sanscache CVE-2019-10777 (In aws-lambda versions prior to version 1.0.5, the "config.FunctioName ...) NOT-FOR-US: aws-lambda CVE-2019-10776 (In "index.js" file line 240, the run command executes the git command ...) NOT-FOR-US: git-diff-apply CVE-2019-10775 (ecstatic have a denial of service vulnerability. Successful exploitati ...) - node-ecstatic (bug #910614) CVE-2019-10774 (php-shellcommand versions before 1.6.1 have a command injection vulner ...) - php-shellcommand 1.6.1-1 NOTE: https://snyk.io/vuln/SNYK-PHP-MIKEHAERTLPHPSHELLCOMMAND-538426 NOTE: https://github.com/mikehaertl/php-shellcommand/commit/8d98d8536e05abafe76a491da87296d824939076 NOTE: https://github.com/mikehaertl/php-shellcommand/issues/44 CVE-2019-10773 (In Yarn before 1.21.1, the package install functionality can be abused ...) - node-yarnpkg 1.21.1-1 [buster] - node-yarnpkg (Minor issue) NOTE: https://github.com/yarnpkg/yarn/issues/7761#issuecomment-565493023 NOTE: https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/ NOTE: https://github.com/yarnpkg/yarn/commit/039bafd74b7b1a88a53a54f8fa6fa872615e90e7 NOTE: https://snyk.io/vuln/SNYK-JS-YARN-537806 CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 using th ...) NOT-FOR-US: svg-sanitize CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...) NOT-FOR-US: IOBroker CVE-2019-10770 (All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and befo ...) NOT-FOR-US: ratpack-core CVE-2019-10769 (safer-eval is a npm package to sandbox the he evaluation of code used ...) NOT-FOR-US: safer-eval Node module CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricked into ...) - angular.js 1.7.9-1 (bug #945249) [buster] - angular.js (Minor issue; can be fixed via point release) [stretch] - angular.js (Nodejs in stretch not covered by security support) [jessie] - angular.js (vulnerable code is not present, deep merging introduced later) NOTE: https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3 NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-534884 CVE-2019-10767 (An attacker can include file contents from outside the `/adapter/xxx/` ...) NOT-FOR-US: ioBroker CVE-2019-10766 (Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL In ...) NOT-FOR-US: Pixie CMS CVE-2019-10765 (iobroker.admin before 3.6.12 allows attacker to include file contents ...) NOT-FOR-US: ioBroker CVE-2019-10764 (In elliptic-php versions priot to 1.0.6, Timing attacks might be possi ...) NOT-FOR-US: elliptic-php CVE-2019-10763 (pimcore/pimcore before 6.3.0 is vulnerable to SQL Injection. An attack ...) NOT-FOR-US: Pimcore CVE-2019-10762 (columnQuote in medoo before 1.7.5 allows remote attackers to perform a ...) NOT-FOR-US: medoo CVE-2019-10761 RESERVED CVE-2019-10760 (safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A ...) NOT-FOR-US: safer-eval Node module CVE-2019-10759 (safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A ...) NOT-FOR-US: safer-eval Node module CVE-2019-10758 (mongo-express before 0.54.0 is vulnerable to Remote Code Execution via ...) NOT-FOR-US: mongo-express CVE-2019-10757 (knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. ...) NOT-FOR-US: knex.js CVE-2019-10756 (It is possible to inject JavaScript within node-red-dashboard versions ...) NOT-FOR-US: node-red-dashboard CVE-2019-10755 (The SAML identifier generated within SAML2Utils.java was found to make ...) NOT-FOR-US: SAML2Utils.java CVE-2019-10754 (Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes ...) NOT-FOR-US: Apereo Central Authentication Service CVE-2019-10753 (In all versions prior to version 3.9.6 for eclipse-wtp, all versions p ...) - eclipse-wtp (Does not affect the Debian build/package) NOTE: https://snyk.io/vuln/SNYK-JAVA-COMDIFFPLUGSPOTLESS-460377 CVE-2019-10752 (Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnera ...) NOT-FOR-US: sequelize Node module CVE-2019-10751 (All versions of the HTTPie package prior to version 1.0.3 are vulnerab ...) {DLA-1937-1} - httpie 1.0.3-1 (bug #940058) [buster] - httpie (Minor issue) [stretch] - httpie (Minor issue) NOTE: https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107 NOTE: https://github.com/jakubroztocil/httpie/commit/df36d6255df5793129b02ac82f1010171bd8a0a8 CVE-2019-10750 (deeply is vulnerable to Prototype Pollution in versions before 3.1.0. ...) NOT-FOR-US: deeply CVE-2019-10749 (sequelize before version 3.35.1 allows attackers to perform a SQL Inje ...) NOT-FOR-US: sequelize CVE-2019-10748 (Sequelize all versions prior to 3.35.1, 4.44.3, and 5.8.11 are vulnera ...) NOT-FOR-US: sequelize CVE-2019-10747 (set-value is vulnerable to Prototype Pollution in versions lower than ...) [experimental] - node-set-value 3.0.1-1 - node-set-value 0.4.0-2 (bug #941189) [buster] - node-set-value 0.4.0-1+deb10u1 [stretch] - node-set-value (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 CVE-2019-10746 (mixin-deep is vulnerable to Prototype Pollution in versions before 1.3 ...) - node-mixin-deep 2.0.1-1 (bug #932500) [buster] - node-mixin-deep 1.1.3-3+deb10u1 [stretch] - node-mixin-deep 1.1.3-1+deb9u1 NOTE: https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 NOTE: https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9 NOTE: https://github.com/jonschlinkert/mixin-deep/issues/6 CVE-2019-10745 (assign-deep is vulnerable to Prototype Pollution in versions before 0. ...) NOT-FOR-US: Node assign-deep CVE-2019-10744 (Versions of lodash lower than 4.17.12 are vulnerable to Prototype Poll ...) - node-lodash 4.17.15+dfsg-1 (bug #933079) [buster] - node-lodash 4.17.11+dfsg-2+deb10u1 [stretch] - node-lodash (Nodejs in stretch not covered by security support) [jessie] - node-lodash (Nodejs in jessie not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-450202 NOTE: https://github.com/lodash/lodash/issues/4348 NOTE: https://github.com/lodash/lodash/pull/4336 CVE-2019-10743 (All versions of archiver allow attacker to perform a Zip Slip attack v ...) NOT-FOR-US: archiver CVE-2019-10742 (Axios up to and including 0.18.0 allows attackers to cause a denial of ...) - node-axios 0.17.1+dfsg-2 (bug #928624) NOTE: https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505 NOTE: https://github.com/axios/axios/issues/1098 NOTE: https://github.com/axios/axios/pull/1485 CVE-2019-10741 (K-9 Mail v5.600 can include the original quoted HTML code of a special ...) NOT-FOR-US: K-9 Mail CVE-2019-10740 (In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIM ...) - roundcube 1.3.10+dfsg.1-1 (bug #927713) [buster] - roundcube 1.3.10+dfsg.1-1~deb10u1 [stretch] - roundcube (Relies on php-crypt-gpg, not in stretch. Old version in 1.3 doesn't verify signature anyway) NOTE: https://github.com/roundcube/roundcubemail/issues/6638 NOTE: https://github.com/roundcube/roundcubemail/commit/de25226d310de11f6a9eb0aa7ea1c90d82dc70d8 (release-1.3) NOTE: https://github.com/roundcube/roundcubemail/commit/8fe12e2fadac9b1ce212341ca3632f85781cfea4 (master) CVE-2019-10739 RESERVED CVE-2019-10738 RESERVED CVE-2019-10737 RESERVED CVE-2019-10736 RESERVED CVE-2019-10735 (In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encry ...) - claws-mail (low; bug #926705) [bullseye] - claws-mail (Minor issue) [buster] - claws-mail (Revisit when fixed upstream) [stretch] - claws-mail (Revisit when fixed upstream) [jessie] - claws-mail (Revisit when fixed upstream) NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159 CVE-2019-10734 (In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypt ...) - trojita (bug #795701) NOTE: https://bugs.kde.org/show_bug.cgi?id=404697 CVE-2019-10733 RESERVED CVE-2019-10732 (In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypt ...) {DLA-1825-1} - kf5-messagelib 4:19.08.3-1 (bug #926996) [buster] - kf5-messagelib (Minor issue) [stretch] - kf5-messagelib (Minor issue) - kdepim [stretch] - kdepim (Minor issue) NOTE: https://bugs.kde.org/show_bug.cgi?id=404698 NOTE: https://github.com/KDE/messagelib/commit/8f9b85b664be0987014c5d2485e706ab5a198e1b (v19.04.2) CVE-2019-10731 RESERVED CVE-2019-10730 RESERVED CVE-2019-10729 RESERVED CVE-2019-10728 RESERVED CVE-2019-10727 RESERVED CVE-2019-10726 RESERVED CVE-2019-10725 RESERVED CVE-2019-10724 (There is a vulnerability with the Dolby DAX2 API system services in wh ...) NOT-FOR-US: Dolby CVE-2019-10723 (An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class i ...) - libpodofo (low; bug #926667) [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (clean exception quit/DoS, low popcon) NOTE: https://sourceforge.net/p/podofo/tickets/46/ CVE-2019-1003099 (A missing permission check in Jenkins openid Plugin in the OpenIdSsoSe ...) NOT-FOR-US: Jenkins openid Plugin CVE-2019-1003098 (A cross-site request forgery vulnerability in Jenkins openid Plugin in ...) NOT-FOR-US: Jenkins openid Plugin CVE-2019-1003097 (Jenkins Crowd Integration Plugin stores credentials unencrypted in the ...) NOT-FOR-US: Jenkins Crowd Integration Plugin CVE-2019-1003096 (Jenkins TestFairy Plugin stores credentials unencrypted in job config. ...) NOT-FOR-US: Jenkins TestFairy Plugin CVE-2019-1003095 (Jenkins Perfecto Mobile Plugin stores credentials unencrypted in its g ...) NOT-FOR-US: Jenkins Perfecto Mobile Plugin CVE-2019-1003094 (Jenkins Open STF Plugin stores credentials unencrypted in its global c ...) NOT-FOR-US: Jenkins Open STF Plugin CVE-2019-1003093 (A missing permission check in Jenkins Nomad Plugin in the NomadCloud.D ...) NOT-FOR-US: Jenkins Nomad Plugin CVE-2019-1003092 (A cross-site request forgery vulnerability in Jenkins Nomad Plugin in ...) NOT-FOR-US: Jenkins Nomad Plugin CVE-2019-1003091 (A missing permission check in Jenkins SOASTA CloudTest Plugin in the C ...) NOT-FOR-US: Jenkins SOASTA CloudTest Plugin CVE-2019-1003090 (A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest ...) NOT-FOR-US: Jenkins SOASTA CloudTest Plugin CVE-2019-1003089 (Jenkins Upload to pgyer Plugin stores credentials unencrypted in job c ...) NOT-FOR-US: Jenkins Upload to pgyer Plugin CVE-2019-1003088 (Jenkins Fabric Beta Publisher Plugin stores credentials unencrypted in ...) NOT-FOR-US: Jenkins Fabric Beta Publisher Plugin CVE-2019-1003087 (A missing permission check in Jenkins Chef Sinatra Plugin in the ChefB ...) NOT-FOR-US: Jenkins Chef Sinatra Plugin CVE-2019-1003086 (A cross-site request forgery vulnerability in Jenkins Chef Sinatra Plu ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003085 (A missing permission check in Jenkins Zephyr Enterprise Test Managemen ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003084 (A cross-site request forgery vulnerability in Jenkins Zephyr Enterpris ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003083 (A missing permission check in Jenkins Gearman Plugin in the GearmanPlu ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003082 (A cross-site request forgery vulnerability in Jenkins Gearman Plugin i ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003081 (A missing permission check in Jenkins OpenShift Deployer Plugin in the ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003080 (A cross-site request forgery vulnerability in Jenkins OpenShift Deploy ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003079 (A missing permission check in Jenkins VMware Lab Manager Slaves Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003078 (A cross-site request forgery vulnerability in Jenkins VMware Lab Manag ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003077 (A missing permission check in Jenkins Audit to Database Plugin in the ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003076 (A cross-site request forgery vulnerability in Jenkins Audit to Databas ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003075 (Jenkins Audit to Database Plugin stores credentials unencrypted in its ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003074 (Jenkins Hyper.sh Commons Plugin stores credentials unencrypted in its ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003073 (Jenkins VS Team Services Continuous Deployment Plugin stores credentia ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003072 (Jenkins WildFly Deployer Plugin stores credentials unencrypted in job ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003071 (Jenkins OctopusDeploy Plugin stores credentials unencrypted in its glo ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003070 (Jenkins veracode-scanner Plugin stores credentials unencrypted in its ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003069 (Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003068 (Jenkins VMware vRealize Automation Plugin stores credentials unencrypt ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003067 (Jenkins Trac Publisher Plugin stores credentials unencrypted in job co ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003066 (Jenkins Bugzilla Plugin stores credentials unencrypted in its global c ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003065 (Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003064 (Jenkins aws-device-farm Plugin stores credentials unencrypted in its g ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003063 (Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003062 (Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials unencr ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003061 (Jenkins jenkins-cloudformation-plugin Plugin stores credentials unencr ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003060 (Jenkins Official OWASP ZAP Plugin stores credentials unencrypted in it ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003059 (A missing permission check in Jenkins FTP publisher Plugin in the FTPP ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003058 (A cross-site request forgery vulnerability in Jenkins FTP publisher Pl ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003057 (Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003056 (Jenkins WebSphere Deployer Plugin stores credentials unencrypted in jo ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003055 (Jenkins FTP publisher Plugin stores credentials unencrypted in its glo ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003054 (Jenkins Jira Issue Updater Plugin stores credentials unencrypted in jo ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003053 (Jenkins HockeyApp Plugin stores credentials unencrypted in job config. ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003052 (Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unen ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003051 (Jenkins IRC Plugin stores credentials unencrypted in its global config ...) NOT-FOR-US: Jenkins plugin CVE-2019-10868 (In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 befo ...) {DSA-4426-1} - tryton-server 5.0.4-2 [jessie] - tryton-server (vulnerable code is not present) NOTE: https://discuss.tryton.org/t/security-release-for-issue8189/1262 NOTE: https://bugs.tryton.org/issue8189 NOTE: https://hg.tryton.org/trytond/rev/f58bbfe0aefb CVE-2019-10722 RESERVED CVE-2019-10721 (BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the Retur ...) NOT-FOR-US: BlogEngine.NET CVE-2019-10720 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...) NOT-FOR-US: BlogEngine.NET CVE-2019-10719 (BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remo ...) NOT-FOR-US: BlogEngine.NET CVE-2019-10718 (BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind In ...) NOT-FOR-US: BlogEngine.NET CVE-2019-10717 (BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via ...) NOT-FOR-US: BlogEngine.NET CVE-2019-10716 (An Information Disclosure issue in Verodin Director 3.5.3.1 and earlie ...) NOT-FOR-US: Verodin Director CVE-2019-10715 (There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input ...) NOT-FOR-US: Verodin Director CVE-2019-10714 (LocaleLowercase in MagickCore/locale.c in ImageMagick before 7.0.8-32 ...) - imagemagick (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1495 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/aa6a769bd85f6750c26e53e53dcd8a2678745501 NOTE: Issue introduced while fixing https://github.com/ImageMagick/ImageMagick/issues/1455 CVE-2019-10713 RESERVED CVE-2019-10712 (The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831 ...) NOT-FOR-US: WAGO Series devices CVE-2019-10711 (Incorrect access control in the RTSP stream and web portal on all IP c ...) NOT-FOR-US: IP cameras based on Hisilicon Hi3510 firmware CVE-2019-10710 (Insecure permissions in the Web management portal on all IP cameras ba ...) NOT-FOR-US: IP cameras based on Hisilicon Hi3510 firmware CVE-2019-10709 (AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a ...) NOT-FOR-US: Asus CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike i ...) NOT-FOR-US: S-CMS PHP CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter. ...) NOT-FOR-US: MKCMS CVE-2019-10706 (Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: T ...) NOT-FOR-US: Western Digital CVE-2019-10705 (Western Digital SanDisk X600 devices in certain configurations, a vuln ...) NOT-FOR-US: Western Digital CVE-2019-10704 RESERVED CVE-2019-10703 RESERVED CVE-2019-10702 RESERVED CVE-2019-10701 RESERVED CVE-2019-10700 RESERVED CVE-2019-10699 RESERVED CVE-2019-10698 RESERVED CVE-2019-10697 RESERVED CVE-2019-10696 RESERVED CVE-2019-10695 (When using the cd4pe::root_configuration task to configure a Continuou ...) NOT-FOR-US: cd4pe Puppet module CVE-2019-10694 (The express install, which is the suggested way to install Puppet Ente ...) NOT-FOR-US: Puppet Enterprise CVE-2019-10693 RESERVED CVE-2019-10692 (In the wp-google-maps plugin before 7.11.18 for WordPress, includes/cl ...) NOT-FOR-US: wp-google-maps plugin for WordPress CVE-2019-10691 (The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeate ...) - dovecot 1:2.3.4.1-4 [stretch] - dovecot (Vulnerable code not present, introduced in 2.3) [jessie] - dovecot (Vulnerable code not present, introduced in 2.3) NOTE: https://www.openwall.com/lists/oss-security/2019/04/18/3 CVE-2019-10690 RESERVED CVE-2019-10689 (VVX products using UCS software version 5.9.2 and earlier with Better ...) NOT-FOR-US: VVX products using UCS software CVE-2019-10688 (VVX products with software versions including and prior to, UCS 5.9.2 ...) NOT-FOR-US: VVX products using UCS CVE-2019-10687 (KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=r ...) NOT-FOR-US: KBPublisher CVE-2019-10686 (An SSRF vulnerability was found in an API from Ctrip Apollo through 1. ...) NOT-FOR-US: Ctrip Apollo CVE-2019-10685 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) NOT-FOR-US: Heidelberg Prinect Archiver CVE-2019-10684 (Application/Admin/Controller/ConfigController.class.php in 74cms v5.0. ...) NOT-FOR-US: 74cms CVE-2019-10683 RESERVED CVE-2019-10682 (django-nopassword before 5.0.0 stores cleartext secrets in the databas ...) NOT-FOR-US: django-nopassword CVE-2019-10681 RESERVED CVE-2019-10680 RESERVED CVE-2019-10679 (Thomson Reuters Eikon 4.0.42144 allows all local users to modify the s ...) NOT-FOR-US: Thomson Reuters Eikon CVE-2019-10678 (Domoticz before 4.10579 neglects to categorize \n and \r as insecure a ...) - domoticz (bug #899058) CVE-2019-10677 (Multiple Cross-Site Scripting (XSS) issues in the web interface on DAS ...) NOT-FOR-US: DASAN CVE-2019-10676 (An issue was discovered in Uniqkey Password Manager 1.14. Upon enterin ...) NOT-FOR-US: Uniqkey Password Manager CVE-2019-10675 REJECTED CVE-2019-10674 RESERVED CVE-2019-10673 (A CSRF vulnerability in a logged-in user's profile edit form in the Ul ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2019-10671 (An issue was discovered in LibreNMS through 1.47. It does not paramete ...) NOT-FOR-US: LibreNMS CVE-2019-10670 (An issue was discovered in LibreNMS through 1.47. Many of the scripts ...) NOT-FOR-US: LibreNMS CVE-2019-10669 (An issue was discovered in LibreNMS through 1.47. There is a command i ...) NOT-FOR-US: LibreNMS CVE-2019-10668 (An issue was discovered in LibreNMS through 1.47. A number of scripts ...) NOT-FOR-US: LibreNMS CVE-2019-10667 (An issue was discovered in LibreNMS through 1.47. Information disclosu ...) NOT-FOR-US: LibreNMS CVE-2019-10666 (An issue was discovered in LibreNMS through 1.47. Several of the scrip ...) NOT-FOR-US: LibreNMS CVE-2019-10665 (An issue was discovered in LibreNMS through 1.47. The scripts that han ...) NOT-FOR-US: LibreNMS CVE-2019-10664 (Domoticz before 4.10578 allows SQL Injection via the idx parameter in ...) - domoticz (bug #899058) CVE-2019-10672 (treeRead in hdf/btree.c in libmysofa before 0.7 does not properly vali ...) - libmysofa 0.6~dfsg0-3 (bug #926125) NOTE: https://github.com/hoene/libmysofa/commit/d39a171e9c6a1c44dbdf43f9db6c3fbd887e38c1 CVE-2019-10663 (Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticate ...) NOT-FOR-US: Grandstream CVE-2019-10662 (Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticate ...) NOT-FOR-US: Grandstream CVE-2019-10661 (On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account ...) NOT-FOR-US: Grandstream CVE-2019-10660 (Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenti ...) NOT-FOR-US: Grandstream CVE-2019-10659 (Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices a ...) NOT-FOR-US: Grandstream CVE-2019-10658 (Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated ...) NOT-FOR-US: Grandstream CVE-2019-10657 (Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 device ...) NOT-FOR-US: Grandstream CVE-2019-10656 (Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated ...) NOT-FOR-US: Grandstream CVE-2019-10655 (Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3 ...) NOT-FOR-US: Grandstream CVE-2019-10654 (The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in ...) - lrzip (unimportant) NOTE: https://github.com/ckolivas/lrzip/issues/108 NOTE: Crash in CLI tool, no security impact CVE-2019-10653 (An issue was discovered in Hsycms V1.1. There is a SQL injection vulne ...) NOT-FOR-US: Hsycms CVE-2019-10652 (An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote a ...) NOT-FOR-US: flatCore CVE-2019-10651 (An issue was discovered in the Core Server in Ivanti Endpoint Manager ...) NOT-FOR-US: Ivanti CVE-2019-10650 (In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in ...) {DSA-4436-1 DLA-1785-1} - imagemagick 8:6.9.10.23+dfsg-2.1 (bug #926091) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1532 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4800ae0dabdb3012f82820af946060c3ca9fdb87 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d8d844c6f23f4d90d8fe893fe9225dd78fc1e6ef CVE-2019-10649 (In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SV ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1533 NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3ae9c19125c8704b4866381f7a064ca2cbdc006 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e3417aebe17cbe274b7361aa92c83226ca5b646b CVE-2019-10648 (Robocode through 1.9.3.5 allows remote attackers to cause external ser ...) - robocode 1.9.3.3-2 (low; bug #926088) [stretch] - robocode (Minor issue) [jessie] - robocode (games are not supported) NOTE: https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd#diff-0296a8f9d4a509789f4dc4f052d9c36f NOTE: https://sourceforge.net/p/robocode/bugs/406/ CVE-2019-10647 (ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: ZZZCMS zzzphp CVE-2019-10646 (Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the mod ...) NOT-FOR-US: Wolf CMS CVE-2019-10645 RESERVED CVE-2019-10644 (An issue was discovered in HYBBS 2.2. /?admin/user.html has a CSRF vul ...) NOT-FOR-US: HYBBS CVE-2019-10643 (Contao 4.7 allows Use of a Key Past its Expiration Date. ...) NOT-FOR-US: Contao CVE-2019-10642 (Contao 4.7 allows CSRF. ...) NOT-FOR-US: Contao CVE-2019-10641 (Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery ...) NOT-FOR-US: Contao CVE-2019-10640 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10639 (The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows I ...) {DSA-4497-1 DLA-1885-1 DLA-1862-1} - linux 4.19.37-1 NOTE: https://arxiv.org/pdf/1906.10478.pdf CVE-2019-10638 (In the Linux kernel before 5.1.7, a device can be tracked by an attack ...) {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1} - linux 5.2.6-1 NOTE: https://arxiv.org/pdf/1906.10478.pdf CVE-2019-10637 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...) NOT-FOR-US: Marvell CVE-2019-10636 (Marvell SSD Controller (88SS1074, 88SS1079, 88SS1080, 88SS1093, 88SS10 ...) NOT-FOR-US: Marvell CVE-2019-10635 RESERVED CVE-2019-10634 (An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allow ...) NOT-FOR-US: Zyxel CVE-2019-10633 (An eval injection vulnerability in the Python web server routing on th ...) NOT-FOR-US: Zyxel CVE-2019-10632 (A directory traversal vulnerability in the file browser component on t ...) NOT-FOR-US: Zyxel CVE-2019-10631 (Shell Metacharacter Injection in the package installer on Zyxel NAS 32 ...) NOT-FOR-US: Zyxel CVE-2019-10630 (A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 a ...) NOT-FOR-US: Zyxel CVE-2019-10629 (u'User Process can potentially corrupt kernel virtual page by passing ...) NOT-FOR-US: Snapdragon CVE-2019-10628 (u'Memory can be potentially corrupted if random index is allowed to ma ...) NOT-FOR-US: Snapdragon CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image ...) NOT-FOR-US: Qualcomm CVE-2019-10626 (Payload size is not validated before reading memory that may cause iss ...) NOT-FOR-US: Snapdragon CVE-2019-10625 (Out of bound access in diag services when DCI command buffer reallocat ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10624 (While handling the vendor command there is an integer truncation issue ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10623 (Possible integer overflow can happen in host driver while processing u ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10622 (Out of bound memory access can happen while parsing ADSP message due t ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10621 (Use after free issue when MAP and UNMAP calls at same time as data str ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10620 (Kernel memory error in debug module due to improper check of user data ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10619 RESERVED CVE-2019-10618 (Driver may access an invalid address while processing IO control due t ...) NOT-FOR-US: Snapdragon CVE-2019-10617 (Low privilege users can access service configuration which contains re ...) NOT-FOR-US: Qualcomm CVE-2019-10616 (Possibility of null pointer access if the SPDM commands are executed i ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10615 (u'Possibility of integer overflow in keymaster 4 while allocating memo ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10614 (Out of boundary access is possible as there is no validation of data a ...) NOT-FOR-US: Snapdragon CVE-2019-10613 RESERVED CVE-2019-10612 (UTCB object has a function pointer called by the reaper to deallocate ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10611 (Buffer overflow can occur while processing clip due to lack of check o ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10610 (Possible buffer over read when trying to process SDP message Video med ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10609 (Out of bound write can happen due to lack of check of array index valu ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10608 (Information disclosure issue occurs as there is no binding between the ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10607 (Out of bounds memcpy can occur by providing the embedded NULL characte ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10606 (Out-of-bound access will occur in USB driver due to lack of check to v ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10605 (Buffer overwrite can occur in IEEE80211 header filling function due to ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10604 (Possibility of heap-buffer-overflow during last iteration of loop whil ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10603 (Use after free issue occurs If the real device interface goes down and ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10602 (Potential use-after-free heap error during Validate/Present calls on d ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10601 (Out of bound access can occur while processing firmware event due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10600 (Use of local variable as argument to netlink CB callback goes out of i ...) NOT-FOR-US: Snapdragon CVE-2019-10599 RESERVED CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS conne ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10597 (kernel writes to user passed address without any checks can lead to ar ...) NOT-FOR-US: Snapdragon CVE-2019-10596 (u'Improper access control can lead signed process to guess pid of othe ...) NOT-FOR-US: Snapdragon CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of validation ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10594 (Stack overflow can occur when SDP is received with multiple payload ty ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10593 (Buffer overflow can occur when processing non standard SDP video Image ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10592 (Possible integer overflow while multiplying two integers of 32 bit in ...) NOT-FOR-US: Snapdragon CVE-2019-10591 (Null pointer dereference can happen when parsing udta atom which is no ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10590 (Out of bound access while parsing dts atom, which is non-standard as i ...) NOT-FOR-US: Snapdragon CVE-2019-10589 (Lack of length check of response buffer can lead to buffer over-flow w ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10588 (Copying RTCP messages into the output buffer without checking the dest ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10587 (Possible Stack overflow can occur when processing a large SDP body or ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10586 (Filling media attribute tag names without validating the destination b ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10585 (Possible integer overflow happens when mmap find function will increme ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10584 (Possibility of out of bound access in debug queue, if packet size fiel ...) NOT-FOR-US: Snapdragon CVE-2019-10583 (Use after free issue occurs when camera access sensors data through di ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10582 (Use after free issue due to using of invalidated iterator to delete an ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10581 (NULL is assigned to local instance of audio device pointer after free ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10580 (When kernel thread unregistered listener, Use after free issue happene ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10579 (Buffer over-read can occur while playing the video clip which is not s ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10578 (Null pointer dereference can occur while parsing the clip which is non ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10577 (Improper input validation while processing SIP URI received from the n ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10576 RESERVED CVE-2019-10575 (Wlan binary which is not signed with OEMs RoT is working on secure dev ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10574 (Lack of boundary checks for data offsets received from HLOS can lead t ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10573 RESERVED CVE-2019-10572 (Improper check in video driver while processing data from video firmwa ...) NOT-FOR-US: Snapdragon CVE-2019-10571 (Snapshot of IB can lead to invalid address access due to missing check ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10570 RESERVED CVE-2019-10569 (Stack buffer overflow due to instance id is misplaced inside definitio ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10568 RESERVED CVE-2019-10567 (There is a way to deceive the GPU kernel driver into thinking there is ...) NOT-FOR-US: Snapdragon CVE-2019-10566 (Buffer overflow can occur in wlan module if supported rates or extende ...) NOT-FOR-US: Snapdragon CVE-2019-10565 (Double free issue can happen when sensor power settings is freed by so ...) NOT-FOR-US: Snapdragon CVE-2019-10564 (Possible OOB issue in EEPROM due to lack of check while accessing memo ...) NOT-FOR-US: Snapdragon CVE-2019-10563 (Buffer over-read can occur in fast message handler due to improper inp ...) NOT-FOR-US: Snapdragon CVE-2019-10562 (u'Improper authentication and signature verification of debug polices ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10561 (Improper initialization of local variables which are parameters to sfs ...) NOT-FOR-US: Snapdragon CVE-2019-10560 RESERVED CVE-2019-10559 (Accessing data buffer beyond the available data while parsing ogg clip ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10558 (While transferring data from APPS to DSP, Out of bound in FastRPC HLOS ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10557 (Out-of-bound read in the wireless driver in the Linux kernel due to la ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10556 (Missing length check before copying the data from kernel space to user ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10555 (Buffer overflow can occur due to usage of wrong datatype and missing l ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10554 (Multiple Read overflows issue due to improper length check while decod ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10553 (Multiple Read overflows due to improper length checks while decoding a ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10552 (Multiple Buffer Over-read issue can happen due to improper length chec ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10551 (String error while processing non standard SIP messages received can l ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10550 (Buffer Over-read when UE is trying to process the message received for ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10549 (Null pointer dereference issue can happen due to improper validation o ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10548 (While trying to obtain datad ipc handle during DPL initialization, Hea ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10547 (When issuing IOCTL calls to ION, Memory leak can occur due to failure ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10546 (Buffer overflow can occur in WLAN firmware while parsing beacon/probe_ ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10545 (Null pointer dereference issue in kernel due to missing check related ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10544 (Improper length check on source buffer to handle userspace data receiv ...) NOT-FOR-US: Snapdragon CVE-2019-10543 RESERVED CVE-2019-10542 (Buffer over-read may occur when downloading a corrupted firmware file ...) NOT-FOR-US: Snapdragon CVE-2019-10541 (Dereference on uninitialized buffer can happen when parsing FLV clip w ...) NOT-FOR-US: Snapdragon CVE-2019-10540 (Buffer overflow in WLAN NAN function due to lack of check of count val ...) NOT-FOR-US: Snapdragon CVE-2019-10539 (Possible buffer overflow issue due to lack of length check when parsin ...) NOT-FOR-US: Snapdragon CVE-2019-10538 (Lack of check of address range received from firmware response allows ...) NOT-FOR-US: Snapdragon CVE-2019-10537 (Improper validation of event buffer extracted from FW response can lea ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10536 (Potential double free scenario if driver receives another DIAG_EVENT_L ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10535 (Improper validation for loop variable received from firmware can lead ...) NOT-FOR-US: Snapdragon CVE-2019-10534 (Null-pointer dereference can occur while accessing the super index ent ...) NOT-FOR-US: Snapdragon CVE-2019-10533 (Out of bound access due to improper validation of array index cause th ...) NOT-FOR-US: Snapdragon CVE-2019-10532 (Null-pointer dereference issue can occur while calculating string leng ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10531 (Incorrect reading of system image resulting in buffer overflow when si ...) NOT-FOR-US: Snapdragon CVE-2019-10530 (Lack of check of data truncation on user supplied data in kernel leads ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10529 (Possible use after free issue due to race condition while attempting t ...) NOT-FOR-US: Snapdragon CVE-2019-10528 (Use after free issue in kernel while accessing freed mdlog session inf ...) NOT-FOR-US: Snapdragon CVE-2019-10527 (u'SMEM partition can be manipulated in case of any compromise on HLOS, ...) NOT-FOR-US: Snapdragon CVE-2019-10526 (Out of bound write in WLAN driver due to NULL character not properly p ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10525 (Buffer overflow during SIB read when network configures complete sib l ...) NOT-FOR-US: Snapdragon CVE-2019-10524 (Lack of check for a negative value returned for get_clk is wrongly int ...) NOT-FOR-US: Snapdragon CVE-2019-10523 (Target specific data is being sent to remote server and leads to infor ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10522 (While playing the clip which is nonstandard buffer overflow can occur ...) NOT-FOR-US: Snapdragon CVE-2019-10521 RESERVED CVE-2019-10520 (An unprivileged application can allocate GPU memory by calling memory ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10519 RESERVED CVE-2019-10518 (Use after free of a pointer in iWLAN scenario during netmgr state tran ...) NOT-FOR-US: Snapdragon CVE-2019-10517 (Memory is being freed up twice when two concurrent threads are executi ...) NOT-FOR-US: Snapdragon CVE-2019-10516 (Multiple read overflows in MM while decoding service accept,service re ...) NOT-FOR-US: Snapdragon CVE-2019-10515 (DCI client which might be preemptively freed up might be accessed for ...) NOT-FOR-US: Snapdragon CVE-2019-10514 RESERVED CVE-2019-10513 (Possibility of Null pointer access if the SPDM commands are executed i ...) NOT-FOR-US: Snapdragon CVE-2019-10512 (Payload size is not checked before using it as array index in audio in ...) NOT-FOR-US: Snapdragon CVE-2019-10511 (Possibility of memory overflow while decoding GSNDCP compressed mode P ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10510 (BT process died and BT toggled due to null pointer dereference when in ...) NOT-FOR-US: Snapdragon CVE-2019-10509 (Device record of the pairing device used after free during ACL disconn ...) NOT-FOR-US: Snapdragon CVE-2019-10508 (Lack of input validation for data received from user space can lead to ...) NOT-FOR-US: Snapdragon CVE-2019-10507 (Lack of check of extscan change results received from firmware can lea ...) NOT-FOR-US: Snapdragon CVE-2019-10506 (While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor comm ...) NOT-FOR-US: Snapdragon CVE-2019-10505 (Out of bound access while processing a non-standard IE measurement req ...) NOT-FOR-US: Snapdragon CVE-2019-10504 (Firmware not able to send EXT scan response to host within 1 sec due t ...) NOT-FOR-US: Snapdragon CVE-2019-10503 (Out-of-bounds access can occur in camera driver due to improper valida ...) NOT-FOR-US: Snapdragon CVE-2019-10502 (Possible stack overflow when an index equal to io buffer size is acces ...) NOT-FOR-US: Snapdragon CVE-2019-10501 (Possible use after free issue due to improper input validation in volu ...) NOT-FOR-US: Snapdragon CVE-2019-10500 (While processing MT Secondary PDP request, Buffer overflow will happen ...) NOT-FOR-US: Snapdragon CVE-2019-10499 (Improper validation of read and write index of tx and rx fifo`s before ...) NOT-FOR-US: Snapdragon CVE-2019-10498 (Buffer overflow scenario if the client sends more than 5 io_vec reques ...) NOT-FOR-US: Snapdragon CVE-2019-10497 (Use after free issue occurs If another instance of open for voice_svc ...) NOT-FOR-US: Snapdragon CVE-2019-10496 (Lack of checking a variable received from driver and populating in Fir ...) NOT-FOR-US: Snapdragon CVE-2019-10495 (Arbitrary buffer write issue while processing sequence header during H ...) NOT-FOR-US: Snapdragon CVE-2019-10494 (Race condition between the camera functions due to lack of resource lo ...) NOT-FOR-US: Snapdragon CVE-2019-10493 (Position determination accuracy may be degraded due to wrongly decoded ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10492 (Boot image not getting verified by AVB in Snapdragon Auto, Snapdragon ...) NOT-FOR-US: Snapdragon CVE-2019-10491 (ADSP can be compromised since it`s a general-purpose CPU processing un ...) NOT-FOR-US: Snapdragon CVE-2019-10490 (Use after free issue in Xtra daemon shutdown due to static object inst ...) NOT-FOR-US: Snapdragon CVE-2019-10489 (Possible null-pointer dereference can occur while parsing avi clip dur ...) NOT-FOR-US: Snapdragon CVE-2019-10488 (Null pointer dereference can occur while parsing invalid chunks while ...) NOT-FOR-US: Snapdragon CVE-2019-10487 (Buffer over read can happen while parsing SMS OTA messages at transpor ...) NOT-FOR-US: Snapdragon CVE-2019-10486 (Race condition due to the lack of resource lock which will be concurre ...) NOT-FOR-US: Snapdragon CVE-2019-10485 (Infinite loop while decoding compressed data can lead to overrun condi ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10484 (Use after free issue occurs when command destructors access dynamicall ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10483 (Side channel issue in QTEE due to usage of non-time-constant compariso ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10482 (Due to the use of non-time-constant comparison functions there is issu ...) NOT-FOR-US: Snapdragon CVE-2019-10481 (Out of bound access occurs while handling the WMI FW event due to lack ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10480 (Out of bound write can happen in WMI firmware event handler due to lac ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-10479 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...) NOT-FOR-US: Glory RBW-100 devices CVE-2019-10478 (An issue was discovered on Glory RBW-100 devices with firmware ISP-K05 ...) NOT-FOR-US: Glory RBW-100 devices CVE-2019-10477 (The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 fo ...) NOT-FOR-US: GLPI plugin CVE-2019-10476 (Jenkins Zulip Plugin 1.1.0 and earlier stored credentials unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2019-10475 (A reflected cross-site scripting vulnerability in Jenkins build-metric ...) NOT-FOR-US: Jenkins plugin CVE-2019-10474 (A missing permission check in Jenkins Global Post Script Plugin in all ...) NOT-FOR-US: Jenkins plugin CVE-2019-10473 (A missing permission check in Jenkins Libvirt Slaves Plugin in form-re ...) NOT-FOR-US: Jenkins plugin CVE-2019-10472 (A missing permission check in Jenkins Libvirt Slaves Plugin allows att ...) NOT-FOR-US: Jenkins plugin CVE-2019-10471 (A cross-site request forgery vulnerability in Jenkins Libvirt Slaves P ...) NOT-FOR-US: Jenkins plugin CVE-2019-10470 (A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI ...) NOT-FOR-US: Jenkins plugin CVE-2019-10469 (A missing permission check in Jenkins ElasticBox Jenkins Kubernetes CI ...) NOT-FOR-US: Jenkins plugin CVE-2019-10468 (A cross-site request forgery vulnerability in Jenkins ElasticBox Jenki ...) NOT-FOR-US: Jenkins plugin CVE-2019-10467 (Jenkins Sonar Gerrit Plugin stores credentials unencrypted in job conf ...) NOT-FOR-US: Jenkins plugin CVE-2019-10466 (An XML external entities (XXE) vulnerability in Jenkins 360 FireLine P ...) NOT-FOR-US: Jenkins plugin CVE-2019-10465 (A missing permission check in Jenkins Deploy WebLogic Plugin allows at ...) NOT-FOR-US: Jenkins plugin CVE-2019-10464 (A cross-site request forgery vulnerability in Jenkins Deploy WebLogic ...) NOT-FOR-US: Jenkins plugin CVE-2019-10463 (A missing permission check in Jenkins Dynatrace Application Monitoring ...) NOT-FOR-US: Jenkins plugin CVE-2019-10462 (A cross-site request forgery vulnerability in Jenkins Dynatrace Applic ...) NOT-FOR-US: Jenkins plugin CVE-2019-10461 (Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier stor ...) NOT-FOR-US: Jenkins plugin CVE-2019-10460 (Jenkins Bitbucket OAuth Plugin 0.9 and earlier stored credentials unen ...) NOT-FOR-US: Jenkins plugin CVE-2019-10459 (Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhoo ...) NOT-FOR-US: Jenkins plugin CVE-2019-10458 (Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe ...) NOT-FOR-US: Jenkins plugin CVE-2019-10457 (A missing permission check in Jenkins Oracle Cloud Infrastructure Comp ...) NOT-FOR-US: Jenkins plugin CVE-2019-10456 (A cross-site request forgery vulnerability in Jenkins Oracle Cloud Inf ...) NOT-FOR-US: Jenkins plugin CVE-2019-10455 (A missing permission check in Jenkins Rundeck Plugin allows attackers ...) NOT-FOR-US: Jenkins plugin CVE-2019-10454 (A cross-site request forgery vulnerability in Jenkins Rundeck Plugin a ...) NOT-FOR-US: Jenkins plugin CVE-2019-10453 (Jenkins Delphix Plugin stores credentials unencrypted in its global co ...) NOT-FOR-US: Jenkins plugin CVE-2019-10452 (Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in ...) NOT-FOR-US: Jenkins plugin CVE-2019-10451 (Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its ...) NOT-FOR-US: Jenkins plugin CVE-2019-10450 (Jenkins ElasticBox CI Plugin stores credentials unencrypted in the glo ...) NOT-FOR-US: Jenkins plugin CVE-2019-10449 (Jenkins Fortify on Demand Plugin stores credentials unencrypted in job ...) NOT-FOR-US: Jenkins plugin CVE-2019-10448 (Jenkins Extensive Testing Plugin stores credentials unencrypted in job ...) NOT-FOR-US: Jenkins plugin CVE-2019-10447 (Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xm ...) NOT-FOR-US: Jenkins plugin CVE-2019-10446 (Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and ...) NOT-FOR-US: Jenkins plugin CVE-2019-10445 (A missing permission check in Jenkins Google Kubernetes Engine Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-10444 (Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disa ...) NOT-FOR-US: Jenkins plugin CVE-2019-10443 (Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypt ...) NOT-FOR-US: Jenkins plugin CVE-2019-10442 (A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2019-10441 (A cross-site request forgery vulnerability in Jenkins iceScrum Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-10440 (Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2019-10439 (A missing permission check in Jenkins CRX Content Package Deployer Plu ...) NOT-FOR-US: Jenkins plugin CVE-2019-10438 (A missing permission check in Jenkins CRX Content Package Deployer Plu ...) NOT-FOR-US: Jenkins plugin CVE-2019-10437 (A cross-site request forgery vulnerability in Jenkins CRX Content Pack ...) NOT-FOR-US: Jenkins plugin CVE-2019-10436 (An arbitrary file read vulnerability in Jenkins Google OAuth Credentia ...) NOT-FOR-US: Jenkins plugin CVE-2019-10435 (Jenkins SourceGear Vault Plugin transmits configured credentials in pl ...) NOT-FOR-US: Jenkins plugin CVE-2019-10434 (Jenkins LDAP Email Plugin transmits configured credentials in plain te ...) NOT-FOR-US: Jenkins plugin CVE-2019-10433 (Jenkins Dingding[钉钉] Plugin stores credentials unencrypt ...) NOT-FOR-US: Jenkins plugin CVE-2019-10432 (Jenkins HTML Publisher Plugin 1.20 and earlier did not escape the proj ...) NOT-FOR-US: Jenkins plugin CVE-2019-10431 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10430 (Jenkins NeuVector Vulnerability Scanner Plugin 1.5 and earlier stored ...) NOT-FOR-US: Jenkins plugin CVE-2019-10429 (Jenkins GitLab Logo Plugin stores credentials unencrypted in its globa ...) NOT-FOR-US: Jenkins plugin CVE-2019-10428 (Jenkins Aqua Security Scanner Plugin 3.0.17 and earlier transmitted co ...) NOT-FOR-US: Jenkins plugin CVE-2019-10427 (Jenkins Aqua MicroScanner Plugin 1.0.7 and earlier transmitted configu ...) NOT-FOR-US: Jenkins plugin CVE-2019-10426 (Jenkins Gem Publisher Plugin stores credentials unencrypted in its glo ...) NOT-FOR-US: Jenkins plugin CVE-2019-10425 (Jenkins Google Calendar Plugin stores credentials unencrypted in job c ...) NOT-FOR-US: Jenkins plugin CVE-2019-10424 (Jenkins elOyente Plugin stores credentials unencrypted in its global c ...) NOT-FOR-US: Jenkins plugin CVE-2019-10423 (Jenkins CodeScan Plugin stores credentials unencrypted in its global c ...) NOT-FOR-US: Jenkins plugin CVE-2019-10422 (Jenkins Call Remote Job Plugin stores credentials unencrypted in job c ...) NOT-FOR-US: Jenkins plugin CVE-2019-10421 (Jenkins Azure Event Grid Build Notifier Plugin stores credentials unen ...) NOT-FOR-US: Jenkins plugin CVE-2019-10420 (Jenkins Assembla Plugin stores credentials unencrypted in its global c ...) NOT-FOR-US: Jenkins plugin CVE-2019-10419 (Jenkins vFabric Application Director Plugin stores credentials unencry ...) NOT-FOR-US: Jenkins plugin CVE-2019-10418 (Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin provides a c ...) NOT-FOR-US: Jenkins plugin CVE-2019-10417 (Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin provides a c ...) NOT-FOR-US: Jenkins plugin CVE-2019-10416 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...) NOT-FOR-US: Jenkins plugin CVE-2019-10415 (Jenkins Violation Comments to GitLab Plugin 2.28 and earlier stored cr ...) NOT-FOR-US: Jenkins plugin CVE-2019-10414 (Jenkins Git Changelog Plugin 2.17 and earlier stored credentials unenc ...) NOT-FOR-US: Jenkins plugin CVE-2019-10413 (Jenkins Data Theorem: CI/CD Plugin 1.3 and earlier stored credentials ...) NOT-FOR-US: Jenkins plugin CVE-2019-10412 (Jenkins Inedo ProGet Plugin 1.2 and earlier transmitted configured cre ...) NOT-FOR-US: Jenkins plugin CVE-2019-10411 (Jenkins Inedo BuildMaster Plugin 2.4.0 and earlier transmitted configu ...) NOT-FOR-US: Jenkins plugin CVE-2019-10410 (Jenkins Log Parser Plugin 2.0 and earlier did not escape an error mess ...) NOT-FOR-US: Jenkins plugin CVE-2019-10409 (A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10408 (A cross-site request forgery vulnerability in Jenkins Project Inherita ...) NOT-FOR-US: Jenkins plugin CVE-2019-10407 (Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list ...) NOT-FOR-US: Jenkins plugin CVE-2019-10406 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not restrict or ...) - jenkins CVE-2019-10405 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value o ...) - jenkins CVE-2019-10404 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...) - jenkins CVE-2019-10403 (Jenkins 2.196 and earlier, LTS 2.176.3 and earlier did not escape the ...) - jenkins CVE-2019-10402 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:combobox ...) - jenkins CVE-2019-10401 (In Jenkins 2.196 and earlier, LTS 2.176.3 and earlier, the f:expandabl ...) - jenkins CVE-2019-10400 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10399 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10398 (Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unenc ...) NOT-FOR-US: Jenkins plugin CVE-2019-10397 (Jenkins Aqua Security Serverless Scanner Plugin 1.0.4 and earlier tran ...) NOT-FOR-US: Jenkins plugin CVE-2019-10396 (Jenkins Dashboard View Plugin 2.11 and earlier did not escape build de ...) NOT-FOR-US: Jenkins plugin CVE-2019-10395 (Jenkins Build Environment Plugin 1.6 and earlier did not escape variab ...) NOT-FOR-US: Jenkins plugin CVE-2019-10394 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10393 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10392 (Jenkins Git Client Plugin 2.8.4 and earlier did not properly restrict ...) NOT-FOR-US: Jenkins plugin CVE-2019-10391 (Jenkins IBM Application Security on Cloud Plugin 1.2.4 and earlier tra ...) NOT-FOR-US: IBM CVE-2019-10390 (A sandbox bypass vulnerability in Jenkins Splunk Plugin 1.7.4 and earl ...) NOT-FOR-US: Jenkins plugin CVE-2019-10389 (A missing permission check in Jenkins Relution Enterprise Appstore Pub ...) NOT-FOR-US: Jenkins plugin CVE-2019-10388 (A cross-site request forgery vulnerability in Jenkins Relution Enterpr ...) NOT-FOR-US: Jenkins plugin CVE-2019-10387 (A missing permission check in Jenkins XL TestView Plugin 1.2.0 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2019-10386 (A cross-site request forgery vulnerability in Jenkins XL TestView Plug ...) NOT-FOR-US: Jenkins plugin CVE-2019-10385 (Jenkins eggPlant Plugin 2.2 and earlier stores credentials unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2019-10384 (Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to ob ...) - jenkins CVE-2019-10383 (A stored cross-site scripting vulnerability in Jenkins 2.191 and earli ...) - jenkins CVE-2019-10382 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SS ...) NOT-FOR-US: Jenkins plugin CVE-2019-10381 (Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS ...) NOT-FOR-US: Jenkins plugin CVE-2019-10380 (Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies ...) NOT-FOR-US: Jenkins plugin CVE-2019-10379 (Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier sto ...) NOT-FOR-US: Jenkins plugin CVE-2019-10378 (Jenkins TestLink Plugin 3.16 and earlier stores credentials unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2019-10377 (A missing permission check in Jenkins Avatar Plugin 1.2 and earlier al ...) NOT-FOR-US: Jenkins plugin CVE-2019-10376 (A reflected cross-site scripting vulnerability in Jenkins Wall Display ...) NOT-FOR-US: Jenkins plugin CVE-2019-10375 (An arbitrary file read vulnerability in Jenkins File System SCM Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-10374 (A stored cross-site scripting vulnerability in Jenkins PegDown Formatt ...) NOT-FOR-US: Jenkins plugin CVE-2019-10373 (A stored cross-site scripting vulnerability in Jenkins Build Pipeline ...) NOT-FOR-US: Jenkins plugin CVE-2019-10372 (An open redirect vulnerability in Jenkins Gitlab Authentication Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-10371 (A session fixation vulnerability in Jenkins Gitlab Authentication Plug ...) NOT-FOR-US: Jenkins plugin CVE-2019-10370 (Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally co ...) NOT-FOR-US: Jenkins plugin CVE-2019-10369 (A missing permission check in Jenkins JClouds Plugin 2.14 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2019-10368 (A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10367 (Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as C ...) NOT-FOR-US: Jenkins plugin CVE-2019-10366 (Jenkins Skytap Cloud CI Plugin 2.06 and earlier stored credentials une ...) NOT-FOR-US: Jenkins Skytap Cloud CI Plugin CVE-2019-10365 (Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a te ...) NOT-FOR-US: Jenkins Google Kubernetes Engine Plugin CVE-2019-10364 (Jenkins Amazon EC2 Plugin 1.43 and earlier wrote the beginning of priv ...) NOT-FOR-US: Jenkins Amazon EC2 Plugin CVE-2019-10363 (Jenkins Configuration as Code Plugin 1.24 and earlier did not reliably ...) NOT-FOR-US: Jenkins Configuration as Code Plugin CVE-2019-10362 (Jenkins Configuration as Code Plugin 1.24 and earlier did not escape v ...) NOT-FOR-US: Jenkins Configuration as Code Plugin CVE-2019-10361 (Jenkins Maven Release Plugin 0.14.0 and earlier stored credentials une ...) NOT-FOR-US: Jenkins Maven Release Plugin CVE-2019-10360 (A stored cross site scripting vulnerability in Jenkins Maven Release P ...) NOT-FOR-US: Jenkins Maven Release Plugin CVE-2019-10359 (A cross-site request forgery vulnerability in Jenkins Maven Release Pl ...) NOT-FOR-US: Jenkins Maven Release Plugin CVE-2019-10358 (Jenkins Maven Integration Plugin 3.3 and earlier did not apply build l ...) NOT-FOR-US: Jenkins Maven Integration Plugi CVE-2019-10357 (A missing permission check in Jenkins Pipeline: Shared Groovy Librarie ...) NOT-FOR-US: Jenkins Pipeline: Shared Groovy Libraries Plugin CVE-2019-10356 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2019-10355 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.61 ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2019-10354 (A vulnerability in the Stapler web framework used in Jenkins 2.185 and ...) - jenkins CVE-2019-10353 (CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did ...) - jenkins CVE-2019-10352 (A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176 ...) - jenkins CVE-2019-10351 (Jenkins Caliper CI Plugin stores credentials unencrypted in job config ...) NOT-FOR-US: Jenkins plugin CVE-2019-10350 (Jenkins Port Allocator Plugin stores credentials unencrypted in job co ...) NOT-FOR-US: Jenkins plugin CVE-2019-10349 (A stored cross site scripting vulnerability in Jenkins Dependency Grap ...) NOT-FOR-US: Jenkins plugin CVE-2019-10348 (Jenkins Gogs Plugin stored credentials unencrypted in job config.xml f ...) NOT-FOR-US: Jenkins plugin CVE-2019-10347 (Jenkins Mashup Portlets Plugin stored credentials unencrypted on the J ...) NOT-FOR-US: Jenkins plugin CVE-2019-10346 (A reflected cross site scripting vulnerability in Jenkins Embeddable B ...) NOT-FOR-US: Jenkins plugin CVE-2019-10345 (Jenkins Configuration as Code Plugin 1.20 and earlier did not treat th ...) NOT-FOR-US: Jenkins Configuration as Code Plugin CVE-2019-10344 (Missing permission checks in Jenkins Configuration as Code Plugin 1.24 ...) NOT-FOR-US: Jenkins Configuration as Code Plugin CVE-2019-10343 (Jenkins Configuration as Code Plugin 1.24 and earlier did not properly ...) NOT-FOR-US: Jenkins Configuration as Code Plugin CVE-2019-10342 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2019-10341 (A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2019-10340 (A cross-site request forgery vulnerability in Jenkins Docker Plugin 1. ...) NOT-FOR-US: Jenkins plugin CVE-2019-10339 (A missing permission check in Jenkins JX Resources Plugin 1.0.36 and e ...) NOT-FOR-US: Jenkins plugin CVE-2019-10338 (A cross-site request forgery vulnerability in Jenkins JX Resources Plu ...) NOT-FOR-US: Jenkins plugin CVE-2019-10337 (An XML external entities (XXE) vulnerability in Jenkins Token Macro Pl ...) NOT-FOR-US: Jenkins plugin CVE-2019-10336 (A reflected cross site scripting vulnerability in Jenkins ElectricFlow ...) NOT-FOR-US: Jenkins plugin CVE-2019-10335 (A stored cross site scripting vulnerability in Jenkins ElectricFlow Pl ...) NOT-FOR-US: Jenkins plugin CVE-2019-10334 (Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hos ...) NOT-FOR-US: Jenkins plugin CVE-2019-10333 (Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2019-10332 (A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and ea ...) NOT-FOR-US: Jenkins plugin CVE-2019-10331 (A cross-site request forgery vulnerability in Jenkins ElectricFlow Plu ...) NOT-FOR-US: Jenkins plugin CVE-2019-10330 (Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revis ...) NOT-FOR-US: Jenkins plugin CVE-2019-10329 (Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2019-10328 (Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custo ...) NOT-FOR-US: Jenkins plugin CVE-2019-10327 (An XML external entities (XXE) vulnerability in Jenkins Pipeline Maven ...) NOT-FOR-US: Jenkins plugin CVE-2019-10326 (A cross-site request forgery vulnerability in Jenkins Warnings NG Plug ...) NOT-FOR-US: Jenkins plugin CVE-2019-10325 (A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10324 (A cross-site request forgery vulnerability in Jenkins Artifactory Plug ...) NOT-FOR-US: Jenkins plugin CVE-2019-10323 (A missing permission check in Jenkins Artifactory Plugin 3.2.3 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2019-10322 (A missing permission check in Jenkins Artifactory Plugin 3.2.2 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2019-10321 (A cross-site request forgery vulnerability in Jenkins Artifactory Plug ...) NOT-FOR-US: Jenkins plugin CVE-2019-10320 (Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permi ...) NOT-FOR-US: Jenkins plugin CVE-2019-10319 (A missing permission check in Jenkins PAM Authentication Plugin 1.5 an ...) NOT-FOR-US: Jenkins plugin CVE-2019-10318 (Jenkins Azure AD Plugin 0.3.3 and earlier stored the client secret une ...) NOT-FOR-US: Jenkins Azure AD Plugin CVE-2019-10317 (Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostna ...) NOT-FOR-US: Jenkins SiteMonitor Plugin CVE-2019-10316 (Jenkins Aqua MicroScanner Plugin 1.0.5 and earlier stored credentials ...) NOT-FOR-US: Jenkins Aqua MicroScanner Plugin CVE-2019-10315 (Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the ...) NOT-FOR-US: Jenkins GitHub Authentication Plugin CVE-2019-10314 (Jenkins Koji Plugin disables SSL/TLS and hostname verification globall ...) NOT-FOR-US: Jenkins Koji Plugin CVE-2019-10313 (Jenkins Twitter Plugin stores credentials unencrypted in its global co ...) NOT-FOR-US: Jenkins Twitter Plugin CVE-2019-10312 (A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and e ...) NOT-FOR-US: Jenkins Ansible Tower Plugin CVE-2019-10311 (A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and e ...) NOT-FOR-US: Jenkins Ansible Tower Plugin CVE-2019-10310 (A cross-site request forgery vulnerability in Jenkins Ansible Tower Pl ...) NOT-FOR-US: Jenkins Ansible Tower Plugin CVE-2019-10309 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use ...) NOT-FOR-US: Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients CVE-2019-10308 (A missing permission check in Jenkins Static Analysis Utilities Plugin ...) NOT-FOR-US: Jenkins Static Analysis Utilities Plugin CVE-2019-10307 (A cross-site request forgery vulnerability in Jenkins Static Analysis ...) NOT-FOR-US: Jenkins Static Analysis Utilities Plugin CVE-2019-10306 (A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2019-10305 (A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in th ...) NOT-FOR-US: Jenkins plugin CVE-2019-10304 (A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Dep ...) NOT-FOR-US: Jenkins plugin CVE-2019-10303 (Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier sto ...) NOT-FOR-US: Jenkins plugin CVE-2019-10302 (Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2019-10301 (A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2019-10300 (A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1. ...) NOT-FOR-US: Jenkins plugin CVE-2019-10299 (Jenkins CloudCoreo DeployTime Plugin stores credentials unencrypted in ...) NOT-FOR-US: Jenkins CloudCoreo DeployTime Plugin CVE-2019-10298 (Jenkins Koji Plugin stores credentials unencrypted in its global confi ...) NOT-FOR-US: Jenkins Koji Plugin CVE-2019-10297 (Jenkins Sametime Plugin stores credentials unencrypted in its global c ...) NOT-FOR-US: Jenkins Sametime Plugin CVE-2019-10296 (Jenkins Serena SRA Deploy Plugin stores credentials unencrypted in its ...) NOT-FOR-US: Jenkins Serena SRA Deploy Plugin CVE-2019-10295 (Jenkins crittercism-dsym Plugin stores credentials unencrypted in job ...) NOT-FOR-US: Jenkins crittercism-dsym Plugin CVE-2019-10294 (Jenkins Kmap Plugin stores credentials unencrypted in job config.xml f ...) NOT-FOR-US: Jenkins Kmap Plugin CVE-2019-10293 (A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilde ...) NOT-FOR-US: Jenkins Kmap Plugin CVE-2019-10292 (A cross-site request forgery vulnerability in Jenkins Kmap Plugin in K ...) NOT-FOR-US: Jenkins Kmap Plugin CVE-2019-10291 (Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older stored credential ...) NOT-FOR-US: Jenkins Netsparker Cloud Scan Plugin CVE-2019-10290 (A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1 ...) NOT-FOR-US: Jenkins Netsparker Cloud Scan Plugin CVE-2019-10289 (A cross-site request forgery vulnerability in Jenkins Netsparker Cloud ...) NOT-FOR-US: Jenkins Netsparker Cloud Scan Plugin CVE-2019-10288 (Jenkins Jabber Server Plugin stores credentials unencrypted in its glo ...) NOT-FOR-US: Jenkins Jabber Server Plugin CVE-2019-10287 (Jenkins youtrack-plugin Plugin 0.7.1 and older stored credentials unen ...) NOT-FOR-US: Jenkins youtrack-plugin Plugin CVE-2019-10286 (Jenkins DeployHub Plugin stores credentials unencrypted in job config. ...) NOT-FOR-US: Jenkins DeployHub Plugin CVE-2019-10285 (Jenkins Minio Storage Plugin stores credentials unencrypted in its glo ...) NOT-FOR-US: Jenkins Minio Storage Plugin CVE-2019-10284 (Jenkins Diawi Upload Plugin stores credentials unencrypted in job conf ...) NOT-FOR-US: Jenkins Diawi Upload Plugin CVE-2019-10283 (Jenkins mabl Plugin stores credentials unencrypted in job config.xml f ...) NOT-FOR-US: Jenkins mabl Plugin CVE-2019-10282 (Jenkins Klaros-Testmanagement Plugin stores credentials unencrypted in ...) NOT-FOR-US: Jenkins Klaros-Testmanagement Plugin CVE-2019-10281 (Jenkins Relution Enterprise Appstore Publisher Plugin stores credentia ...) NOT-FOR-US: Jenkins Relution Enterprise Appstore Publisher Plugin CVE-2019-10280 (Jenkins Assembla Auth Plugin stores credentials unencrypted in the glo ...) NOT-FOR-US: Jenkins Assembla Auth Plugin CVE-2019-10279 (A missing permission check in Jenkins jenkins-reviewbot Plugin in the ...) NOT-FOR-US: Jenkins jenkins-reviewbot Plugin CVE-2019-10278 (A cross-site request forgery vulnerability in Jenkins jenkins-reviewbo ...) NOT-FOR-US: Jenkins jenkins-reviewbot Plugin CVE-2019-10277 (Jenkins StarTeam Plugin stores credentials unencrypted in job config.x ...) NOT-FOR-US: Jenkins StarTeam Plugin CVE-2019-XXXX [insecure handling of /tmp/VMwareDnD] - open-vm-tools 2:10.3.10-1 (bug #925959; unimportant) [stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u2 NOTE: https://github.com/vmware/open-vm-tools/commit/e88f91b00a715b79255de6576506d80ecfdb064c NOTE: Neutralised by kernel hardening CVE-2019-10276 (Western Bridge Cobub Razor 0.8.0 has a file upload vulnerability via t ...) NOT-FOR-US: Western Bridge Cobub Razor CVE-2019-10275 RESERVED CVE-2019-10274 RESERVED CVE-2019-10273 (Information leakage vulnerability in the /mc login page in ManageEngin ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2019-10272 (An issue was discovered in Weaver e-cology 9.0. There is a CRLF Inject ...) NOT-FOR-US: Weaver e-cology CVE-2019-10271 (An issue was discovered in the Ultimate Member plugin 2.39 for WordPre ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2019-10270 (An arbitrary password reset issue was discovered in the Ultimate Membe ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2019-10269 (BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based b ...) - bwa 0.7.17-3 (low; bug #926014) [stretch] - bwa 0.7.15-2+deb9u1 [jessie] - bwa (vulnerable code is not present) NOTE: https://github.com/lh3/bwa/pull/232 NOTE: https://github.com/lh3/bwa/commit/20d0a13092aa4cb73230492b05f9697d5ef0b88e CVE-2019-10268 REJECTED CVE-2019-10267 (An insecure file upload and code execution issue was discovered in Ahs ...) NOT-FOR-US: Ahsay Cloud Backup Suite CVE-2019-10266 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. W ...) NOT-FOR-US: Ahsay Cloud Backup Suite CVE-2019-10265 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. O ...) NOT-FOR-US: Ahsay Cloud Backup Suite CVE-2019-10264 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. W ...) NOT-FOR-US: Ahsay Cloud Backup Suite CVE-2019-10263 (An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. W ...) NOT-FOR-US: Ahsay Cloud Backup Suite CVE-2019-10262 (A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_ ...) NOT-FOR-US: BlueCMS CVE-2019-1002162 NOT-FOR-US: atomic-reactor CVE-2019-1002101 (The kubectl cp command allows copying files between containers and the ...) - kubernetes (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/kubernetes/kubernetes/commit/b1f85e2dfec6e64d8e1bc272251277df0058ab20 NOTE: Upstream patch: https://github.com/kubernetes/kubernetes/pull/75037 CVE-2019-10261 (CentOS Web Panel (CWP) 0.9.8.789 is vulnerable to Stored/Persistent XS ...) NOT-FOR-US: CentOS Web Panel CVE-2019-10260 (Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html ( ...) NOT-FOR-US: Total.js CMS CVE-2019-10259 RESERVED CVE-2019-10258 RESERVED CVE-2019-10257 (Zucchetti HR Portal through 2019-03-15 allows Directory Traversal. Una ...) NOT-FOR-US: Zucchetti HR Portal CVE-2019-10256 (An authentication bypass vulnerability in VIVOTEK IPCam versions prior ...) NOT-FOR-US: VIVOTEK IPCam CVE-2019-10255 (An Open Redirect vulnerability for all browsers in Jupyter Notebook be ...) - jupyter-notebook 5.7.8-1 (bug #925939) [stretch] - jupyter-notebook (Intrusive to backport) - jupyterhub (Fixed before initial upload to Debian) NOTE: https://github.com/jupyter/notebook/commit/08c4c898182edbe97aadef1815cce50448f975cb NOTE: https://github.com/jupyter/notebook/commit/70fe9f0ddb3023162ece21fbb77d5564306b913b NOTE: When adressing this issue make sure to not open CVE-2019-10856 and apply the NOTE: complete fix. NOTE: https://blog.jupyter.org/open-redirect-vulnerability-in-jupyter-jupyterhub-adf43583f1e4 NOTE: https://github.com/jupyter/notebook/commit/979e0bd15e794ceb00cc63737fcd5fd9addc4a99 CVE-2019-10254 (In MISP before 2.4.105, the app/View/Layouts/default.ctp default layou ...) NOT-FOR-US: MISP CVE-2019-10253 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TeamMate+ ...) NOT-FOR-US: TeamMate+ CVE-2019-10252 RESERVED CVE-2019-10251 (The UCWeb UC Browser application through 2019-03-26 for Android uses H ...) NOT-FOR-US: UCWeb UC Browser application for Android CVE-2019-10250 (UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading cer ...) NOT-FOR-US: UCWeb UC Browser CVE-2019-1003048 (A vulnerability in Jenkins PRQA Plugin 3.1.0 and earlier allows attack ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003047 (A missing permission check in Jenkins Fortify on Demand Uploader Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003046 (A cross-site request forgery vulnerability in Jenkins Fortify on Deman ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003045 (A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allo ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003044 (A cross-site request forgery vulnerability in Jenkins Slack Notificati ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003043 (A missing permission check in Jenkins Slack Notification Plugin 2.19 a ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003042 (A cross site scripting vulnerability in Jenkins Lockable Resources Plu ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003041 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2.64 ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003040 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.55 ...) NOT-FOR-US: Jenkins plugin CVE-2019-10249 (All Xtext & Xtend versions prior to 2.18.0 were built using HTTP i ...) NOT-FOR-US: Eclipse Xtext & Xtend CVE-2019-10248 (Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts fo ...) NOT-FOR-US: Eclipse Vorto CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, ...) {DSA-4949-1 DLA-2661-1} [experimental] - jetty9 9.4.18-1 - jetty9 9.4.18-2 (bug #928444) - jetty8 [jessie] - jetty8 (Minor issue) - jetty [jessie] - jetty (Minor issue) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577 NOTE: https://github.com/eclipse/jetty.project/issues/3555 CVE-2019-10246 (In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server runnin ...) - jetty9 (Only affects Jetty on Windows) - jetty8 (Only affects Jetty on Windows) - jetty (Only affects Jetty on Windows) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576 NOTE: https://github.com/eclipse/jetty.project/issues/3549 CVE-2019-10245 (In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verif ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2019-10244 (In Eclipse Kura versions up to 4.0.0, the Web UI package and component ...) NOT-FOR-US: Eclipse Kura CVE-2019-10243 (In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui W ...) NOT-FOR-US: Eclipse Kura CVE-2019-10242 (In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked ...) NOT-FOR-US: Eclipse Kura CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...) {DSA-4949-1 DLA-2661-1} [experimental] - jetty9 9.4.18-1 - jetty9 9.4.18-2 (bug #928444) - jetty8 [jessie] - jetty8 (Minor issue) - jetty [jessie] - jetty (Test case reproducers properly HTML-escaped) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121 NOTE: https://github.com/eclipse/jetty.project/issues/3319#issuecomment-567918620 CVE-2019-10240 (Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifac ...) NOT-FOR-US: Eclipse hawkBit CVE-2019-10239 (Robotronic RunAsSpc 3.7.0.0 protects stored credentials insufficiently ...) NOT-FOR-US: Robotronic RunAsSpc CVE-2019-10238 (Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the file ...) NOT-FOR-US: Sitemagic CMS CVE-2019-10237 (S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via th ...) NOT-FOR-US: S-CMS PHP CVE-2019-10236 RESERVED CVE-2019-10235 RESERVED CVE-2019-10234 RESERVED CVE-2019-10233 (Teclib GLPI before 9.4.1.1 is affected by a timing attack associated w ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/pull/5562 NOTE: Only supported behind an authenticated HTTP zone CVE-2019-10232 (Teclib GLPI through 9.3.3 has SQL injection via the "cycle" parameter ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/commit/684d4fc423652ec7dde21cac4d41c2df53f56b3c NOTE: Only supported behind an authenticated HTTP zone CVE-2019-10231 (Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerab ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/pull/5520 NOTE: Only supported behind an authenticated HTTP zone CVE-2019-10230 RESERVED CVE-2019-10229 (An issue was discovered in MailStore Server (and Service Provider Edit ...) NOT-FOR-US: MailStore CVE-2019-10228 RESERVED CVE-2019-10227 (openITCOCKPIT before 3.7.1 has reflected XSS in the 404-not-found comp ...) NOT-FOR-US: openITCOCKPIT CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the Fat F ...) NOT-FOR-US: Fat Free CRM CVE-2019-10225 (A flaw was found in atomic-openshift of openshift-4.2 where the basic- ...) NOT-FOR-US: OpenShift CVE-2019-10224 (A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. ...) - 389-ds-base 1.4.1.5-1 [buster] - 389-ds-base (Minor issue) [stretch] - 389-ds-base (vulnerable code not present) [jessie] - 389-ds-base (vulnerable code not present) - python-lib389 [stretch] - python-lib389 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677147 NOTE: https://pagure.io/389-ds-base/issue/50251 NOTE: https://pagure.io/389-ds-base/c/632ecb90d96ac0535656f5aaf67fd2be4b81d310 CVE-2019-10223 (A security issue was discovered in the kube-state-metrics versions v1. ...) NOT-FOR-US: kube-state-metrics CVE-2019-10222 (A flaw was found in the Ceph RGW configuration with Beast as the front ...) - ceph 14.2.4-1 (bug #936015) [buster] - ceph (Minor issue; only triggerable if experimental feature enabled) [stretch] - ceph (Vulnerable code not present) [jessie] - ceph (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2019/08/28/9 NOTE: https://github.com/ceph/ceph/pull/29967 NOTE: https://github.com/ceph/ceph/commit/6171399fdedd928b4249d135b4036e3de25079aa NOTE: 12.2.x installations only affected by the vulnerability if experimental NOTE: features are enabled. CVE-2019-10221 (A Reflected Cross Site Scripting vulnerability was found in all pki-co ...) - dogtag-pki 10.9.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1732565 NOTE: https://github.com/dogtagpki/pki/pull/452 CVE-2019-10220 (Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a rel ...) {DLA-2114-1 DLA-2068-1} - linux 5.3.9-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 CVE-2019-10219 (A vulnerability was found in Hibernate-Validator. The SafeHtml validat ...) - libhibernate-validator-java (bug #948235) [bullseye] - libhibernate-validator-java (Minor issue) [buster] - libhibernate-validator-java (Vulnerable code was introduced later) [stretch] - libhibernate-validator-java (Vulnerable code was introduced later) [jessie] - libhibernate-validator-java (Vulnerable code was introduced later) - libhibernate-validator4-java (Vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1738673 NOTE: https://hibernate.atlassian.net/browse/HV-1739 NOTE: Fixed by https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee CVE-2019-10218 (A flaw was found in the samba client, all samba versions before samba ...) {DLA-2668-1} - samba 2:4.11.1+dfsg-2 [buster] - samba (Minor issue) [jessie] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2019-10218.html CVE-2019-10217 (A flaw was found in ansible 2.8.0 before 2.8.4. Fields managing sensit ...) - ansible 2.8.6+dfsg-1 (bug #934128) [buster] - ansible (Vulnerable code introduced later) [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (vulnerable code introduced later) NOTE: https://github.com/ansible/ansible/issues/56269 NOTE: https://github.com/ansible/ansible/pull/59427 NOTE: Introduced by: https://github.com/ansible/ansible/commit/08918c6c2bcd73eb40b89af31736d3fcbe55e75a (v2.8.0a1) NOTE: Fixed by: https://github.com/ansible/ansible/commit/c1ee1f142db1e669b710a65147ea32be47a91519 CVE-2019-10216 (In ghostscript before version 9.50, the .buildfont1 procedure did not ...) {DSA-4499-1 DLA-1880-1} - ghostscript 9.27~dfsg-3.1 (bug #934638) NOTE: https://www.openwall.com/lists/oss-security/2019/08/12/4 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701394 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5b85ddd19 CVE-2019-10215 (Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-sit ...) NOT-FOR-US: Bootstrap-3-Typeahead CVE-2019-10214 (The containers/image library used by the container tools Podman, Build ...) - golang-github-containers-image (Vulnerable version was never in unstable) - singularity-container 3.5.0+ds1-1 NOTE: https://github.com/containers/image/issues/654 NOTE: https://github.com/containers/image/pull/669 CVE-2019-10213 (OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize ...) NOT-FOR-US: OpenShift CVE-2019-10212 (A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for i ...) - undertow 2.0.27-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1731984 NOTE: https://github.com/undertow-io/undertow/pull/817 CVE-2019-10211 (Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5. ...) NOT-FOR-US: EnterpriseDB Windows installer CVE-2019-10210 (Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5. ...) NOT-FOR-US: EnterpriseDB Windows installer CVE-2019-10209 (Postgresql, versions 11.x before 11.5, is vulnerable to a memory discl ...) {DSA-4493-1} - postgresql-11 11.5-1 - postgresql-9.6 (Only affects PostgreSQL 11) - postgresql-9.4 (Only affects PostgreSQL 11) NOTE: https://www.postgresql.org/about/news/1960/ CVE-2019-10208 (A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5. ...) {DSA-4493-1 DSA-4492-1 DLA-1874-1} - postgresql-11 11.5-1 - postgresql-9.6 - postgresql-9.4 NOTE: https://www.postgresql.org/about/news/1960/ CVE-2019-10207 (A flaw was found in the Linux kernel's Bluetooth implementation of UAR ...) {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1} - linux 5.2.6-1 NOTE: https://www.openwall.com/lists/oss-security/2019/07/25/1 NOTE: https://lore.kernel.org/linux-bluetooth/20190725120909.31235-1-vdronov@redhat.com/T/#u NOTE: https://git.kernel.org/linus/b36a1552d7319bbfd5cf7f08726c23c5c66d4f73 CVE-2019-14856 (ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None ...) - ansible (Incomplete fix for CVE-2019-10206 not applied) NOTE: https://github.com/ansible/ansible/pull/63351 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1760829 CVE-2019-10206 (ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2 ...) {DSA-4950-1} - ansible 2.8.6+dfsg-1 (bug #933005) [jessie] - ansible (Vulnerable code introduced later, password templating code introduced with 2.0 refactoring, '{{' supported in passwords) NOTE: https://github.com/ansible/ansible/pull/59246 NOTE: 2.8.x https://github.com/ansible/ansible/pull/59552 NOTE: 2.7.x https://github.com/ansible/ansible/pull/59553 NOTE: 2.6.x https://github.com/ansible/ansible/pull/59554 NOTE: When fixing this issue is needed to make the fix complete with NOTE: https://github.com/ansible/ansible/pull/63351 to not open NOTE: CVE-2019-14856. CVE-2019-10205 (A flaw was found in the way Red Hat Quay stores robot account tokens i ...) NOT-FOR-US: Red Hat Quay CVE-2019-10204 RESERVED CVE-2019-10203 (PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1. ...) - pdns 4.2.0-1 (low; bug #970729) [buster] - pdns 4.1.6-3+deb10u1 [stretch] - pdns (Minor issue) [jessie] - pdns (Minor issue) NOTE: Fixed in 4.2.0, 4.1.11, 4.0.9, for existing installations a manual schema update NOTE: needs to be performed. NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-06.html CVE-2019-10202 (A series of deserialization vulnerabilities have been discovered in Co ...) NOT-FOR-US: Codehaus CVE-2019-10201 (It was found that Keycloak's SAML broker, versions up to 6.0.1, did no ...) NOT-FOR-US: Keycloak CVE-2019-10200 (A flaw was discovered in OpenShift Container Platform 4 where, by defa ...) NOT-FOR-US: OpenShift CVE-2019-10199 (It was found that Keycloak's account console, up to 6.0.1, did not per ...) NOT-FOR-US: Keycloak CVE-2019-10198 (An authentication bypass vulnerability was discovered in foreman-tasks ...) - foreman (bug #663101) CVE-2019-10197 (A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up ...) {DSA-4513-1} - samba 2:4.9.13+dfsg-1 [stretch] - samba (Issue introduced in 4.9.0 upstream) [jessie] - samba (Issue introduced in 4.9.0 upstream) NOTE: https://www.samba.org/samba/security/CVE-2019-10197.html CVE-2019-10196 (A flaw was found in http-proxy-agent, prior to version 2.1.0. It was d ...) NOT-FOR-US: nodejs-http-proxy-agent CVE-2019-10195 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...) - freeipa 4.8.3-1 [buster] - freeipa (Minor issue; can be fixed via point release) NOTE: https://pagure.io/freeipa/c/02ce407f5e10e670d4788778037892b58f80adc0 CVE-2019-10194 (Sensitive passwords used in deployment and configuration of oVirt Metr ...) NOT-FOR-US: ovirt-engine-metrics CVE-2019-10193 (A stack-buffer overflow vulnerability was found in the Redis hyperlogl ...) {DSA-4480-1} - redis 5:5.0.4-1 (bug #931625) [stretch] - redis (vulnerable code added later) [jessie] - redis (vulnerable code added later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1727668 NOTE: https://github.com/antirez/redis/issues/6214 NOTE: https://github.com/antirez/redis/issues/6215 (upstream announcement) NOTE: https://github.com/antirez/redis/commit/a4b90be9fcd5e1668ac941cabce3b1ab38dbe326 (master) NOTE: https://github.com/antirez/redis/commit/12b5ff109508c2a192f700c7738da7e7f09670f1 (5.0.4) CVE-2019-10192 (A heap-buffer overflow vulnerability was found in the Redis hyperloglo ...) {DSA-4480-1 DLA-1850-1} - redis 5:5.0.4-1 (bug #931625) NOTE: https://github.com/antirez/redis/issues/6215 (upstream announcement) NOTE: https://github.com/antirez/redis/commit/e216ceaf0e099536fe3658a29dcb725d812364e0 NOTE: https://github.com/antirez/redis/commit/9f13b2bd4967334b1701c6eccdf53760cb13f79e NOTE: https://github.com/antirez/redis/commit/ef1833b3f9d02261617b757fd6ebe0ec3f1be507 (5.0.4) NOTE: https://github.com/antirez/redis/commit/7f79849caa006f0d760b6c7e17f7796e3be92b4f (5.0.4) CVE-2019-10191 (A vulnerability was discovered in DNS resolver of knot resolver before ...) - knot-resolver 5.0.1-1 (bug #932048) [buster] - knot-resolver (Minor issue; can be fixed via point release) NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/839 NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1 CVE-2019-10190 (A vulnerability was discovered in DNS resolver component of knot resol ...) - knot-resolver 5.0.1-1 (bug #932048) [buster] - knot-resolver (Minor issue; can be fixed via point release) NOTE: https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html NOTE: https://gitlab.labs.nic.cz/knot/knot-resolver/merge_requests/827 NOTE: https://www.openwall.com/lists/oss-security/2019/07/14/1 CVE-2019-10189 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teache ...) - moodle CVE-2019-10188 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teache ...) - moodle CVE-2019-10187 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users ...) - moodle CVE-2019-10186 (A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sess ...) - moodle CVE-2019-10185 (It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was ...) {DLA-1914-1} - icedtea-web 1.8.3-1 (bug #934319) [buster] - icedtea-web (Minor issue) [stretch] - icedtea-web (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2 NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/26305807b41a5b4e9813db42531acd754899207f (1.7) NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/686213a6d68c21879d92cea3699b279c8f2662fa (1.8) CVE-2019-10184 (undertow before version 2.0.23.Final is vulnerable to an information l ...) - undertow 2.0.23-1 NOTE: https://issues.jboss.org/browse/UNDERTOW-1578 NOTE: https://github.com/undertow-io/undertow/pull/794 CVE-2019-10183 (Virt-install(1) utility used to provision new virtual machines has int ...) - virt-manager (Vulnerable code introduced in v2.2.0) NOTE: https://www.redhat.com/archives/virt-tools-list/2019-July/msg00014.html CVE-2019-10182 (It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly ...) {DLA-1914-1} - icedtea-web 1.8.3-1 (bug #934319) [buster] - icedtea-web (Minor issue) [stretch] - icedtea-web (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2 NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/f9c2cf7fd24415ba2bb2619b69259035338ee5b6 (1.7) NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/7958049eedc213be1ad4ae80ee312b167ddb320f (1.8) CVE-2019-10181 (It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 e ...) {DLA-1914-1} - icedtea-web 1.8.3-1 (bug #934319) [buster] - icedtea-web (Minor issue) [stretch] - icedtea-web (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/07/31/2 NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/32d174def953d801eb1cfc9d989bff5e80aac3cd (1.7) NOTE: https://github.com/AdoptOpenJDK/IcedTea-Web/commit/528cb8163b7053576a658b9602b5694b21957b0e (1.8) CVE-2019-10180 (A vulnerability was found in all pki-core 10.x.x version, where the To ...) - dogtag-pki [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721137 CVE-2019-10179 (A vulnerability was found in all pki-core 10.x.x versions, where the K ...) - dogtag-pki 10.9.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1695901 NOTE: https://github.com/dogtagpki/pki/commit/8884b4344225bd6656876d9e2a58b3268e9a899b (v10.9.0-b3) NOTE: https://github.com/dogtagpki/pki/commit/a93a65be0b1bcf94e004ba59c6a0c8a2c086936f (v10.9.0) CVE-2019-10178 (It was found that the Token Processing Service (TPS) did not properly ...) - dogtag-pki [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1719042 CVE-2019-10177 (A stored cross-site scripting (XSS) vulnerability was found in the PDF ...) NOT-FOR-US: Red Hat CloudForms CVE-2019-10176 (A flaw was found in OpenShift Container Platform, versions 3.11 and la ...) NOT-FOR-US: OpenShift CVE-2019-10175 (A flaw was found in the containerized-data-importer in virt-cdi-cloner ...) NOT-FOR-US: KubeVirt CVE-2019-10174 (A vulnerability was found in Infinispan such that the invokeAccessibly ...) NOT-FOR-US: infinispan CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 introduced ...) - libxstream-java 1.4.11-1 [stretch] - libxstream-java (Regression introduced in 1.4.10) [jessie] - libxstream-java (Regression introduced in 1.4.10) NOTE: http://x-stream.github.io/changes.html#1.4.11 NOTE: Regression introduced and present only in 1.4.10. CVE-2019-10172 (A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libr ...) {DLA-2342-1 DLA-2091-1} - libjackson-json-java 1.9.13-2 [buster] - libjackson-json-java (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1715075 NOTE: https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721 NOTE: https://github.com/FasterXML/jackson-1/pull/1 CVE-2019-10171 (It was found that the fix for CVE-2018-14648 in 389-ds-base, versions ...) - 389-ds-base (Incomplete RHEL backport) CVE-2019-10170 (A flaw was found in the Keycloak admin console, where the realm manage ...) NOT-FOR-US: Keycloak CVE-2019-10169 (A flaw was found in Keycloak’s user-managed access interface, wh ...) NOT-FOR-US: Keycloak CVE-2019-10168 (The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorC ...) - libvirt 5.0.0-4 [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720118 NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bf6c2830b6c338b1f5699b095df36f374777b291 CVE-2019-10167 (The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x befo ...) {DSA-4469-1 DLA-1832-1} - libvirt 5.0.0-4 NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720117 NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26 CVE-2019-10166 (It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x. ...) - libvirt 5.0.0-4 [stretch] - libvirt (Vulnerable code introduced in 3.6.1) [jessie] - libvirt (Vulnerable code introduced in 3.6.1) NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720114 NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=db0b78457f183e4c7ac45bc94de86044a1e2056a CVE-2019-10165 (OpenShift Container Platform before version 4.1.3 writes OAuth tokens ...) NOT-FOR-US: OpenShift CVE-2019-10164 (PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are ...) - postgresql-11 11.4-1 - postgresql-9.6 (Only affects 10.x and later) - postgresql-9.4 (Only affects 10.x and later) NOTE: https://www.postgresql.org/about/news/1949/ CVE-2019-10163 (A Vulnerability has been found in PowerDNS Authoritative Server before ...) {DSA-4470-1 DLA-1843-1} - pdns 4.1.6-3 NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5 NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html CVE-2019-10162 (A vulnerability has been found in PowerDNS Authoritative Server before ...) {DSA-4470-1 DLA-1843-1} - pdns 4.1.6-3 NOTE: https://www.openwall.com/lists/oss-security/2019/06/21/5 NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-04.html CVE-2019-10161 (It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would ...) {DSA-4469-1 DLA-1832-1} - libvirt 5.0.0-4 NOTE: https://access.redhat.com/libvirt-privesc-vulnerabilities NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720115 NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580 CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python since ...) {DLA-2280-1} - python3.7 3.7.4~rc2-2 [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 (Fix for CVE-2019-9636 not applied) - python3.5 - python3.4 (Vulnerable fix to regression introduced by fix for CVE-2019-9636 not applied) - python2.7 2.7.16-3 [buster] - python2.7 2.7.16-2+deb10u1 [stretch] - python2.7 (Incomplete fix for CVE-2019-9636 not applied) [jessie] - python2.7 (Incomplete fix for CVE-2019-9636 not applied) NOTE: Introduced by: https://github.com/python/cpython/commit/d537ab0ff9767ef024f26246899728f0116b1ec3 (v3.8.0a4) NOTE: Fixed by: https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e (v3.8.0b1) NOTE: https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09 (3.7) NOTE: https://bugs.python.org/issue36742 NOTE: Patches for 2.7: NOTE: https://github.com/python/cpython/commit/98a4dcefbbc3bce5ab07e7c0830a183157250259 NOTE: https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de NOTE: https://github.com/python/cpython/commit/2b578479b96aa3deeeb8bac313a02b5cf3cb1aff CVE-2019-10159 (cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnera ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2019-10158 (A flaw was found in Infinispan through version 9.4.14.Final. An improp ...) NOT-FOR-US: infinispan CVE-2019-10157 (It was found that Keycloak's Node.js adapter before version 4.8.3 did ...) NOT-FOR-US: Keycloak CVE-2019-10156 (A flaw was discovered in the way Ansible templating was implemented in ...) {DSA-4950-1 DLA-2535-1 DLA-1923-1} - ansible 2.8.3+dfsg-1 (low; bug #930065) NOTE: https://github.com/ansible/ansible/pull/57188 CVE-2019-10155 (The Libreswan Project has found a vulnerability in the processing of I ...) - libreswan 3.27-6 (bug #930338) - strongswan 5.1.0-1 - openswan - freeswan NOTE: https://libreswan.org/security/CVE-2019-10155/ NOTE: Not vulnerable: libreswan 3.29 and later, strongswan 5.0 and later, freeswan CVE-2019-10154 (A flaw was found in Moodle before versions 3.7, 3.6.4. A web service f ...) - moodle CVE-2019-10153 (A flaw was discovered in fence-agents, prior to version 4.3.4, where u ...) - fence-agents 4.3.3-2 (low; bug #930887) [stretch] - fence-agents 4.0.25-1+deb9u1 [jessie] - fence-agents (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1670460 NOTE: https://github.com/ClusterLabs/fence-agents/pull/255 NOTE: https://github.com/ClusterLabs/fence-agents/pull/272 CVE-2019-10152 (A path traversal vulnerability has been discovered in podman before ve ...) - libpod (Fixed before initial upload) CVE-2019-10151 REJECTED CVE-2019-10150 (It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 ...) NOT-FOR-US: OpenShift CVE-2019-10149 (A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper v ...) {DSA-4456-1} - exim4 4.92~RC3-1 [jessie] - exim4 (Vulnerable code introduced in 4.87) NOTE: https://www.openwall.com/lists/oss-security/2019/06/04/1 NOTE: https://www.exim.org/static/doc/security/CVE-2019-10149.txt NOTE: https://www.openwall.com/lists/oss-security/2019/06/06/1 NOTE: https://github.com/Exim/exim/commit/7ea1237c783e380d7bdb86c90b13d8203c7ecf26 (exim-4.92-RC1) NOTE: https://git.exim.org/exim.git/commit/d740d2111f189760593a303124ff6b9b1f83453d (exim-4_91+fixes) CVE-2019-10148 REJECTED CVE-2019-10147 (rkt through version 1.30.0 does not isolate processes in containers th ...) - rkt (bug #929781) NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/ NOTE: https://github.com/rkt/rkt/issues/3998 CVE-2019-10146 (A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x ...) - dogtag-pki 10.9.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1710171 NOTE: https://github.com/dogtagpki/pki/commit/b235c0f3c6c249dbba692410b525d8d6fb7409f4 (10.9.0-b1) CVE-2019-10145 (rkt through version 1.30.0 does not isolate processes in containers th ...) - rkt (bug #929781) NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/ NOTE: https://github.com/rkt/rkt/issues/3998 CVE-2019-10144 (rkt through version 1.30.0 does not isolate processes in containers th ...) - rkt (bug #929781) NOTE: https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/ NOTE: https://github.com/rkt/rkt/issues/3998 CVE-2019-10143 (** DISPUTED ** It was discovered freeradius up to and including versio ...) - freeradius (unimportant; bug #929466) NOTE: https://github.com/FreeRADIUS/freeradius-server/pull/2666 NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574 NOTE: This is not a security issue per se CVE-2019-10142 (A flaw was found in the Linux kernel's freescale hypervisor manager im ...) - linux 5.2.6-1 (unimportant) [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux 3.16.70-1 NOTE: Fixed by: https://git.kernel.org/linus/6a024330650e24556b8a18cc654ad00cfecf6c6c NOTE: CONFIG_FSL_HV_MANAGER not enabled in kernel builds in Debian. CVE-2019-10141 (A vulnerability was found in openstack-ironic-inspector all versions e ...) - ironic-inspector 8.0.0-3 (bug #929332) [stretch] - ironic-inspector (Minor issue) NOTE: https://review.opendev.org/#/c/660234/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1711722 CVE-2019-10140 (A vulnerability was found in Linux kernel's, versions up to 3.10, impl ...) - linux (Vulnerability introduce in Red Hat specific backport) CVE-2019-10139 (During HE deployment via cockpit-ovirt, cockpit-ovirt generates an ans ...) NOT-FOR-US: cockpit-ovirt CVE-2019-10138 (A flaw was discovered in the python-novajoin plugin, all versions up t ...) NOT-FOR-US: python-novajoin plugin for OpenStack CVE-2019-10137 (A path traversal flaw was found in spacewalk-proxy, all versions throu ...) NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2019-10136 (It was found that Spacewalk, all versions through 2.9, did not safely ...) NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2019-10135 (A flaw was found in the yaml.load() function in the osbs-client versio ...) NOTE: OpenShift Build Service client CVE-2019-10134 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. ...) - moodle CVE-2019-10133 (A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. ...) - moodle CVE-2019-10132 (A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admi ...) - libvirt 5.0.0-3 (bug #929334) [stretch] - libvirt (Vulnerable code introduced in 4.1.0-rc1) [jessie] - libvirt (Vulnerable code introduced in 4.1.0-rc1) NOTE: https://security.libvirt.org/2019/0003.html CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before ...) {DLA-2333-1} [experimental] - imagemagick 8:6.9.10.2+dfsg-1 - imagemagick 8:6.9.10.2+dfsg-2 [jessie] - imagemagick (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1704762 NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ccc28ee4c777d915f95919ac3bcf8adf93037a7 CVE-2019-10130 (A vulnerability was found in PostgreSQL versions 11.x up to excluding ...) {DSA-4439-1} - postgresql-11 11.3-1 - postgresql-9.6 - postgresql-9.4 [jessie] - postgresql-9.4 (Row security was introduced in 9.5) NOTE: https://www.postgresql.org/about/news/1939/ CVE-2019-10129 (A vulnerability was found in postgresql versions 11.x prior to 11.3. U ...) - postgresql-11 11.3-1 NOTE: https://www.postgresql.org/about/news/1939/ CVE-2019-10128 (A vulnerability was found in postgresql versions 11.x prior to 11.3. T ...) - postgresql-11 (Windows-specific) NOTE: https://www.postgresql.org/about/news/1939/ CVE-2019-10127 (A vulnerability was found in postgresql versions 11.x prior to 11.3. T ...) - postgresql-11 (Windows-specific) NOTE: https://www.postgresql.org/about/news/1939/ CVE-2019-10126 (A flaw was found in the Linux kernel. A heap based buffer overflow in ...) {DSA-4465-1 DLA-1824-1 DLA-1823-1} - linux 4.19.37-4 NOTE: https://lore.kernel.org/linux-wireless/20190531131841.7552-1-tiwai@suse.de CVE-2019-10125 (An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel ...) - linux 4.19.37-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://patchwork.kernel.org/patch/10828359/ NOTE: https://git.kernel.org/linus/84c4e1f89fefe70554da0ab33be72c9be7994379 CVE-2019-10124 REJECTED CVE-2019-10123 (SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which ...) NOT-FOR-US: Advanced InfoData Systems (AIS) CVE-2019-10122 (eQ-3 HomeMatic CCU2 devices before 2.41.9 and CCU3 devices before 3.43 ...) NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices CVE-2019-10121 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...) NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices CVE-2019-10120 (On eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3 ...) NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices CVE-2019-10119 (eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43 ...) NOT-FOR-US: eQ-3 HomeMatic CCU2 and CCU3 devices CVE-2019-10118 (Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and ...) NOT-FOR-US: Snipe-IT CVE-2019-10117 (An Open Redirect issue was discovered in GitLab Community and Enterpri ...) - gitlab (Only affects 11.9 and later) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10116 (An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab ...) - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10115 (An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab ...) - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10114 (An Information Exposure issue (issue 2 of 2) was discovered in GitLab ...) - gitlab (Only affects 11.9 and later) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10113 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10112 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab (Only affects 11.9 and later) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10111 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10110 (An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab ...) - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10109 (An Information Exposure issue (issue 1 of 2) was discovered in GitLab ...) - gitlab 11.8.6+dfsg-1 (bug #926482) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10108 (An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Co ...) - gitlab (Only affects 11.8.4 and later) NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ CVE-2019-10107 (CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" f ...) NOT-FOR-US: CMS Made Simple CVE-2019-10106 (CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name fiel ...) NOT-FOR-US: CMS Made Simple CVE-2019-10105 (CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Des ...) NOT-FOR-US: CMS Made Simple CVE-2019-10104 (In several JetBrains IntelliJ IDEA Ultimate versions, an Application S ...) - intellij-idea (bug #747616) CVE-2019-10103 (JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/J ...) - intellij-idea (bug #747616) - intellij-community-idea CVE-2019-10101 (JetBrains Kotlin versions before 1.3.30 were resolving artifacts using ...) - kotlin (Fixed before initial upload to Debian) CVE-2019-10100 (In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it wa ...) NOT-FOR-US: JetBrains YouTrack Confluence plugin CVE-2019-1000031 (A disk space or quota exhaustion issue exists in article2pdf_getfile.p ...) NOT-FOR-US: article2pdf Wordpress plugin CVE-2019-10099 (Prior to Spark 2.3.3, in certain situations Spark would write user dat ...) - apache-spark (bug #802194) CVE-2019-10098 (In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_r ...) {DSA-4509-1 DLA-1900-1} - apache2 2.4.41-1 NOTE: Affects upstream versions 2.4.0 to 2.4.39 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10098 NOTE: https://svn.apache.org/r1864213 NOTE: https://svn.apache.org/r1864192 CVE-2019-10097 (In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured ...) - apache2 2.4.41-1 [buster] - apache2 2.4.38-3+deb10u1 [stretch] - apache2 (PROXY protocol support in mod_remoteip added later) [jessie] - apache2 (PROXY protocol support in mod_remoteip added later) NOTE: Affects upstream versions 2.4.32 to 2.4.39 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10097 NOTE: https://svn.apache.org/r1864613 CVE-2019-10096 REJECTED CVE-2019-10095 (bash command injection vulnerability in Apache Zeppelin allows an atta ...) NOT-FOR-US: Apache Zeppelin CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...) - tika 1.22-1 (bug #933746) [buster] - tika (Minor issue) [jessie] - tika (Vulnerable feature introduced in 1.7) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/4 NOTE: https://github.com/apache/tika/commit/c4e63c9be8665cccea8b680c59a6f5cfbc03e0fc CVE-2019-10093 (In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file ...) - tika 1.22-1 (bug #933745) [buster] - tika (Minor issue) [jessie] - tika (The vulnerable code was introduced later) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/3 NOTE: https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae CVE-2019-10092 (In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting iss ...) {DSA-4509-3 DSA-4509-1 DLA-1900-1} - apache2 2.4.41-1 NOTE: Affects upstream versions 2.4.0 to 2.4.39 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10092 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=63688#c5 NOTE: https://svn.apache.org/r1864191 NOTE: Regression: https://bugs.debian.org/941202 CVE-2019-10091 (When TLS is enabled with ssl-endpoint-identification-enabled set to tr ...) NOT-FOR-US: Apache Geode CVE-2019-10090 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...) - jspwiki CVE-2019-10089 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...) - jspwiki CVE-2019-10088 (A carefully crafted or corrupt zip file can cause an OOM in Apache Tik ...) - tika 1.22-1 (bug #933744) [buster] - tika (Minor issue) [jessie] - tika (Vulnerable feature introduced in 1.7) NOTE: https://www.openwall.com/lists/oss-security/2019/08/02/2 NOTE: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6 CVE-2019-10087 (On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin ...) - jspwiki CVE-2019-10086 (In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class wa ...) {DLA-1896-1} - commons-beanutils 1.9.4-1 [buster] - commons-beanutils (Minor issue; can be fixed via point release) [stretch] - commons-beanutils (Minor issue; can be fixed via point release) NOTE: https://issues.apache.org/jira/browse/BEANUTILS-520 NOTE: https://github.com/apache/commons-beanutils/pull/7 NOTE: https://github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58 NOTE: With the patch applied, the libary is secured by default. To opt-out and allow NOTE: access to the 'class' property one needs to remove the feature explicitly. Cf. NOTE: https://github.com/apache/commons-beanutils/pull/7#issue-281406699 CVE-2019-10085 (In Apache Allura prior to 1.11.0, a vulnerability exists for stored XS ...) NOT-FOR-US: Apache Allura CVE-2019-10084 (In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to ...) NOT-FOR-US: Apache Impala CVE-2019-10083 (When updating a Process Group via the API in NiFi versions 1.3.0 to 1. ...) NOT-FOR-US: Apache NiFi CVE-2019-10082 (In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the h ...) {DSA-4509-1} - apache2 2.4.41-1 [jessie] - apache2 (HTTP/2 support only available since version 2.4.17 and later) NOTE: Affects upstream versions 2.4.18 to 2.4.39 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10082 CVE-2019-10081 (HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configur ...) {DSA-4509-1} - apache2 2.4.41-1 [jessie] - apache2 (HTTP/2 support only available since version 2.4.17 and later) NOTE: Affects upstream versions 2.4.20 to 2.4.39 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10081 CVE-2019-10080 (The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trust ...) NOT-FOR-US: Apache NiFi CVE-2019-10079 (Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. E ...) {DSA-4520-1} - trafficserver 8.0.5+ds-1 NOTE: https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E CVE-2019-10078 (A carefully crafted plugin link invocation could trigger an XSS vulner ...) - jspwiki CVE-2019-10077 (A carefully crafted InterWiki link could trigger an XSS vulnerability ...) - jspwiki CVE-2019-10076 (A carefully crafted malicious attachment could trigger an XSS vulnerab ...) - jspwiki CVE-2019-10075 REJECTED CVE-2019-10074 (An RCE is possible by entering Freemarker markup in an Apache OFBiz Fo ...) NOT-FOR-US: Apache OFBiz CVE-2019-10073 (The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" ...) NOT-FOR-US: Apache OFBiz CVE-2019-10072 (The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 co ...) {DSA-4680-1} - tomcat9 9.0.22-1 (bug #931131; bug #930872) - tomcat8 (bug #30873) [stretch] - tomcat8 (Incomplete fix for CVE-2019-0199 not applied) [jessie] - tomcat8 (HTTP/2 support not implemented) NOTE: https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E CVE-2019-10071 (The code which checks HMAC in form submissions used String.equals() fo ...) NOT-FOR-US: Apache Tapestry CVE-2019-10070 (Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored ...) NOT-FOR-US: Apache Atlas CVE-2019-10069 (In Godot through 3.1, remote code execution is possible due to the des ...) - godot 3.2-stable-1 [buster] - godot (Minor issue) NOTE: https://github.com/godotengine/godot/pull/27398 NOTE: https://github.com/godotengine/godot/commit/e3bd84fa571661d76fc8458d65bb053988e934a6 (3.2-stable) NOTE: For 3.0: https://github.com/godotengine/godot/commit/0c4881f1dbfe4feab879b4f0fe031b735ddc1f9f CVE-2019-10068 (An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x befor ...) NOT-FOR-US: Kentico CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...) - otrs2 6.0.18-1 [buster] - otrs2 6.0.16-2 [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (vulnerable code is not present) NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8a489236336ddc82e745c27abb32dfa1ceefb0f4 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/67158d8b08309859572c795982ecc7c52484ab0e NOTE: https://community.otrs.com/security-advisory-2019-05-security-update-for-otrs-framework/ CVE-2019-10066 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...) - otrs2 6.0.18-1 [buster] - otrs2 6.0.16-2 [stretch] - otrs2 (Vulnerable code introduced later) [jessie] - otrs2 (vulnerable code is not present) NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/b99cad21f2dd1c2d52299424a589b0b2f20d7ba8 NOTE: https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/ CVE-2019-10065 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 throu ...) - otrs2 (Only affects 7.x series) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2019-07/ CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...) {DLA-2318-1 DLA-2138-1} - wpa 2:2.6-7 NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1 NOTE: Comment from upstream: https://www.openwall.com/lists/oss-security/2020/02/27/2 NOTE: Issue fixed in conjunction with CVE-2016-10743. NOTE: https://w1.fi/cgit/hostap/commit/?id=4b16c15bbc8b20a85bb3d6f45bba5621a047618e NOTE: There was already a 2.6 upload late in 2016 but then reverted to a 2.4 based NOTE: version and only reuploaded as 2:2.6-7 to unstable. CVE-2019-10063 (Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1 ...) - flatpak 1.2.3-2 (bug #925541) [stretch] - flatpak 0.8.9-0+deb9u3 NOTE: https://github.com/flatpak/flatpak/issues/2782 NOTE: https://github.com/flatpak/flatpak/commit/a9107feeb4b8275b78965b36bf21b92d5724699e CVE-2019-10062 (The HTMLSanitizer class in html-sanitizer.ts in all released versions ...) NOT-FOR-US: Aurelia CVE-2019-10061 (utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) ...) - node-opencv 6.0.0+git20180416.cfc96ba0-3 (unimportant; bug #925571) NOTE: https://www.npmjs.com/advisories/789 NOTE: https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b NOTE: https://github.com/peterbraden/node-opencv/commit/aaece6921d7368577511f06c94c99dd4e9653563 NOTE: Nodejs not covered by security support CVE-2019-10060 (The Verix Multi-app Conductor application 2.7 for Verifone Verix suffe ...) NOT-FOR-US: Verix Multi-app Conductor application for Verifone Verix CVE-2019-10059 (The legacy finger service (TCP port 79) is enabled by default on vario ...) NOT-FOR-US: Lexmark CVE-2019-10058 (Various Lexmark products have Incorrect Access Control. ...) NOT-FOR-US: Lexmark CVE-2019-10057 (Various Lexmark products have CSRF. ...) NOT-FOR-US: Lexmark CVE-2019-10056 (An issue was discovered in Suricata 4.1.3. The code mishandles the cas ...) - suricata 1:4.1.4-1 [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Minor issue) NOTE: https://redmine.openinfosecfoundation.org/issues/2946 CVE-2019-10055 (An issue was discovered in Suricata 4.1.3. The function ftp_pasv_respo ...) - suricata 1:4.1.4-1 [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Minor issue) NOTE: https://redmine.openinfosecfoundation.org/issues/2949 CVE-2019-10054 (An issue was discovered in Suricata 4.1.3. The function process_reply_ ...) - suricata 1:4.1.4-1 [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Minor issue) NOTE: https://redmine.openinfosecfoundation.org/issues/2943 CVE-2019-10053 (An issue was discovered in Suricata 4.1.x before 4.1.4. If the input o ...) - suricata 1:4.1.4-1 [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Minor issue) NOTE: https://redmine.openinfosecfoundation.org/issues/2883 NOTE: https://github.com/OISF/suricata/commit/51790d3824bc381e24aaeef20338dd6b8bd4e453 CVE-2019-10052 (An issue was discovered in Suricata 4.1.3. If the network packet does ...) - suricata 1:4.1.4-1 [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Vulnerable code not present) NOTE: https://redmine.openinfosecfoundation.org/issues/2902 NOTE: https://redmine.openinfosecfoundation.org/issues/2947 CVE-2019-10051 (An issue was discovered in Suricata 4.1.3. If the function filetracker ...) - suricata 1:4.1.4-1 [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Vulnerable code not present) NOTE: https://github.com/OISF/suricata/pull/3734 NOTE: https://redmine.openinfosecfoundation.org/issues/2896 CVE-2019-10050 (A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4 ...) - suricata 1:4.1.4-1 [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Minor issue) NOTE: https://redmine.openinfosecfoundation.org/issues/2884 NOTE: https://github.com/OISF/suricata/commit/4609d5c80acda9adf02f8fb9a6aa8238495bfa13 CVE-2019-10049 (It is possible for an attacker with regular user access to the web app ...) - ajaxplorer (bug #668381) CVE-2019-10048 (The ImageMagick plugin that is installed by default in Pydio through 8 ...) - ajaxplorer (bug #668381) CVE-2019-10047 (A stored XSS vulnerability exists in the web application of Pydio thro ...) - ajaxplorer (bug #668381) CVE-2019-10046 (An unauthenticated attacker can obtain information about the Pydio 8.2 ...) - ajaxplorer (bug #668381) CVE-2019-10045 (The "action" get_sess_id in the web application of Pydio through 8.2.2 ...) - ajaxplorer (bug #668381) CVE-2019-10044 (Telegram Desktop before 1.5.12 on Windows, and the Telegram applicatio ...) - telegram-desktop 1.8.4-1 (bug #927711) [buster] - telegram-desktop (Minor issue) NOTE: https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt CVE-2019-10043 RESERVED CVE-2019-10042 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...) NOT-FOR-US: D-Link CVE-2019-10041 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...) NOT-FOR-US: D-Link CVE-2019-10040 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...) NOT-FOR-US: D-Link CVE-2019-10039 (The D-Link DIR-816 A2 1.11 router only checks the random token when au ...) NOT-FOR-US: D-Link CVE-2019-10038 (Evernote 7.9 on macOS allows attackers to execute arbitrary programs b ...) NOT-FOR-US: Evernote CVE-2019-10037 RESERVED CVE-2019-10036 RESERVED CVE-2019-10035 RESERVED CVE-2019-10034 RESERVED CVE-2019-10033 RESERVED CVE-2019-10032 RESERVED CVE-2019-10031 RESERVED CVE-2019-10030 RESERVED CVE-2019-10029 RESERVED CVE-2019-10028 (Denial of Service (DOS) in Dial Reference Source Code Used before June ...) NOT-FOR-US: Dial Reference Source Code Repo CVE-2019-10027 (PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field ...) NOT-FOR-US: PHPCMS CVE-2019-10026 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-10025 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-10024 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-10023 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-10022 (An issue was discovered in Xpdf 4.01.01. There is a NULL pointer deref ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-10021 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-10020 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-10019 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-10018 (An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...) {DLA-2440-1} - poppler 0.57.0-2 (low; bug #926133) [jessie] - poppler (Minor issue) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 (PostScriptFunction::exec@Function.cc:1374-42___FPE PoC) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101500 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=e2ab2fa9d8c41e0115b2c276a2594cd2f7c217e6 CVE-2019-10017 (CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, ...) NOT-FOR-US: CMS Made Simple CVE-2019-10016 (GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words ...) NOT-FOR-US: GForge Advanced Server CVE-2019-10015 (baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitra ...) NOT-FOR-US: baigoStudio CVE-2019-10014 (In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticate ...) NOT-FOR-US: DedeCMS CVE-2019-9999 RESERVED CVE-2019-9998 RESERVED CVE-2019-9997 RESERVED CVE-2019-9996 RESERVED CVE-2019-9995 RESERVED CVE-2019-9994 RESERVED CVE-2019-9993 RESERVED CVE-2019-9992 RESERVED CVE-2019-9991 RESERVED CVE-2019-9990 RESERVED CVE-2019-9989 RESERVED CVE-2019-9988 RESERVED CVE-2019-9987 RESERVED CVE-2019-9986 RESERVED CVE-2019-9985 RESERVED CVE-2019-9984 RESERVED CVE-2019-9983 REJECTED CVE-2019-9982 RESERVED CVE-2019-9981 RESERVED CVE-2019-9980 RESERVED CVE-2019-9979 RESERVED CVE-2019-9978 (The social-warfare plugin before 3.5.3 for WordPress has stored XSS vi ...) NOT-FOR-US: social-warfare plugin for WordPress CVE-2019-9977 (The renderer process in the entertainment system on Tesla Model 3 vehi ...) NOT-FOR-US: entertainment system on Tesla Model 3 vehicles CVE-2019-9976 (The Boa server configuration on DASAN H660RM devices with firmware 1.0 ...) - boa CVE-2019-9975 (DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for ...) NOT-FOR-US: DASAN CVE-2019-9974 (diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lac ...) NOT-FOR-US: DASAN CVE-2019-9973 RESERVED CVE-2019-10013 (The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS t ...) - axtls (bug #953326) CVE-2019-10012 (Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote at ...) NOT-FOR-US: Jenzabar CVE-2019-10011 (ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campu ...) NOT-FOR-US: Jenzabar CVE-2019-10010 (Cross-site scripting (XSS) vulnerability in the PHP League CommonMark ...) NOT-FOR-US: PHP League CommonMark library CVE-2019-10009 (A Directory Traversal issue was discovered in the Web GUI in Titan FTP ...) NOT-FOR-US: Titan FTP CVE-2019-10008 (Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privile ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk CVE-2019-10007 RESERVED CVE-2019-10006 RESERVED CVE-2019-10005 RESERVED CVE-2019-10004 RESERVED CVE-2019-10003 RESERVED CVE-2019-10002 RESERVED CVE-2019-10001 RESERVED CVE-2019-10000 RESERVED CVE-2019-9972 RESERVED CVE-2019-9971 RESERVED CVE-2019-9970 (Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal ...) - signal-desktop (bug #842943) CVE-2019-9969 (XnView Classic 2.48 on Windows allows remote attackers to cause a deni ...) NOT-FOR-US: XnView CVE-2019-9968 (XnView Classic 2.48 on Windows allows remote attackers to cause a deni ...) NOT-FOR-US: XnView CVE-2019-9967 (XnView Classic 2.48 on Windows allows remote attackers to cause a deni ...) NOT-FOR-US: XnView CVE-2019-9966 (XnView Classic 2.48 on Windows allows remote attackers to cause a deni ...) NOT-FOR-US: XnView CVE-2019-9965 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial ...) NOT-FOR-US: XnView CVE-2019-9964 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial ...) NOT-FOR-US: XnView CVE-2019-9963 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial ...) NOT-FOR-US: XnView CVE-2019-9962 (XnView MP 0.93.1 on Windows allows remote attackers to cause a denial ...) NOT-FOR-US: XnView CVE-2019-9961 (A cross-site scripting (XSS) vulnerability in ressource view in core/m ...) NOT-FOR-US: Wikindx CVE-2019-9960 (The downloadZip function in application/controllers/admin/export.php i ...) - limesurvey (bug #472802) CVE-2019-9959 (The JPXStream::init function in Poppler 0.78.0 and earlier doesn't che ...) {DLA-2440-1 DLA-1963-1} [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #941776) [buster] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/805 NOTE: Patch: https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557 (poppler-0.79.0) NOTE: Reproducer: https://gitlab.freedesktop.org/poppler/poppler/uploads/3f22837ebd503f87e730b51221b89742/raiter_issue5465.pdf CVE-2019-9958 (CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 u ...) NOT-FOR-US: Quadbase EspressReport ES (ERES) CVE-2019-9957 (Stored XSS within Quadbase EspressReport ES (ERES) v7.0 update 7 allow ...) NOT-FOR-US: Quadbase EspressReport ES (ERES) CVE-2019-9956 (In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in ...) {DSA-4436-1 DLA-1785-1} - imagemagick 8:6.9.10.23+dfsg-2.1 (bug #925395) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1523 NOTE: https://github.com/ImageMagick/ImageMagick/commit/34a6a5a45e83a4af852090b4e43f168a380df979 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/90401e430840c5ff31ad870f4370bbda1318ac94 CVE-2019-9955 (On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, ...) NOT-FOR-US: Zyxel CVE-2019-9954 RESERVED CVE-2019-9953 RESERVED CVE-2019-9952 RESERVED CVE-2019-9951 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...) NOT-FOR-US: Western Digital CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My ...) NOT-FOR-US: Western Digital CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...) NOT-FOR-US: Western Digital CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...) {DLA-2337-1 DLA-2280-1 DLA-1852-1 DLA-1834-1} - python3.7 3.7.4~rc2-2 [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 - python3.5 - python3.4 - python2.7 2.7.16-2 NOTE: https://bugs.python.org/issue35907 NOTE: https://github.com/python/cpython/pull/11842 NOTE: https://github.com/python/cpython/commit/34bab215596671d0dec2066ae7d7450cd73f638b (3.7) NOTE: https://github.com/python/cpython/commit/4f06dae5d8d4400ba38d8502da620f07d4a5696e (3.6) NOTE: https://github.com/python/cpython/commit/b15bde8058e821b383d81fcae68b335a752083ca (2.7) NOTE: https://github.com/python/cpython/commit/942c31dffbe886ff02e25a319cc3891220b8c641 (2.7) CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...) {DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1} - python3.7 3.7.4~rc2-2 [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 - python3.5 - python3.4 - python2.7 2.7.16-3 [buster] - python2.7 2.7.16-2+deb10u1 NOTE: https://bugs.python.org/issue35906 NOTE: Introduced by: https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2262 NOTE: CVE-2019-9947 issue fixed with same fix as for CVE-2019-9740 NOTE: Patch 2.7: https://github.com/python/cpython/commit/bb8071a4cae5ab3fe321481dd3d73662ffb26052 CVE-2019-9946 (Cloud Native Computing Foundation (CNCF) CNI (Container Networking Int ...) - kubernetes 1.17.4-1 - golang-github-containernetworking-plugins (Fixed before initial upload) - singularity-container 3.5.0+ds1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1692712 NOTE: singularity-container embeds a copy, but switched to packaged one in 3.5.0+ds1-1, marking as fixed CVE-2019-9945 (SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGI ...) NOT-FOR-US: SoftNAS Cloud CVE-2019-9944 (In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the r ...) NOT-FOR-US: Open Microscopy Environment OMERO.server CVE-2019-9943 (In ome.services.graphs.GraphTraversal.findObjectDetails in Open Micros ...) NOT-FOR-US: Open Microscopy Environment OMERO.server CVE-2019-9942 (A sandbox information disclosure exists in Twig before 1.38.0 and 2.x ...) {DSA-4419-1} [experimental] - twig 2.7.1-1 - twig 2.6.2-2 [jessie] - twig (low priority, sandbox disabled by default) NOTE: https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077 NOTE: https://symfony.com/blog/twig-sandbox-information-disclosure CVE-2019-9941 RESERVED CVE-2019-9940 RESERVED CVE-2019-9939 (The SHAREit application before 4.0.36 for Android allows a remote atta ...) NOT-FOR-US: SHAREit CVE-2019-9938 (The SHAREit application before 4.0.42 for Android allows a remote atta ...) NOT-FOR-US: SHAREit CVE-2019-9937 (In SQLite 3.27.2, interleaving reads and writes in a single transactio ...) {DLA-2340-1} - sqlite3 3.27.2-2 (low; bug #925290) [jessie] - sqlite3 (fts5 introducded later, function not available for fts3) NOTE: https://sqlite.org/src/info/45c73deb440496e8 CVE-2019-9936 (In SQLite 3.27.2, running fts5 prefix queries inside a transaction cou ...) {DLA-2340-1} - sqlite3 3.27.2-2 (low; bug #925289) [jessie] - sqlite3 (fts5 introducded later, function not available for fts3) NOTE: https://sqlite.org/src/info/b3fa58dd7403dbd4 CVE-2019-9935 (Various Lexmark products have Incorrect Access Control (issue 2 of 2). ...) NOT-FOR-US: Lexmark CVE-2019-9934 (Various Lexmark products have Incorrect Access Control (issue 1 of 2). ...) NOT-FOR-US: Lexmark CVE-2019-9933 (Various Lexmark products have a Buffer Overflow (issue 3 of 3). ...) NOT-FOR-US: Lexmark CVE-2019-9932 (Various Lexmark products have a Buffer Overflow (issue 2 of 3). ...) NOT-FOR-US: Lexmark CVE-2019-9931 (Various Lexmark printers contain a denial of service vulnerability in ...) NOT-FOR-US: Lexmark CVE-2019-9930 (Various Lexmark products have an Integer Overflow. ...) NOT-FOR-US: Lexmark CVE-2019-9929 (Northern.tech CFEngine Enterprise 3.12.1 has Insecure Permissions. ...) - cfengine3 (Issue only affecting CFEngine Enterprise 3.x version) NOTE: Issue is specific to Enterprise version leaking CFE_ROBOT user secrets on NOTE: installation of CFEngine Enterprise Hub package. CVE-2019-9928 (GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP c ...) {DSA-4437-1 DLA-1770-1 DLA-1769-1} [experimental] - gst-plugins-base1.0 1.15.90-1 - gst-plugins-base1.0 1.14.4-2 (bug #927978) - gst-plugins-base0.10 NOTE: https://gstreamer.freedesktop.org/security/sa-2019-0001.html NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/merge_requests/157 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/commit/f672277509705c4034bc92a141eefee4524d15aa (1.15.90) CVE-2019-9927 (Caret before 2019-02-22 allows Remote Code Execution. ...) NOT-FOR-US: Caret editor CVE-2019-9926 (An issue was discovered in LabKey Server 19.1.0. It is possible to for ...) NOT-FOR-US: LabKey Server CVE-2019-9925 (S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. ...) NOT-FOR-US: S-CMS PHP CVE-2019-9924 (rbash in Bash before 4.4-beta2 did not prevent the shell user from mod ...) {DLA-1726-1} - bash 4.4-1 (low) NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1803441 CVE-2019-9923 (pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointe ...) - tar 1.32+dfsg-1 (unimportant; bug #925286) NOTE: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120 NOTE: http://savannah.gnu.org/bugs/?55369 (private) NOTE: https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241 NOTE: Crash in CLI tool, no security impact CVE-2019-9922 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...) NOT-FOR-US: Harmis JE Messenger component for Joomla! CVE-2019-9921 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...) NOT-FOR-US: Harmis JE Messenger component for Joomla! CVE-2019-9920 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...) NOT-FOR-US: Harmis JE Messenger component for Joomla! CVE-2019-9919 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...) NOT-FOR-US: Harmis JE Messenger component for Joomla! CVE-2019-9918 (An issue was discovered in the Harmis JE Messenger component 1.2.2 for ...) NOT-FOR-US: Harmis JE Messenger component for Joomla! CVE-2019-9917 (ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial ...) {DSA-4463-1} - znc 1.7.2-2 (bug #925285) [jessie] - znc (Minor issue, workaround is to disable modpython) NOTE: https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973 NOTE: Every version between 0.096 and 1.7.2 (incl) is vulnerable to the issue, NOTE: but earlier versions could not be fixed without a major rewrite. A workaround NOTE: though is to disable modpython. CVE-2019-9916 RESERVED CVE-2019-9915 (GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redir ...) NOT-FOR-US: GetSimpleCMS CVE-2019-9914 (The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php? ...) NOT-FOR-US: Wordpress plugin CVE-2019-9913 (The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-adm ...) NOT-FOR-US: Wordpress plugin CVE-2019-9912 (The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the ...) NOT-FOR-US: Wordpress plugin CVE-2019-9911 (The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 ...) NOT-FOR-US: Wordpress plugin CVE-2019-9910 (The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?pag ...) NOT-FOR-US: Wordpress plugin CVE-2019-9909 (The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for ...) NOT-FOR-US: Wordpress plugin CVE-2019-9908 (The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-gen ...) NOT-FOR-US: Wordpress plugin CVE-2019-9907 RESERVED CVE-2019-9906 RESERVED CVE-2019-9905 RESERVED CVE-2019-9904 (An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2. ...) - graphviz (low; bug #925284) [bullseye] - graphviz (Minor issue) [buster] - graphviz (Minor issue) [stretch] - graphviz (Minor issue) [jessie] - graphviz (Minor issue) NOTE: https://gitlab.com/graphviz/graphviz/issues/1512 CVE-2019-9903 (PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict mark ...) [experimental] - poppler 0.81.0-1 - poppler 0.85.0-2 (low; bug #925264) [buster] - poppler (Minor issue) [stretch] - poppler (Minor issue) [jessie] - poppler (Vulnerable code not present) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/741 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/fada09a2ccc11a3a1d308e810f1336d8df6011fd CVE-2019-9902 RESERVED CVE-2019-9901 (Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote att ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-9900 (When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not r ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2019-9899 RESERVED CVE-2019-9898 (Potential recycling of random numbers used in cryptography exists with ...) {DSA-4423-1 DLA-1763-1} - putty 0.70-6 NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rng-reuse.html NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=320bf8479ff5bcbad239db4f9f4aa63656b0675e CVE-2019-9897 (Multiple denial-of-service attacks that can be triggered by writing to ...) {DSA-4423-1 DLA-1763-1} - putty 0.70-6 NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-one-column-cjk.html NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=03777723e553024e94d8bfcf182f3a2e92ffb914 NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-combining-chars-double-width-gtk.html NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=daf91ef8ae9780bb1dfb534afa79e4babb89ba26 NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terminal-dos-combining-chars.html NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=da1c8f15b1bc14c855f0027cf06ba7f1a9c36f3c CVE-2019-9896 (In PuTTY versions before 0.71 on Windows, local attackers could hijack ...) - putty (Only affects PuTTY specific on Windows) CVE-2019-9895 (In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer o ...) {DSA-4423-1} - putty 0.70-6 [jessie] - putty (Too intrusive to backport, patch uses callback handling that is not yet available in Jessie) NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-fd-set-overflow.html NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5c926d9ea4a9e0a0a2384f06c7583648cdff3ed6 CVE-2019-9894 (A remotely triggerable memory overwrite in RSA key exchange in PuTTY b ...) {DSA-4423-1 DLA-1763-1} - putty 0.70-6 NOTE: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d82854999516046122501b2e145099740ed0284f CVE-2019-9892 (An issue was discovered in Open Ticket Request System (OTRS) 5.x throu ...) {DLA-1774-1} - otrs2 6.0.18-1 [buster] - otrs2 6.0.16-2 [stretch] - otrs2 (Non-free not supported) NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/3617488c6c28e06203e4127c7b031140f775a685 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/c3b9342a85c6f2c9382e074ad9cc440ce80a6f34 NOTE: https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/ CVE-2019-9891 (The function getopt_simple as described in Advanced Bash Scripting Gui ...) NOT-FOR-US: Advanced Bash Scripting Guide CVE-2019-9890 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9889 (In Vanilla before 2.6.4, a flaw exists within the getSingleIndex funct ...) NOT-FOR-US: Vanilla Forums CVE-2019-9888 RESERVED CVE-2019-1010319 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...) {DLA-2525-1} - wavpack 5.1.0-7 (low; bug #932061) [buster] - wavpack (Minor issue) NOTE: https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe NOTE: https://github.com/dbry/WavPack/issues/68 CVE-2019-1010318 REJECTED CVE-2019-1010317 (WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialize ...) {DLA-2525-1} - wavpack 5.1.0-7 (low; bug #932060) [buster] - wavpack (Minor issue) NOTE: https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b NOTE: https://github.com/dbry/WavPack/issues/66 CVE-2019-1010316 (pyxtrlock 0.3 and earlier is affected by: Incorrect Access Control. Th ...) NOT-FOR-US: pyxtrlock CVE-2019-1010315 (WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The i ...) {DLA-2525-1} - wavpack 5.1.0-6 (low) NOTE: https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc NOTE: https://github.com/dbry/WavPack/issues/65 CVE-2019-1010314 (Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The imp ...) - gitea CVE-2019-1010313 RESERVED CVE-2019-1010312 REJECTED CVE-2019-1010311 REJECTED CVE-2019-1010310 (GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/pull/5519 NOTE: Only supported behind an authenticated HTTP zone CVE-2019-1010309 REJECTED CVE-2019-1010308 (Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Inc ...) NOT-FOR-US: Aquaverde GmbH Aquarius CMS CVE-2019-1010307 (GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). Th ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2019-1010306 (Slanger 0.6.0 is affected by: Remote Code Execution (RCE). The impact ...) NOT-FOR-US: Slanger CVE-2019-1010305 (libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: I ...) {DLA-2805-1 DLA-1895-1} - libmspack 0.10.1-1 NOTE: https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d NOTE: https://github.com/kyz/libmspack/issues/27 CVE-2019-1010304 (Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f ...) NOT-FOR-US: Mirumee Saleor CVE-2019-1010303 RESERVED CVE-2019-1010302 (jhead 3.03 is affected by: Incorrect Access Control. The impact is: De ...) {DLA-2054-1} - jhead 1:3.03-2 (unimportant; bug #932146) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679978 NOTE: No security impact, crash in CLI tool CVE-2019-1010301 (jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of s ...) {DLA-2054-1} - jhead 1:3.03-2 (unimportant; bug #932145) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1679952 NOTE: No security impact, crash in CLI tool CVE-2019-1010300 (mz-automation libiec61850 1.3.2 1.3.1 1.3.0 is affected by: Buffer Ove ...) NOT-FOR-US: libIEC61850 CVE-2019-1010299 (The Rust Programming Language Standard Library 1.18.0 and later is aff ...) - rustc 1.30.0+dfsg1-1 [stretch] - rustc (Minor issue) [jessie] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/53566 NOTE: https://github.com/rust-lang/rust/pull/53571/commits/b85e4cc8fadaabd41da5b9645c08c68b8f89908d CVE-2019-1010298 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...) NOT-FOR-US: Linaro/OP-TEE OP-TEE CVE-2019-1010297 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...) NOT-FOR-US: Linaro/OP-TEE OP-TEE CVE-2019-1010296 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...) NOT-FOR-US: Linaro/OP-TEE OP-TEE CVE-2019-1010295 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow ...) NOT-FOR-US: Linaro/OP-TEE OP-TEE CVE-2019-1010294 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. ...) NOT-FOR-US: Linaro/OP-TEE OP-TEE CVE-2019-1010293 (Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossi ...) NOT-FOR-US: Linaro/OP-TEE OP-TEE CVE-2019-1010292 (Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary ...) NOT-FOR-US: Linaro/OP-TEE OP-TEE CVE-2019-1010291 RESERVED CVE-2019-1010290 (Babel: Multilingual site Babel All is affected by: Open Redirection. T ...) NOT-FOR-US: Babel: Multilingual CVE-2019-1010289 RESERVED CVE-2019-1010288 RESERVED CVE-2019-1010287 (Timesheet Next Gen 1.5.3 and earlier is affected by: Cross Site Script ...) NOT-FOR-US: Timesheet Next Gen CVE-2019-1010286 RESERVED CVE-2019-1010285 RESERVED CVE-2019-1010284 RESERVED CVE-2019-1010283 (Univention Corporate Server univention-directory-notifier 12.0.1-3 and ...) NOT-FOR-US: Univention Corporate Server univention-directory-notifier CVE-2019-1010282 RESERVED CVE-2019-1010281 RESERVED CVE-2019-1010280 RESERVED CVE-2019-1010279 (Open Information Security Foundation Suricata prior to version 4.1.3 i ...) - suricata 1:4.1.3-1 (low) [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Minor issue) NOTE: https://github.com/OISF/suricata/pull/3625 NOTE: https://github.com/OISF/suricata/commit/d8634daf74c882356659addb65fb142b738a186b NOTE: https://redmine.openinfosecfoundation.org/issues/2770 CVE-2019-1010278 RESERVED CVE-2019-1010277 RESERVED CVE-2019-1010276 RESERVED CVE-2019-1010275 (helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Valida ...) - helm-kubernetes (bug #910799) CVE-2019-1010274 RESERVED CVE-2019-1010273 RESERVED CVE-2019-1010272 RESERVED CVE-2019-1010271 RESERVED CVE-2019-1010270 RESERVED CVE-2019-1010269 RESERVED CVE-2019-1010268 (Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is ...) NOT-FOR-US: Ladon CVE-2019-1010267 RESERVED CVE-2019-1010266 (lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource ...) - node-lodash 4.17.11+dfsg-1 (unimportant) NOTE: https://github.com/lodash/lodash/issues/3359 NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-73639 NOTE: nodejs not covered by security support CVE-2019-1010265 RESERVED CVE-2019-1010264 RESERVED CVE-2019-1010263 (Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Contro ...) - libcrypt-jwt-perl (Fixed with the initial upload to Debian) NOTE: https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c NOTE: https://www.openwall.com/lists/oss-security/2018/09/07/1 CVE-2019-1010262 REJECTED CVE-2019-1010261 (Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). Th ...) - gitea CVE-2019-1010260 (Using ktlint to download and execute custom rulesets can result in arb ...) NOT-FOR-US: ktlint CVE-2019-1010259 (SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impac ...) - salt 2018.3.4~git20180207+dfsg1-1 [stretch] - salt (vulnerable MySQL queries are not present) [jessie] - salt (vulnerable MySQL queries are not present) NOTE: https://github.com/saltstack/salt/pull/51462 CVE-2019-1010258 (nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf4 ...) NOT-FOR-US: nanosvg CVE-2019-1010257 (An Information Disclosure / Data Modification issue exists in article2 ...) NOT-FOR-US: article2pdf Wordpress plugin CVE-2019-1010256 RESERVED CVE-2019-1010255 RESERVED CVE-2019-1010254 RESERVED CVE-2019-1010253 RESERVED CVE-2019-1010252 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input ...) NOT-FOR-US: ONOS CVE-2019-1010251 (Open Information Security Foundation Suricata prior to version 4.1.2 i ...) - suricata 1:4.1.2-2 (low) [buster] - suricata (Minor issue) [stretch] - suricata (Minor issue) [jessie] - suricata (Minor issue) NOTE: https://github.com/OISF/suricata/commit/11f3659f64a4e42e90cb3c09fcef66894205aefe NOTE: https://github.com/OISF/suricata/commit/8357ef3f8ffc7d99ef6571350724160de356158b NOTE: https://redmine.openinfosecfoundation.org/issues/2736 CVE-2019-1010250 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input ...) NOT-FOR-US: ONOS CVE-2019-1010249 (The Linux Foundation ONOS 2.0.0 and earlier is affected by: Integer Ov ...) NOT-FOR-US: ONOS CVE-2019-1010248 (Synetics GmbH I-doit 1.12 and earlier is affected by: SQL Injection. T ...) NOT-FOR-US: ONOS CVE-2019-1010247 (ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cr ...) {DLA-2298-1 DLA-1894-1} - libapache2-mod-auth-openidc 2.3.10.2-1 NOTE: Fixed by: https://github.com/zmartzone/mod_auth_openidc/commit/132a4111bf3791e76437619a66336dce2ce4c79b (v2.3.10.2) NOTE: https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-001_mod_auth_openidc_reflected_xss.txt CVE-2019-1010246 (MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affecte ...) NOT-FOR-US: MailCleaner CVE-2019-1010245 (The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is ...) NOT-FOR-US: ONOS CVE-2019-1010244 RESERVED CVE-2019-1010243 RESERVED CVE-2019-1010242 RESERVED CVE-2019-1010241 (Jenkins Credentials Binding Plugin Jenkins 1.17 is affected by: CWE-25 ...) NOT-FOR-US: Jenkins plugin CVE-2019-1010240 RESERVED CVE-2019-1010239 (DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusua ...) - cjson 1.7.10-1 NOTE: https://github.com/DaveGamble/cJSON/commit/be749d7efa7c9021da746e685bd6dec79f9dd99b NOTE: https://github.com/DaveGamble/cJSON/issues/315 CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact ...) {DSA-4496-1} - pango1.0 1.42.4-7 (bug #933860) [stretch] - pango1.0 (Vulnerable code introduced later) [jessie] - pango1.0 (Vulnerable code introduced later) NOTE: https://gitlab.gnome.org/GNOME/pango/issues/342 NOTE: https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54 (1.44) CVE-2019-1010237 (Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site ...) NOT-FOR-US: ILIAS CVE-2019-1010236 RESERVED CVE-2019-1010235 (Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is ...) NOT-FOR-US: Frog CMS CVE-2019-1010234 (The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper I ...) NOT-FOR-US: ONOS CVE-2019-1010233 RESERVED CVE-2019-1010232 (Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab ...) NOT-FOR-US: Juniper CVE-2019-1010231 RESERVED CVE-2019-1010230 RESERVED CVE-2019-1010229 RESERVED CVE-2019-1010228 (OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The im ...) - dcmtk 3.6.4-1 (low) [stretch] - dcmtk (Minor issue) [jessie] - dcmtk (Minor issue) NOTE: https://support.dcmtk.org/redmine/issues/858 NOTE: https://github.com/commontk/DCMTK/commit/40917614e CVE-2019-1010227 RESERVED CVE-2019-1010226 RESERVED CVE-2019-1010225 RESERVED CVE-2019-1010224 REJECTED CVE-2019-1010223 REJECTED CVE-2019-1010222 REJECTED CVE-2019-1010221 (LineageOS 16.0 and earlier is affected by: Incorrect Access Control. T ...) NOT-FOR-US: LineageOS CVE-2019-1010220 (tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. T ...) - tcpdump (unimportant) NOTE: No security impact CVE-2019-1010219 RESERVED CVE-2019-1010218 (Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Cu ...) - cherokee CVE-2019-1010217 RESERVED CVE-2019-1010216 RESERVED CVE-2019-1010215 RESERVED CVE-2019-1010214 RESERVED CVE-2019-1010213 RESERVED CVE-2019-1010212 RESERVED CVE-2019-1010211 RESERVED CVE-2019-1010210 RESERVED CVE-2019-1010209 (GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE ...) NOT-FOR-US: GoUrl.io GoURL Wordpress Plugin CVE-2019-1010208 (IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracryp ...) NOT-FOR-US: VeraCrypt CVE-2019-1010207 (Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scrip ...) NOT-FOR-US: Genetechsolutions Pie Register CVE-2019-1010206 (OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL ...) NOT-FOR-US: OSS Http Request (Apache Cordova Plugin) CVE-2019-1010205 (LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247f ...) NOT-FOR-US: LINAGORA hublin CVE-2019-1010204 (GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is aff ...) - binutils (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23765 NOTE: binutils not covered by security support CVE-2019-1010203 RESERVED CVE-2019-1010202 (Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is ...) NOT-FOR-US: Jeesite CVE-2019-1010201 (Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive ...) NOT-FOR-US: Jeesite CVE-2019-1010200 (Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b ...) NOT-FOR-US: Voice Builder CVE-2019-1010199 (ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site ...) NOT-FOR-US: ServiceStack ServiceStack Framework CVE-2019-1010198 RESERVED CVE-2019-1010197 RESERVED CVE-2019-1010196 RESERVED CVE-2019-1010195 RESERVED CVE-2019-1010194 RESERVED CVE-2019-1010193 (hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). ...) NOT-FOR-US: hisiphp CVE-2019-1010192 RESERVED CVE-2019-1010191 (marginalia < 1.6 is affected by: SQL Injection. The impact is: The ...) NOT-FOR-US: marginalia CVE-2019-1010190 (mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact i ...) - mgetty 1.2.1-1 [stretch] - mgetty (Minor issue) [jessie] - mgetty (Minor issue) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ CVE-2019-1010189 (mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impac ...) - mgetty 1.2.1-1 [stretch] - mgetty (Minor issue) [jessie] - mgetty (Minor issue) NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/ CVE-2019-1010188 RESERVED CVE-2019-1010187 RESERVED CVE-2019-1010186 RESERVED CVE-2019-1010185 RESERVED CVE-2019-1010184 RESERVED CVE-2019-1010183 (serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion ...) NOT-FOR-US: serde_yaml CVE-2019-1010182 (yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. Th ...) - rust-yaml-rust (Fixed before initial release to Debian) NOTE: https://github.com/chyh1990/yaml-rust/pull/109 CVE-2019-1010181 RESERVED CVE-2019-1010180 (GNU gdb All versions is affected by: Buffer Overflow - Out of bound me ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8ff71a9c80cfcf64c54d4ae938c644b1b1ea19fb NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23657 CVE-2019-1010179 (PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affe ...) NOT-FOR-US: PHKP CVE-2019-1010178 (Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access ...) NOT-FOR-US: Fred MODX Revolution CVE-2019-1010177 (Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: deni ...) NOT-FOR-US: Jsish CVE-2019-1010176 (JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affecte ...) - iotjs 1.0+715-1 [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/2476 NOTE: https://github.com/jerryscript-project/jerryscript/commit/505dace719aebb3308a3af223cfaa985159efae0 CVE-2019-1010175 RESERVED CVE-2019-1010174 (CImg The CImg Library v.2.3.3 and earlier is affected by: command inje ...) {DLA-2421-1 DLA-1934-1} - cimg 2.3.6+dfsg-1 NOTE: https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146 (v.2.3.4) CVE-2019-1010173 (Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is ...) NOT-FOR-US: Jsish CVE-2019-1010172 (Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. ...) NOT-FOR-US: Jsish CVE-2019-1010171 (Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impac ...) NOT-FOR-US: Jsish CVE-2019-1010170 (Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: den ...) NOT-FOR-US: Jsish CVE-2019-1010169 (Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: ...) NOT-FOR-US: Jsish CVE-2019-1010168 RESERVED CVE-2019-1010167 RESERVED CVE-2019-1010166 RESERVED CVE-2019-1010165 RESERVED CVE-2019-1010164 RESERVED CVE-2019-1010163 (Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overf ...) NOT-FOR-US: Socusoft Co Photo 2 Video Converter CVE-2019-1010162 (jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. ...) NOT-FOR-US: Jsish CVE-2019-1010161 (perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Cont ...) - libcrypt-jwt-perl (Fixed with initial upload to Debian) NOTE: https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483 CVE-2019-1010160 RESERVED CVE-2019-1010159 RESERVED CVE-2019-1010158 RESERVED CVE-2019-1010157 RESERVED CVE-2019-1010156 REJECTED CVE-2019-1010155 (** DISPUTED ** D-Link DSL-2750U 1.11 is affected by: Authentication By ...) NOT-FOR-US: D-Link CVE-2019-1010154 RESERVED CVE-2019-1010153 (zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sq ...) NOT-FOR-US: zzcms CVE-2019-1010152 (zzcms 8.3 and earlier is affected by: File Delete to Code Execution. T ...) NOT-FOR-US: zzcms CVE-2019-1010151 (zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. ...) NOT-FOR-US: zzcms CVE-2019-1010150 (zzcms 8.3 and earlier is affected by: File Delete to Code Execution. T ...) NOT-FOR-US: zzcms CVE-2019-1010149 (zzcms version 8.3 and earlier is affected by: File Delete to Code Exec ...) NOT-FOR-US: zzcms CVE-2019-1010148 (zzcms version 8.3 and earlier is affected by: SQL Injection. The impac ...) NOT-FOR-US: zzcms CVE-2019-1010147 (Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: In ...) NOT-FOR-US: Yellowfin Smart Reporting CVE-2019-1010146 RESERVED CVE-2019-1010145 RESERVED CVE-2019-1010144 RESERVED CVE-2019-1010143 RESERVED CVE-2019-1010142 (scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite ...) - scapy 2.4.2-1 [buster] - scapy (Minor issue) [stretch] - scapy (Vulnerable code not present) [jessie] - scapy (Vulnerable code not present) NOTE: https://github.com/secdev/scapy/pull/1409 NOTE: https://github.com/secdev/scapy/commit/0d7ae2b039f650a40e511d09eb961c782da025d9 (v2.4.1) NOTE: https://github.com/secdev/scapy/pull/1409/files#diff-441eff981e466959968111fc6314fe93L1058 CVE-2019-1010141 RESERVED CVE-2019-1010140 RESERVED CVE-2019-1010139 RESERVED CVE-2019-1010138 RESERVED CVE-2019-1010137 RESERVED CVE-2019-1010136 (ChinaMobile GPN2.4P21-C-CN W2001EN-00 is affected by: Incorrect Access ...) NOT-FOR-US: ChinaMobile GPN2.4P21-C-CN W2001EN-00 CVE-2019-1010135 RESERVED CVE-2019-1010134 RESERVED CVE-2019-1010133 RESERVED CVE-2019-1010132 RESERVED CVE-2019-1010131 RESERVED CVE-2019-1010130 RESERVED CVE-2019-1010129 REJECTED CVE-2019-1010128 RESERVED CVE-2019-1010127 (VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-fr ...) - vcftools 0.1.16-1 [stretch] - vcftools 0.1.14+dfsg-4+deb9u1 [jessie] - vcftools 0.1.12+dfsg-1+deb8u1 NOTE: https://github.com/vcftools/vcftools/commit/00a5b615a61054f23c01a04ebb6790a55029f695 (v0.1.16) NOTE: https://github.com/vcftools/vcftools/commit/e94e2992e2c0f4cc95864a42fe470c040f95712e (v0.1.16) NOTE: https://github.com/vcftools/vcftools/commit/d657d60e37f5d705f9dbb578b516db6e420fb424 (v0.1.16) NOTE: https://github.com/vcftools/vcftools/commit/f6453c581b8113053a25689226920f7ded2e8270 (fix for typo in warning log message)) NOTE: CVE-2019-1010127 is a different issue than CVE-2018-11099, CVE-2018-11129 and NOTE: CVE-2018-11130 but covered with same set of upstream commits. CVE-2019-1010126 RESERVED CVE-2019-1010125 RESERVED CVE-2019-1010124 (WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: ...) NOT-FOR-US: WebAppick WooCommerce Product Feed CVE-2019-1010123 (MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Up ...) NOT-FOR-US: MODX Revolution Gallery CVE-2019-1010122 RESERVED CVE-2019-1010121 RESERVED CVE-2019-1010120 RESERVED CVE-2019-1010119 RESERVED CVE-2019-1010118 RESERVED CVE-2019-1010117 RESERVED CVE-2019-1010116 RESERVED CVE-2019-1010115 RESERVED CVE-2019-1010114 RESERVED CVE-2019-1010113 (Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site ...) NOT-FOR-US: Premium Software CLEditor CVE-2019-1010112 (OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Fo ...) NOT-FOR-US: OECMS CVE-2019-1010111 RESERVED CVE-2019-1010110 RESERVED CVE-2019-1010109 RESERVED CVE-2019-1010108 RESERVED CVE-2019-1010107 RESERVED CVE-2019-1010106 RESERVED CVE-2019-1010105 RESERVED CVE-2019-1010104 (TechyTalk Quick Chat WordPress Plugin All up to the latest is affected ...) NOT-FOR-US: TechyTalk Quick Chat WordPress Plugin All CVE-2019-1010103 RESERVED CVE-2019-1010102 RESERVED CVE-2019-1010101 (Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permiss ...) NOT-FOR-US: Akeo Consulting Rufus CVE-2019-1010100 (Akeo Consulting Rufus 3.0 and earlier is affected by: DLL search order ...) NOT-FOR-US: Akeo Consulting Rufus CVE-2019-1010099 RESERVED CVE-2019-1010098 RESERVED CVE-2019-1010097 RESERVED CVE-2019-1010096 (DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...) NOT-FOR-US: domainmod CVE-2019-1010095 (DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...) NOT-FOR-US: domainmod CVE-2019-1010094 (domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). T ...) NOT-FOR-US: domainmod CVE-2019-1010093 RESERVED CVE-2019-1010092 RESERVED CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...) - tinymce (bug #970256) [buster] - tinymce (Minor issue) [stretch] - tinymce (Minor issue, can't reproduce) [jessie] - tinymce (Minor issue, requires manually copy/pasting javascript to execute it, can't reproduce on Jessie) NOTE: https://github.com/tinymce/tinymce/issues/4394 CVE-2019-1010090 RESERVED CVE-2019-1010089 RESERVED CVE-2019-1010088 RESERVED CVE-2019-1010087 RESERVED CVE-2019-1010086 RESERVED CVE-2019-1010085 RESERVED CVE-2019-1010084 (Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect ...) NOT-FOR-US: Dancer::Plugin::SimpleCRUD CVE-2019-1010083 (The Pallets Project Flask before 1.0 is affected by: unexpected memory ...) - flask 1.0.2-1 [stretch] - flask (Minor issue) [jessie] - flask (Minor issue) NOTE: https://www.palletsprojects.com/blog/flask-1-0-released/ NOTE: https://github.com/pallets/flask/pull/2691/commits/ab4142215d836b0298fc47fa1e4b75408b9c37a0 NOTE: After communication with MITRE, this CVE *might* overlap CVE-2018-1000656. NOTE: CVE-2019-1010083 was back then assigned by the DWF CNA, but the exact scope NOTE: of the CVE is unclear and might for instance be for an incomplete fix of NOTE: CVE-2018-1000656. As such it was only noted with a "may overlap". The NOTE: CVE-2019-1010083 only refers to the 1.0 release announcement and it is NOTE: guaranteed that it relates as well to pull request 2691. Upstream itself did NOTE: not comment on direct pings/questions back. CVE-2019-1010082 RESERVED CVE-2019-1010081 RESERVED CVE-2019-1010080 RESERVED CVE-2019-1010079 RESERVED CVE-2019-1010078 RESERVED CVE-2019-1010077 RESERVED CVE-2019-1010076 RESERVED CVE-2019-1010075 RESERVED CVE-2019-1010074 RESERVED CVE-2019-1010073 REJECTED CVE-2019-1010072 RESERVED CVE-2019-1010071 RESERVED CVE-2019-1010070 RESERVED CVE-2019-1010069 (moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The ...) - abcm2ps 8.14.2-0.1 (unimportant) NOTE: https://github.com/leesavide/abcm2ps/issues/18 NOTE: https://github.com/leesavide/abcm2ps/commit/08aef597656d065e86075f3d53fda89765845eae (v8.13.21) NOTE: Crash in CLI tool, no security impact CVE-2019-1010068 RESERVED CVE-2019-1010067 RESERVED CVE-2019-1010066 (Lawrence Livermore National Laboratory msr-safe v1.1.0 is affected by: ...) NOT-FOR-US: Lawrence Livermore National Laboratory msr-safe CVE-2019-1010065 (The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The ...) - sleuthkit 4.6.1-1 (unimportant) NOTE: https://github.com/sleuthkit/sleuthkit/commit/114cd3d0aac8bd1aeaf4b33840feb0163d342d5b (4.6.1) NOTE: Negligible security impact CVE-2019-1010064 RESERVED CVE-2019-1010063 RESERVED CVE-2019-1010062 (PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload ...) NOT-FOR-US: PluckCMS CVE-2019-1010061 REJECTED CVE-2019-1010060 (NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact ...) - cfitsio 3.430-1 (low; bug #892458) [stretch] - cfitsio (Minor issue) [jessie] - cfitsio (Minor issue) NOTE: The issue is specifically to other issues not covered by CVE-2018-3846, NOTE: CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849 but fixed in 3.43. One NOTE: example is ftp_status in drvrnet.c mishandling a long string beginning NOTE: with a '4' character. CVE-2019-1010059 RESERVED CVE-2019-1010058 RESERVED CVE-2019-1010057 (nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact ...) {DLA-2383-1} - nfdump 1.6.17-1 NOTE: https://github.com/phaag/nfdump/issues/104 NOTE: https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e CVE-2019-1010056 RESERVED CVE-2019-1010055 RESERVED CVE-2019-1010054 (Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The ...) - dolibarr CVE-2019-1010053 RESERVED CVE-2019-1010052 RESERVED CVE-2019-1010051 RESERVED CVE-2019-1010050 RESERVED CVE-2019-1010049 RESERVED CVE-2019-1010048 REJECTED CVE-2019-1010047 RESERVED CVE-2019-1010046 RESERVED CVE-2019-1010045 RESERVED CVE-2019-1010044 (borg-reducer c6d5240 is affected by: Buffer Overflow. The impact is: P ...) NOT-FOR-US: borg-reducer CVE-2019-1010043 (Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: P ...) - ioquake3 (unimportant) NOTE: https://github.com/ec-/Quake3e/issues/9 NOTE: https://github.com/ec-/Quake3e/commit/fea3c4144c7b325634cdf638d1582c772a2db3bd NOTE: No security impact CVE-2019-1010042 REJECTED CVE-2019-1010041 RESERVED CVE-2019-1010040 RESERVED CVE-2019-1010039 (uLaunchELF < commit 170827a is affected by: Buffer Overflow. The im ...) NOT-FOR-US: uLaunchELF CVE-2019-1010038 (OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is ...) NOT-FOR-US: OpenModelica OMCompiler CVE-2019-1010037 RESERVED CVE-2019-1010036 RESERVED CVE-2019-1010035 RESERVED CVE-2019-1010034 (Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL ...) NOT-FOR-US: Deepwoods Software WebLibrarian CVE-2019-1010033 RESERVED CVE-2019-1010032 RESERVED CVE-2019-1010031 RESERVED CVE-2019-1010030 REJECTED CVE-2019-1010029 RESERVED CVE-2019-1010028 (phpscriptsmall.com School College Portal with ERP Script 2.6.1 and ear ...) NOT-FOR-US: School College Portal CVE-2019-1010027 RESERVED CVE-2019-1010026 RESERVED CVE-2019-1010025 (** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ...) - glibc (unimportant) NOTE: Not treated as a security issue by upstream NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22853 CVE-2019-1010024 (** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ...) - glibc (unimportant) NOTE: Not treated as a security issue by upstream NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22852 CVE-2019-1010023 (** DISPUTED ** GNU Libc current is affected by: Re-mapping current loa ...) - glibc (unimportant) NOTE: Not treated as a security issue by upstream NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22851 CVE-2019-1010022 (** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The ...) - glibc (unimportant) NOTE: Not treated as a security issue by upstream NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22850 CVE-2019-1010021 RESERVED CVE-2019-1010020 RESERVED CVE-2019-1010019 RESERVED CVE-2019-1010018 (Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Script ...) - zammad (bug #841355) CVE-2019-1010017 (libnmap < v0.6.3 is affected by: XML Injection. The impact is: Deni ...) - python-libnmap 0.7.2-1 (low) [buster] - python-libnmap (Minor issue) NOTE: https://github.com/savon-noir/python-libnmap/issues/87 NOTE: https://github.com/savon-noir/python-libnmap/pull/109 CVE-2019-1010016 (Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact ...) - dolibarr NOTE: https://github.com/Dolibarr/dolibarr/issues/7962 CVE-2019-1010015 RESERVED CVE-2019-1010014 RESERVED CVE-2019-1010013 RESERVED CVE-2019-1010012 RESERVED CVE-2019-1010011 REJECTED CVE-2019-1010010 RESERVED CVE-2019-1010009 (DGLogik Inc DGLux Server All Versions is affected by: Insecure Permiss ...) NOT-FOR-US: DGLogik Inc DGLux Server CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scr ...) NOT-FOR-US: OpenEnergyMonitor Project Emoncms CVE-2019-1010007 RESERVED CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...) {DSA-4624-1 DLA-1882-1 DLA-1881-1} - atril 1.22.2-1 [buster] - atril 1.20.3-1+deb10u1 [stretch] - atril 1.16.1-2+deb9u2 - evince 3.27.92-1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=788980 NOTE: https://gitlab.gnome.org/GNOME/evince/commit/e6ed0d4cdb6326e329c8f61f9cc19ff9331cb0ce (3.27.91) NOTE: https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 (3.27.91) CVE-2019-1010005 (HexoEditor v1.1.8-beta is affected by: XSS to code execution. ...) NOT-FOR-US: HexoEditor CVE-2019-1010004 (SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds ...) {DLA-1695-1 DLA-1197-1} - sox 14.4.2-2 (bug #881121) [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://github.com/mansr/sox/commit/7a8ceb86212b28243bbb6d0de636f0dfbe833e53 CVE-2019-1010003 (Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS ...) NOT-FOR-US: Leanote CVE-2019-1010002 RESERVED CVE-2019-1010001 RESERVED CVE-2019-6341 (In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.1 ...) {DSA-4412-1 DLA-1746-1} - drupal7 (bug #925176) NOTE: https://www.drupal.org/SA-CORE-2019-004 CVE-2019-9893 (libseccomp before 2.4.0 did not correctly generate 64-bit syscall argu ...) - libseccomp 2.4.1-1 (unimportant; bug #924646) NOTE: https://github.com/seccomp/libseccomp/issues/139 NOTE: No security issue by itself CVE-2019-9887 RESERVED CVE-2019-9886 (Any URLs with download_attachment.php under templates or home folders ...) NOT-FOR-US: BroadLearning eClass CVE-2019-9885 (eClass platform < ip.2.5.10.2.1 allows an attacker to execute SQL c ...) NOT-FOR-US: eClass platform CVE-2019-9884 (eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS meth ...) NOT-FOR-US: eClass platform CVE-2019-9883 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...) NOT-FOR-US: MailSherlock CVE-2019-9882 (Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerabi ...) NOT-FOR-US: MailSherlock CVE-2019-9881 (The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress ...) NOT-FOR-US: WPGraphQL plugin for WordPress CVE-2019-9880 (An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. B ...) NOT-FOR-US: WPGraphQL plugin for WordPress CVE-2019-9879 (The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to re ...) NOT-FOR-US: WPGraphQL plugin for WordPress CVE-2019-9878 (There is an invalid memory access in the function GfxIndexedColorSpace ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-9877 (There is an invalid memory access vulnerability in the function TextPa ...) - xpdf (xpdf in Debian uses poppler, which doesn't contain the vulnerable code) CVE-2019-9876 RESERVED CVE-2019-9875 (Deserialization of Untrusted Data in the anti CSRF module in Sitecore ...) NOT-FOR-US: Sitecore CMS CVE-2019-9874 (Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (a ...) NOT-FOR-US: Sitecore CMS CVE-2019-9873 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating Task ...) - intellij-idea (bug #747616) CVE-2019-9872 (In several versions of JetBrains IntelliJ IDEA Ultimate, creating run ...) - intellij-idea (bug #747616) CVE-2019-9871 (Jector Smart TV FM-K75 devices allow remote code execution because the ...) NOT-FOR-US: Jector Smart TV FM-K75 devices CVE-2019-9870 (plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor m ...) NOT-FOR-US: w8tcha oEmbed plugin for CKEditor CVE-2019-9869 RESERVED CVE-2019-9868 (An issue was discovered in the Web Console in Veritas NetBackup Applia ...) NOT-FOR-US: Veritas NetBackup Appliance CVE-2019-9867 (An issue was discovered in the Web Console in Veritas NetBackup Applia ...) NOT-FOR-US: Veritas NetBackup Appliance CVE-2019-9866 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab 11.8.3-1 (bug #925196) NOTE: https://about.gitlab.com/2019/03/20/critical-security-release-gitlab-11-dot-8-dot-3-released/ CVE-2019-9865 (When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specia ...) NOT-FOR-US: Wind River VxWorks CVE-2019-9864 (PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tamperi ...) NOT-FOR-US: PHP Scripts Mall Amazon Affiliate Store CVE-2019-9863 (Due to the use of an insecure algorithm for rolling codes in the ABUS ...) NOT-FOR-US: ABUS CVE-2019-9862 (An issue was discovered on ABUS Secvest wireless alarm system FUAA5000 ...) NOT-FOR-US: ABUS CVE-2019-9861 (Due to the use of an insecure RFID technology (MIFARE Classic), ABUS p ...) NOT-FOR-US: ABUS CVE-2019-9860 (Due to unencrypted signal communication and predictability of rolling ...) NOT-FOR-US: ABUS CVE-2019-9859 (Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to ...) NOT-FOR-US: Vesta Control Panel (VestaCP) CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail 5.2.22 ...) {DSA-4468-1 DLA-1822-1} - php-horde-form 2.0.18-3.1 (bug #930321) NOTE: https://ssd-disclosure.com/archives/3814/ssd-advisory-horde-groupware-webmail-authenticated-arbitrary-file-injection-to-rce NOTE: https://github.com/horde/Form/commit/c916ba979ad1613d76a9407dd0b67968a9594c0e CVE-2019-9856 RESERVED CVE-2019-9855 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...) - libreoffice (Windows-specific) NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9855/ CVE-2019-9854 (LibreOffice has a feature where documents can specify that pre-install ...) {DSA-4519-1 DLA-1947-1} - libreoffice 1:6.3.1~rc2-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9854/ CVE-2019-9853 (LibreOffice documents can contain macros. The execution of those macro ...) {DSA-4501-1 DLA-1947-1} - libreoffice 1:6.3.0-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9853 CVE-2019-9852 (LibreOffice has a feature where documents can specify that pre-install ...) {DSA-4501-1 DLA-1947-1} - libreoffice 1:6.3.0-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9852/ CVE-2019-9851 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...) {DSA-4501-1 DLA-1947-1} - libreoffice 1:6.3.0-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9851/ CVE-2019-9850 (LibreOffice is typically bundled with LibreLogo, a programmable turtle ...) {DSA-4501-1 DLA-1947-1} - libreoffice 1:6.3.0-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9850/ CVE-2019-9849 (LibreOffice has a 'stealth mode' in which only documents from location ...) {DSA-4483-1 DLA-1947-1} [experimental] - libreoffice 1:6.3.0~beta2-1 - libreoffice 1:6.3.0~rc1-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849/ CVE-2019-9848 (LibreOffice has a feature where documents can specify that pre-install ...) {DSA-4483-1 DLA-1947-1} [experimental] - libreoffice 1:6.3.0~beta2-1 - libreoffice 1:6.3.0~rc1-1 NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/ CVE-2019-9847 (A vulnerability in LibreOffice hyperlink processing allows an attacker ...) - libreoffice (Only affects Libreoffice on Windows and macOS) NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2019-9847/ CVE-2019-9857 (In the Linux kernel through 5.0.2, the function inotify_update_existin ...) - linux 4.19.37-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/62c9d2674b31d4c8a674bee86b7edc6da2803aea CVE-2019-9846 (RockOA 1.8.7 allows remote attackers to obtain sensitive information b ...) NOT-FOR-US: RockOA CVE-2019-9845 (madskristensen Miniblog.Core through 2019-01-16 allows remote attacker ...) NOT-FOR-US: madskristensen Miniblog.Core CVE-2019-9844 (simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows ...) NOT-FOR-US: Khan Academy simple-markdown CVE-2019-9843 (In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and befo ...) NOT-FOR-US: DiffPlug Spotless CVE-2019-9842 (madskristensen MiniBlog through 2018-05-18 allows remote attackers to ...) NOT-FOR-US: madskristensen Miniblog CVE-2019-9841 (Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. ...) NOT-FOR-US: Vesta Control Panel CVE-2019-9840 RESERVED CVE-2019-9839 (VFront 0.99.5 has Reflected XSS via the admin/menu_registri.php descri ...) NOT-FOR-US: VFront CVE-2019-9838 (VFront 0.99.5 has stored XSS via the admin/sync_reg_tab.php azzera par ...) NOT-FOR-US: VFront CVE-2019-9837 (Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorke ...) - ruby-doorkeeper-openid-connect 1.5.5-1 (bug #924747) NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/61 NOTE: https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/66 CVE-2019-9836 (Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) ...) NOT-FOR-US: AMD Secure Encrypted Virtualization (SEV) CVE-2019-9835 (The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set L ...) NOT-FOR-US: Fujitsu Wireless Keyboard Set LX901 GK900 devices CVE-2019-9834 (** DISPUTED ** The Netdata web application through 1.13.0 allows remot ...) - netdata (unimportant) NOTE: https://github.com/netdata/netdata/issues/5800#issuecomment-510986112 NOTE: Risk disupted by upstream because there is a clear warning next to the NOTE: button for importing a snapshot, thus treat the issue as unimportant with NOTE: negligible impact. CVE-2019-9833 (The Screen Stream application through 3.0.15 for Android allows remote ...) NOT-FOR-US: Screen Stream application for Android CVE-2019-9832 (The AirDrop application through 2.0 for Android allows remote attacker ...) NOT-FOR-US: AirDrop application for Android CVE-2019-9831 (The AirMore application through 1.6.1 for Android allows remote attack ...) NOT-FOR-US: AirMore application for Android CVE-2019-9830 RESERVED CVE-2019-9829 (Maccms 10 allows remote attackers to execute arbitrary PHP code by ent ...) NOT-FOR-US: Maccms CVE-2019-9828 RESERVED CVE-2019-9827 (Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote att ...) NOT-FOR-US: Hawtio CVE-2019-9826 (The fulltext search component in phpBB before 3.2.6 allows Denial of S ...) {DLA-1775-1} - phpbb3 NOTE: https://www.openwall.com/lists/oss-security/2019/04/29/3 NOTE: Fixed by https://github.com/phpbb/phpbb/commit/3075d2fecc9f5bb780bb478c0851a704c7f9b392 CVE-2019-9825 (FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arb ...) NOT-FOR-US: FeiFeiCMS CVE-2019-9824 (tcp_emu in slirp/tcp_subr.c (aka slirp/src/tcp_subr.c) in QEMU 3.0.0 u ...) {DSA-4454-1 DLA-1781-1} - qemu 1:3.1+dfsg-6 - qemu-kvm - slirp4netns 0.3.1-1 [buster] - slirp4netns 0.2.3-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-03/msg01871.html NOTE: https://www.openwall.com/lists/oss-security/2019/03/18/1 NOTE: https://github.com/qemu/qemu/commit/d3222975c7d6cda9e25809dea05241188457b113 NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vp7q-v36g-7vq7 CVE-2019-9823 (In several JetBrains IntelliJ IDEA versions, creating remote run confi ...) - intellij-idea (bug #747616) CVE-2019-9822 RESERVED CVE-2019-9821 (A use-after-free vulnerability can occur in AssertWorkerThread due to ...) [experimental] - firefox 67.0-1 - firefox 67.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9821 CVE-2019-9820 (A use-after-free vulnerability can occur in the chrome event handler w ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9820 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9820 CVE-2019-9819 (A vulnerability where a JavaScript compartment mismatch can occur whil ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9819 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9819 CVE-2019-9818 (A race condition is present in the crash generation server used to gen ...) - firefox (Windows-specific) - firefox-esr (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9818 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9818 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9818 CVE-2019-9817 (Images from a different domain can be read using a canvas object in so ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9817 CVE-2019-9816 (A possible vulnerability exists where type confusion can occur when ma ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9816 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9816 CVE-2019-9815 (If hyperthreading is not disabled, a timing attack vulnerability exist ...) - firefox (MacOS-specific) - firefox-esr (MacOS-specific) - thunderbird (MacOS-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9815 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9815 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9815 CVE-2019-9814 (Mozilla developers and community members reported memory safety bugs p ...) [experimental] - firefox 67.0-1 - firefox 67.0-2 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9814 CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confusion i ...) {DSA-4417-1 DLA-1727-1} - firefox 66.0.1-1 - firefox-esr 60.6.1esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813 CVE-2019-9812 (Given a compromised sandboxed content process due to a separate vulner ...) {DSA-4516-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-9812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-9812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-9812 CVE-2019-9811 (As part of a winning Pwn2Own entry, a researcher demonstrated a sandbo ...) {DSA-4482-1 DSA-4479-1 DLA-1870-1 DLA-1869-1} - firefox 68.0-1 - firefox-esr 60.8.0esr-1 - thunderbird 1:60.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-9811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-9811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-9811 CVE-2019-9810 (Incorrect alias information in IonMonkey JIT compiler for Array.protot ...) {DSA-4417-1 DLA-1727-1} - firefox 66.0.1-1 - firefox-esr 60.6.1esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9810 CVE-2019-9809 (If the source for resources on a page is through an FTP connection, it ...) - firefox 66.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9809 CVE-2019-9808 (If WebRTC permission is requested from documents with data: or blob: U ...) - firefox 66.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9808 CVE-2019-9807 (When arbitrary text is sent over an FTP connection and a page reload i ...) - firefox 66.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9807 CVE-2019-9806 (A vulnerability exists during authorization prompting for FTP transact ...) - firefox 66.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9806 CVE-2019-9805 (A latent vulnerability exists in the Prio library where data may be re ...) - firefox 66.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9805 CVE-2019-9804 (In Firefox Developer Tools it is possible that pasting the result of t ...) - firefox (MacOS-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9804 CVE-2019-9803 (The Upgrade-Insecure-Requests (UIR) specification states that if UIR i ...) - firefox 66.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9803 CVE-2019-9802 (If a Sandbox content process is compromised, it can initiate an FTP do ...) - firefox 66.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9802 CVE-2019-9801 (Firefox will accept any registered Program ID as an external protocol ...) - firefox-esr (Windows-specific) - firefox (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9801 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9801 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9801 CVE-2019-9800 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9800 CVE-2019-9799 (Insufficient bounds checking of data during inter-process communicatio ...) - firefox 66.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9799 CVE-2019-9798 (On Android systems, Firefox can load a library from APITRACE_LIB, whic ...) - firefox (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9798 CVE-2019-9797 (Cross-origin images can be read in violation of the same-origin policy ...) {DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1} - firefox 66.0-1 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-9797 CVE-2019-9796 (A use-after-free vulnerability can occur when the SMIL animation contr ...) {DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1} - firefox-esr 60.6.0esr-1 - firefox 66.0-1 - thunderbird 1:60.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9796 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9796 CVE-2019-9795 (A vulnerability where type-confusion in the IonMonkey just-in-time (JI ...) {DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1} - firefox-esr 60.6.0esr-1 - firefox 66.0-1 - thunderbird 1:60.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9795 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9795 CVE-2019-9794 (A vulnerability was discovered where specific command line arguments a ...) - firefox-esr (Windows-specific) - firefox (Windows-specific) - thunderbird (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9794 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9794 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9794 CVE-2019-9793 (A mechanism was discovered that removes some bounds checking for strin ...) {DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1} - firefox-esr 60.6.0esr-1 - firefox 66.0-1 - thunderbird 1:60.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9793 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9793 CVE-2019-9792 (The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTI ...) {DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1} - firefox-esr 60.6.0esr-1 - firefox 66.0-1 - thunderbird 1:60.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9792 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9792 CVE-2019-9791 (The type inference system allows the compilation of functions that can ...) {DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1} - firefox-esr 60.6.0esr-1 - firefox 66.0-1 - thunderbird 1:60.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9791 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9791 CVE-2019-9790 (A use-after-free vulnerability can occur when a raw pointer to a DOM e ...) {DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1} - firefox-esr 60.6.0esr-1 - firefox 66.0-1 - thunderbird 1:60.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9790 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9790 CVE-2019-9789 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 66.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9789 CVE-2019-9788 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1} - firefox-esr 60.6.0esr-1 - firefox 66.0-1 - thunderbird 1:60.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9788 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-07/#CVE-2019-9788 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2019-9788 CVE-2019-9786 RESERVED CVE-2019-9785 (gitnote 3.1.0 allows remote attackers to execute arbitrary code via a ...) NOT-FOR-US: gitnote CVE-2019-9784 RESERVED CVE-2019-9783 RESERVED CVE-2019-9782 RESERVED CVE-2019-9781 RESERVED CVE-2019-9780 RESERVED CVE-2019-9787 (WordPress before 5.1.1 does not properly filter comment content, leadi ...) {DLA-1742-1} - wordpress 5.1.1+dfsg1-1 (bug #924546) [buster] - wordpress 5.0.4+dfsg1-1 [stretch] - wordpress 4.7.5+dfsg-2+deb9u6 NOTE: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/ NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b CVE-2019-9779 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a N ...) - libredwg (bug #595191) CVE-2019-9778 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a h ...) - libredwg (bug #595191) CVE-2019-9777 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a h ...) - libredwg (bug #595191) CVE-2019-9776 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a N ...) - libredwg (bug #595191) CVE-2019-9775 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an ...) - libredwg (bug #595191) CVE-2019-9774 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an ...) - libredwg (bug #595191) CVE-2019-9773 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a h ...) - libredwg (bug #595191) CVE-2019-9772 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a N ...) - libredwg (bug #595191) CVE-2019-9771 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a N ...) - libredwg (bug #595191) CVE-2019-9770 (An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a h ...) - libredwg (bug #595191) CVE-2019-9769 (PilusCart 1.4.1 is vulnerable to index.php?module=users&action=new ...) NOT-FOR-US: PilusCart CVE-2019-9768 (Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies o ...) NOT-FOR-US: Thinkst Canarytokens CVE-2019-9767 (Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting ...) NOT-FOR-US: Free MP3 CD Ripper CVE-2019-9766 (Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting ...) NOT-FOR-US: Free MP3 CD Ripper CVE-2019-9765 (In Blog_mini 1.0, XSS exists via the author name of a comment reply in ...) NOT-FOR-US: Blog_mini CVE-2019-9764 (HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to ...) - consul (Only affected 1.4.3 version) NOTE: https://github.com/hashicorp/consul/issues/5519 CVE-2019-9763 (An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS ...) NOT-FOR-US: Openfind Mail2000 Webmail CVE-2019-9762 (A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment ...) NOT-FOR-US: PHPSHE CVE-2019-9761 (An XXE issue was discovered in PHPSHE 1.7, which can be used to read a ...) NOT-FOR-US: PHPSHE CVE-2019-9760 (FTPGetter Standard v.5.97.0.177 allows remote code execution when a us ...) NOT-FOR-US: FTPGetter CVE-2019-9759 (An issue was discovered in TONGDA Office Anywhere 10.18.190121. There ...) NOT-FOR-US: TONGDA Office Anywhere CVE-2019-9758 (An issue was discovered in LabKey Server 19.1.0. The display name of a ...) NOT-FOR-US: LabKey Server CVE-2019-9757 (An issue was discovered in LabKey Server 19.1.0. Sending an SVG contai ...) NOT-FOR-US: LabKey Server CVE-2019-9756 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9755 (An integer underflow issue exists in ntfs-3g 2017.3.23. A local attack ...) {DSA-4413-1 DLA-1724-1} - ntfs-3g 1:2017.3.23AR.3-3 (bug #925255) NOTE: https://sourceforge.net/p/ntfs-3g/ntfs-3g/ci/85c1634a26faa572d3c558d4cf8aaaca5202d4e9/ CVE-2019-9754 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...) - tcc 0.9.27+git20200814.62c30a4a-1 (low; bug #925127) [buster] - tcc (Minor issue) [stretch] - tcc (Minor issue) [jessie] - tcc (Minor issue) NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00038.html CVE-2019-9753 (An issue was discovered in Open Ticket Request System (OTRS) 7.x befor ...) - otrs2 (Only affects 7.x series) NOTE: https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework CVE-2019-9752 (An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ...) {DLA-1721-1} - otrs2 6.0.16-1 [stretch] - otrs2 (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/341c4096222819a108feb02256aba878943bf810 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4e3dfbaa054762b29df54705aa412685dd37e15 CVE-2019-9751 (An issue was discovered in Open Ticket Request System (OTRS) 6.x befor ...) - otrs2 6.0.17-1 [buster] - otrs2 6.0.16-2 [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (Vulnerable code not present) NOTE: https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/1afb2b995e59551b927c2105e234e8b87efcc37a CVE-2019-9750 (In IoTivity through 1.3.1, the CoAP server interface can be used for D ...) - iotivity (bug #824155) CVE-2019-9749 (An issue was discovered in the MQTT input plugin in Fluent Bit through ...) NOT-FOR-US: Fluent Bit CVE-2019-9748 (In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted ...) NOT-FOR-US: tinysvcmdns CVE-2019-9747 (In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multica ...) NOT-FOR-US: tinysvcmdns CVE-2019-9746 (In libwebm before 2019-03-08, a NULL pointer dereference caused by the ...) NOT-FOR-US: libwebm NOTE: Chromium and qtwebengine bundle the library, but not a security issue there CVE-2019-9745 (CloudCTI HIP Integrator Recognition Configuration Tool allows privileg ...) NOT-FOR-US: CloudCTI HIP Integrator Recognition Configuration Tool CVE-2019-9744 (An issue was discovered on PHOENIX CONTACT FL NAT SMCS 8TX, FL NAT SMN ...) NOT-FOR-US: PHOENIX CVE-2019-9743 (An issue was discovered on PHOENIX CONTACT RAD-80211-XD and RAD-80211- ...) NOT-FOR-US: PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS devices CVE-2019-9742 (gdwfpcd.sys in G Data Total Security before 2019-02-22 allows an attac ...) NOT-FOR-US: G Data Total Security CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection is po ...) {DLA-2592-1 DLA-2591-1 DLA-1749-1} - golang-1.12 1.12-1 - golang-1.11 1.11.6-1 (bug #924630) - golang-1.8 - golang-1.7 - golang NOTE: https://github.com/golang/go/issues/30794 NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9 NOTE: https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708#diff-b97af51863ce82bf2a13003b52034aa9 CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...) {DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1} - python3.7 3.7.4~rc2-2 [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 - python3.5 - python3.4 - python2.7 2.7.16-3 [buster] - python2.7 2.7.16-2+deb10u1 NOTE: https://bugs.python.org/issue30458 NOTE: https://bugs.python.org/issue36276 (duplicate) NOTE: https://bugs.python.org/issue36274 (common regression fix) NOTE: https://bugs.python.org/issue38216 (common regression fix) NOTE: CVE-2019-9947 issue fixed with same fix as for CVE-2019-9740 NOTE: Patch 2.7: https://github.com/python/cpython/commit/bb8071a4cae5ab3fe321481dd3d73662ffb26052 CVE-2019-9739 RESERVED CVE-2019-9738 (jimmykuu Gopher 2.0 has DOM-based XSS via vectors involving the '<E ...) NOT-FOR-US: jimmykuu Gopher CVE-2019-9737 (Editor.md 1.5.0 has DOM-based XSS via vectors involving the '<EMBED ...) NOT-FOR-US: pandao Editor.md CVE-2019-9736 (DOM-based XSS exists in 1024Tools Markdown 1.0 via vectors involving t ...) NOT-FOR-US: 1024Tools Markdown CVE-2019-9735 (An issue was discovered in the iptables firewall module in OpenStack N ...) {DSA-4409-1} - neutron 2:13.0.2-13 (bug #924508) [jessie] - neutron (Vulnerable code not present, all supported protocols are handled correctly) NOTE: https://launchpad.net/bugs/1818385 CVE-2019-9734 (Aquarius CMS through 4.3.5 writes POST and GET parameters (including p ...) NOT-FOR-US: aquaverde Aquarius CMS CVE-2019-9733 (An issue was discovered in JFrog Artifactory 6.7.3. By default, the ac ...) NOT-FOR-US: JFrog Artifactory CVE-2019-9732 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 NOTE: https://about.gitlab.com/2019/03/14/gitlab-11-8-2-released/ CVE-2019-9731 RESERVED CVE-2019-9730 (Incorrect access control in the CxUtilSvc component of the Synaptics S ...) NOT-FOR-US: Lenovo CVE-2019-9729 (In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows pr ...) NOT-FOR-US: Shanda MapleStory Online CVE-2019-9728 RESERVED CVE-2019-9727 (Unauthenticated password hash disclosure in the User.getUserPWD method ...) NOT-FOR-US: eQ-3 AG Homematic CCU3 CVE-2019-9726 (Directory Traversal / Arbitrary File Read in eQ-3 AG Homematic CCU3 3. ...) NOT-FOR-US: eQ-3 AG Homematic CCU3 CVE-2019-9725 (The Web manager (aka Commander) on Korenix JetPort 5601 and 5601f devi ...) NOT-FOR-US: Korenix JetPort devices CVE-2019-9724 (aquaverde Aquarius CMS through 4.3.5 allows Information Exposure throu ...) NOT-FOR-US: aquaverde Aquarius CMS CVE-2019-9723 (LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vul ...) NOT-FOR-US: LogicalDOC CVE-2019-9722 RESERVED CVE-2019-9721 (A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allo ...) - ffmpeg 7:4.1.3-1 (bug #926666) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/894995c41e0795c7a44f81adc4838dedc3932e65 - libav [jessie] - libav (Vulnerable code not present) CVE-2019-9720 (A stack-based buffer overflow in the subtitle decoder in Libav 12.3 al ...) - libav (unimportant) NOTE: Actual vulnerability description is (https://lgtm.com/security/): NOTE: "Denial of service due to quadratic call to strstr in srtdec.c" NOTE: Using strstr is not an actual DoS CVE-2019-9719 (** DISPUTED ** A stack-based buffer overflow in the subtitle decoder i ...) - libav (unimportant) NOTE: Generic low-certainty warning about snprintf usage without rationale CVE-2019-9718 (In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder all ...) {DSA-4449-1} - ffmpeg 7:4.1.3-1 (low; bug #926666) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1f00c97bc3475c477f3c468cf2d924d5761d0982 - libav [jessie] - libav (Vulnerable code not present) CVE-2019-9717 (In Libav 12.3, a denial of service in the subtitle decoder allows atta ...) - libav (unimportant) NOTE: Non-trivial sscanf format is not an actual DoS CVE-2019-9716 RESERVED CVE-2019-9715 RESERVED CVE-2019-9714 (An issue was discovered in Joomla! before 3.9.4. The media form field ...) NOT-FOR-US: Joomla! CVE-2019-9713 (An issue was discovered in Joomla! before 3.9.4. The sample data plugi ...) NOT-FOR-US: Joomla! CVE-2019-9712 (An issue was discovered in Joomla! before 3.9.4. The JSON handler in c ...) NOT-FOR-US: Joomla! CVE-2019-9711 (An issue was discovered in Joomla! before 3.9.4. The item_title layout ...) NOT-FOR-US: Joomla! CVE-2019-9710 (An issue was discovered in webargs before 5.1.3, as used with marshmal ...) NOT-FOR-US: webargs CVE-2019-9709 (An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 1 ...) - mahara CVE-2019-9708 (An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 1 ...) - mahara CVE-2019-9707 RESERVED CVE-2019-9705 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...) {DLA-2801-1 DLA-1723-1} - cron 3.0pl1-133 (low) NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/26814a26 CVE-2019-9706 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...) {DLA-2801-1 DLA-1723-1} - cron 3.0pl1-133 (bug #809167) NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/40791b93 CVE-2019-9704 (Vixie Cron before the 3.0pl1-133 Debian package allows local users to ...) {DLA-2801-1 DLA-1723-1} - cron 3.0pl1-133 (low) NOTE: Fixed by: https://salsa.debian.org/debian/cron/commit/f2525567 CVE-2019-9703 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible ...) NOT-FOR-US: Symantec CVE-2019-9702 (Symantec Endpoint Encryption, prior to SEE 11.3.0, may be susceptible ...) NOT-FOR-US: Symantec CVE-2019-9701 (DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site ...) NOT-FOR-US: DLP (Symantec) CVE-2019-9700 (Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an ...) NOT-FOR-US: Norton Password Manager CVE-2019-9699 (Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an ...) NOT-FOR-US: Symantec CVE-2019-9698 (Symantec AV Engine, prior to 13.0.9r17, may be susceptible to an arbit ...) NOT-FOR-US: Symantec CVE-2019-9697 (An information disclosure vulnerability in the Management Center (MC) ...) NOT-FOR-US: Symantec CVE-2019-9696 (Symantec VIP Enterprise Gateway (all versions) may be susceptible to a ...) NOT-FOR-US: Symantec CVE-2019-9695 (Norton Core prior to v278 may be susceptible to an arbitrary code exec ...) NOT-FOR-US: Norton Core CVE-2019-9694 (Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptibl ...) NOT-FOR-US: Symantec CVE-2019-9693 (In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can ac ...) NOT-FOR-US: CMS Made Simple CVE-2019-9692 (class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 doe ...) NOT-FOR-US: CMS Made Simple CVE-2019-9691 RESERVED CVE-2019-9690 RESERVED CVE-2019-9689 (process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2 ...) - axtls (bug #953326) CVE-2019-9688 (sftnow through 2018-12-29 allows index.php?g=Admin&m=User&a=ad ...) NOT-FOR-US: sftnow CVE-2019-9687 (PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF ...) - libpodofo 0.9.6+dfsg-5 (bug #924430) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) NOTE: https://sourceforge.net/p/podofo/code/1969 CVE-2019-9686 (pacman before 5.1.3 allows directory traversal when installing a remot ...) NOT-FOR-US: pacman package manager for arch, different from src:pacman CVE-2019-9685 RESERVED CVE-2019-9684 RESERVED CVE-2019-9683 RESERVED CVE-2019-9682 (Dahua devices with Build time before December 2019 use strong security ...) NOT-FOR-US: Dahua CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua products ...) NOT-FOR-US: Dahua CVE-2019-9680 (Some Dahua products have information leakage issues. Attackers can obt ...) NOT-FOR-US: Dahua CVE-2019-9679 (Some of Dahua's Debug functions do not have permission separation. Low ...) NOT-FOR-US: Dahua CVE-2019-9678 (Some Dahua products have the problem of denial of service during the l ...) NOT-FOR-US: Dahua CVE-2019-9677 (The specific fields of CGI interface of some Dahua products are not st ...) NOT-FOR-US: Dahua CVE-2019-9676 (Buffer overflow vulnerability found in some Dahua IP Camera devices IP ...) NOT-FOR-US: Dahua IP Camera devices CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7. ...) {DSA-4403-1} - php7.3 7.3.3-1 (unimportant) - php7.0 (unimportant) - php5 (unimportant) NOTE: Fixed in 7.1.27, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77586 CVE-2019-9674 (Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...) - python3.8 (unimportant) - python3.7 (unimportant) - python3.5 (unimportant) - python3.4 (unimportant) - python2.7 (unimportant) NOTE: https://bugs.python.org/issue36260 NOTE: https://bugs.python.org/issue36462 NOTE: Improved documentation: https://github.com/python/cpython/commit/3ba51d587f6897a45301ce9126300c14fcd4eba2 CVE-2019-9673 (Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript e ...) NOT-FOR-US: Freenet CVE-2019-9672 RESERVED CVE-2019-9671 RESERVED CVE-2019-9670 (mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before ...) NOT-FOR-US: Synacor Zimbra Collaboration Suite CVE-2019-9669 (The Wordfence plugin 7.2.3 for WordPress allows XSS via a unique attac ...) NOT-FOR-US: Wordfence plugin for WordPress CVE-2019-9668 (An issue was discovered in rovinbhandari FTP through 2012-03-28. recei ...) NOT-FOR-US: rovinbhandari FTP CVE-2019-9667 RESERVED CVE-2019-9666 RESERVED CVE-2019-9665 RESERVED CVE-2019-9664 RESERVED CVE-2019-9663 RESERVED CVE-2019-9662 (An issue was discovered in JTBC(PHP) 3.0.1.8. Its cache management mod ...) NOT-FOR-US: JTBC(PHP) CVE-2019-9661 (Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_confi ...) NOT-FOR-US: YzmCMS CVE-2019-9660 (Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catn ...) NOT-FOR-US: YzmCMS CVE-2019-9659 (The Chuango 433 MHz burglar-alarm product line uses static codes in th ...) NOT-FOR-US: Chuango CVE-2019-10782 (All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulner ...) {DLA-2099-1} - checkstyle 8.29-1 [buster] - checkstyle (Incomplete fix for CVE-2019-9658 not applied) [stretch] - checkstyle (Incomplete fix for CVE-2019-9658 not applied) NOTE: https://snyk.io/vuln/SNYK-JAVA-COMPUPPYCRAWLTOOLS-543266 NOTE: https://github.com/checkstyle/checkstyle/issues/7468 NOTE: https://github.com/checkstyle/checkstyle/security/advisories/GHSA-763g-fqq7-48wg CVE-2019-9658 (Checkstyle before 8.18 loads external DTDs by default. ...) {DLA-1768-1} - checkstyle 8.26-1 (low; bug #924598) [buster] - checkstyle 8.15-1+deb10u1 [stretch] - checkstyle 6.15-1+deb9u1 NOTE: https://github.com/checkstyle/checkstyle/issues/6474 NOTE: https://github.com/checkstyle/checkstyle/issues/6478 NOTE: https://github.com/checkstyle/checkstyle/pull/6476 NOTE: https://github.com/checkstyle/checkstyle/commit/180b4fe37a2249d4489d584505f2b7b3ab162ec6 NOTE: When fixing this issue make sure to apply the complete fix to not open NOTE: CVE-2019-10782. CVE-2019-9657 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control, a d ...) NOT-FOR-US: Alarm.com ADC-V522IR 0100b9 devices CVE-2019-9656 (An issue was discovered in LibOFX 0.9.14. There is a NULL pointer dere ...) {DLA-2001-1} - libofx 1:0.9.15-1 (unimportant; bug #924350) [buster] - libofx 1:0.9.14-1+deb10u1 [stretch] - libofx 1:0.9.10-2+deb9u2 NOTE: https://github.com/libofx/libofx/issues/22 NOTE: Negligible security impact CVE-2019-9655 RESERVED CVE-2019-9654 RESERVED CVE-2019-9653 (NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauth ...) NOT-FOR-US: NUUO Network Video Recorder Firmware CVE-2019-9652 (There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit re ...) NOT-FOR-US: SDCMS CVE-2019-9651 (An issue was discovered in SDCMS V1.7. In the \app\admin\controller\th ...) NOT-FOR-US: SDCMS CVE-2019-9650 (An XSS issue was discovered in upcoming_events.php in the Upcoming Eve ...) NOT-FOR-US: MyBB plugin CVE-2019-9649 (An issue was discovered in the SFTP Server component in Core FTP 2.0 B ...) NOT-FOR-US: Core FTP CVE-2019-9648 (An issue was discovered in the SFTP Server component in Core FTP 2.0 B ...) NOT-FOR-US: Core FTP CVE-2019-9647 (Gila CMS 1.9.1 has XSS. ...) NOT-FOR-US: Gila CMS CVE-2019-9645 RESERVED CVE-2019-9646 (The Contact Form Email plugin before 1.2.66 for WordPress allows wp-ad ...) NOT-FOR-US: WordPress plugin contact-form-to-email CVE-2019-9644 (An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook befor ...) - jupyter-notebook 5.7.8-1 (bug #924515) [stretch] - jupyter-notebook (Intrusive to backport) NOTE: https://github.com/jupyter/notebook/commit/cfc335b76466ccf1538ce545b654b29b5ab0097c NOTE: https://github.com/jupyter/notebook/commit/b5105814fc41c6d789b317fa59f786bad7f9d798 NOTE: https://github.com/jupyter/notebook/commit/bfaa61385729ed4fb453863053f9a79141f01119 CVE-2019-9643 RESERVED CVE-2019-9642 (An issue was discovered in proxy.php in pydio-core in Pydio through 8. ...) - extplorer CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ...) {DLA-2337-1 DLA-2280-1 DLA-1835-1 DLA-1834-1} - python3.7 3.7.3~rc1-1 (bug #924072) - python3.6 - python3.5 - python3.4 - python2.7 2.7.16-2 (bug #924073) NOTE: https://bugs.python.org/issue36216 NOTE: https://github.com/python/cpython/pull/12201 NOTE: https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html NOTE: https://github.com/python/cpython/commit/daad2c482c91de32d8305abbccc76a5de8b3a8be (3.7.x) NOTE: https://github.com/python/cpython/commit/e37ef41289b77e0f0bb9a6aedb0360664c55bdd5 (2.7.x) NOTE: Regression fix: https://bugs.python.org/issue36742 NOTE: When fixing this issue make sure to not open CVE-2019-10160. CVE-2019-9635 (NULL pointer dereference in Google TensorFlow before 1.12.2 could caus ...) - tensorflow (bug #804612) CVE-2019-1003039 (An insufficiently protected credentials vulnerability exists in Jenkin ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003038 (An insufficiently protected credentials vulnerability exists in Jenkin ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003037 (An information exposure vulnerability exists in Jenkins Azure VM Agent ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003036 (A data modification vulnerability exists in Jenkins Azure VM Agents Pl ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003035 (An information exposure vulnerability exists in Jenkins Azure VM Agent ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003034 (A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 a ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003033 (A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003032 (A sandbox bypass vulnerability exists in Jenkins Email Extension Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003031 (A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003030 (A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plug ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003029 (A sandbox bypass vulnerability exists in Jenkins Script Security Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2019-9634 (Go through 1.12 on Windows misuses certain LoadLibrary functionality, ...) - golang-1.12 (Only affects Go on Windows) - golang-1.11 (Only affects Go on Windows) - golang-1.10 (Only affects Go on Windows) CVE-2019-9637 (An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and ...) {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 - php7.0 - php5 NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77630 CVE-2019-9641 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...) {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 - php7.0 - php5 NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77509 CVE-2019-9640 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...) {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 - php7.0 - php5 NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77540 CVE-2019-9639 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...) {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 (unimportant) - php7.0 (unimportant) - php5 (unimportant) NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77659 CVE-2019-9638 (An issue was discovered in the EXIF component in PHP before 7.1.27, 7. ...) {DSA-4403-1 DLA-1741-1} - php7.3 7.3.3-1 - php7.0 - php5 NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77563 CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent ...) - glib2.0 (Vulnerable code introduced in 2.59.1, cf #924344) NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1649 NOTE: https://gitlab.gnome.org/GNOME/glib/commit/d553d92d6e9f53cbe5a34166fcb919ba652c6a8e (2.59.2) NOTE: Issue only in 2.59.1 and fixed in 2.59.2. CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability vi ...) NOT-FOR-US: ESAFENET CDG CVE-2019-9631 (Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBo ...) {DLA-2287-1 DLA-1752-1} - poppler 0.71.0-4 (bug #926673) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/736 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/8122f6d6d409b53151a20c5578fc525ee97315e8 CVE-2019-9630 (Sonatype Nexus Repository Manager before 3.17.0 has a weak default of ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2019-9629 (Sonatype Nexus Repository Manager before 3.17.0 establishes a default ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2019-9628 (The XMLTooling library all versions prior to V3.0.4, provided with the ...) {DSA-4407-1 DLA-1710-1} - xmltooling 3.0.4-1 (bug #924346) NOTE: https://shibboleth.net/community/advisories/secadv_20190311.txt NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-143 NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=af27c422f551e16989ff6f1722d83614c8550eb5 CVE-2019-9627 (A buffer overflow in the kernel driver CybKernelTracker.sys in CyberAr ...) NOT-FOR-US: CyberArk Endpoint Privilege Manager CVE-2019-9626 (PHPSHE 1.7 allows module/index/cart.php pintuan_id SQL Injection to in ...) NOT-FOR-US: PHPSHE CVE-2019-9625 (JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to cr ...) NOT-FOR-US: JBMC DirectAdmin CVE-2019-XXXX [high memory usage with some long running sessions] - proftpd-dfsg 1.3.5d-1 (bug #923926) [stretch] - proftpd-dfsg 1.3.5e+r1.3.5b-4+deb9u1 [jessie] - proftpd-dfsg 1.3.5e-0+deb8u1 NOTE: https://github.com/proftpd/proftpd/issues/330#issuecomment-276891713 NOTE: https://forum.armbian.com/topic/9692-nanopi-neo-2-memory-leak-in-proftpd-even-worse-if-ssl-encrypted/?do=findComment&comment=73069 CVE-2019-9624 (Webmin 1.900 allows remote attackers to execute arbitrary code by leve ...) - webmin CVE-2019-9623 (Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Feng Office CVE-2019-9622 (eBrigade through 4.5 allows Arbitrary File Download via ../ directory ...) NOT-FOR-US: eBrigade CVE-2019-9621 (Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 pa ...) NOT-FOR-US: Zimbra CVE-2019-9620 RESERVED CVE-2019-9619 REJECTED CVE-2019-9618 (The GraceMedia Media Player plugin 1.0 for WordPress allows Local File ...) NOT-FOR-US: GraceMedia Media Player plugin for WordPress CVE-2019-9617 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...) NOT-FOR-US: OFCMS CVE-2019-9616 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...) NOT-FOR-US: OFCMS CVE-2019-9615 (An issue was discovered in OFCMS before 1.1.3. It allows admin/system/ ...) NOT-FOR-US: OFCMS CVE-2019-9614 (An issue was discovered in OFCMS before 1.1.3. A command execution vul ...) NOT-FOR-US: OFCMS CVE-2019-9613 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...) NOT-FOR-US: OFCMS CVE-2019-9612 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...) NOT-FOR-US: OFCMS CVE-2019-9611 (An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/tem ...) NOT-FOR-US: OFCMS CVE-2019-9610 (An issue was discovered in OFCMS before 1.1.3. It has admin/cms/templa ...) NOT-FOR-US: OFCMS CVE-2019-9609 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...) NOT-FOR-US: OFCMS CVE-2019-9608 (An issue was discovered in OFCMS before 1.1.3. Remote attackers can ex ...) NOT-FOR-US: OFCMS CVE-2019-9607 (PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by n ...) NOT-FOR-US: PHP Scripts Mall Medical Store Script CVE-2019-9606 (PHP Scripts Mall Personal Video Collection Script 4.0.4 has Stored XSS ...) NOT-FOR-US: PHP Scripts Mall Personal Video Collection Script CVE-2019-9605 (PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflect ...) NOT-FOR-US: PHP Scripts Mall Online Lottery PHP Readymade Script CVE-2019-9604 (PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-S ...) NOT-FOR-US: PHP Scripts Mall Online Lottery PHP Readymade Script CVE-2019-9603 (MiniCMS 1.10 allows mc-admin/post.php?state=publish&delete= CSRF t ...) NOT-FOR-US: MiniCMS CVE-2019-9602 RESERVED CVE-2019-9601 (The ApowerManager application through 3.1.7 for Android allows remote ...) NOT-FOR-US: ApowerManager application for Android CVE-2019-9600 (The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application ...) NOT-FOR-US: Olive Tree FTP Server application for Android CVE-2019-9599 (The AirDroid application through 4.2.1.6 for Android allows remote att ...) NOT-FOR-US: AirDroid application for Android CVE-2019-9598 (An issue was discovered in Cscms 4.1.0. There is an admin.php/pay CSRF ...) NOT-FOR-US: Cscms CVE-2019-9597 (Darktrace Enterprise Immune System before 3.1 allows CSRF via the /con ...) NOT-FOR-US: Darktrace Enterprise Immune System CVE-2019-9596 (Darktrace Enterprise Immune System before 3.1 allows CSRF via the /whi ...) NOT-FOR-US: Darktrace Enterprise Immune System CVE-2019-9595 (AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter ...) NOT-FOR-US: AppCMS CVE-2019-9594 (BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploa ...) NOT-FOR-US: BlueCMS CVE-2019-9593 (A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Conne ...) NOT-FOR-US: ShoreTel Connect CVE-2019-9592 (A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Conne ...) NOT-FOR-US: ShoreTel Connect CVE-2019-9591 (A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Conne ...) NOT-FOR-US: ShoreTel Connect CVE-2019-9590 (An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allo ...) NOT-FOR-US: TENGCONTROL devices CVE-2019-9589 (There is a NULL pointer dereference vulnerability in PSOutputDev::setu ...) - xpdf (xpdf in Debian uses poppler, which doesn't contain the vulnerable code) CVE-2019-9588 (There is an Invalid memory access in gAtomicIncrement() located at GMu ...) - xpdf (xpdf in Debian uses poppler, which doesn't contain the vulnerable code) CVE-2019-9587 (There is a stack consumption issue in md5Round1() located in Decrypt.c ...) - xpdf (xpdf in Debian uses poppler, which is not affected or fixed) CVE-2019-9586 RESERVED CVE-2019-9585 (eQ-3 Homematic CCU2 prior to 2.47.10 and CCU3 prior to 3.47.10 JSON AP ...) NOT-FOR-US: eQ-3 Homematic CVE-2019-9584 (eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled ...) NOT-FOR-US: eQ-3 Homematic CVE-2019-9583 (eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This al ...) NOT-FOR-US: eQ-3 Homematic CVE-2019-9582 (eQ-3 Homematic CCU2 outdated base software packages allows Denial of S ...) NOT-FOR-US: eQ-3 Homematic CVE-2019-9581 (phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via ...) NOT-FOR-US: phpscheduleit Booked Scheduler CVE-2019-9580 (In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, ...) NOT-FOR-US: StackStorm CVE-2019-9579 RESERVED CVE-2019-9578 (In devs.c in Yubico libu2f-host before 1.1.8, the response to init is ...) - libu2f-host 1.1.9-1 (low; bug #923874) [stretch] - libu2f-host 1.1.2-2+deb9u2 NOTE: https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5 CVE-2019-9577 RESERVED CVE-2019-17350 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-295.html CVE-2019-17349 (An issue was discovered in Xen through 4.12.x allowing Arm domU attack ...) {DSA-4602-1} - xen 4.11.3+24-g14b62ab3e5-1 [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-295.html CVE-2019-17348 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929992) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (PCID support not backported) NOTE: https://xenbits.xen.org/xsa/advisory-294.html CVE-2019-17347 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929999) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-293.html CVE-2019-17346 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929993) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (PCID support not backported) NOTE: https://xenbits.xen.org/xsa/advisory-292.html CVE-2019-17345 (An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV gu ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929995) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (only 4.8 and later affected) NOTE: https://xenbits.xen.org/xsa/advisory-291.html CVE-2019-17344 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929996) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (Introduced by ignored fix for CVE-2018-3646) NOTE: https://xenbits.xen.org/xsa/advisory-290.html CVE-2019-17343 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) {DLA-1949-1} - xen 4.11.1+92-g6c33308a8d-1 (bug #929994) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 NOTE: https://xenbits.xen.org/xsa/advisory-288.html CVE-2019-17342 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) {DLA-1949-1} - xen 4.11.1+92-g6c33308a8d-1 (bug #930001) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 NOTE: https://xenbits.xen.org/xsa/advisory-287.html CVE-2019-17341 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...) {DLA-1949-1} - xen 4.11.1+92-g6c33308a8d-1 (bug #929998) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 NOTE: https://xenbits.xen.org/xsa/advisory-285.html CVE-2019-17340 (An issue was discovered in Xen through 4.11.x allowing x86 guest OS us ...) - xen 4.11.1+92-g6c33308a8d-1 (bug #929991) [stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12 [jessie] - xen (memory leak on huge memory machines) NOTE: https://xenbits.xen.org/xsa/advisory-284.html CVE-2019-9576 (The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admi ...) NOT-FOR-US: WordPress plugin blog2social CVE-2019-9575 (The Quiz And Survey Master plugin 6.0.4 for WordPress allows wp-admin/ ...) NOT-FOR-US: WordPress plugin quiz-master-next CVE-2019-9574 (The WP Human Resource Management plugin before 2.2.6 for WordPress doe ...) NOT-FOR-US: WordPress plugin hrm CVE-2019-9573 (The WP Human Resource Management plugin before 2.2.6 for WordPress mis ...) NOT-FOR-US: WordPress plugin hrm CVE-2019-9572 (SchoolCMS version 2.3.1 allows file upload via the theme upload featur ...) NOT-FOR-US: SchoolCMS CVE-2019-9571 RESERVED CVE-2019-9570 (An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom tex ...) NOT-FOR-US: YzmCMS CVE-2019-9569 (Buffer Overflow in dactetra in Delta Controls enteliBUS Manager V3.40_ ...) NOT-FOR-US: Delta Controls enteliBUS Manager CVE-2019-9568 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1 ...) NOT-FOR-US: WordPress plugin forminator CVE-2019-9567 (The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1 ...) NOT-FOR-US: WordPress plugin forminator CVE-2019-9566 (FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request. ...) NOT-FOR-US: FlarumChina CVE-2019-9565 (Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 b ...) NOT-FOR-US: Druide Antidote CVE-2019-9564 RESERVED CVE-2019-9563 (In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the ...) NOT-FOR-US: BlueMind CVE-2019-9562 RESERVED CVE-2019-9561 RESERVED CVE-2019-9560 RESERVED CVE-2019-9559 RESERVED CVE-2019-9558 (Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripti ...) NOT-FOR-US: Mailtraq WebMail CVE-2019-9557 (Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) vi ...) NOT-FOR-US: Ability Mail Server CVE-2019-9556 (FiberHome an5506-04-f RP2669 devices have XSS. ...) NOT-FOR-US: FiberHome an5506-04-f RP2669 devices CVE-2019-9555 (Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, ...) NOT-FOR-US: Sagemcom routers CVE-2019-9554 (In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the ...) NOT-FOR-US: Craft CMS CVE-2019-9553 (Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcon ...) NOT-FOR-US: Bolt CMS CVE-2019-9552 (Eloan V3.0 through 2018-09-20 allows remote attackers to list files vi ...) NOT-FOR-US: Eloan CVE-2019-9551 (An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06. ...) NOT-FOR-US: doyocms CVE-2019-9550 (DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. ...) NOT-FOR-US: DhCms CVE-2019-9549 (An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-ad ...) NOT-FOR-US: PopojiCMS CVE-2019-12439 (bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories ...) - bubblewrap 0.3.1-3 (unimportant; bug #923557) NOTE: https://github.com/projectatomic/bubblewrap/issues/304 NOTE: Negligable security impact CVE-2019-1002100 (In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, use ...) - kubernetes 1.17.4-1 (bug #923686) NOTE: https://github.com/kubernetes/kubernetes/issues/74534 NOTE: https://github.com/kubernetes/kubernetes/pull/74000 CVE-2019-9548 (Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 ...) NOT-FOR-US: Citrix Application Delivery Management CVE-2019-9547 (In Storage Performance Development Kit (SPDK) before 19.01, a maliciou ...) NOT-FOR-US: Storage Performance Development Kit (SPDK) CVE-2019-9546 (SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege esca ...) NOT-FOR-US: SolarWinds Orion Platform CVE-2019-9545 (An issue was discovered in Poppler 0.74.0. A recursive function call, ...) - poppler (low; bug #923552) [bullseye] - poppler (Minor issue) [buster] - poppler (Minor issue) [stretch] - poppler (Minor issue) [jessie] - poppler (Minor issue) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/731 CVE-2019-9544 (An issue was discovered in Bento4 1.5.1-628. An out of bounds write oc ...) NOT-FOR-US: Bento4 CVE-2019-9543 (An issue was discovered in Poppler 0.74.0. A recursive function call, ...) - poppler (low; bug #923553) [bullseye] - poppler (Minor issue) [buster] - poppler (Minor issue) [stretch] - poppler (Minor issue) [jessie] - poppler (Minor issue; revisit when fixed upstream) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/730 CVE-2019-9542 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...) NOT-FOR-US: Telos Automated Message Handling System CVE-2019-9541 (: Information Exposure vulnerability in itemlookup.asp of Telos Automa ...) NOT-FOR-US: Telos Automated Message Handling System CVE-2019-9540 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...) NOT-FOR-US: Telos Automated Message Handling System CVE-2019-9539 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...) NOT-FOR-US: Telos Automated Message Handling System CVE-2019-9538 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...) NOT-FOR-US: Telos Automated Message Handling System CVE-2019-9537 (: Improper Neutralization of Input During Web Page Generation ('Cross- ...) NOT-FOR-US: Telos Automated Message Handling System CVE-2019-9536 (Apple iPhone 3GS bootrom malloc implementation returns a non-NULL poin ...) NOT-FOR-US: Apple iPhone 3GS CVE-2019-9535 (A vulnerability exists in the way that iTerm2 integrates with tmux's c ...) NOT-FOR-US: iTerm2 CVE-2019-9534 (The Cobham EXPLORER 710, firmware version 1.07, does not validate its ...) NOT-FOR-US: Cobham EXPLORER CVE-2019-9533 (The root password of the Cobham EXPLORER 710 is the same for all versi ...) NOT-FOR-US: Cobham EXPLORER CVE-2019-9532 (The web application portal of the Cobham EXPLORER 710, firmware versio ...) NOT-FOR-US: Cobham EXPLORER CVE-2019-9531 (The web application portal of the Cobham EXPLORER 710, firmware versio ...) NOT-FOR-US: Cobham EXPLORER CVE-2019-9530 (The web root directory of the Cobham EXPLORER 710, firmware version 1. ...) NOT-FOR-US: Cobham EXPLORER CVE-2019-9529 (The web application portal of the Cobham EXPLORER 710, firmware versio ...) NOT-FOR-US: Cobham EXPLORER CVE-2019-9528 RESERVED CVE-2019-9527 RESERVED CVE-2019-9526 RESERVED CVE-2019-9525 RESERVED CVE-2019-9524 RESERVED CVE-2019-9523 RESERVED CVE-2019-9522 RESERVED CVE-2019-9521 RESERVED CVE-2019-9520 RESERVED CVE-2019-9519 RESERVED CVE-2019-9518 (Some HTTP/2 implementations are vulnerable to a flood of empty frames, ...) {DSA-4520-1} - trafficserver 8.0.5+ds-1 (bug #935314) NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md NOTE: https://github.com/apache/trafficserver/pull/5850 NOTE: https://github.com/apache/trafficserver/blob/8.0.x/CHANGELOG-8.0.5 CVE-2019-9517 (Some HTTP/2 implementations are vulnerable to unconstrained interal da ...) {DSA-4509-1} - apache2 2.4.41-1 [jessie] - apache2 (HTTP/2 support only available since version 2.4.17 and later) NOTE: Affects upstream versions 2.4.20 to 2.4.39 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-9517 NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md CVE-2019-9516 (Some HTTP/2 implementations are vulnerable to a header leak, potential ...) {DSA-4505-1} - nginx 1.14.2-3 (bug #935037) [jessie] - nginx (HTTP2 support only exists since version 1.9.5) NOTE: https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/ NOTE: https://github.com/nginx/nginx/commit/6dfbc8b1c2116f362bb871efebbf9df576738e89 (master) NOTE: https://github.com/nginx/nginx/commit/dbdd9ffea81d9db46fb88b5eba828f2ad080d388 (release-1.16.1) NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md CVE-2019-9515 (Some HTTP/2 implementations are vulnerable to a settings flood, potent ...) {DSA-4520-1 DSA-4508-1} - trafficserver 8.0.5+ds-1 (bug #934887) - h2o 2.2.5+dfsg2-3 (bug #934886) NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ NOTE: https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4 NOTE: https://github.com/h2o/h2o/issues/2090 NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, potential ...) {DSA-4669-1 DSA-4520-1 DSA-4508-1 DSA-4503-1 DLA-2485-1} - golang-1.13 1.13~beta1-3 (bug #934955) - golang-1.12 1.12.8-1 - golang-1.11 1.11.13-1 - golang-1.8 [stretch] - golang-1.8 (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies) - golang [jessie] - golang (No HTTP2 support yet) - golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1 - nodejs 10.16.3~dfsg-1 (bug #934885) [stretch] - nodejs (No HTTP2 support yet) [jessie] - nodejs (No HTTP2 support yet) - trafficserver 8.0.5+ds-1 (bug #934887) - h2o 2.2.5+dfsg2-3 (bug #934886) NOTE: Issue: https://github.com/golang/go/issues/33606 NOTE: https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2 (golang-1.11) NOTE: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c (golang-1.12) NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ NOTE: https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4 NOTE: https://github.com/h2o/h2o/issues/2090 NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops, potentia ...) {DSA-4669-1 DSA-4511-1 DSA-4505-1} - nginx 1.14.2-3 (bug #935037) [jessie] - nginx (HTTP2 support only exists since version 1.9.5) - nodejs 10.16.3~dfsg-1 (bug #934885) [stretch] - nodejs (No HTTP2 support yet) [jessie] - nodejs (No HTTP2 support yet) - nghttp2 1.39.2-1 [jessie] - nghttp2 (Vulnerable code not present) NOTE: https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/ NOTE: https://github.com/nginx/nginx/commit/5ae726912654da10a9a81b2c8436829f3e94f69f (master) NOTE: https://github.com/nginx/nginx/commit/39bb3b9d4a33bd03c8ae0134dedc8a7700ae7b2b (release-1.16.1) NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2 CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods, potentially ...) {DSA-4520-1 DSA-4508-1 DSA-4503-1 DLA-2485-1} - golang-1.13 1.13~beta1-3 (bug #934955) - golang-1.12 1.12.8-1 - golang-1.11 1.11.13-1 - golang-1.8 [stretch] - golang-1.8 (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies) - golang-1.7 [stretch] - golang-1.7 (Minor issue, DoS, invasive, net/http server-side, requires rebuilding reverse-dependencies) - golang [jessie] - golang (No HTTP2 support yet) - golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1 - trafficserver 8.0.5+ds-1 (bug #934887) - h2o 2.2.5+dfsg2-3 (bug #934886) NOTE: Issue: https://github.com/golang/go/issues/33606 NOTE: https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2 (golang-1.11) NOTE: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c (golang-1.12) NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ NOTE: https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4 NOTE: https://github.com/h2o/h2o/issues/2090 NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size manipulation ...) {DSA-4669-1 DSA-4511-1 DSA-4505-1} - nginx 1.14.2-3 (bug #935037) [jessie] - nginx (HTTP2 support only exists since version 1.9.5) - nodejs 10.16.3~dfsg-1 (bug #934885) [stretch] - nodejs (No HTTP2 support yet) [jessie] - nodejs (No HTTP2 support yet) - nghttp2 1.39.2-1 [jessie] - nghttp2 (Vulnerable code not present) NOTE: https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/ NOTE: https://github.com/nginx/nginx/commit/a987f81dd19210bc30b62591db331e31d3d74089 (master) NOTE: https://github.com/nginx/nginx/commit/94c5eb142e58a86f81eb1369fa6fcb96c2f23d6b (release-1.16.1) NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2 CVE-2019-9510 (A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 a ...) NOT-FOR-US: Microsoft CVE-2019-9509 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...) NOT-FOR-US: Vertiv Avocent UMG-4000 CVE-2019-9508 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...) NOT-FOR-US: Vertiv Avocent UMG-4000 CVE-2019-9507 (The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is v ...) NOT-FOR-US: Vertiv Avocent UMG-4000 CVE-2019-9506 (The Bluetooth BR/EDR specification up to and including version 5.1 per ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.185-1 NOTE: Hardware issue, but mitigation in Linux kernel can be applied: NOTE: https://git.kernel.org/linus/d5bb334a8e171b262e48f378bd2096c0ea458265 (5.2-rc1) NOTE: https://git.kernel.org/linus/693cd8ce3f882524a5d06f7800dd8492411877b3 (5.2-rc6) NOTE: https://git.kernel.org/linus/eca94432934fe5f141d084f2e36ee2c0e614cc04 (5.2) CVE-2019-9505 (The PrinterLogic Print Management software, versions up to and includi ...) NOT-FOR-US: PrinterLogic Print Management CVE-2019-9504 RESERVED CVE-2019-9503 (The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c ...) {DSA-4465-1 DLA-1824-1 DLA-1799-1} - linux 4.19.37-4 NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1) CVE-2019-9502 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. I ...) NOT-FOR-US: Broadcom CVE-2019-9501 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. B ...) NOT-FOR-US: Broadcom CVE-2019-9500 (The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc ...) {DSA-4465-1 DLA-1824-1} - linux 4.19.37-4 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff (5.1-rc1) CVE-2019-9499 (The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built ...) {DSA-4430-1 DLA-1867-1} - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt NOTE: Patches: https://w1.fi/security/2019-4/ CVE-2019-9498 (The implementations of EAP-PWD in hostapd EAP Server, when built again ...) {DSA-4430-1 DLA-1867-1} - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt NOTE: Patches: https://w1.fi/security/2019-4/ CVE-2019-9497 (The implementations of EAP-PWD in hostapd EAP Server and wpa_supplican ...) {DSA-4430-1 DLA-1867-1} - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) NOTE: https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt NOTE: Patches: https://w1.fi/security/2019-4/ CVE-2019-9496 (An invalid authentication sequence could result in the hostapd process ...) - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) [stretch] - wpa (SAE code not enabled for build in stretch) [jessie] - wpa (SAE code not enabled for build in jessie) NOTE: https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt NOTE: Patches: https://w1.fi/security/2019-3/ NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1 CVE-2019-9495 (The implementations of EAP-PWD in hostapd and wpa_supplicant are vulne ...) {DSA-4430-1 DLA-1867-1} - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) NOTE: https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt NOTE: Patches: https://w1.fi/security/2019-2/ CVE-2019-9494 (The implementations of SAE in hostapd and wpa_supplicant are vulnerabl ...) - wpa 2:2.7+git20190128+0c1e29f-4 (bug #926801) [stretch] - wpa (SAE code not enabled for build in stretch) [jessie] - wpa (SAE code not enabled for build in jessie) NOTE: https://w1.fi/security/2019-1/sae-side-channel-attacks.txt NOTE: Patches: https://w1.fi/security/2019-1/ NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1 CVE-2019-9493 (The MyCar Controls of AutoMobility Distribution Inc., mobile applicati ...) NOT-FOR-US: MyCar Controls CVE-2019-9492 (A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 an ...) NOT-FOR-US: Trend Micro CVE-2019-9491 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below ...) NOT-FOR-US: Trend Micro CVE-2019-9490 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance CVE-2019-9489 (A directory traversal vulnerability in Trend Micro Apex One, OfficeSca ...) NOT-FOR-US: Trend Micro CVE-2019-9488 (Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Prote ...) NOT-FOR-US: Trend Micro CVE-2019-9487 RESERVED CVE-2019-9486 (STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTE ...) NOT-FOR-US: STRATO HiDrive Desktop Client CVE-2019-9485 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9484 (The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb c ...) NOT-FOR-US: Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool CVE-2019-9483 (Amazon Ring Doorbell before 3.4.7 mishandles encryption, which allows ...) NOT-FOR-US: Amazon Ring Doorbell CVE-2019-9482 (In MISP 2.4.102, an authenticated user can view sightings that they sh ...) NOT-FOR-US: MISP CVE-2019-9481 RESERVED CVE-2019-9480 RESERVED CVE-2019-9479 RESERVED CVE-2019-9478 RESERVED CVE-2019-9477 RESERVED CVE-2019-9476 RESERVED CVE-2019-9475 (In /proc/net of the kernel filesystem, there is a possible information ...) NOT-FOR-US: Android CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9472 (In DCRYPTO_equals of compare.c, there is a possible timing attack due ...) NOT-FOR-US: Android CVE-2019-9471 (In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2019-9470 (In dma_sblk_start of abc-pcie.c, there is a possible out of bounds wri ...) NOT-FOR-US: Android CVE-2019-9469 (In km_compute_shared_hmac of km4.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2019-9468 (In export_key_der of export_key.cpp, there is possible memory corrupti ...) NOT-FOR-US: Android CVE-2019-9467 (In the Bootloader, there is a possible kernel command injection due to ...) NOT-FOR-US: LG components for Android CVE-2019-9466 REJECTED CVE-2019-9465 (In the Titan M handling of cryptographic operations, there is a possib ...) NOT-FOR-US: Android CVE-2019-9464 (In various functions of RecentLocationApps.java, DevicePolicyManagerSe ...) NOT-FOR-US: Android CVE-2019-9463 (In Platform, there is a possible bypass of user interaction requiremen ...) NOT-FOR-US: Android CVE-2019-9462 (In Bluetooth, there is a possible out of bounds read due to an incorre ...) NOT-FOR-US: Android CVE-2019-9461 (In the Android kernel in VPN routing there is a possible information d ...) NOT-FOR-US: Android CVE-2019-9460 REJECTED CVE-2019-9459 (In libttspico, there is a possible OOB write due to a heap buffer over ...) NOT-FOR-US: Android CVE-2019-9458 (In the Android kernel in the video driver there is a use after free du ...) - linux 4.18.20-1 [stretch] - linux 4.9.135-1 [jessie] - linux 3.16.64-1 NOTE: https://git.kernel.org/linus/ad608fbcf166fec809e402d548761768f602702c CVE-2019-9457 REJECTED CVE-2019-9456 (In the Android kernel in Pixel C USB monitor driver there is a possibl ...) - linux 4.15.11-1 [stretch] - linux 4.9.88-1 [jessie] - linux 3.16.57-1 NOTE: https://git.kernel.org/linus/a5f596830e27e15f7a0ecd6be55e433d776986d8 CVE-2019-9455 (In the Android kernel in the video driver there is a kernel pointer le ...) - linux 4.19.37-1 [stretch] - linux 4.9.168-1 [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5e99456c20f712dcc13d9f6ca4278937d5367355 CVE-2019-9454 (In the Android kernel in i2c driver there is a possible out of bounds ...) - linux 4.14.17-1 [stretch] - linux 4.9.168-1 [jessie] - linux 3.16.56-1 NOTE: https://git.kernel.org/linus/89c6efa61f5709327ecfa24bff18e57a4e80c7fa NOTE: Commit wise a duplicate of CVE-2017-18551 CVE-2019-9453 (In the Android kernel in F2FS touch driver there is a possible out of ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux (f2fs is not supportable) [jessie] - linux (f2fs is not supportable) NOTE: https://git.kernel.org/linus/2777e654371dd4207a3a7f4fb5fa39550053a080 CVE-2019-9452 (In the Android kernel in SEC_TS touch driver there is a possible out o ...) NOT-FOR-US: Android kernel (sec_ts not in mainline) CVE-2019-9451 (In the Android kernel in the touchscreen driver there is a possible ou ...) NOT-FOR-US: Android kernel (sec_ts not in mainline) CVE-2019-9450 (In the Android kernel in the FingerTipS touchscreen driver there is a ...) NOT-FOR-US: Android kernel (stm not in mainline) CVE-2019-9449 (In the Android kernel in FingerTipS touchscreen driver there is a poss ...) NOT-FOR-US: Android kernel (stm not in mainline) CVE-2019-9448 (In the Android kernel in the FingerTipS touchscreen driver there is a ...) NOT-FOR-US: Android kernel (stm not in mainline) CVE-2019-9447 (In the Android kernel in the FingerTipS touchscreen driver there is a ...) NOT-FOR-US: Android kernel CVE-2019-9446 (In the Android kernel in the FingerTipS touchscreen driver there is a ...) NOT-FOR-US: Android kernel CVE-2019-9445 (In the Android kernel in F2FS driver there is a possible out of bounds ...) {DLA-2420-1} - linux 5.2.6-1 [buster] - linux 4.19.98-1 [jessie] - linux (f2fs is not supportable) NOTE: https://git.kernel.org/linus/720db068634c91553a8e1d9a0fcd8c7050e06d2b CVE-2019-9444 (In the Android kernel in sync debug fs driver there is a kernel pointe ...) - linux 4.15.4-1 [stretch] - linux (Minor issue) [jessie] - linux (Minor issue) NOTE: https://lore.kernel.org/patchwork/patch/902287/ CVE-2019-9443 (In the Android kernel in the vl53L0 driver there is a possible out of ...) NOT-FOR-US: Android kernel CVE-2019-9442 (In the Android kernel in the mnh driver there is possible memory corru ...) NOT-FOR-US: Android kernel CVE-2019-9441 (In the Android kernel in the mnh driver there is a possible out of bou ...) NOT-FOR-US: Android kernel CVE-2019-9440 (In AOSP Email, there is a possible information disclosure due to a con ...) NOT-FOR-US: Android CVE-2019-9439 RESERVED CVE-2019-9438 (In the Package Manager service, there is a possible information disclo ...) NOT-FOR-US: Android CVE-2019-9437 RESERVED CVE-2019-9436 (In the Android kernel in the bootloader there is a possible secure boo ...) NOT-FOR-US: LG components for Android CVE-2019-9435 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9434 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9433 (In libvpx, there is a possible information disclosure due to improper ...) {DSA-4578-1 DLA-2012-1} - libvpx 1.8.1-2 NOTE: https://github.com/webmproject/libvpx/commit/52add5896661d186dec284ed646a4b33b607d2c7 CVE-2019-9432 (In Bluetooth, there is a possible out of bounds read due to improper i ...) NOT-FOR-US: Android CVE-2019-9431 (In Bluetooth, there is a possible out of bounds read due to a use afte ...) NOT-FOR-US: Android CVE-2019-9430 (In Bluetooth, there is a possible null pointer dereference due to a mi ...) NOT-FOR-US: Android CVE-2019-9429 (In profman, there is a possible out of bounds write due to memory corr ...) NOT-FOR-US: Android CVE-2019-9428 (In the Framework, it is possible to set up BROWSEABLE intents to take ...) NOT-FOR-US: Android CVE-2019-9427 (In Bluetooth, there is a possible information disclosure due to a use ...) NOT-FOR-US: Android CVE-2019-9426 (In the Android kernel in Bluetooth there is a possible out of bounds w ...) NOT-FOR-US: Broadcom components for Android CVE-2019-9425 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9424 (In the Screen Lock, there is a possible information disclosure due to ...) NOT-FOR-US: Android CVE-2019-9423 (In opencv calls that use libpng, there is a possible out of bounds wri ...) - opencv NOTE: Currently no further information available CVE-2019-9422 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9421 (In libandroidfw, there is a possible OOB read due to an integer overfl ...) NOT-FOR-US: Android CVE-2019-9420 (In libhevc, there is a possible out of bounds read due to an integer o ...) NOT-FOR-US: Android CVE-2019-9419 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9418 (In libstagefright, there is a possible resource exhaustion due to a mi ...) NOT-FOR-US: Android CVE-2019-9417 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9416 (In libstagefright there is a possible information disclosure due to un ...) NOT-FOR-US: Android CVE-2019-9415 (In libstagefright there is a possible information disclosure due to un ...) NOT-FOR-US: Android CVE-2019-9414 (In wpa_supplicant, there is a possible man in the middle vulnerability ...) NOT-FOR-US: Android CVE-2019-9413 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9412 (In libSBRdec there is a possible out of bounds read due to incorrect b ...) NOT-FOR-US: Android CVE-2019-9411 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9410 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9409 (In libhevc there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-9408 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9407 (In notification management of the service manager, there is a possible ...) NOT-FOR-US: Android CVE-2019-9406 (In libhevc there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-9405 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9404 (In Bluetooth, there is possible controlled termination due to a missin ...) NOT-FOR-US: Android CVE-2019-9403 (In cn-cbor, there is a possible out of bounds read due to improper cas ...) NOT-FOR-US: Android CVE-2019-9402 (In Bluetooth, there is possible controlled termination due to a missin ...) NOT-FOR-US: Android CVE-2019-9401 (In Bluetooth, there is possible controlled termination due to a missin ...) NOT-FOR-US: Android CVE-2019-9400 (In Bluetooth, there is a possible null pointer dereference due to a mi ...) NOT-FOR-US: Android CVE-2019-9399 (The Print Service is susceptible to man in the middle attacks due to i ...) NOT-FOR-US: Android CVE-2019-9398 (In Bluetooth, there is possible controlled termination due to a missin ...) NOT-FOR-US: Android CVE-2019-9397 (In Bluetooth, there is possible controlled termination due to a missin ...) NOT-FOR-US: Android CVE-2019-9396 (In Bluetooth, there is possible controlled termination due to a missin ...) NOT-FOR-US: Android CVE-2019-9395 (In Bluetooth, there is possible controlled termination due to a missin ...) NOT-FOR-US: Android CVE-2019-9394 (In Bluetooth, there is possible controlled termination due to a missin ...) NOT-FOR-US: Android CVE-2019-9393 (In Bluetooth, there is possible controlled termination due to a missin ...) NOT-FOR-US: Android CVE-2019-9392 RESERVED CVE-2019-9391 (In libxaac, there is a possible out of bounds read due to uninitialize ...) NOT-FOR-US: Android CVE-2019-9390 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9389 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9388 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9387 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9386 (In NFC server, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Android CVE-2019-9385 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-9384 (In LockPatternUtils, there is a possible escalation of privilege due t ...) NOT-FOR-US: Android CVE-2019-9383 (In NFC server, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9382 (In libeffects, there is a possible out of bounds write due to a missin ...) NOT-FOR-US: Android CVE-2019-9381 (In netd, there is a possible out of bounds read due to a use after fre ...) NOT-FOR-US: Android CVE-2019-9380 (In the settings UI, there is a possible spoofing vulnerability due to ...) NOT-FOR-US: Android CVE-2019-9379 (In libstagefright, there is a possible resource exhaustion due to a mi ...) NOT-FOR-US: Android CVE-2019-9378 (In the Activity Manager service, there is a possible permission bypass ...) NOT-FOR-US: Android CVE-2019-9377 (In FingerprintService, there is a possible bypass for operating system ...) NOT-FOR-US: Android CVE-2019-9376 (In Account of Account.java, there is a possible boot loop due to impro ...) NOT-FOR-US: Android CVE-2019-9375 (In hostapd, there is a possible out of bounds write due to a race cond ...) NOT-FOR-US: Android CVE-2019-9374 REJECTED CVE-2019-9373 (In JobStore, there is a mismatched serialization/deserialization for t ...) NOT-FOR-US: Android CVE-2019-9372 (In libskia, there is a possible crash due to a missing null check. Thi ...) - skia (bug #818180) CVE-2019-9371 (In libvpx, there is a possible resource exhaustion due to improper inp ...) - libvpx 1.8.1-2 (low) [buster] - libvpx 1.7.0-3+deb10u1 [stretch] - libvpx (Minor issue) [jessie] - libvpx (Vunerable code introduced in 1.4.0) NOTE: Commits in libwebm: NOTE: https://chromium.googlesource.com/webm/libwebm/+/027a472efe49ff3a24be619442d2150658dbaaa0 NOTE: https://chromium.googlesource.com/webm/libwebm/+/cb5a9477073cf7ae4a28356d6e3e5638aba78dc9 NOTE: Sync to libvpx via: NOTE: https://github.com/webmproject/libvpx/commit/34d54b04e98dd0bac32e9aab0fbda0bf501bc742 NOTE: https://github.com/webmproject/libvpx/commit/f00890eecdf8365ea125ac16769a83aa6b68792d CVE-2019-9370 (In sonivox, there is a possible out of bounds read due to an incorrect ...) NOT-FOR-US: Android CVE-2019-9369 (In Bluetooth, there is a use of uninitialized variable. This could lea ...) NOT-FOR-US: Android CVE-2019-9368 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9367 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9366 (In libSBRdec there is a possible out of bounds read due to a missing b ...) NOT-FOR-US: Android CVE-2019-9365 (In Bluetooth, there is a possible deserialization error due to missing ...) NOT-FOR-US: Android CVE-2019-9364 (In AudioService, there is a possible trigger of background user audio ...) NOT-FOR-US: Android CVE-2019-9363 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Android CVE-2019-9362 (In libSACdec, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9361 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9360 (In the TEE, there's a possible out of bounds read due to a missing bou ...) NOT-FOR-US: Android CVE-2019-9359 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9358 (In NFC, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Android CVE-2019-9357 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9356 (In NFC server, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9355 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9354 (In NFC server, there's a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9353 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9352 (In libstagefright, there is a possible resource exhaustion due to a mi ...) NOT-FOR-US: Android CVE-2019-9351 (In SyncStatusObserver, there is a possible bypass for operating system ...) NOT-FOR-US: Android CVE-2019-9350 (In Keymaster, there is a possible EoP due to a use after free. This co ...) NOT-FOR-US: Android CVE-2019-9349 (In libstagefright, there is a possible resource exhaustion due to impr ...) NOT-FOR-US: Android CVE-2019-9348 (In libstagefright, there is a possible resource exhaustion due to impr ...) NOT-FOR-US: Android CVE-2019-9347 (In the m4v_h263 codec, there is a possible out of bounds read due to a ...) NOT-FOR-US: Android CVE-2019-9346 (In libstagefright, there is a possible out of bounds write due to a he ...) NOT-FOR-US: Android CVE-2019-9345 (In the Android kernel in sdcardfs there is a possible violation of the ...) NOT-FOR-US: Android kernel CVE-2019-9344 (In NFC server, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9343 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9342 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9341 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9340 RESERVED CVE-2019-9339 RESERVED CVE-2019-9338 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9337 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9336 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9335 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9334 (In libhevc there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-9333 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9332 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9331 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9330 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9329 (In Bluetooth, there is a possible out of bounds read due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9328 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9327 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9326 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9325 (In libvpx, there is a possible out of bounds read due to a missing bou ...) {DSA-4578-1} - libvpx 1.8.1-2 [jessie] - libvpx (Vunerable code introduced in 1.4.0) NOTE: https://github.com/webmproject/libvpx/commit/0681cff1ad36b3ef8ec242f59b5a6c4234ccfb88 CVE-2019-9324 RESERVED CVE-2019-9323 (In the Wallpaper Manager service, there is a possible information disc ...) NOT-FOR-US: Android CVE-2019-9322 (In libavc there is a possible information disclosure due to uninitiali ...) NOT-FOR-US: Android CVE-2019-9321 (In libavc, there is a missing variable initialization. This could lead ...) NOT-FOR-US: Android CVE-2019-9320 (In libavc, there is a missing variable initialization. This could lead ...) NOT-FOR-US: Android CVE-2019-9319 (In libavc, there is a missing variable initialization. This could lead ...) NOT-FOR-US: Android CVE-2019-9318 (In libhevc, there is a missing variable initialization. This could lea ...) NOT-FOR-US: Android CVE-2019-9317 (In libstagefright, there is a missing variable initialization. This co ...) NOT-FOR-US: Android CVE-2019-9316 (In libstagefright, there is a missing variable initialization. This co ...) NOT-FOR-US: Android CVE-2019-9315 (In libhevc, there is a missing variable initialization. This could lea ...) NOT-FOR-US: Android CVE-2019-9314 (In libavc, there is a missing variable initialization. This could lead ...) NOT-FOR-US: Android CVE-2019-9313 (In libstagefright, there is a missing variable initialization. This co ...) NOT-FOR-US: Android CVE-2019-9312 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9311 (In Bluetooth, there is a possible crash due to an integer overflow. Th ...) NOT-FOR-US: Android CVE-2019-9310 (In libFDK, there is a possible out of bounds write due to an integer o ...) NOT-FOR-US: Android CVE-2019-9309 (In NFC, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Android CVE-2019-9308 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9307 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9306 (In libMpegTPDec, there is a possible out of bounds write due to an int ...) NOT-FOR-US: Android CVE-2019-9305 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9304 (In libMpegTPDec, there is a possible out of bounds write due to an int ...) NOT-FOR-US: Android CVE-2019-9303 (In libFDK, there is a possible out of bounds write due to an integer o ...) NOT-FOR-US: Android CVE-2019-9302 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9301 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9300 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9299 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9298 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9297 (In libAACdec, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9296 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2019-9295 (In com.android.apps.tag, there is a possible bypass of user interactio ...) NOT-FOR-US: Android CVE-2019-9294 (In libstagefright, there is a possible out of bounds read due to a mis ...) NOT-FOR-US: Android CVE-2019-9293 (In libstagefright, there is a possible out of bounds read due to a mis ...) NOT-FOR-US: Android CVE-2019-9292 (In the Activity Manager service, there is a possible information discl ...) NOT-FOR-US: Android CVE-2019-9291 (In Bluetooth, there is a possible remote code execution due to an impr ...) NOT-FOR-US: Android CVE-2019-9290 (In tzdata there is possible memory corruption due to a mismatch betwee ...) NOT-FOR-US: Android CVE-2019-9289 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9288 (In libhidcommand_jni, there is a possible out of bounds write due to a ...) NOT-FOR-US: Android CVE-2019-9287 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9286 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9285 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9284 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9283 (In AAC Codec, there is a possible resource exhaustion due to improper ...) NOT-FOR-US: Android CVE-2019-9282 (In skia, there is a possible out of bounds read due to a missing bound ...) - skia (bug #818180) CVE-2019-9281 (In GoogleContactsSyncAdapter, there is a possible path traversal due t ...) NOT-FOR-US: Android CVE-2019-9280 (In keyguard, there is a possible escalation of privilege due to improp ...) NOT-FOR-US: Android CVE-2019-9279 (In the wifi hotspot service, there is a possible denial of service due ...) NOT-FOR-US: Android CVE-2019-9278 (In libexif, there is a possible out of bounds write due to an integer ...) {DSA-4618-1 DLA-2100-1} - libexif 0.6.21-6 (bug #945948) NOTE: https://android.googlesource.com/platform/external/libexif/+/a5e8e5812a11ec9686294de8a5d68aaf2ab72475%5E%21/#F0 NOTE: https://github.com/libexif/libexif/issues/26 NOTE: https://github.com/libexif/libexif/commit/75aa73267fdb1e0ebfbc00369e7312bac43d0566 CVE-2019-9277 (In the proc filesystem, there is a possible information disclosure due ...) NOT-FOR-US: Android CVE-2019-9276 (In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...) NOT-FOR-US: Android kernel CVE-2019-9275 (In the Android kernel in the mnh driver there is a use after free due ...) NOT-FOR-US: Android kernel CVE-2019-9274 (In the Android kernel in the mnh driver there is a possible out of bou ...) NOT-FOR-US: Android kernel CVE-2019-9273 (In the Android kernel in the synaptics_dsx_htc touchscreen driver ther ...) NOT-FOR-US: Android kernel CVE-2019-9272 (In WiFi, there is a possible leak of WiFi state due to a permissions b ...) NOT-FOR-US: Android CVE-2019-9271 (In the Android kernel in the mnh driver there is a race condition due ...) NOT-FOR-US: Android kernel CVE-2019-9270 (In the Android kernel in unifi and r8180 WiFi drivers there is a possi ...) NOT-FOR-US: Android kernel CVE-2019-9269 (In System Settings, there is a possible permissions bypass due to a ca ...) NOT-FOR-US: Android CVE-2019-9268 (In libstagefright, there is a possible use-after-free due to improper ...) NOT-FOR-US: Android CVE-2019-9267 RESERVED CVE-2019-9266 (In sensorservice, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Android CVE-2019-9265 (In Bluetooth, there is a possible out of bounds read due to an incorre ...) NOT-FOR-US: Android CVE-2019-9264 (In libxaac there is a possible out of bounds read due to missing bound ...) NOT-FOR-US: Android CVE-2019-9263 (In telephony, there is a possible bypass of user interaction requireme ...) NOT-FOR-US: Android CVE-2019-9262 (In MPEG4Extractor, there is a possible out of bounds write due to an i ...) NOT-FOR-US: Android CVE-2019-9261 (In libxaac there is a possible out of bounds read due to missing bound ...) NOT-FOR-US: Android CVE-2019-9260 (In Bluetooth, there is a possible out of bounds read due to an incorre ...) NOT-FOR-US: Android CVE-2019-9259 (In the Bluetooth stack, there is a possible out of bounds write due to ...) NOT-FOR-US: Android CVE-2019-9258 (In wifilogd, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Android CVE-2019-9257 (In Bluetooth, there is a possible out of bounds write due to an intege ...) NOT-FOR-US: Android CVE-2019-9256 (In libmediaextractor there is a possible out of bounds write due to an ...) NOT-FOR-US: Android CVE-2019-9255 RESERVED CVE-2019-9254 (In readArgumentList of zygote.java in Android 10, there is a possible ...) NOT-FOR-US: Android CVE-2019-9253 (In KeyStore, there is a possible storage of symmetric keys in the TEE ...) NOT-FOR-US: Android CVE-2019-9252 (In libavc there is a possible out of bounds read due to uninitialized ...) NOT-FOR-US: Android CVE-2019-9251 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2019-9250 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9249 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9248 (In the Android kernel in the FingerTipS touchscreen driver there is a ...) NOT-FOR-US: Android kernel CVE-2019-9247 (In AAC Codec, there is a missing variable initialization. This could l ...) NOT-FOR-US: Android CVE-2019-9246 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2019-9245 (In the Android kernel in the f2fs driver there is a possible out of bo ...) - linux 4.19.16-1 [stretch] - linux (f2fs is not supportable) [jessie] - linux (f2fs is not supportable) NOTE: https://git.kernel.org/linus/64beba0558fce7b59e9a8a7afd77290e82a22163 CVE-2019-9244 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2019-9243 (In wpa_supplicant_8, there is a possible out of bounds read due to a m ...) NOT-FOR-US: Android CVE-2019-9242 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2019-9241 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9240 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2019-9239 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2019-9238 (In the NFC stack, there is a possible out of bounds write due to a mis ...) NOT-FOR-US: Android CVE-2019-9237 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2019-9236 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2019-9235 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2019-9234 (In wpa_supplicant_8, there is a possible out of bounds read due to a m ...) NOT-FOR-US: Android CVE-2019-9233 (In wpa_supplicant_8, there is a possible out of bounds read due to an ...) NOT-FOR-US: Android CVE-2019-9232 (In libvpx, there is a possible out of bounds read due to a missing bou ...) {DSA-4578-1 DLA-2012-1} - libvpx 1.8.1-2 NOTE: https://github.com/webmproject/libvpx/commit/46e17f0cb4a80b36755c84b8bf15731d3386c08f CVE-2019-9231 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...) NOT-FOR-US: AudioCodes Mediant devices CVE-2019-9230 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...) NOT-FOR-US: AudioCodes Mediant devices CVE-2019-9229 (An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M80 ...) NOT-FOR-US: AudioCodes CVE-2019-9228 (** DISPUTED ** An issue was discovered on AudioCodes Mediant 500L-MSBR ...) NOT-FOR-US: AudioCodes CVE-2019-9227 (An issue was discovered in baigo CMS 2.1.1. There is a vulnerability t ...) NOT-FOR-US: baigo CMS CVE-2019-9226 (An issue was discovered in baigo CMS 2.1.1. There is a persistent XSS ...) NOT-FOR-US: baigo CMS CVE-2019-9225 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9224 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9223 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9222 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9221 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9220 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9219 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9218 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9217 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9216 RESERVED CVE-2019-9215 (In Live555 before 2019.02.27, malformed headers lead to invalid memory ...) {DSA-4408-1 DLA-1720-1} [experimental] - liblivemedia 2019.02.27-1 - liblivemedia 2018.11.26-1.1 (bug #924655) NOTE: Reporter advisory and analysis: https://tools.cisco.com/security/center/viewAlert.x?alertId=59708 CVE-2019-9214 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector c ...) {DSA-4416-1} - wireshark 2.6.7-1 (bug #923611) [jessie] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15536 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c557bb0910be271e49563756411a690a1bc53ce5 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-08.html CVE-2019-9213 (In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lack ...) {DLA-1771-1 DLA-1731-1} - linux 4.19.28-1 [stretch] - linux 4.9.168-1 NOTE: Fixed by: https://git.kernel.org/linus/0a1d52994d440e21def1c2174932410b4f2a98a1 (5.0) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1792 CVE-2019-9212 (** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote attackers to e ...) NOT-FOR-US: SOFA-Hessian CVE-2019-9211 (There is a reachable assertion abort in the function write_long_string ...) - pspp 1.2.0-4 (unimportant; bug #923417) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1683499 NOTE: Crash in CLI tool, no security impact CVE-2019-9210 (In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer ...) {DLA-1702-1} - advancecomp 2.1-2 (low; bug #923416) [stretch] - advancecomp (Minor issue) NOTE: https://sourceforge.net/p/advancemame/bugs/277/ NOTE: Fixed by https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02 CVE-2019-9209 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and rel ...) {DSA-4416-1 DLA-1729-1} - wireshark 2.6.7-1 (bug #923611) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b NOTE: https://www.wireshark.org/security/wnpa-sec-2019-06.html CVE-2019-9208 (In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector co ...) {DSA-4416-1} - wireshark 2.6.7-1 (bug #923611) [jessie] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-07.html CVE-2019-9207 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm search ...) NOT-FOR-US: PRTG Network Monitor CVE-2019-9206 (PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm ...) NOT-FOR-US: PRTG Network Monitor CVE-2019-9205 RESERVED CVE-2019-9204 (SQL injection vulnerability in Nagios IM (component of Nagios XI) befo ...) NOT-FOR-US: Nagios XI CVE-2019-9203 (Authorization bypass in Nagios IM (component of Nagios XI) before 2.2. ...) NOT-FOR-US: Nagios XI CVE-2019-9202 (Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated u ...) NOT-FOR-US: Nagios XI CVE-2019-9201 (Phoenix Contact ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/ ...) NOT-FOR-US: Phoenix Contact ILC CVE-2019-9200 (A heap-based buffer underwrite exists in ImageStream::getLine() locate ...) {DLA-2287-1 DLA-1706-1} - poppler 0.71.0-4 (bug #923414) NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/728 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/f4136a6353162db249f63ddb0f20611622ab61b4 CVE-2019-9199 (PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoD ...) - libpodofo 0.9.6+dfsg-5 (low; bug #923469) [stretch] - libpodofo (Minor issue) [jessie] - libpodofo (Minor issue) NOTE: https://sourceforge.net/p/podofo/tickets/40/ NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1971/ CVE-2019-9198 RESERVED CVE-2019-9197 (The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows ...) NOT-FOR-US: Unity Editor CVE-2019-9196 (The Face authentication component in Aware mobile liveness 2.2.1 sdk 2 ...) NOT-FOR-US: Aware mobile liveness CVE-2019-9195 (util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An a ...) NOT-FOR-US: Grin CVE-2019-9194 (elFinder before 2.1.48 has a command injection vulnerability in the PH ...) NOT-FOR-US: elFinder CVE-2019-9193 (** DISPUTED ** In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGR ...) - postgresql-11 (unimportant) - postgresql-9.6 (unimportant) - postgresql-9.4 (unimportant) NOTE: https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5 NOTE: https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/ NOTE: Upstream statement: https://www.postgresql.org/about/news/1935/ NOTE: Issue is not to be considered a vulnerability and disupted to be valid. CVE-2019-9191 (The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) p ...) NOT-FOR-US: ETSI protocol CVE-2019-9190 RESERVED CVE-2019-9189 (Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application a ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-9188 RESERVED CVE-2019-9187 (ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 ...) {DSA-4399-1 DLA-1716-1} - ikiwiki 3.20190228-1 NOTE: https://ikiwiki.info/security/#cve-2019-9187 NOTE: https://www.openwall.com/lists/oss-security/2019/02/28/1 NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=e7b0d4a NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=67543ce NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=d283e4c NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2 CVE-2019-9186 (In several JetBrains IntelliJ IDEA versions, a Spring Boot run configu ...) - intellij-idea (bug #747616) CVE-2019-9185 (Controller/Async/FilesystemManager.php in the filemanager in Bolt befo ...) NOT-FOR-US: Bolt CMS CVE-2019-9184 (SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for ...) NOT-FOR-US: J2Store plugin for Joomla! CVE-2019-9183 (An issue was discovered in Contiki-NG through 4.3 and Contiki through ...) NOT-FOR-US: Contiki-NG CVE-2019-9182 (There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=e ...) NOT-FOR-US: ZZZCMS CVE-2019-9181 (SchoolCMS version 2.3.1 allows file upload via the logo upload feature ...) NOT-FOR-US: SchoolCMS CVE-2019-9180 RESERVED CVE-2019-9179 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9178 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9177 REJECTED CVE-2019-9176 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9175 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9174 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9173 RESERVED CVE-2019-9172 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9171 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9170 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.8.2-1 - gitlab 11.8.2-2 (bug #924447) NOTE: https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/ CVE-2019-9169 (In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_n ...) - glibc 2.28-9 (bug #924612) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) - eglibc NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140 NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24114 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9 CVE-2019-9168 (WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. ...) NOT-FOR-US: WooCommerce CVE-2019-9167 (Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 al ...) NOT-FOR-US: Nagios XI CVE-2019-9166 (Privilege escalation in Nagios XI before 5.5.11 allows local attackers ...) NOT-FOR-US: Nagios XI CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows attacker ...) NOT-FOR-US: Nagios XI CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authenticated u ...) NOT-FOR-US: Nagios XI CVE-2019-9163 (The connection initiation process in March Networks Command Client bef ...) NOT-FOR-US: March Networks CVE-2019-9161 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...) NOT-FOR-US: Sangfor Sundray WLAN Controller CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...) NOT-FOR-US: Sangfor Sundray WLAN Controller CVE-2019-9159 RESERVED CVE-2019-9158 (Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control ...) NOT-FOR-US: Gemalto DS3 Authentication Server CVE-2019-9157 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclos ...) NOT-FOR-US: Gemalto DS3 Authentication Server CVE-2019-9156 (Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injecti ...) NOT-FOR-US: Gemalto DS3 Authentication Server CVE-2019-9192 (** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, ...) - glibc (unimportant) - eglibc (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24269 CVE-2019-9162 (In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_bas ...) - linux 4.19.28-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/c4c07b4d6fa1f11880eab8e076d3d060ef3f55fc NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1776 CVE-2019-9155 (A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who ...) - node-openpgp (bug #787774) CVE-2019-9154 (Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...) - node-openpgp (bug #787774) CVE-2019-9153 (Improper Verification of a Cryptographic Signature in OpenPGP.js <= ...) - node-openpgp (bug #787774) CVE-2019-9152 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...) - hdf5 (unimportant) NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul8 NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10719 NOTE: Negligible security impact CVE-2019-9151 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...) - hdf5 (unimportant) NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul7 NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10718 NOTE: Negligible security impact CVE-2019-9150 (Mailvelope prior to 3.3.0 does not require user interaction to import ...) NOT-FOR-US: Mailvelope CVE-2019-9149 (Mailvelope prior to 3.3.0 allows private key operations without user i ...) NOT-FOR-US: Mailvelope CVE-2019-9148 (Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public ...) NOT-FOR-US: Mailvelope CVE-2019-9147 (Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack again ...) NOT-FOR-US: Mailvelope CVE-2019-9146 (Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain ...) NOT-FOR-US: Jamf Self Service CVE-2019-9145 (An issue was discovered in Hsycms V1.1. There is an XSS vulnerability ...) NOT-FOR-US: Hsycms CVE-2019-9144 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...) - exiv2 0.27.2-8 (low; bug #923473) [buster] - exiv2 (Vulnerable code introduced later) [stretch] - exiv2 (Vulnerable code introduced later) [jessie] - exiv2 (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/issues/712 CVE-2019-9143 (An issue was discovered in Exiv2 0.27. There is infinite recursion at ...) - exiv2 0.27.2-8 (low; bug #923472) [buster] - exiv2 (Vulnerable code introduced later) [stretch] - exiv2 (Vulnerable code introduced later) [jessie] - exiv2 (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/issues/711 CVE-2019-9142 (An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS ...) NOT-FOR-US: b3log Symphony (aka Sym) CVE-2019-9141 (ZInsVX.dll ActiveX Control 2018.02 and earlier in Zoneplayer contains ...) NOT-FOR-US: Zoneplayer CVE-2019-9140 (When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earl ...) NOT-FOR-US: Happypoint mobile app CVE-2019-9139 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...) NOT-FOR-US: DaviewIndy CVE-2019-9138 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...) NOT-FOR-US: DaviewIndy CVE-2019-9137 (DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnera ...) NOT-FOR-US: DaviewIndy CVE-2019-9136 (DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2019-9135 (DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2019-9134 (Architectural Information System 1.0 and earlier versions have a Stack ...) NOT-FOR-US: Architectural Information System CVE-2019-9133 (When processing subtitles format media file, KMPlayer version 2018.12. ...) NOT-FOR-US: KMPlayer (different from src:kmplayer) CVE-2019-9132 (Remote code execution vulnerability exists in KaKaoTalk PC messenger w ...) NOT-FOR-US: KaKaoTalk PC messenger CVE-2019-9131 RESERVED CVE-2019-9130 RESERVED CVE-2019-9129 RESERVED CVE-2019-9128 RESERVED CVE-2019-9127 RESERVED CVE-2019-9126 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...) NOT-FOR-US: D-Link CVE-2019-9125 (An issue was discovered on D-Link DIR-878 1.12B01 devices. Because str ...) NOT-FOR-US: D-Link CVE-2019-9124 (An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNA ...) NOT-FOR-US: D-Link CVE-2019-9123 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. The "use ...) NOT-FOR-US: D-Link CVE-2019-9122 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2019-9121 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...) NOT-FOR-US: Motorola CVE-2019-9120 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...) NOT-FOR-US: Motorola CVE-2019-9119 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...) NOT-FOR-US: Motorola CVE-2019-9118 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...) NOT-FOR-US: Motorola CVE-2019-9117 (An issue was discovered on Motorola C1 and M2 devices with firmware 1. ...) NOT-FOR-US: Motorola CVE-2019-9116 (** DISPUTED ** DLL hijacking is possible in Sublime Text 3 version 3.1 ...) NOT-FOR-US: Sublime Text Windows build CVE-2019-9115 (In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file all ...) NOT-FOR-US: IRISnet CVE-2019-9114 (Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in t ...) - ming NOTE: https://github.com/libming/libming/issues/170 CVE-2019-9113 (Ming (aka libming) 0.4.8 has a NULL pointer dereference in the functio ...) - ming NOTE: https://github.com/libming/libming/issues/171 CVE-2019-9112 (The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-os ...) NOT-FOR-US: Xiaomi-specific driver not in the mainline msm driver CVE-2019-9111 (The msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-os ...) NOT-FOR-US: Xiaomi-specific driver not in the mainline msm driver CVE-2019-9110 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&a ...) NOT-FOR-US: WUZHI CMS CVE-2019-9109 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&am ...) NOT-FOR-US: WUZHI CMS CVE-2019-9108 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=core&f=map&v=bai ...) NOT-FOR-US: WUZHI CMS CVE-2019-9107 (XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecu ...) NOT-FOR-US: WUZHI CMS CVE-2019-9106 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...) NOT-FOR-US: SAET Impianti Speciali TEBE Small devices CVE-2019-9105 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...) NOT-FOR-US: SAET Impianti Speciali TEBE Small devices CVE-2019-9104 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) NOT-FOR-US: Moxa CVE-2019-9103 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) NOT-FOR-US: Moxa CVE-2019-9102 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) NOT-FOR-US: Moxa CVE-2019-9101 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) NOT-FOR-US: Moxa CVE-2019-9100 RESERVED CVE-2019-9099 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) NOT-FOR-US: Moxa CVE-2019-9098 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) NOT-FOR-US: Moxa CVE-2019-9097 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) NOT-FOR-US: Moxa CVE-2019-9096 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) NOT-FOR-US: Moxa CVE-2019-9095 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) NOT-FOR-US: Moxa CVE-2019-9094 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) NOT-FOR-US: Humhub CVE-2019-9093 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) NOT-FOR-US: Humhub CVE-2019-9092 RESERVED CVE-2019-9091 RESERVED CVE-2019-9090 RESERVED CVE-2019-9089 RESERVED CVE-2019-9088 RESERVED CVE-2019-9087 (HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php nu ...) - hoteldruid 2.3.2-1 [stretch] - hoteldruid (Minor issue) [jessie] - hoteldruid (low popcon) CVE-2019-9086 (HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle ...) - hoteldruid 2.3.2-1 [stretch] - hoteldruid (Minor issue) [jessie] - hoteldruid (low popcon) CVE-2019-9085 (Hoteldruid before v2.3.1 allows remote authenticated users to cause a ...) - hoteldruid 2.3.2-1 [stretch] - hoteldruid (Minor issue) [jessie] - hoteldruid (low popcon) CVE-2019-9084 (In Hoteldruid before 2.3.1, a division by zero was discovered in $num_ ...) - hoteldruid 2.3.2-1 [stretch] - hoteldruid (Minor issue) [jessie] - hoteldruid (low popcon) CVE-2019-9083 (SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanage ...) NOT-FOR-US: SQLiteManager CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other pro ...) NOT-FOR-US: ThinkPHP CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...) NOT-FOR-US: Laravel Framework CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...) NOT-FOR-US: DomainMOD CVE-2019-9079 RESERVED CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter b ...) NOT-FOR-US: zzcms CVE-2019-9077 (An issue was discovered in GNU Binutils 2.32. It is a heap-based buffe ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24243 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7fc0c668f2aceb8582d74db1ad2528e2bba8a921 NOTE: binutils not covered by security support CVE-2019-9076 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...) NOTE: Disputed by binutils upstream, not considered a bug NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24238 CVE-2019-9075 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24236 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8abac8031ed369a2734b1cdb7df28a39a54b4b49 NOTE: binutils not covered by security support CVE-2019-9074 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24235 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=179f2db0d9c397d7dd8a59907b84208b79f7f48c NOTE: binutils not covered by security support CVE-2019-9073 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24233 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7d272a55caebfc26ab2e15d1e9439bac978b9bb7 NOTE: binutils not covered by security support CVE-2019-9072 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...) NOTE: Disputed by binutils upstream, not considered a bug NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89396 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24232 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24237 CVE-2019-9071 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89394 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24227 NOTE: binutils not covered by security support CVE-2019-9070 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...) - binutils 2.32.51.20190707-1 (unimportant) NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24229 NOTE: binutils not covered by security support CVE-2019-9069 RESERVED CVE-2019-9068 RESERVED CVE-2019-9067 RESERVED CVE-2019-9066 (PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML inje ...) NOT-FOR-US: PHP Scripts Mall PHP Appointment Booking Script CVE-2019-9065 (PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows paramete ...) NOT-FOR-US: PHP Scripts Mall Custom T-Shirt Ecommerce Script CVE-2019-9064 (PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal i ...) NOT-FOR-US: PHP Scripts Mall Cab Booking Script CVE-2019-9063 (PHP Scripts Mall Auction website script 2.0.4 allows parameter tamperi ...) NOT-FOR-US: PHP Scripts Mall Auction website script CVE-2019-9062 (PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Reques ...) NOT-FOR-US: PHP Scripts Mall Online Food Ordering Script CVE-2019-9061 (An issue was discovered in CMS Made Simple 2.2.8. In the module Module ...) NOT-FOR-US: CMS Made Simple CVE-2019-9060 (An issue was discovered in CMS Made Simple 2.2.8. It is possible to ac ...) NOT-FOR-US: CMS Made Simple CVE-2019-9059 (An issue was discovered in CMS Made Simple 2.2.8. It is possible, with ...) NOT-FOR-US: CMS Made Simple CVE-2019-9058 (An issue was discovered in CMS Made Simple 2.2.8. In the administrator ...) NOT-FOR-US: CMS Made Simple CVE-2019-9057 (An issue was discovered in CMS Made Simple 2.2.8. In the module FilePi ...) NOT-FOR-US: CMS Made Simple CVE-2019-9056 (An issue was discovered in CMS Made Simple 2.2.8. In the module FrontE ...) NOT-FOR-US: CMS Made Simple CVE-2019-9055 (An issue was discovered in CMS Made Simple 2.2.8. In the module Design ...) NOT-FOR-US: CMS Made Simple CVE-2019-9054 RESERVED CVE-2019-9053 (An issue was discovered in CMS Made Simple 2.2.8. It is possible with ...) NOT-FOR-US: CMS Made Simple CVE-2019-9052 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...) NOT-FOR-US: Pluck CMS CVE-2019-9051 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...) NOT-FOR-US: Pluck CMS CVE-2019-9050 (An issue was discovered in Pluck 4.7.9-dev1. It allows administrators ...) NOT-FOR-US: Pluck CMS CVE-2019-9049 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...) NOT-FOR-US: Pluck CMS CVE-2019-9048 (An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerabi ...) NOT-FOR-US: Pluck CMS CVE-2019-9047 (GoRose v1.0.4 has SQL Injection when the order_by or group_by paramete ...) NOT-FOR-US: GoRose CVE-2019-9046 RESERVED CVE-2019-9045 RESERVED CVE-2019-9044 RESERVED CVE-2019-9043 RESERVED CVE-2019-9042 (** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the i ...) NOT-FOR-US: Sitemagic CMS CVE-2019-9041 (An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_templa ...) NOT-FOR-US: ZZZCMS CVE-2019-9040 (S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via th ...) NOT-FOR-US: S-CMS CVE-2019-9039 (In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync G ...) NOT-FOR-US: Couchbase Sync Gateway CVE-2019-9038 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9037 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9036 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb NOTE: Not completely fixed with the initial two commits, cf. NOTE: https://github.com/tbeu/matio/issues/103#issuecomment-472020538 ff CVE-2019-9035 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9034 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9033 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9032 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9031 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9030 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9029 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9028 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9027 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9026 (An issue was discovered in libmatio.a in matio (aka MAT File I/O Libra ...) - libmatio 1.5.13-2 (low; bug #924185) [stretch] - libmatio (Minor issue) [jessie] - libmatio (Minor issue, hard to backport) NOTE: https://github.com/tbeu/matio/issues/103 NOTE: https://github.com/tbeu/matio/commit/a0539135c9b1ab7613aa7953279da9224da88775 NOTE: https://github.com/tbeu/matio/commit/2c20d2178017b3eb13ab160cef239648f9915bdb CVE-2019-9019 (The British Airways Entertainment System, as installed on Boeing 777-3 ...) NOT-FOR-US: British Airways Entertainment System CVE-2019-9025 (An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyt ...) - php7.3 7.3.1-1 NOTE: Fixed in 7.3.1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77367 CVE-2019-9024 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...) {DSA-4398-1 DLA-1679-1} - php7.3 7.3.1-1 - php7.0 - php5 NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77380 NOTE: https://github.com/php/php-src/commit/4feb9e66ff9636ad44bc23a91b7ebd37d83ddf1d (7.1) CVE-2019-9023 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...) {DSA-4398-1 DLA-1679-1} - php7.3 7.3.1-1 - php7.0 - php5 NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77370 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77371 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77381 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77382 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77385 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77394 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77418 NOTE: https://github.com/php/php-src/commit/20407d06ca3cb5eeb10f876a812b40c381574bcc (7.1) NOTE: https://github.com/php/php-src/commit/31f59e1f3074ab344b473dde6077a6844ca87264 (7.1) NOTE: https://github.com/php/php-src/commit/28362ed4fae6969b5a8878591a5a06eadf114e03 (7.1) NOTE: https://github.com/php/php-src/commit/9d6c59eeea88a3e9d7039cb4fed5126ef704593a (7.1) CVE-2019-9022 (An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, ...) {DSA-4398-1 DLA-1741-1} - php7.3 7.3.2-1 - php7.0 - php5 NOTE: Fixed in 7.1.26, 7.2.14, 7.3.2 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77369 NOTE: https://github.com/php/php-src/commit/8d3dfabef459fe7815e8ea2fd68753fd17859d7b (7.1) CVE-2019-9021 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...) {DSA-4398-1 DLA-1679-1} - php7.3 7.3.1-1 - php7.0 - php5 NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77247 NOTE: https://github.com/php/php-src/commit/78bd3477745f1ada9578a79f61edb41886bec1cb (7.1) CVE-2019-9020 (An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...) {DSA-4398-1 DLA-1679-1} - php7.3 7.3.1-1 - php7.0 - php5 NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77242 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77249 NOTE: https://github.com/php/php-src/commit/9c62b95e5e6a1ac3922a8819f2d56d8ea998d97a (7.1) CVE-2019-9018 RESERVED CVE-2019-9017 (DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer ...) NOT-FOR-US: SolarWinds CVE-2019-9016 (An XSS vulnerability was discovered in MOPCMS through 2018-11-30. Ther ...) NOT-FOR-US: MOPCMS CVE-2019-9015 (A Path Traversal vulnerability was discovered in MOPCMS through 2018-1 ...) NOT-FOR-US: MOPCMS CVE-2019-9014 RESERVED CVE-2019-9013 (An issue was discovered in 3S-Smart CODESYS V3 products. The applicati ...) NOT-FOR-US: 3S-Smart CODESYS V3 CVE-2019-9012 (An issue was discovered in 3S-Smart CODESYS V3 products. A crafted com ...) NOT-FOR-US: 3S-Smart CODESYS V3 CVE-2019-9011 RESERVED CVE-2019-9010 (An issue was discovered in 3S-Smart CODESYS V3 products. The CODESYS G ...) NOT-FOR-US: 3S-Smart CODESYS V3 CVE-2019-9009 (An issue was discovered in 3S-Smart CODESYS before 3.5.15.0 . Crafted ...) NOT-FOR-US: 3S-Smart CVE-2019-9008 (An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A us ...) NOT-FOR-US: 3S-Smart CVE-2019-9007 RESERVED CVE-2019-9006 RESERVED CVE-2019-9005 (The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows D ...) NOT-FOR-US: Cprime Power Scripts app for Atlassian Jira CVE-2019-9004 (In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13 ...) NOT-FOR-US: Eclipse Wakaama CVE-2019-9003 (In the Linux kernel before 4.20.5, attackers can trigger a drivers/cha ...) - linux 4.19.20-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/77f8269606bf95fcb232ee86f6da80886f1dfae8 CVE-2019-9002 (An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through ...) NOT-FOR-US: Tiny Issue CVE-2019-9001 RESERVED CVE-2019-9000 RESERVED CVE-2019-8999 (An XML External Entity vulnerability in the UEM Core of BlackBerry UEM ...) NOT-FOR-US: BlackBerry CVE-2019-8998 (An information disclosure vulnerability leading to a potential local e ...) NOT-FOR-US: BlackBerry QNX Software Development Platform CVE-2019-8997 (An XML External Entity Injection (XXE) vulnerability in the Management ...) NOT-FOR-US: BlackBerry CVE-2019-8996 (In Signiant Manager+Agents before 13.5, the implementation of the set ...) NOT-FOR-US: Signiant CVE-2019-8995 (The workspace client, openspace client, and app development client of ...) NOT-FOR-US: TIBCO CVE-2019-8994 (The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, ...) NOT-FOR-US: TIBCO CVE-2019-8993 (The administrative web server component of TIBCO Software Inc.'s TIBCO ...) NOT-FOR-US: TIBCO CVE-2019-8992 (The administrative server component of TIBCO Software Inc.'s TIBCO Act ...) NOT-FOR-US: TIBCO CVE-2019-8991 (The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveM ...) NOT-FOR-US: TIBCO CVE-2019-8990 (The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatr ...) NOT-FOR-US: TIBCO CVE-2019-8989 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...) NOT-FOR-US: TIBCO CVE-2019-8988 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...) NOT-FOR-US: TIBCO CVE-2019-8987 (The application server component of TIBCO Software Inc.'s TIBCO Data S ...) NOT-FOR-US: TIBCO CVE-2019-8986 (The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO Ja ...) NOT-FOR-US: TIBCO CVE-2019-8985 (On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices ...) NOT-FOR-US: Netis devices CVE-2019-8984 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2) ...) NOT-FOR-US: MDaemon Webmail CVE-2019-8983 (MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2) ...) NOT-FOR-US: MDaemon Webmail CVE-2019-8982 (com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishan ...) NOT-FOR-US: WaveMaker Studio CVE-2019-8981 (tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overfl ...) - axtls (Fixed with initial upload to Debian) CVE-2019-8980 (A memory leak in the kernel_read_file function in fs/exec.c in the Lin ...) {DLA-1771-1} - linux 4.19.28-1 [stretch] - linux 4.9.168-1 [jessie] - linux (Vulnerable code not present) NOTE: https://lore.kernel.org/lkml/20190219021038.11340-1-yuehaibing@huawei.com/ NOTE: https://lore.kernel.org/lkml/20190219022512.GW2217@ZenIV.linux.org.uk/ CVE-2019-8979 (Kohana through 3.3.6 has SQL Injection when the order_by() parameter c ...) - libkohana2-php [jessie] - libkohana2-php (orderby function properly checks for allowed values) NOTE: https://github.com/huzr2018/orderby_SQLi/tree/master/kohana NOTE: https://github.com/koseven/koseven/issues/323 CVE-2019-8978 (An improper authentication vulnerability can be exploited through a ra ...) NOT-FOR-US: Ellucian Banner Web Tailor CVE-2019-8977 RESERVED CVE-2019-8976 RESERVED CVE-2019-8975 RESERVED CVE-2019-8974 RESERVED CVE-2019-8973 RESERVED CVE-2019-8972 RESERVED CVE-2019-8971 RESERVED CVE-2019-8970 RESERVED CVE-2019-8969 RESERVED CVE-2019-8968 RESERVED CVE-2019-8967 RESERVED CVE-2019-8966 RESERVED CVE-2019-8965 RESERVED CVE-2019-8964 RESERVED CVE-2019-8963 RESERVED CVE-2019-8962 RESERVED CVE-2019-8961 (A Denial of Service vulnerability related to stack exhaustion has been ...) NOT-FOR-US: FlexNet Publisher CVE-2019-8960 (A Denial of Service vulnerability related to command handling has been ...) NOT-FOR-US: FlexNet Publisher CVE-2019-8959 RESERVED CVE-2019-8958 RESERVED CVE-2019-8957 RESERVED CVE-2019-8956 (In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-fre ...) - linux 4.19.28-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/ba59fb0273076637f0add4311faa990a5eec27c0 CVE-2019-1000049 REJECTED CVE-2019-1000048 REJECTED CVE-2019-1000047 REJECTED CVE-2019-1000041 REJECTED CVE-2019-1000030 REJECTED CVE-2019-8955 (In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5. ...) - tor 0.3.5.8-1 [stretch] - tor (Only affects 0.3.2.1 and later) [jessie] - tor (Only affects 0.3.2.1 and later) NOTE: https://blog.torproject.org/new-releases-tor-0402-alpha-0358-03411-and-03312 NOTE: https://trac.torproject.org/projects/tor/ticket/29168 CVE-2019-8954 (In Indexhibit 2.1.5, remote attackers can execute arbitrary code via t ...) NOT-FOR-US: Indexhibit CVE-2019-8953 (The HAProxy package before 0.59_16 for pfSense has XSS via the desc (a ...) NOT-FOR-US: HAProxy package for pfSense CVE-2019-8952 (A Path Traversal vulnerability located in the webserver affects severa ...) NOT-FOR-US: Bosch CVE-2019-8951 (An Open Redirect vulnerability located in the webserver affects severa ...) NOT-FOR-US: Bosch CVE-2019-1003028 (A server-side request forgery vulnerability exists in Jenkins JMS Mess ...) - jenkins CVE-2019-1003027 (A server-side request forgery vulnerability exists in Jenkins OctopusD ...) - jenkins CVE-2019-1003026 (A server-side request forgery vulnerability exists in Jenkins Mattermo ...) - jenkins CVE-2019-1003025 (A exposure of sensitive information vulnerability exists in Jenkins Cl ...) - jenkins CVE-2019-1003024 (A sandbox bypass vulnerability exists in Jenkins Script Security Plugi ...) - jenkins CVE-2019-8950 (The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices w ...) NOT-FOR-US: DASAN CVE-2019-8949 RESERVED CVE-2019-8948 (PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script i ...) NOT-FOR-US: PaperCut MF CVE-2019-8947 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. ...) NOT-FOR-US: Zimbra Collaboration CVE-2019-8946 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...) NOT-FOR-US: Zimbra Collaboration CVE-2019-8945 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...) NOT-FOR-US: Zimbra Collaboration CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in Octo ...) NOT-FOR-US: Terraform CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...) - wordpress (bug #923583) [jessie] - wordpress (requires privileged account, not directly exploitable as CVE-2019-8942 is fixed, no official patch) NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ NOTE: This CVE is explicitly for the mentioned Path Traversal in wp_crop_image(). NOTE: Patching CVE-2019-8942 makes CVE-2019-8943 (RCE) not directly exploitable NOTE: RCE would now require a vulnerable plugin, and a crop-resistant PHP webshell embedded in an image (preserved EXIF data, PNG IDAT reverse deflate...) NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/#path-traversal-via-modified-post-meta NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/#exploiting-the-path-traversal-lfi-in-theme-directory CVE-2019-8942 (WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code executi ...) {DSA-4401-1 DLA-1742-1} - wordpress 5.0.1+dfsg1-1 NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/ NOTE: Issue fixed in 4.9.9 and 5.0.1 upstream CVE-2019-8941 RESERVED CVE-2019-8940 RESERVED CVE-2019-8939 (data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a ...) NOT-FOR-US: Tautulli CVE-2019-8938 (VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter ...) NOT-FOR-US: VertrigoServ CVE-2019-8937 (HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, ori ...) - hoteldruid 2.3.2-1 (bug #929136) [stretch] - hoteldruid (Minor issue) [jessie] - hoteldruid (Minor issue) NOTE: https://www.exploit-db.com/exploits/46429/ CVE-2019-8936 (NTP through 4.2.8p12 has a NULL Pointer Dereference. ...) [experimental] - ntp 1:4.2.8p13+dfsg-1 - ntp 1:4.2.8p12+dfsg-4 (bug #924228) [stretch] - ntp (Introduced with the fix for CVE-2018-7182, not backported to stretch) [jessie] - ntp (Introduced with the fix for CVE-2018-7182, not backported to jessie) NOTE: http://bugs.ntp.org/show_bug.cgi?id=3565 NOTE: http://bk.ntp.org/ntp-stable/ntpd/ntp_control.c?PAGE=diffs&REV=5c8106e7wWtXdh0lzg1ytlWribBTcQ NOTE: Relates/corresponds to https://gitlab.com/NTPsec/ntpsec/issues/509 for ntpsec NOTE: which has a separate CVE id CVE-2019-6445 specifically for src:ntpsec CVE-2019-8934 (hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure becau ...) - qemu 1:4.1-1 (low; bug #922923) [buster] - qemu (Too intrusive to backport, marginal impact) [stretch] - qemu (Too intrusive to backport, marginal impact) [jessie] - qemu (Too intrusive to backport, marginal impact, ppc not supported in jessie-lts) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg04821.html CVE-2019-8933 (In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ di ...) NOT-FOR-US: DedeCMS CVE-2019-8935 (Collabtive 3.1 allows XSS via the manageuser.php?action=profile id par ...) - collabtive [jessie] - collabtive (Minor issue) CVE-2019-8932 (Redbrick Shift through 3.4.3 allows an attacker to extract authenticat ...) NOT-FOR-US: Redbrick Shift CVE-2019-8931 (Redbrick Shift through 3.4.3 allows an attacker to extract emails of s ...) NOT-FOR-US: Redbrick Shift CVE-2019-8930 RESERVED CVE-2019-8929 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8928 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8927 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8926 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8925 (An issue was discovered in Zoho ManageEngine Netflow Analyzer Professi ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-8924 (XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel ...) NOT-FOR-US: XAMPP CVE-2019-8923 (XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf ...) NOT-FOR-US: XAMPP CVE-2019-8922 RESERVED {DLA-2827-1} - bluez 5.54-1 NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6c7243fb6ab90b7b855cead98c66394fedea135f (5.51) CVE-2019-8921 RESERVED {DLA-2827-1} - bluez 5.54-1 NOTE: https://ssd-disclosure.com/ssd-advisory-linux-bluez-information-leak-and-heap-overflow/ NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7bf67b32709d828fafa26256b4c78331760c6e93 (5.51) CVE-2019-8920 (iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. ...) NOT-FOR-US: XAMPP CVE-2019-8919 (The seadroid (aka Seafile Android Client) application through 2.2.13 f ...) NOT-FOR-US: Seafile Android Client CVE-2019-8918 RESERVED CVE-2019-8917 (SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code exe ...) NOT-FOR-US: SolarWinds Orion NPM CVE-2019-8916 RESERVED CVE-2019-8915 RESERVED CVE-2019-8914 RESERVED CVE-2019-8913 RESERVED CVE-2019-8912 (In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg ...) - linux 4.19.28-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) CVE-2019-8911 (An issue was discovered in WTCMS 1.0. It has stored XSS via the third ...) NOT-FOR-US: WTCMS CVE-2019-8910 (An issue was discovered in WTCMS 1.0. It allows index.php?g=admin& ...) NOT-FOR-US: WTCMS CVE-2019-8909 (An issue was discovered in WTCMS 1.0. It allows remote attackers to ca ...) NOT-FOR-US: WTCMS CVE-2019-8908 (An issue was discovered in WTCMS 1.0. It allows remote attackers to ex ...) NOT-FOR-US: WTCMS CVE-2019-8907 (do_core_note in readelf.c in libmagic.a in file 5.35 allows remote att ...) {DLA-1698-1} - file 1:5.35-3 (bug #922968) [stretch] - file (Minor issue; will be fixed in point release) NOTE: https://bugs.astron.com/view.php?id=65 NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b CVE-2019-8906 (do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bou ...) - file 1:5.35-3 (bug #922969) [stretch] - file (vulnerable code introduced later) [jessie] - file (vulnerable code introduced later) NOTE: https://bugs.astron.com/view.php?id=64 NOTE: Introduced by: https://github.com/file/file/commit/0ac0678c52e248fd2a632a84b638694f205aef9d (FILE5_31) NOTE: Fixed by: https://github.com/file/file/commit/2858eaf99f6cc5aae129bcbf1e24ad160240185f (FILE5_36) CVE-2019-8905 (do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...) {DLA-1698-1} - file 1:5.35-3 (bug #922968) [stretch] - file (Minor issue; will be fixed in point release) NOTE: https://bugs.astron.com/view.php?id=63 NOTE: https://github.com/file/file/commit/d65781527c8134a1202b2649695d48d5701ac60b CVE-2019-8904 (do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based ...) - file 1:5.35-3 (bug #922967) [stretch] - file (vulnerable code introduced later) [jessie] - file (vulnerable code introduced later) NOTE: https://bugs.astron.com/view.php?id=62 NOTE: Introduced by: https://github.com/file/file/commit/76c55eae2f9b0b378332762f6dce544d05eb24d7 (FILE5_34) NOTE: Fixed by: https://github.com/file/file/commit/94b7501f48e134e77716e7ebefc73d6bbe72ba55 (FILE5_36) CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path traversal. ...) NOT-FOR-US: Total.js Platform CVE-2019-8902 (An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vuln ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-8901 (This issue was addressed by verifying host keys when connecting to a p ...) NOT-FOR-US: Apple CVE-2019-8900 RESERVED CVE-2019-8899 RESERVED CVE-2019-8898 (An information disclosure issue existed in the handling of the Storage ...) NOT-FOR-US: Apple CVE-2019-8897 RESERVED CVE-2019-8896 RESERVED CVE-2019-8895 RESERVED CVE-2019-8894 RESERVED CVE-2019-8893 RESERVED CVE-2019-8892 RESERVED CVE-2019-8891 RESERVED CVE-2019-8890 RESERVED CVE-2019-8889 RESERVED CVE-2019-8888 RESERVED CVE-2019-8887 RESERVED CVE-2019-8886 RESERVED CVE-2019-8885 RESERVED CVE-2019-8884 RESERVED CVE-2019-8883 RESERVED CVE-2019-8882 RESERVED CVE-2019-8881 RESERVED CVE-2019-8880 RESERVED CVE-2019-8879 RESERVED CVE-2019-8878 RESERVED CVE-2019-8877 RESERVED CVE-2019-8876 RESERVED CVE-2019-8875 RESERVED CVE-2019-8874 RESERVED CVE-2019-8873 RESERVED CVE-2019-8872 RESERVED CVE-2019-8871 RESERVED CVE-2019-8870 RESERVED CVE-2019-8869 RESERVED CVE-2019-8868 RESERVED CVE-2019-8867 RESERVED CVE-2019-8866 RESERVED CVE-2019-8865 RESERVED CVE-2019-8864 RESERVED CVE-2019-8863 RESERVED CVE-2019-8862 RESERVED CVE-2019-8861 RESERVED CVE-2019-8860 RESERVED CVE-2019-8859 RESERVED CVE-2019-8858 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8857 (The issue was addressed with improved validation when an iCloud Link i ...) NOT-FOR-US: Apple CVE-2019-8856 (An API issue existed in the handling of outgoing phone calls initiated ...) NOT-FOR-US: Apple CVE-2019-8855 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2019-8854 (A user privacy issue was addressed by removing the broadcast MAC addre ...) NOT-FOR-US: Apple CVE-2019-8853 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2019-8852 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8851 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8850 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8849 (The issue was addressed by signaling that an executable stack is not r ...) NOT-FOR-US: Apple CVE-2019-8848 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8847 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8846 (A use after free issue was addressed with improved memory management. ...) {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2020-0001.html CVE-2019-8845 RESERVED CVE-2019-8844 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2020-0001.html CVE-2019-8843 RESERVED CVE-2019-8842 (A buffer overflow was addressed with improved bounds checking. This is ...) {DLA-2237-1} - cups 2.3.1-12 [buster] - cups 2.2.10-6+deb10u3 [stretch] - cups 2.2.1-8+deb9u6 NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ipp.c: ippReadIO) CVE-2019-8841 (An information disclosure issue was addressed by removing the vulnerab ...) NOT-FOR-US: Apple CVE-2019-8840 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-8839 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2019-8838 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8837 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2019-8836 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8835 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2020-0001.html CVE-2019-8834 (A configuration issue was addressed with additional restrictions. This ...) NOT-FOR-US: Apple CVE-2019-8833 (A memory corruption issue was addressed by removing the vulnerable cod ...) NOT-FOR-US: Apple CVE-2019-8832 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8831 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8830 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8829 (A memory corruption vulnerability was addressed with improved locking. ...) NOT-FOR-US: Apple CVE-2019-8828 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8827 (The HTTP referrer header may be used to leak browsing history. The iss ...) NOT-FOR-US: Apple CVE-2019-8826 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8825 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8824 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8823 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8822 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8821 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8820 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8819 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8818 RESERVED CVE-2019-8817 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2019-8816 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8815 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8814 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4563-1} - webkit2gtk 2.26.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8813 (A logic issue was addressed with improved state management. This issue ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8812 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4563-1} - webkit2gtk 2.26.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8811 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8810 RESERVED CVE-2019-8809 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-8808 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8807 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8806 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8805 (A validation issue existed in the entitlement verification. This issue ...) NOT-FOR-US: Apple CVE-2019-8804 (An inconsistency in Wi-Fi network configuration settings was addressed ...) NOT-FOR-US: Apple CVE-2019-8803 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2019-8802 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-8801 (A dynamic library loading issue existed in iTunes setup. This was addr ...) NOT-FOR-US: Apple CVE-2019-8800 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8799 (This issue was resolved by replacing device names with a random identi ...) NOT-FOR-US: Apple CVE-2019-8798 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8797 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8796 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-8795 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8794 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2019-8793 (A consistency issue existed in deciding when to show the screen record ...) NOT-FOR-US: Apple CVE-2019-8792 (An injection issue was addressed with improved validation. This issue ...) NOT-FOR-US: Shazam Android App CVE-2019-8791 (An issue existed in the parsing of URL schemes. This issue was address ...) NOT-FOR-US: Shazam Android App CVE-2019-8790 (This issue was addresses by updating incorrect URLSession file descrip ...) NOT-FOR-US: Apple CVE-2019-8789 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2019-8788 (An issue existed in the parsing of URLs. This issue was addressed with ...) NOT-FOR-US: Apple CVE-2019-8787 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8786 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8785 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8784 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8783 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8782 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8781 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8780 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2019-8779 (A logic issue applied the incorrect restrictions. This issue was addre ...) NOT-FOR-US: Apple CVE-2019-8778 RESERVED CVE-2019-8777 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2019-8776 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8775 (The issue was addressed by restricting options offered on a locked dev ...) NOT-FOR-US: Apple CVE-2019-8774 (A resource exhaustion issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2019-8773 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2019-8772 (An issue existed in the handling of links in encrypted PDFs. This issu ...) NOT-FOR-US: Apple CVE-2019-8771 (This issue was addressed with improved iframe sandbox enforcement. Thi ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8770 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2019-8769 (An issue existed in the drawing of web page elements. The issue was ad ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8768 ("Clear History and Website Data" did not clear the history. The issue ...) - webkit2gtk 2.24.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8767 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2019-8766 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8765 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8764 (A logic issue was addressed with improved state management. This issue ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8763 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8762 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-8761 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8760 (This issue was addressed by improving Face ID machine learning models. ...) NOT-FOR-US: Apple CVE-2019-8759 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-8758 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8757 (A race condition existed when reading and writing user preferences. Th ...) NOT-FOR-US: Apple CVE-2019-8756 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2019-8755 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2019-8754 (A cross-origin issue existed with "iframe" elements. This was addresse ...) NOT-FOR-US: Apple CVE-2019-8753 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8752 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2019-8751 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2019-8750 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2019-8749 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2019-8748 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8747 (A memory corruption vulnerability was addressed with improved locking. ...) NOT-FOR-US: Apple CVE-2019-8746 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8745 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2019-8744 (A memory corruption issue existed in the handling of IPv6 packets. Thi ...) NOT-FOR-US: Apple CVE-2019-8743 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8742 (The issue was addressed by restricting options offered on a locked dev ...) NOT-FOR-US: Apple CVE-2019-8741 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8740 (A memory corruption vulnerability was addressed with improved locking. ...) NOT-FOR-US: Apple CVE-2019-8739 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8738 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8737 (A denial of service issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8736 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8735 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8734 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2019-8733 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8732 (The issue was addressed with improved data deletion. This issue is fix ...) NOT-FOR-US: Apple CVE-2019-8731 (A permissions issue existed in which execute permission was incorrectl ...) NOT-FOR-US: Apple CVE-2019-8730 (The contents of locked notes sometimes appeared in search results. Thi ...) NOT-FOR-US: Apple CVE-2019-8729 RESERVED CVE-2019-8728 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2019-8727 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8726 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8725 (The issue was addressed with improved handling of service worker lifet ...) NOT-FOR-US: Apple CVE-2019-8724 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...) NOT-FOR-US: Apple CVE-2019-8723 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...) NOT-FOR-US: Apple CVE-2019-8722 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...) NOT-FOR-US: Apple CVE-2019-8721 (Multiple issues in ld64 in the Xcode toolchains were addressed by upda ...) NOT-FOR-US: Apple CVE-2019-8720 RESERVED {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8719 (A logic issue was addressed with improved state management. This issue ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8718 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8717 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8716 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8715 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8714 RESERVED CVE-2019-8713 RESERVED CVE-2019-8712 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8711 (A logic issue existed with the display of notification previews. This ...) NOT-FOR-US: Apple CVE-2019-8710 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8709 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8708 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2019-8707 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8706 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8705 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8704 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2019-8703 RESERVED CVE-2019-8702 RESERVED CVE-2019-8701 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8700 RESERVED CVE-2019-8699 (A logic issue existed in the handling of answering phone calls. The is ...) NOT-FOR-US: Apple CVE-2019-8698 (A validation issue existed in the entitlement verification. This issue ...) NOT-FOR-US: Apple CVE-2019-8697 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8696 (A buffer overflow issue was addressed with improved memory handling. T ...) {DLA-1893-1} - cups 2.2.12-1 (bug #934957) [buster] - cups 2.2.10-6+deb10u1 [stretch] - cups 2.2.1-8+deb9u4 NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109 CVE-2019-8695 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8694 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8693 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2019-8692 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2019-8691 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2019-8690 (A logic issue existed in the handling of document loads. This issue wa ...) {DSA-4515-1} - webkit2gtk 2.24.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8689 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8688 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8687 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8686 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8685 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2019-8684 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8683 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8682 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2019-8681 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8680 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8679 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8678 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8677 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8676 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8675 (A buffer overflow issue was addressed with improved memory handling. T ...) {DLA-1893-1} - cups 2.2.12-1 (bug #934957) [buster] - cups 2.2.10-6+deb10u1 [stretch] - cups 2.2.1-8+deb9u4 NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109 CVE-2019-8674 (A logic issue was addressed with improved state management. This issue ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8673 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8672 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8671 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8670 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2019-8669 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8668 (A denial of service issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8667 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2019-8666 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8665 (A denial of service issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8664 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8663 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8662 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8661 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8660 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8659 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8658 (A logic issue was addressed with improved state management. This issue ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8657 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8656 (This was addressed with additional checks by Gatekeeper on files mount ...) NOT-FOR-US: Apple CVE-2019-8655 RESERVED CVE-2019-8654 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2019-8653 RESERVED CVE-2019-8652 RESERVED CVE-2019-8651 RESERVED CVE-2019-8650 RESERVED CVE-2019-8649 (A logic issue existed in the handling of synchronous page loads. This ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8648 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8647 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8646 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8645 (An issue existed in the handling of encrypted Mail. This issue was add ...) NOT-FOR-US: Apple CVE-2019-8644 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8643 RESERVED CVE-2019-8642 (An issue existed in the handling of S-MIME certificates. This issue wa ...) NOT-FOR-US: Apple CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. ...) NOT-FOR-US: Apple CVE-2019-8640 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-8639 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2019-8638 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2019-8637 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8636 RESERVED CVE-2019-8635 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8634 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2019-8633 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2019-8632 (Some analytics data was sent using HTTP rather than HTTPS. This was ad ...) NOT-FOR-US: Apple CVE-2019-8631 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8630 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2019-8629 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2019-8628 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2019-8627 RESERVED CVE-2019-8626 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8625 (A logic issue was addressed with improved state management. This issue ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8624 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8623 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8622 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8621 RESERVED CVE-2019-8620 (A user privacy issue was addressed by removing the broadcast MAC addre ...) NOT-FOR-US: Apple CVE-2019-8619 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8618 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2019-8617 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2019-8616 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8615 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) CVE-2019-8614 RESERVED CVE-2019-8613 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8612 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8611 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8610 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8609 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8608 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8607 (An out-of-bounds read was addressed with improved input validation. Th ...) - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) CVE-2019-8606 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2019-8605 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8604 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8603 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2019-8602 (A memory corruption issue was addressed by removing the vulnerable cod ...) NOT-FOR-US: Apple CVE-2019-8601 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8600 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8599 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2019-8598 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8597 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8596 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8595 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) CVE-2019-8594 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8593 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8592 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8591 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2019-8590 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2019-8589 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8588 (A null pointer dereference was addressed with improved input validatio ...) NOT-FOR-US: Apple CVE-2019-8587 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8586 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8585 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8584 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8583 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8582 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-8581 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8580 (Source-routed IPv4 packets were disabled by default. This issue is fix ...) NOT-FOR-US: Apple CVE-2019-8579 (An input validation issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8578 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8577 (An input validation issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8576 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-8575 (The issue was addressed with improved data deletion. This issue is fix ...) NOT-FOR-US: Apple CVE-2019-8574 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8573 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8572 (A null pointer dereference was addressed with improved input validatio ...) NOT-FOR-US: Apple CVE-2019-8571 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8570 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8569 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8568 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2019-8567 (A user privacy issue was addressed by removing the broadcast MAC addre ...) NOT-FOR-US: Apple CVE-2019-8566 (An API issue existed in the handling of microphone data. This issue wa ...) NOT-FOR-US: Apple CVE-2019-8565 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2019-8564 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-8563 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8562 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8561 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-8560 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-8559 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8558 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8557 RESERVED CVE-2019-8556 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8555 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2019-8554 (A permissions issue existed in the handling of motion and orientation ...) NOT-FOR-US: Apple CVE-2019-8553 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8552 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2019-8551 (A logic issue was addressed with improved validation. This issue is fi ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8550 (An issue existed in the pausing of FaceTime video. The issue was resol ...) NOT-FOR-US: Apple CVE-2019-8549 (Multiple input validation issues existed in MIG generated code. These ...) NOT-FOR-US: Apple CVE-2019-8548 (An issue existed where partially entered passcodes may not clear when ...) NOT-FOR-US: Apple CVE-2019-8547 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2019-8546 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2019-8545 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8544 (A memory corruption issue was addressed with improved memory handling. ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8543 RESERVED CVE-2019-8542 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2019-8541 (A privacy issue existed in motion sensor calibration. This issue was a ...) NOT-FOR-US: Apple CVE-2019-8540 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2019-8539 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2019-8538 (A denial of service issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8537 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2019-8536 (A memory corruption issue was addressed with improved memory handling. ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8535 (A memory corruption issue was addressed with improved state management ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8534 (A logic issue existed resulting in memory corruption. This was address ...) NOT-FOR-US: Apple CVE-2019-8533 (A lock handling issue was addressed with improved lock handling. This ...) NOT-FOR-US: Apple CVE-2019-8532 (A permissions issue was addressed by removing vulnerable code and addi ...) NOT-FOR-US: Apple CVE-2019-8531 (A validation issue existed in Trust Anchor Management. This issue was ...) NOT-FOR-US: Apple CVE-2019-8530 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8529 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8528 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8527 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2019-8526 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8525 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8524 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8523 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8522 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8521 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8520 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-8519 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-8518 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8517 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-8516 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-8515 (A cross-origin issue existed with the fetch API. This was addressed wi ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8514 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8513 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8512 (This issue was addressed with improved transparency. This issue is fix ...) NOT-FOR-US: Apple CVE-2019-8511 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2019-8510 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2019-8509 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2019-8508 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2019-8507 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2019-8506 (A type confusion issue was addressed with improved memory handling. Th ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8505 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-8504 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2019-8503 (A logic issue was addressed with improved validation. This issue is fi ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8502 (An API issue existed in the handling of dictation requests. This issue ...) NOT-FOR-US: Apple CVE-2019-8501 RESERVED CVE-2019-8500 RESERVED CVE-2019-8499 RESERVED CVE-2019-8498 RESERVED CVE-2019-8497 RESERVED CVE-2019-8496 RESERVED CVE-2019-8495 RESERVED CVE-2019-8494 RESERVED CVE-2019-8493 RESERVED CVE-2019-8492 RESERVED CVE-2019-8491 RESERVED CVE-2019-8490 RESERVED CVE-2019-8489 RESERVED CVE-2019-8488 RESERVED CVE-2019-8487 RESERVED CVE-2019-8486 RESERVED CVE-2019-8485 RESERVED CVE-2019-8484 RESERVED CVE-2019-8483 RESERVED CVE-2019-8482 RESERVED CVE-2019-8481 RESERVED CVE-2019-8480 RESERVED CVE-2019-8479 RESERVED CVE-2019-8478 RESERVED CVE-2019-8477 RESERVED CVE-2019-8476 RESERVED CVE-2019-8475 RESERVED CVE-2019-8474 RESERVED CVE-2019-8473 RESERVED CVE-2019-8472 RESERVED CVE-2019-8471 RESERVED CVE-2019-8470 RESERVED CVE-2019-8469 RESERVED CVE-2019-8468 RESERVED CVE-2019-8467 RESERVED CVE-2019-8466 RESERVED CVE-2019-8465 RESERVED CVE-2019-8464 RESERVED CVE-2019-8463 (A denial of service vulnerability was reported in Check Point Endpoint ...) NOT-FOR-US: Check Point Endpoint Security Client for Windows CVE-2019-8462 (In a rare scenario, Check Point R80.30 Security Gateway before JHF Tak ...) NOT-FOR-US: Check Point R80.30 Security Gateway CVE-2019-8461 (Check Point Endpoint Security Initial Client for Windows before versio ...) NOT-FOR-US: Check Point CVE-2019-8460 (OpenBSD kernel version <= 6.5 can be forced to create long chains o ...) NOT-FOR-US: Check Point CVE-2019-8459 (Check Point Endpoint Security Client for Windows, with the VPN blade, ...) NOT-FOR-US: Check Point Endpoint Security Client for Windows CVE-2019-8458 (Check Point Endpoint Security Client for Windows, with Anti-Malware bl ...) NOT-FOR-US: Check Point Endpoint Security Client for Windows CVE-2019-8457 (SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-o ...) - sqlite3 3.27.2-3 (bug #929775) [stretch] - sqlite3 (Minor issue; can be fixed via point release) [jessie] - sqlite3 (Minor issue) NOTE: Fixed by: https://www.sqlite.org/src/info/90acdbfce9c08858 NOTE: Make the internal dynamic string interface available to extensions: NOTE: https://sqlite.org/src/info/87f261f0cb800b06 NOTE: Affected function is not used in Debian and meant for debugging purposes, NOTE: backporting the fix would be very complex. NOTE: https://lists.debian.org/debian-lts/2019/06/msg00013.html NOTE: https://lists.debian.org/debian-lts/2019/06/msg00036.html CVE-2019-8456 (Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditio ...) NOT-FOR-US: Check Point CVE-2019-8455 (A hard-link created from the log file of Check Point ZoneAlarm up to 1 ...) NOT-FOR-US: Check Point ZoneAlarm CVE-2019-8454 (A local attacker can create a hard-link between a file to which the Ch ...) NOT-FOR-US: Check Point Endpoint Security client for Windows CVE-2019-8453 (Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are ta ...) NOT-FOR-US: Check Point ZoneAlarm CVE-2019-8452 (A hard-link created from log file archive of Check Point ZoneAlarm up ...) NOT-FOR-US: Check Point ZoneAlarm CVE-2019-8451 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...) NOT-FOR-US: Jira CVE-2019-8450 (Various templates of the Optimization plugin in Jira before version 7. ...) NOT-FOR-US: Jira CVE-2019-8449 (The /rest/api/latest/groupuserpicker resource in Jira before version 8 ...) NOT-FOR-US: Jira CVE-2019-8448 (The login.jsp resource in Jira before version 7.13.4, and from version ...) NOT-FOR-US: Atlassian Jira CVE-2019-8447 (The ServiceExecutor resource in Jira before version 8.3.2 allows remot ...) NOT-FOR-US: Atlassian Jira CVE-2019-8446 (The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 ...) NOT-FOR-US: Atlassian Jira CVE-2019-8445 (Several worklog rest resources in Jira before version 7.13.7, and from ...) NOT-FOR-US: Atlassian Jira CVE-2019-8444 (The wikirenderer component in Jira before version 7.13.6, and from ver ...) NOT-FOR-US: Atlassian Jira CVE-2019-8443 (The ViewUpgrades resource in Jira before version 7.13.4, from version ...) NOT-FOR-US: Atlassian Jira CVE-2019-8442 (The CachingResourceDownloadRewriteRule class in Jira before version 7. ...) NOT-FOR-US: Atlassian Jira CVE-2019-8441 RESERVED CVE-2019-8440 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulner ...) NOT-FOR-US: DiliCMS CVE-2019-8439 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulner ...) NOT-FOR-US: DiliCMS CVE-2019-8438 (An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulner ...) NOT-FOR-US: DiliCMS CVE-2019-8437 (njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to a ...) NOT-FOR-US: njiandan-cms CVE-2019-8436 (imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] par ...) NOT-FOR-US: imcat CVE-2019-8435 (admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. ...) NOT-FOR-US: PHPMyWind CVE-2019-8434 (In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. ...) NOT-FOR-US: CmsEasy CVE-2019-8433 (JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/conso ...) NOT-FOR-US: JTBC(PHP) CVE-2019-8432 (In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. ...) NOT-FOR-US: CmsEasy CVE-2019-8431 RESERVED CVE-2019-8430 RESERVED CVE-2019-8429 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php fil ...) - zoneminder (unimportant; bug #922724) NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-8428 (ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone NOTE: https://github.com/ZoneMinder/zoneminder/pull/2422 NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a6e54d60d3a8f297cc5f2ef6a862f6f00d746e CVE-2019-8427 (daemonControl in includes/functions.php in ZoneMinder before 1.32.3 al ...) - zoneminder (unimportant; bug #922724) NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-8426 (skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone NOTE: https://github.com/ZoneMinder/zoneminder/commit/34e2e4799364639483f93cff70204618b834f7a2 NOTE: https://github.com/ZoneMinder/zoneminder/pull/2423 CVE-2019-8425 (includes/database.php in ZoneMinder before 1.32.3 has XSS in the const ...) - zoneminder (unimportant; bug #922724) NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-8424 (ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sor ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone NOTE: https://github.com/ZoneMinder/zoneminder/commit/02fd1e79b3bfa5b2e2087cb1255f9dbd921ccae8 NOTE: https://github.com/ZoneMinder/zoneminder/pull/2421 CVE-2019-8423 (ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/view ...) - zoneminder (unimportant; bug #922724) NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-8422 (A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the descri ...) NOT-FOR-US: PbootCMS CVE-2019-8421 (upload/protected/modules/admini/views/post/index.php in BageCMS throug ...) NOT-FOR-US: BageCMS CVE-2019-8420 RESERVED CVE-2019-8419 (VNote 2.2 has XSS via a new text note. ...) NOT-FOR-US: VNote CVE-2019-8418 (SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. ...) NOT-FOR-US: SeaCMS CVE-2019-8417 RESERVED CVE-2019-8416 RESERVED CVE-2019-8415 RESERVED CVE-2019-8414 RESERVED CVE-2019-8413 (On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer derefer ...) NOT-FOR-US: Xiaomi CVE-2019-8412 (FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or del ...) NOT-FOR-US: FeiFeiCms CVE-2019-8411 (admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers t ...) NOT-FOR-US: zzcms CVE-2019-8410 (Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter bec ...) NOT-FOR-US: Maccms CVE-2019-8409 RESERVED CVE-2019-8408 (OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by ...) NOT-FOR-US: OneFileCMS CVE-2019-8407 (HongCMS 3.0.0 allows arbitrary file read and write operations via a .. ...) NOT-FOR-US: HongCMS CVE-2019-8406 RESERVED CVE-2019-8405 RESERVED CVE-2019-8404 (An issue was discovered in Webiness Inventory 2.3. The ProductModel co ...) NOT-FOR-US: Webiness Inventory CVE-2019-8403 RESERVED CVE-2019-8402 RESERVED CVE-2019-8401 REJECTED CVE-2019-8400 (ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/ ...) NOT-FOR-US: ORY Hydra CVE-2019-8399 RESERVED CVE-2019-8398 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...) - hdf5 NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul6 NOTE: https://jira.hdfgroup.org/browse/HDFFV-10710 CVE-2019-8397 (An issue was discovered in the HDF HDF5 1.10.4 library. There is an ou ...) - hdf5 (unimportant) [buster] - hdf5 (Minor issue) [stretch] - hdf5 (Minor issue) [jessie] - hdf5 (Minor issue) NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul5 NOTE: issue in upstream bug tracker: https://jira.hdfgroup.org/browse/HDFFV-10711 NOTE: Negligible security impact, malicous scientific data has more issues than a crash CVE-2019-8396 (A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 ...) - hdf5 NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul4 NOTE: https://jira.hdfgroup.org/browse/HDFFV-10712 NOTE: HDFFV-10712 is marked to be closed in a future 1.10.8 upstream release. NOTE: Upstream fix was made in May 2021 after the 1.12.0 release (Mar 2020) CVE-2019-8395 (An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoh ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2019-8394 (Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allow ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2019-8393 (Hotels_Server through 2018-11-05 has SQL Injection via the API because ...) NOT-FOR-US: Hotels_Server CVE-2019-8392 (An issue was discovered on D-Link DIR-823G devices with firmware 1.02B ...) NOT-FOR-US: D-Link CVE-2019-8391 (qdPM 9.1 suffers from Cross-site Scripting (XSS) via configuration?typ ...) NOT-FOR-US: qdPM CVE-2019-8390 (qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keyword ...) NOT-FOR-US: qdPM CVE-2019-8389 (A file-read vulnerability was identified in the Wi-Fi transfer feature ...) NOT-FOR-US: Musicloud CVE-2019-8388 RESERVED CVE-2019-8387 (MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, r ...) NOT-FOR-US: MASTER IPCAMERA01 devices CVE-2019-8386 RESERVED CVE-2019-8385 (An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.35 ...) NOT-FOR-US: Thomson Reuters Desktop Extensions CVE-2019-8384 RESERVED CVE-2019-8383 (An issue was discovered in AdvanceCOMP through 2.1. An invalid memory ...) - advancecomp 2.1-2.1 (bug #928730) [stretch] - advancecomp (Minor issue) [jessie] - advancecomp (Minor issue) NOTE: https://sourceforge.net/p/advancemame/bugs/272/ NOTE: https://github.com/amadvance/advancecomp/commit/78a56b21340157775be2462a19276b4d31d2bd01 CVE-2019-8382 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereferenc ...) NOT-FOR-US: Bento4 CVE-2019-8381 (An issue was discovered in Tcpreplay 4.3.1. An invalid memory access o ...) - tcpreplay 4.3.1-2 (unimportant; bug #922622) NOTE: https://github.com/appneta/tcpreplay/issues/538 NOTE: Crash in a CLI tool, no security impact CVE-2019-8380 (An issue was discovered in Bento4 1.5.1-628. A NULL pointer dereferenc ...) NOT-FOR-US: Bento4 CVE-2019-8379 (An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer der ...) - advancecomp 2.1-2.1 (bug #928729) [stretch] - advancecomp (Minor issue) [jessie] - advancecomp (Minor issue) NOTE: https://sourceforge.net/p/advancemame/bugs/271/ NOTE: https://github.com/amadvance/advancecomp/commit/7894a6e684ce68ddff9f4f4919ab8e3911ac8040 CVE-2019-8378 (An issue was discovered in Bento4 1.5.1-628. A heap-based buffer over- ...) NOT-FOR-US: Bento4 CVE-2019-8377 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...) - tcpreplay 4.3.1-2 (unimportant; bug #922623) NOTE: https://github.com/appneta/tcpreplay/issues/536 NOTE: Crash in a CLI tool, no security impact CVE-2019-8376 (An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference ...) - tcpreplay 4.3.1-2 (unimportant; bug #922624) NOTE: https://github.com/appneta/tcpreplay/issues/537 NOTE: Crash in a CLI tool, no security impact CVE-2019-8375 (The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.9 ...) - webkit2gtk 2.24.1-1 (unimportant) NOTE: https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531 NOTE: https://trac.webkit.org/changeset/241515/webkit NOTE: https://www.inputzero.io/2019/02/fuzzing-webkit.html NOTE: Not covered by security support CVE-2019-8374 RESERVED CVE-2019-8373 RESERVED CVE-2019-8372 (The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes f ...) NOT-FOR-US: LG CVE-2019-8371 (OpenEMR v5.0.1-6 allows code execution. ...) NOT-FOR-US: OpenEMR CVE-2019-8370 REJECTED CVE-2019-8369 REJECTED CVE-2019-8368 (OpenEMR v5.0.1-6 allows XSS. ...) NOT-FOR-US: OpenEMR CVE-2019-8367 RESERVED CVE-2019-8366 RESERVED CVE-2019-8365 RESERVED CVE-2019-8364 RESERVED CVE-2019-8363 (Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstr ...) NOT-FOR-US: Verydows CVE-2019-8362 (DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edi ...) NOT-FOR-US: DedeCMS CVE-2019-8361 (PHP Scripts Mall Responsive Video News Script has XSS via the Search B ...) NOT-FOR-US: PHP Scripts Mall Responsive Video News Script CVE-2019-8360 (Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find ...) NOT-FOR-US: Themerig Find a Place CMS Directory CVE-2019-8359 (An issue was discovered in Contiki-NG through 4.3 and Contiki through ...) NOT-FOR-US: Contiki-NG CVE-2019-8358 (In Hiawatha before 10.8.4, a remote attacker is able to do directory t ...) NOT-FOR-US: Hiawatha CVE-2019-8357 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...) {DLA-1808-1} - sox 14.4.2+git20190427-1 (low; bug #927906) [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://sourceforge.net/p/sox/bugs/318 NOTE: https://sourceforge.net/p/sox/code/ci/2ce02fea7b350de9ddfbcf542ba4dd59a8ab255b/ CVE-2019-8356 (An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 ...) {DLA-1808-1} - sox 14.4.2+git20190427-1 (bug #927906) [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://sourceforge.net/p/sox/bugs/321 NOTE: https://sourceforge.net/p/sox/code/ci/b7883ae1398499daaa926ae6621f088f0f531ed8/ CVE-2019-8355 (An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integ ...) {DLA-1808-1} - sox 14.4.2+git20190427-1 (bug #927906) [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://sourceforge.net/p/sox/bugs/320 NOTE: https://sourceforge.net/p/sox/code/ci/f8587e2d50dad72d40453ac1191c539ee9e50381/ CVE-2019-8354 (An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c ...) {DLA-1808-1} - sox 14.4.2+git20190427-1 (bug #927906) [stretch] - sox 14.4.1-5+deb9u2 NOTE: https://sourceforge.net/p/sox/bugs/319 NOTE: https://sourceforge.net/p/sox/code/ci/f70911261a84333b077c29908e1242f69d7439eb CVE-2019-8353 RESERVED CVE-2019-8352 (By default, BMC PATROL Agent through 11.3.01 uses a static encryption ...) NOT-FOR-US: BMC PATROL Agent CVE-2019-8351 (Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certif ...) NOT-FOR-US: Heimdal Thor Agent CVE-2019-8350 (The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed i ...) NOT-FOR-US: Simple - Better Banking application for Android CVE-2019-8349 (Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 all ...) NOT-FOR-US: HTMLy CVE-2019-8348 RESERVED CVE-2019-8347 (BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via ...) NOT-FOR-US: BEESCMS CVE-2019-8346 (In Zoho ManageEngine ADSelfService Plus 5.x through 5704, an authoriza ...) NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2019-8345 (The Help feature in the ES File Explorer File Manager application 4.1. ...) NOT-FOR-US: ES File Explorer File Manager CVE-2019-8344 RESERVED CVE-2019-8343 (In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in past ...) - nasm (unimportant; bug #922433) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392556 NOTE: Crash in CLI tool, no security impact CVE-2019-8342 (A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0. ...) NOT-FOR-US: Foxit Reader CVE-2019-8341 (** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string ...) - jinja2 (unimportant) NOTE: https://github.com/JameelNabbo/Jinja2-Code-execution NOTE: No real security impact and upstream indicates the CVE is invalid CVE-2019-8340 RESERVED CVE-2019-8339 (An issue was discovered in Falco through 0.14.0. A missing indicator f ...) NOT-FOR-US: Falco CVE-2019-8338 (The signature verification routine in the Airmail GPG-PGP Plugin, vers ...) NOT-FOR-US: Airmail CVE-2019-8336 (HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a c ...) - consul (Only affected 1.4.x series up, vulnerable code never present in Debian) NOTE: https://github.com/hashicorp/consul/issues/5423 CVE-2019-8335 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerabil ...) NOT-FOR-US: SchoolCMS CVE-2019-8334 (An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerabil ...) NOT-FOR-US: SchoolCMS CVE-2019-8333 RESERVED CVE-2019-8332 RESERVED CVE-2019-8331 (In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in t ...) - twitter-bootstrap4 4.3.1+dfsg2-1 - twitter-bootstrap3 3.4.1+dfsg-1 [stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u2 [jessie] - twitter-bootstrap3 (Minor issue) - twitter-bootstrap [stretch] - twitter-bootstrap (Minor issue; XSS in developer-issued input when HTML is enabled) [jessie] - twitter-bootstrap (Minor issue; XSS in developer-issued input when HTML is enabled) NOTE: https://github.com/twbs/bootstrap/pull/28236 CVE-2019-8330 RESERVED CVE-2019-8329 RESERVED CVE-2019-8328 RESERVED CVE-2019-8327 RESERVED CVE-2019-8326 RESERVED CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...) {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1} - ruby2.5 2.5.5-1 - ruby2.3 - ruby2.1 - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. A cra ...) {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1} - ruby2.5 2.5.5-1 - ruby2.3 - ruby2.1 - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem:: ...) {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1} - ruby2.5 2.5.5-1 - ruby2.3 - ruby2.1 - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. The g ...) {DSA-4433-1 DLA-2330-1 DLA-1796-1 DLA-1735-1} - ruby2.5 2.5.5-1 - ruby2.3 - ruby2.1 - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since ...) {DSA-4433-1 DLA-2330-1 DLA-1796-1} - ruby2.5 2.5.5-1 - ruby2.3 - ruby2.1 [jessie] - ruby2.1 (Vulnerable code introduced later) - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-3 (bug #925987) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6 and later ...) {DSA-4433-1 DLA-2330-1 DLA-1735-1} - ruby2.5 2.5.5-1 - ruby2.3 - ruby2.1 - rubygems 3.2.0~rc.1-1 - jruby 9.1.17.0-3 (bug #925987) [jessie] - jruby (Vulnerable code introduced later) NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html NOTE: https://github.com/rubygems/rubygems/commit/56c0bbb69e4506bda7ef7f447dfec5db820df20b CVE-2019-8319 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...) NOT-FOR-US: D-Link CVE-2019-8318 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...) NOT-FOR-US: D-Link CVE-2019-8317 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...) NOT-FOR-US: D-Link CVE-2019-8316 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...) NOT-FOR-US: D-Link CVE-2019-8315 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...) NOT-FOR-US: D-Link CVE-2019-8314 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...) NOT-FOR-US: D-Link CVE-2019-8313 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...) NOT-FOR-US: D-Link CVE-2019-8312 (An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1 ...) NOT-FOR-US: D-Link CVE-2019-8337 (In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default con ...) - mpop 1.4.3-1 [stretch] - mpop (Vulnerable code introduced later) [jessie] - mpop (Vulnerable code introduced later) - msmtp 1.8.3-1 (bug #922345) [stretch] - msmtp (Vulnerable code introduced later) [jessie] - msmtp (Vulnerable code introduced later) NOTE: mpop: Introduced by: https://git.marlam.de/gitweb/?p=mpop.git;a=commit;h=3162356734663a0ea0f88857c4ace21fac1b023b (1.4.2) NOTE: mpop: Fixed by: https://git.marlam.de/gitweb/?p=mpop.git;a=commit;h=95b96da443a24a4a9cb6664aefff9f6fcc7ac86e (1.4.3) NOTE: msmtp: Introduced by: https://git.marlam.de/gitweb/?p=msmtp.git;a=commit;h=37371fa07729bfc11761b6d11befd7271528090d (1.8.2) NOTE: msmtp: Fixed by: https://git.marlam.de/gitweb/?p=msmtp.git;a=commit;h=a81d0a5126304f9f8b29a75d058044dc67d07663 (1.8.3) CVE-2019-8311 RESERVED CVE-2019-8310 RESERVED CVE-2019-8309 RESERVED CVE-2019-8307 RESERVED CVE-2019-8306 RESERVED CVE-2019-8305 RESERVED CVE-2019-8304 RESERVED CVE-2019-8303 RESERVED CVE-2019-8302 RESERVED CVE-2019-8301 RESERVED CVE-2019-8300 RESERVED CVE-2019-8299 RESERVED CVE-2019-8298 RESERVED CVE-2019-8297 RESERVED CVE-2019-8296 RESERVED CVE-2019-8295 RESERVED CVE-2019-8294 RESERVED CVE-2019-8293 (Due to a logic error in the code, upload-image-with-ajax v1.0 allows a ...) NOT-FOR-US: upload-image-with-ajax CVE-2019-8292 (Online Store System v1.0 delete_product.php doesn't check to see if a ...) NOT-FOR-US: Online Store System CVE-2019-8291 (Online Store System v1.0 delete_file.php doesn't check to see if a use ...) NOT-FOR-US: Online Store System CVE-2019-8290 (Vulnerability in Online Store v1.0, The registration form requirements ...) NOT-FOR-US: Online Store System CVE-2019-8289 (Vulnerability in Online Store v1.0, stored XSS in admin/user_view.php ...) NOT-FOR-US: Online Store System CVE-2019-8288 (Vulnerability in Online Store v1.0, Stored XSS in user_view.php where ...) NOT-FOR-US: Online Store System CVE-2019-8287 (TightVNC code version 1.3.10 contains global buffer overflow in Handle ...) {DLA-2045-1} - tightvnc 1:1.3.9-9.1 (bug #945364) [buster] - tightvnc 1:1.3.9-9deb10u1 [stretch] - tightvnc 1:1.3.9-9+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2018/12/10/5 NOTE: same as CVE-2018-20020/libvncserver CVE-2019-8286 (Information Disclosure in Kaspersky Anti-Virus, Kaspersky Internet Sec ...) NOT-FOR-US: Kaspersky CVE-2019-8285 (Kaspersky Lab Antivirus Engine version before 04.apr.2019 has a heap-b ...) NOT-FOR-US: Kaspersky Lab Antivirus Engine CVE-2019-8284 RESERVED CVE-2019-8283 (Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7 ...) NOT-FOR-US: Gemalto Admin Control Center CVE-2019-8282 (Gemalto Admin Control Center, all versions prior to 7.92, uses clearte ...) NOT-FOR-US: Gemalto Admin Control Center CVE-2019-8281 RESERVED CVE-2019-8280 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC c ...) NOT-FOR-US: UltraVNC CVE-2019-8279 (Multiple stored XSS in Vanilla Forums before 2.5 allow remote attacker ...) NOT-FOR-US: Vanilla Forums CVE-2019-8278 (Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Rem ...) NOT-FOR-US: Invision Power Board CVE-2019-8277 (UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC ...) NOT-FOR-US: UltraVNC CVE-2019-8276 (UltraVNC revision 1211 has a stack buffer overflow vulnerability in VN ...) NOT-FOR-US: UltraVNC CVE-2019-8275 (UltraVNC revision 1211 has multiple improper null termination vulnerab ...) NOT-FOR-US: UltraVNC CVE-2019-8274 (UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC ...) NOT-FOR-US: UltraVNC CVE-2019-8273 (UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC ...) NOT-FOR-US: UltraVNC CVE-2019-8272 (UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC ...) NOT-FOR-US: UltraVNC CVE-2019-8271 (UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC ...) NOT-FOR-US: UltraVNC CVE-2019-8270 (UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC cli ...) NOT-FOR-US: UltraVNC CVE-2019-8269 (UltraVNC revision 1206 has stack-based Buffer overflow vulnerability i ...) NOT-FOR-US: UltraVNC CVE-2019-8268 (UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC ...) NOT-FOR-US: UltraVNC CVE-2019-8267 (UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC cli ...) NOT-FOR-US: UltraVNC CVE-2019-8266 (UltraVNC revision 1207 has multiple out-of-bounds access vulnerabiliti ...) NOT-FOR-US: UltraVNC CVE-2019-8265 (UltraVNC revision 1207 has multiple out-of-bounds access vulnerabiliti ...) NOT-FOR-US: UltraVNC CVE-2019-8264 (UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC c ...) NOT-FOR-US: UltraVNC CVE-2019-8263 (UltraVNC revision 1205 has stack-based buffer overflow vulnerability i ...) NOT-FOR-US: UltraVNC CVE-2019-8262 (UltraVNC revision 1203 has multiple heap buffer overflow vulnerabiliti ...) NOT-FOR-US: UltraVNC CVE-2019-8261 (UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC c ...) NOT-FOR-US: UltraVNC CVE-2019-8260 (UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC c ...) NOT-FOR-US: UltraVNC CVE-2019-8259 (UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC ...) NOT-FOR-US: UltraVNC CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC ...) NOT-FOR-US: UltraVNC CVE-2019-8257 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...) NOT-FOR-US: ColdFusion CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...) NOT-FOR-US: Adobe CVE-2019-8254 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...) NOT-FOR-US: Adobe CVE-2019-8253 (Adobe Photoshop CC versions before 20.0.8 and 21.0.x before 21.0.2 hav ...) NOT-FOR-US: Adobe CVE-2019-8252 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8251 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8250 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8249 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8248 (Adobe Illustrator CC versions 23.1 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2019-8247 (Adobe Illustrator CC versions 23.1 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2019-8246 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2019-8245 RESERVED CVE-2019-8244 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2019-8243 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2019-8242 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2019-8241 (Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2019-8240 (Adobe Bridge CC versions 9.1 and earlier have a memory corruption vuln ...) NOT-FOR-US: Adobe CVE-2019-8239 (Adobe Bridge CC versions 9.1 and earlier have a memory corruption vuln ...) NOT-FOR-US: Adobe CVE-2019-8238 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-8237 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8236 (Creative Cloud Desktop Application version 4.6.1 and earlier versions ...) NOT-FOR-US: Adobe CVE-2019-8235 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...) NOT-FOR-US: Magento CVE-2019-8234 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a cross-site r ...) NOT-FOR-US: Adobe CVE-2019-8233 (In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 ...) NOT-FOR-US: Magento CVE-2019-8232 (In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 pr ...) NOT-FOR-US: Magento CVE-2019-8231 (In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated ...) NOT-FOR-US: Magento CVE-2019-8230 (In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenti ...) NOT-FOR-US: Magento CVE-2019-8229 (In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authent ...) NOT-FOR-US: Magento CVE-2019-8228 (in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...) NOT-FOR-US: Magento CVE-2019-8227 (In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenti ...) NOT-FOR-US: Magento CVE-2019-8226 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8225 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8224 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8223 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8222 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8221 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8220 (Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.01 ...) NOT-FOR-US: Adobe CVE-2019-8219 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8218 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8217 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8216 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8215 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8214 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8213 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8212 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8211 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8210 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8209 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8208 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8207 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8206 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8205 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8204 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8203 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8202 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8201 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8200 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8199 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8198 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8197 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8196 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8195 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8194 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8193 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8192 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8191 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8190 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8189 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8188 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8187 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8186 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8185 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8184 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8183 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8182 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8181 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8180 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8179 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8178 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8177 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8176 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8175 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8174 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8173 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8172 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8171 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8170 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8169 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8168 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8167 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8166 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8165 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8164 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8163 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8162 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8161 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8160 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8159 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8158 (An XPath entity injection vulnerability exists in Magento 2.2 prior to ...) NOT-FOR-US: Magento CVE-2019-8157 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8156 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...) NOT-FOR-US: Magento CVE-2019-8155 (Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF ...) NOT-FOR-US: Magento CVE-2019-8154 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8153 (A mitigation bypass to prevent cross-site scripting (XSS) exists in Ma ...) NOT-FOR-US: Magento CVE-2019-8152 (A stored cross-site scripting (XSS) vulnerability exists in in Magento ...) NOT-FOR-US: Magento CVE-2019-8151 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8150 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8149 (Insecure authentication and session management vulnerability exists in ...) NOT-FOR-US: Magento CVE-2019-8148 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8147 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8146 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8145 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8144 (A remote code execution vulnerability exists in Magento 2.3 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8143 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) NOT-FOR-US: Magento CVE-2019-8142 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8141 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8140 (An unrestricted file upload vulnerability exists in Magento 2.2 prior ...) NOT-FOR-US: Magento CVE-2019-8139 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8138 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8137 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8136 (An insecure component vulnerability exists in Magento 2.2 prior to 2.2 ...) NOT-FOR-US: Magento CVE-2019-8135 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8134 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) NOT-FOR-US: Magento CVE-2019-8133 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...) NOT-FOR-US: Magento CVE-2019-8132 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8131 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8130 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) NOT-FOR-US: Magento CVE-2019-8129 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8128 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8127 (A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, M ...) NOT-FOR-US: Magento CVE-2019-8126 (An XML entity injection vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8125 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...) NOT-FOR-US: Magento CVE-2019-8124 (An insufficient logging and monitoring vulnerability exists in Magento ...) NOT-FOR-US: Magento CVE-2019-8123 (An insufficient logging and monitoring vulnerability exists in Magento ...) NOT-FOR-US: Magento CVE-2019-8122 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8121 (An insecure component vulnerability exists in Magento 2.1 prior to 2.1 ...) NOT-FOR-US: Magento CVE-2019-8120 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8119 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8118 (Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 ...) NOT-FOR-US: Magento CVE-2019-8117 (A stored cross-site scripting (XSS) vulnerability exists in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-8116 (Insecure authentication and session management vulnerability exists in ...) NOT-FOR-US: Magento CVE-2019-8115 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...) NOT-FOR-US: Magento CVE-2019-8114 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...) NOT-FOR-US: Magento CVE-2019-8113 (Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 us ...) NOT-FOR-US: Magento CVE-2019-8112 (A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, ...) NOT-FOR-US: Magento CVE-2019-8111 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8110 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8109 (A remote code execution vulnerability exists in Magento 2.2 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-8108 (Insecure authentication and session management vulnerability exists in ...) NOT-FOR-US: Magento CVE-2019-8107 (An arbitrary file deletion vulnerability exists in Magento 2.2 prior t ...) NOT-FOR-US: Magento CVE-2019-8106 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8105 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8104 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8103 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8102 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8101 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8100 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8099 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8098 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8097 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8096 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8095 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8094 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8093 (An arbitrary file access vulnerability exists in Magento 2.2 prior to ...) NOT-FOR-US: Magento CVE-2019-8092 (A reflected cross-site scripting (XSS) vulnerability exists in Magento ...) NOT-FOR-US: Magento CVE-2019-8091 (A remote code execution vulnerability exists in Magento 1 prior to 1.9 ...) NOT-FOR-US: Magento CVE-2019-8090 (An arbitrary file deletion vulnerability exists in Magento 2.1 prior t ...) NOT-FOR-US: Magento CVE-2019-8089 (Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross ...) NOT-FOR-US: Adobe CVE-2019-8088 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command ...) NOT-FOR-US: Adobe CVE-2019-8087 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...) NOT-FOR-US: Adobe CVE-2019-8086 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a xml ext ...) NOT-FOR-US: Adobe CVE-2019-8085 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...) NOT-FOR-US: Adobe CVE-2019-8084 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflect ...) NOT-FOR-US: Adobe CVE-2019-8083 (Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site s ...) NOT-FOR-US: Adobe CVE-2019-8082 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a xml external ...) NOT-FOR-US: Adobe CVE-2019-8081 (Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have an authen ...) NOT-FOR-US: Adobe CVE-2019-8080 (Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site ...) NOT-FOR-US: Adobe CVE-2019-8079 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...) NOT-FOR-US: Adobe CVE-2019-8078 (Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cr ...) NOT-FOR-US: Adobe CVE-2019-8077 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8076 (Adobe application manager installer version 10.0 have an Insecure Libr ...) NOT-FOR-US: Adobe CVE-2019-8075 (Adobe Flash Player version 32.0.0.192 and earlier versions have a Same ...) NOT-FOR-US: Adobe CVE-2019-8074 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 a ...) NOT-FOR-US: Adobe CVE-2019-8073 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 a ...) NOT-FOR-US: Adobe CVE-2019-8072 (ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 a ...) NOT-FOR-US: Adobe CVE-2019-8071 (Adobe Download Manager versions 2.0.0.363 have an insecure file permis ...) NOT-FOR-US: Adobe CVE-2019-8070 (Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and ear ...) NOT-FOR-US: Adobe CVE-2019-8069 (Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and ear ...) NOT-FOR-US: Adobe CVE-2019-8068 RESERVED CVE-2019-8067 RESERVED CVE-2019-8066 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8065 RESERVED CVE-2019-8064 (Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-8063 (Creative Cloud Desktop Application 4.6.1 and earlier versions have an ...) NOT-FOR-US: Creative Cloud Desktop Application CVE-2019-8062 (Adobe After Effects versions 16 and earlier have an insecure library l ...) NOT-FOR-US: Adobe CVE-2019-8061 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8060 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8059 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8058 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8057 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8056 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8055 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8054 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8053 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8052 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8051 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8050 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8049 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8048 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8047 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8046 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8045 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8044 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8043 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8042 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8041 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8040 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8039 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8038 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8037 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8036 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8035 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8034 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8033 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8032 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8031 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8030 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8029 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8028 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8027 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8026 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8025 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8024 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8023 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8022 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8021 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8020 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8019 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8018 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8017 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8016 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8015 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8014 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8013 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8012 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8011 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8010 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8009 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8008 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8007 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8006 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8005 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8004 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8003 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8002 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-8001 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-8000 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7999 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7998 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7997 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7996 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7995 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7994 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7993 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7992 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7991 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7990 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7989 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7988 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7987 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7986 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7985 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7984 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7983 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7982 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7981 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7980 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7979 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7978 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7977 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7976 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7975 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7974 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7973 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7972 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7971 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7970 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7969 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7968 (Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier ...) NOT-FOR-US: Adobe CVE-2019-7967 RESERVED CVE-2019-7966 RESERVED CVE-2019-7965 (Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012 ...) NOT-FOR-US: Adobe CVE-2019-7964 (Adobe Experience Manager versions 6.5, and 6.4 have an authentication ...) NOT-FOR-US: Adobe Experience Manager CVE-2019-7963 (Adobe Bridge CC version 9.0.2 and earlier versions have an out of boun ...) NOT-FOR-US: Adobe Bridge CC CVE-2019-7962 (Adobe Illustrator CC versions 23.1 and earlier have an insecure librar ...) NOT-FOR-US: Adobe CVE-2019-7961 (Adobe Prelude CC versions 8.1 and earlier have an insecure library loa ...) NOT-FOR-US: Adobe CVE-2019-7960 (Adobe Animate CC versions 19.2.1 and earlier have an insecure library ...) NOT-FOR-US: Adobe CVE-2019-7959 (Creative Cloud Desktop Application versions 4.6.1 and earlier have a u ...) NOT-FOR-US: Creative Cloud Desktop Application CVE-2019-7958 (Creative Cloud Desktop Application versions 4.6.1 and earlier have an ...) NOT-FOR-US: Creative Cloud Desktop Application CVE-2019-7957 (Creative Cloud Desktop Application versions 4.6.1 and earlier have a s ...) NOT-FOR-US: Creative Cloud Desktop Application CVE-2019-7956 (Adobe Dreamweaver direct download installer versions 19.0 and below, 1 ...) NOT-FOR-US: Adobe CVE-2019-7955 (Adobe Experience Manager version 6.4 and ealier have a Reflected Cross ...) NOT-FOR-US: Adobe CVE-2019-7954 (Adobe Experience Manager version 6.4 and ealier have a Stored Cross-si ...) NOT-FOR-US: Adobe CVE-2019-7953 (Adobe Experience Manager version 6.4 and ealier have a Cross-Site Requ ...) NOT-FOR-US: Adobe CVE-2019-7952 RESERVED CVE-2019-7951 (An information leakage vulnerability exists in Magento 2.1 prior to 2. ...) NOT-FOR-US: Magento CVE-2019-7950 (An access control bypass vulnerability exists in Magento 2.1 prior to ...) NOT-FOR-US: Magento CVE-2019-7949 RESERVED CVE-2019-7948 RESERVED CVE-2019-7947 (A cross-site request forgery vulnerability exists in the GiftCardAccou ...) NOT-FOR-US: Magento CVE-2019-7946 RESERVED CVE-2019-7945 (A stored cross-cite scripting vulnerability exists in Magento Open Sou ...) NOT-FOR-US: Magento CVE-2019-7944 (A stored cross-site scripting vulnerability exists in the product comm ...) NOT-FOR-US: Magento CVE-2019-7943 RESERVED CVE-2019-7942 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-7941 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2019-7940 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7939 (A reflected cross-site scripting vulnerability exists on the customer ...) NOT-FOR-US: Magento CVE-2019-7938 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7937 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7936 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7935 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7934 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7933 RESERVED CVE-2019-7932 (A remote code execution vulnerability exists in Magento Open Source pr ...) NOT-FOR-US: Magento CVE-2019-7931 (Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure lib ...) NOT-FOR-US: Adobe CVE-2019-7930 (A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18 ...) NOT-FOR-US: Magento CVE-2019-7929 (An information leakage vulnerability exists in Magento 2.1 prior to 2. ...) NOT-FOR-US: Magento CVE-2019-7928 (A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to ...) NOT-FOR-US: Magento CVE-2019-7927 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7926 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7925 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...) NOT-FOR-US: Magento CVE-2019-7924 RESERVED CVE-2019-7923 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...) NOT-FOR-US: Magento CVE-2019-7922 RESERVED CVE-2019-7921 (A stored cross-site scripting vulnerability exists in the product cata ...) NOT-FOR-US: Magento CVE-2019-7920 RESERVED CVE-2019-7919 RESERVED CVE-2019-7918 RESERVED CVE-2019-7917 RESERVED CVE-2019-7916 RESERVED CVE-2019-7915 (A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.1 ...) NOT-FOR-US: Magento CVE-2019-7914 RESERVED CVE-2019-7913 (A server-side request forgery (SSRF) vulnerability exists in Magento 2 ...) NOT-FOR-US: Magento CVE-2019-7912 (A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Mag ...) NOT-FOR-US: Magento CVE-2019-7911 (A server-side request forgery (SSRF) vulnerability exists in Magento O ...) NOT-FOR-US: Magento CVE-2019-7910 RESERVED CVE-2019-7909 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7908 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7907 RESERVED CVE-2019-7906 RESERVED CVE-2019-7905 RESERVED CVE-2019-7904 (Insufficient enforcement of user access controls in Magento 2.1 prior ...) NOT-FOR-US: Magento CVE-2019-7903 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-7902 RESERVED CVE-2019-7901 RESERVED CVE-2019-7900 RESERVED CVE-2019-7899 (Names of disabled downloadable products could be disclosed due to inad ...) NOT-FOR-US: Magento CVE-2019-7898 (Samples of disabled downloadable products are accessible in Magento Op ...) NOT-FOR-US: Magento CVE-2019-7897 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7896 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-7895 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-7894 RESERVED CVE-2019-7893 RESERVED CVE-2019-7892 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-7891 RESERVED CVE-2019-7890 (An Insecure Direct Object Reference (IDOR) vulnerability exists in the ...) NOT-FOR-US: Magento CVE-2019-7889 (An injection vulnerability exists in Magento Open Source prior to 1.9. ...) NOT-FOR-US: Magento CVE-2019-7888 (An information disclosure vulnerability exists in Magento 2.1 prior to ...) NOT-FOR-US: Magento CVE-2019-7887 (A reflected cross-site scripting vulnerability exists in the admin pan ...) NOT-FOR-US: Magento CVE-2019-7886 (A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 ...) NOT-FOR-US: Magento CVE-2019-7885 (Insufficient input validation in the config builder of the Elastic sea ...) NOT-FOR-US: Magento CVE-2019-7884 RESERVED CVE-2019-7883 RESERVED CVE-2019-7882 (A stored cross-site scripting vulnerability exists in the WYSIWYG edit ...) NOT-FOR-US: Magento CVE-2019-7881 (A cross-site scripting mitigation bypass exists in Magento 2.1 prior t ...) NOT-FOR-US: Magento CVE-2019-7880 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7879 RESERVED CVE-2019-7878 RESERVED CVE-2019-7877 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7876 (A remote code execution vulnerability exists in Magento 2.1 prior to 2 ...) NOT-FOR-US: Magento CVE-2019-7875 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7874 (A cross-site request forgery vulnerability exists in Magento 2.1 prior ...) NOT-FOR-US: Magento CVE-2019-7873 (A cross-site request forgery vulnerability exists in Magento 2.1 prior ...) NOT-FOR-US: Magento CVE-2019-7872 (An insecure direct object reference (IDOR) vulnerability exists in Mag ...) NOT-FOR-US: Magento CVE-2019-7871 (A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 p ...) NOT-FOR-US: Magento CVE-2019-7870 (Adobe Character Animator versions 2.1 and earlier have an insecure lib ...) NOT-FOR-US: Adobe CVE-2019-7869 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7868 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7867 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7866 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7865 (A cross-site request forgery (CSRF) vulnerability exists in the checko ...) NOT-FOR-US: Magento CVE-2019-7864 (An insecure direct object reference (IDOR) vulnerability exists in the ...) NOT-FOR-US: Magento CVE-2019-7863 (A stored cross-site scripting vulnerability exists in the admin panel ...) NOT-FOR-US: Magento CVE-2019-7862 (A reflected cross-site scripting vulnerability exists in the Product w ...) NOT-FOR-US: Magento CVE-2019-7861 (Insufficient server-side validation of user input could allow an attac ...) NOT-FOR-US: Magento CVE-2019-7860 (A cryptographically weak pseudo-rando number generator is used in mult ...) NOT-FOR-US: Magento CVE-2019-7859 (A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 p ...) NOT-FOR-US: Magento CVE-2019-7858 (A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior ...) NOT-FOR-US: Magento CVE-2019-7857 (A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1 ...) NOT-FOR-US: Magento CVE-2019-7856 RESERVED CVE-2019-7855 (A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior ...) NOT-FOR-US: Magento CVE-2019-7854 (An insecure direct object reference (IDOR) vulnerability in Magento 2. ...) NOT-FOR-US: Magento CVE-2019-7853 (A stored cross-site scripting vulnerability exists in Magento 2.1 prio ...) NOT-FOR-US: Magento CVE-2019-7852 (A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, ...) NOT-FOR-US: Magento CVE-2019-7851 (A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1 ...) NOT-FOR-US: Magento CVE-2019-7850 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2019-7849 (A defense-in-depth check was added to mitigate inadequate session vali ...) NOT-FOR-US: Magento CVE-2019-7848 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2019-7847 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2019-7846 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2019-7845 (Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and ear ...) NOT-FOR-US: Adobe CVE-2019-7844 (Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerabi ...) NOT-FOR-US: Adobe CVE-2019-7843 (Adobe Campaign Classic version 18.10.5-8984 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2019-7842 (Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability. ...) NOT-FOR-US: Adobe CVE-2019-7841 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7840 (ColdFusion versions Update 3 and earlier, Update 10 and earlier, and U ...) NOT-FOR-US: Adobe ColdFusion CVE-2019-7839 (ColdFusion versions Update 3 and earlier, Update 10 and earlier, and U ...) NOT-FOR-US: Adobe ColdFusion CVE-2019-7838 (ColdFusion versions Update 3 and earlier, Update 10 and earlier, and U ...) NOT-FOR-US: Adobe ColdFusion CVE-2019-7837 (Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and ear ...) NOT-FOR-US: Adobe CVE-2019-7836 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7835 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7834 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7833 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7832 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...) NOT-FOR-US: Adobe CVE-2019-7831 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7830 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7829 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7828 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7827 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7826 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7825 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7824 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7823 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7822 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7821 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7820 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7819 RESERVED CVE-2019-7818 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7817 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7816 (ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Up ...) NOT-FOR-US: Adobe CVE-2019-7815 (Adobe Acrobat and Reader versions 2019.010.20091 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7814 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7813 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7812 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7811 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7810 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7809 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7808 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7807 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7806 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7805 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7804 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7803 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7802 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7801 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7800 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7799 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7798 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7797 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7796 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7795 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7794 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7793 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7792 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7791 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7790 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7789 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7788 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7787 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7786 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7785 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7784 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7783 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7782 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7781 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7780 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7779 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7778 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7777 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7776 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7775 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7774 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7773 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7772 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7771 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7770 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7769 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7768 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7767 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7766 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7765 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7764 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7763 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7762 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7761 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7760 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7759 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7758 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7757 RESERVED CVE-2019-7756 RESERVED CVE-2019-7755 (In webERP 4.15, the Import Bank Transactions function fails to sanitiz ...) NOT-FOR-US: webERP CVE-2019-7754 RESERVED CVE-2019-7753 (Verydows 2.0 has XSS via the index.php?m=api&c=stats&a=count r ...) NOT-FOR-US: Verydows CVE-2019-7752 RESERVED CVE-2019-7751 (A directory traversal and local file inclusion vulnerability in FPProd ...) NOT-FOR-US: Ricoh CVE-2019-7750 RESERVED CVE-2019-7749 RESERVED CVE-2019-7748 (_includes\online.php in DbNinja 3.2.7 allows XSS via the data.php task ...) NOT-FOR-US: DbNinja CVE-2019-7747 (DbNinja 3.2.7 allows session fixation via the data.php sessid paramete ...) NOT-FOR-US: DbNinja CVE-2019-7746 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to ...) NOT-FOR-US: JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices CVE-2019-7745 (JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to ...) NOT-FOR-US: JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices CVE-2019-7744 (An issue was discovered in Joomla! before 3.9.3. Inadequate filtering ...) NOT-FOR-US: Joomla! CVE-2019-7743 (An issue was discovered in Joomla! before 3.9.3. The phar:// stream wr ...) NOT-FOR-US: Joomla! CVE-2019-7742 (An issue was discovered in Joomla! before 3.9.3. A combination of spec ...) NOT-FOR-US: Joomla! CVE-2019-7741 (An issue was discovered in Joomla! before 3.9.3. Inadequate checks at ...) NOT-FOR-US: Joomla! CVE-2019-7740 (An issue was discovered in Joomla! before 3.9.3. Inadequate parameter ...) NOT-FOR-US: Joomla! CVE-2019-7739 (An issue was discovered in Joomla! before 3.9.3. The "No Filtering" te ...) NOT-FOR-US: Joomla! CVE-2019-7738 (C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= ...) NOT-FOR-US: C.P.Sub CVE-2019-7737 (A CSRF vulnerability was found in Verydows v2.0 that can add an admin ...) NOT-FOR-US: Verydows CVE-2019-7736 (D-Link DIR-600M C1 3.04 devices allow authentication bypass via a dire ...) NOT-FOR-US: D-Link CVE-2019-7735 RESERVED CVE-2019-7734 RESERVED CVE-2019-7733 (In Live555 0.95, there is a buffer overflow via a large integer in a C ...) [experimental] - liblivemedia 2019.05.12-1 - liblivemedia 2019.10.11-2 (low; bug #929948) [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) [jessie] - liblivemedia (Minor issue) NOTE: https://github.com/rgaufman/live555/issues/21 NOTE: fixed in 2019.05.12: http://www.live555.com/liveMedia/public/changelog.txt CVE-2019-7732 (In Live555 0.95, a setup packet can cause a memory leak leading to DoS ...) - liblivemedia (unimportant) [stretch] - liblivemedia (Minor issue) [jessie] - liblivemedia (Minor issue, unlikely to be exploited in practice) NOTE: https://github.com/rgaufman/live555/issues/20 NOTE: upstream considers this issue invalid: http://lists.live555.com/pipermail/live-devel/2019-May/021218.html CVE-2019-7731 (MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an ...) NOT-FOR-US: MyWebSQL CVE-2019-7730 (MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for ...) NOT-FOR-US: MyWebSQL CVE-2019-7729 (An issue was discovered in the Bosch Smart Camera App before 1.3.1 for ...) NOT-FOR-US: Bosch Smart Camera App CVE-2019-7728 (An issue was discovered in the Bosch Smart Camera App before 1.3.1 for ...) NOT-FOR-US: Bosch Smart Camera App CVE-2019-7727 (In NICE Engage through 6.5, the default configuration binds an unauthe ...) NOT-FOR-US: NICE Engage CVE-2019-7726 (modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL IN ...) NOT-FOR-US: NukeViet CVE-2019-7725 (includes/core/is_user.php in NukeViet before 4.3.04 deserializes the u ...) NOT-FOR-US: NukeViet CVE-2019-7724 RESERVED CVE-2019-7723 RESERVED CVE-2019-7722 (PMD 5.8.1 and earlier processes XML external entities in ruleset files ...) NOT-FOR-US: PMD CVE-2019-XXXX [fuse mount exposes backup to unauthorized users] - borgbackup 1.1.9-1 (bug #922080) [stretch] - borgbackup (Minor issue) NOTE: https://github.com/borgbackup/borg/issues/3903 CVE-2019-7721 (lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the ...) NOT-FOR-US: nc-cms CVE-2019-7720 (taocms through 2014-05-24 allows eval injection by placing PHP code in ...) NOT-FOR-US: taocms CVE-2019-7719 (Nibbleblog 4.0.5 allows eval injection by placing PHP code in the inst ...) NOT-FOR-US: Nibbleblog CVE-2019-7718 (An issue was discovered in Metinfo 6.x. An attacker can leverage a rac ...) NOT-FOR-US: Metinfo CVE-2019-7717 RESERVED CVE-2019-7716 RESERVED CVE-2019-7715 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...) NOT-FOR-US: Interpeak CVE-2019-7714 (An issue was discovered in Interpeak IPWEBS on Green Hills INTEGRITY R ...) NOT-FOR-US: Interpeak CVE-2019-7713 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...) NOT-FOR-US: Interpeak CVE-2019-7712 (An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IP ...) NOT-FOR-US: Interpeak CVE-2019-7711 (An issue was discovered in the Interpeak IPCOMShell TELNET server on G ...) NOT-FOR-US: Interpeak CVE-2019-7710 RESERVED CVE-2019-7709 RESERVED CVE-2019-7708 RESERVED CVE-2019-7707 RESERVED CVE-2019-7706 RESERVED CVE-2019-7705 RESERVED CVE-2019-7704 (wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binarye ...) - binaryen 64-1 NOTE: https://github.com/WebAssembly/binaryen/issues/1866 CVE-2019-7703 (In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBi ...) - binaryen 64-1 NOTE: https://github.com/WebAssembly/binaryen/issues/1865 CVE-2019-7702 (A NULL pointer dereference was discovered in wasm::SExpressionWasmBuil ...) - binaryen 64-1 NOTE: https://github.com/WebAssembly/binaryen/issues/1867 CVE-2019-7701 (A heap-based buffer over-read was discovered in wasm::SExpressionParse ...) - binaryen 64-1 NOTE: https://github.com/WebAssembly/binaryen/issues/1863 CVE-2019-7700 (A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilde ...) - binaryen 64-1 NOTE: https://github.com/WebAssembly/binaryen/issues/1864 CVE-2019-7699 (A heap-based buffer over-read occurs in AP4_BitStream::WriteBytes in C ...) NOT-FOR-US: Bento4 CVE-2019-7698 (An issue was discovered in AP4_Array<AP4_CttsTableEntry>::Ensure ...) NOT-FOR-US: Bento4 CVE-2019-7697 (An issue was discovered in Bento4 v1.5.1-627. There is an assertion fa ...) NOT-FOR-US: Bento4 CVE-2019-7696 RESERVED CVE-2019-7695 RESERVED CVE-2019-7694 RESERVED CVE-2019-7693 (Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.as ...) NOT-FOR-US: Axios Italia Axios RE devices CVE-2019-7692 (install/install.php in CIM 0.9.3 allows remote attackers to execute ar ...) NOT-FOR-US: CIM CVE-2019-7691 RESERVED CVE-2019-7690 (In MobaTek MobaXterm Personal Edition v11.1 Build 3860, the SSH privat ...) NOT-FOR-US: MobaTek MobaXterm CVE-2019-7689 RESERVED CVE-2019-7688 RESERVED CVE-2019-7687 (cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices ...) NOT-FOR-US: JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices CVE-2019-7686 RESERVED CVE-2019-7685 RESERVED CVE-2019-7684 (inxedu through 2018-12-24 has a vulnerability that can lead to the upl ...) NOT-FOR-US: inxedu CVE-2019-7683 RESERVED CVE-2019-7682 RESERVED CVE-2019-7681 RESERVED CVE-2019-7680 RESERVED CVE-2019-7679 RESERVED CVE-2019-7678 (A directory traversal vulnerability was discovered in Enphase Envoy R3 ...) NOT-FOR-US: Enphase Envoy CVE-2019-7677 (XSS exists in Enphase Envoy R3.*.* via the profileName parameter to th ...) NOT-FOR-US: Enphase Envoy CVE-2019-7676 (A weak password vulnerability was discovered in Enphase Envoy R3.*.*. ...) NOT-FOR-US: Enphase Envoy CVE-2019-7675 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The defau ...) NOT-FOR-US: MOBOTIX CVE-2019-7674 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/ac ...) NOT-FOR-US: MOBOTIX CVE-2019-7673 (An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. Administr ...) NOT-FOR-US: MOBOTIX CVE-2019-7672 (Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7671 (Prima Systems FlexAir, Versions 2.3.38 and prior. Parameters sent to s ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7670 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application inco ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7669 (Prima Systems FlexAir, Versions 2.3.38 and prior. Improper validation ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7668 (Prima Systems FlexAir devices have Default Credentials. ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7667 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application gene ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7666 (Prima Systems FlexAir, Versions 2.3.38 and prior. The application allo ...) NOT-FOR-US: Prima Systems FlexAir devices CVE-2019-7665 (In elfutils 0.175, a heap-based buffer over-read was discovered in the ...) {DLA-2802-1 DLA-1689-1} - elfutils 0.176-1 (low; bug #921880) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24089 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=de01cc6f9446187d69b9748bb3636361c79e77a4 CVE-2019-7664 (In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_not ...) - elfutils 0.176-1 (low; bug #921881) [stretch] - elfutils (Vulnerable code introduced later) [jessie] - elfutils (Vulnerable code introduced later) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24084 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e65d91d21cb09d83b001fef9435e576ba447db32 CVE-2019-7663 (An Invalid Address dereference was discovered in TIFFWriteDirectoryTag ...) {DSA-4670-1 DLA-1680-1} - tiff 4.0.10-4 - tiff3 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2833 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39 NOTE: Same patch as CVE-2018-17000 but different issue. As well different NOTE: issue than CVE-2018-12900. CVE-2019-7662 (An assertion failure was discovered in wasm::WasmBinaryBuilder::getTyp ...) - binaryen 66-1 NOTE: https://github.com/WebAssembly/binaryen/issues/1872 CVE-2019-7661 (An issue was discovered in PHPMyWind 5.5. The method parameter of the ...) NOT-FOR-US: PHPMyWind CVE-2019-7660 (An issue was discovered in PHPMyWind 5.5. The username parameter of th ...) NOT-FOR-US: PHPMyWind CVE-2019-7659 (Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause ...) {DLA-1681-1} - gsoap 2.8.75-1 [stretch] - gsoap 2.8.35-4+deb9u2 - r-other-x4r 1.0.1+git20150806.c6bd9bd-2 NOTE: https://www.genivia.com/advisory.html#Bug_in_gSOAP_versions_2.7.0_to_2.8.74_for_applications_built_with_the_WITH_COOKIES_flag_enabled_ NOTE: https://lists.debian.org/debian-lts/2019/02/msg00131.html CVE-2019-7658 RESERVED CVE-2019-7657 RESERVED CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 a ...) NOT-FOR-US: Wowza Streaming Engine CVE-2019-7655 (Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated X ...) NOT-FOR-US: Wowza Streaming Engine CVE-2019-7654 (Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vu ...) NOT-FOR-US: Wowza Streaming Engine CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...) NOT-FOR-US: TheHive Project UnshortenLink analyzer CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an at ...) NOT-FOR-US: Emsisoft Anti-Malware CVE-2019-7650 RESERVED CVE-2019-7653 (The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CL ...) {DLA-1717-1} - rdflib 4.2.2-2 (low; bug #921751) [stretch] - rdflib (Minor issue) NOTE: Debian specific issue as respective scripts are overwritten in Debian NOTE: packaging as wrappers invoking python -m. CVE-2019-7649 (global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies ...) NOT-FOR-US: CMSWing CVE-2019-7648 (controller/fetchpwd.php and controller/doAction.php in Hotels_Server t ...) NOT-FOR-US: Hotels_Server CVE-2019-7647 RESERVED CVE-2019-7646 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vu ...) NOT-FOR-US: CentOS Web Panel CVE-2019-7645 RESERVED CVE-2019-7644 (Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signat ...) NOT-FOR-US: Auth0 Auth0-WCF-Service-JWT CVE-2019-7643 RESERVED CVE-2019-7642 (D-Link routers with the mydlink feature have some web interfaces witho ...) NOT-FOR-US: D-Link CVE-2019-7641 RESERVED CVE-2019-7640 RESERVED CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If P ...) NOT-FOR-US: gsi-openssh-server (OpenSSH patched with openssh-7.9p1-gsissh.patch) CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4500 NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2803-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.6+dfsg1-4 (bug #924610) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497 NOTE: https://hg.libsdl.org/SDL/rev/9b0e5c555c0f (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/32075e9e2135 (SDL-1.2) NOTE: Patch causes regressions for some applications/games: NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1124825 NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 (SDL-2) NOTE: For SDL-2 the fix for CVE-2017-2888 fixes as well CVE-2019-7637. CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4499 NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf (SDL-2) CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2536-1 DLA-1865-1 DLA-1861-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4498 NOTE: https://hg.libsdl.org/SDL/rev/7c643f1c1887 (SDL-2) NOTE: two patches initially merged for SDL-1.2: NOTE: https://hg.libsdl.org/SDL/rev/08f3b4992538 (SDL-1.2) (correct) NOTE: https://hg.libsdl.org/SDL/rev/4646533663ae (SDL-1.2) (broken) NOTE: the second one is incorrect as was reverted in NOTE: https://hg.libsdl.org/SDL/rev/33940ce0a0ba NOTE: https://hg.libsdl.org/SDL_image/rev/03bd33e8cb49 (SDL_image-2) NOTE: https://hg.libsdl.org/SDL_image/rev/a3a7cac00d5f (SDL_image-1.2) CVE-2019-7634 (SUAP V2 allows XSS during the update of user information. ...) NOT-FOR-US: SUAP CVE-2019-7633 RESERVED CVE-2019-7632 (LifeSize Team, Room, Passport, and Networker 220 devices allow Authent ...) NOT-FOR-US: LifeSize devices CVE-2019-7631 RESERVED CVE-2019-7630 (An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0 ...) NOT-FOR-US: Gigabyte APP Center CVE-2019-7629 (Stack-based buffer overflow in the strip_vt102_codes function in TinTi ...) - tintin++ 2.01.5-2 (low; bug #924348) [stretch] - tintin++ (Minor issue) [jessie] - tintin++ (Minor issue) CVE-2019-7628 (Pagure 5.2 leaks API keys by e-mailing them to users. Few e-mail serve ...) - pagure (Fixed before initial upload to the archive) CVE-2019-7627 RESERVED CVE-2019-7626 RESERVED CVE-2019-7625 RESERVED CVE-2019-7624 RESERVED CVE-2019-7623 RESERVED CVE-2019-7622 RESERVED CVE-2019-7621 (Kibana versions before 6.8.6 and 7.5.1 contain a cross site scripting ...) - kibana (bug #700337) CVE-2019-7620 (Logstash versions before 7.4.1 and 6.8.4 contain a denial of service f ...) NOT-FOR-US: Logstash Beats CVE-2019-7619 (Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username ...) - elasticsearch CVE-2019-7618 (A local file disclosure flaw was found in Elastic Code versions 7.3.0, ...) NOT-FOR-US: Elastic Code CVE-2019-7617 (When the Elastic APM agent for Python versions before 5.1.0 is run as ...) NOT-FOR-US: Elastic APM agent for Python CVE-2019-7616 (Kibana versions before 6.8.2 and 7.2.1 contain a server side request f ...) - kibana (bug #700337) CVE-2019-7615 (A TLS certificate validation flaw was found in Elastic APM agent for R ...) NOT-FOR-US: Elastic CVE-2019-7614 (A race condition flaw was found in the response headers Elasticsearch ...) - elasticsearch CVE-2019-7613 (Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient loggin ...) NOT-FOR-US: Winlogbeat CVE-2019-7612 (A sensitive data disclosure flaw was found in the way Logstash version ...) - logstash (bug #664841) CVE-2019-7611 (A permission issue was found in Elasticsearch versions before 5.6.15 a ...) - elasticsearch CVE-2019-7610 (Kibana versions before 6.6.1 contain an arbitrary code execution flaw ...) - kibana (bug #700337) CVE-2019-7609 (Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code exec ...) - kibana (bug #700337) CVE-2019-7608 (Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XS ...) - kibana (bug #700337) CVE-2019-7607 RESERVED CVE-2019-7606 RESERVED CVE-2019-7605 RESERVED CVE-2019-7604 RESERVED CVE-2019-7603 RESERVED CVE-2019-7602 RESERVED CVE-2019-7601 RESERVED CVE-2019-7600 RESERVED CVE-2019-7599 RESERVED CVE-2019-7598 RESERVED CVE-2019-7597 RESERVED CVE-2019-7596 RESERVED CVE-2019-7595 RESERVED CVE-2019-7594 (Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...) NOT-FOR-US: Metasys ADS/ADX CVE-2019-7593 (Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 mak ...) NOT-FOR-US: Metasys ADS/ADX CVE-2019-7592 RESERVED CVE-2019-7591 RESERVED CVE-2019-7590 (ExacqVision Server’s services 'exacqVisionServer', 'dvrdhcpserve ...) NOT-FOR-US: ExacqVision CVE-2019-7589 (A vulnerability with the SmartService API Service option exists whereb ...) NOT-FOR-US: SmartService API Service CVE-2019-7588 (A vulnerability in the exacqVision Enterprise System Manager (ESM) v5. ...) NOT-FOR-US: exacqVision Enterprise System Manager CVE-2019-7587 (Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/co ...) NOT-FOR-US: Bo-blog Wind CVE-2019-7586 RESERVED CVE-2019-7585 (An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/P ...) NOT-FOR-US: Waimai Super Cms CVE-2019-7584 RESERVED CVE-2019-7583 RESERVED CVE-2019-7582 (The readBytes function in util/read.c in libming through 0.4.8 allows ...) - ming NOTE: https://github.com/libming/libming/issues/172 CVE-2019-7581 (The parseSWF_ACTIONRECORD function in util/parser.c in libming through ...) - ming NOTE: https://github.com/libming/libming/issues/173 CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP c ...) NOT-FOR-US: ThinkCMF CVE-2019-7579 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ...) NOT-FOR-US: Linksys CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494 NOTE: https://hg.libsdl.org/SDL/rev/388987dff7bf (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/f9a9d6c76b21 (SDL-2) CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4492 NOTE: https://hg.libsdl.org/SDL/rev/faf9abbcfb5f (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/416136310b88 (SDL-1.2) NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2) CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) [stretch] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4490 NOTE: Proposed patch: https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is applicable to this CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-2536-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493 NOTE: https://hg.libsdl.org/SDL/rev/a936f9bd3e38 (SDL-1.2) NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2) CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) [stretch] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4496 NOTE: https://hg.libsdl.org/SDL/rev/a6e3d2f5183e (SDL-1.2) NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2) CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) [stretch] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4491 NOTE: same patch as CVE-2019-7576 NOTE: https://hg.libsdl.org/SDL/rev/fcbecae42795 (SDL-1.2) NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2) CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 ha ...) {DLA-2804-1 DLA-1714-1 DLA-1713-1} - libsdl1.2 1.2.15+dfsg2-5 (bug #924609) [buster] - libsdl1.2 (Minor issue) - libsdl2 2.0.10+dfsg1-1 (bug #924610) [buster] - libsdl2 (Minor issue) [stretch] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4495 NOTE: https://hg.libsdl.org/SDL/rev/e52413f52586 (SDL-1.2) NOTE: https://hg.libsdl.org/SDL/rev/a8afedbcaea0 (SDL-1.2) NOTE: SDL2 was probably fixed during a refactoring, no targeted fix available: NOTE: https://hg.libsdl.org/SDL/rev/b06fa7da012b (SDL-2) CVE-2019-7571 RESERVED CVE-2019-7570 (A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete user ...) NOT-FOR-US: PbootCMS CVE-2019-7569 (An issue was discovered in DOYO (aka doyocms) 2.3(20140425 update). Th ...) NOT-FOR-US: doyocms CVE-2019-7568 (An issue was discovered in baijiacms V4 that can result in time-based ...) NOT-FOR-US: baijiacms CVE-2019-7567 (An issue was discovered in Waimai Super Cms 20150505. admin.php?m=Memb ...) NOT-FOR-US: Waimai Super Cms CVE-2019-7566 (CSZ CMS 1.1.8 has CSRF via admin/users/new/add. ...) NOT-FOR-US: CSZ CMS CVE-2019-7565 RESERVED CVE-2019-7564 (An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 ...) NOT-FOR-US: Shenzhen Coship WM3300 WiFi Router devices CVE-2019-7563 RESERVED CVE-2019-7562 RESERVED CVE-2019-7561 RESERVED CVE-2019-7560 (In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted i ...) - boolector (Vulnerable code introduced later) NOTE: https://github.com/Boolector/boolector/issues/28 NOTE: https://github.com/Boolector/boolector/issues/29 NOTE: https://github.com/Boolector/boolector/commit/8d979d02e0482c7137c9f3a34e6d430dbfd1f5c5 CVE-2019-7559 (In btor2parser/btor2parser.c in Boolector Btor2Tools before 2019-01-15 ...) NOT-FOR-US: Boolector Btor2Tools CVE-2019-7558 RESERVED CVE-2019-7557 RESERVED CVE-2019-7556 RESERVED CVE-2019-7555 RESERVED CVE-2019-7554 (An issue was discovered in PHP Scripts Mall API Based Travel Booking 3 ...) NOT-FOR-US: PHP Scripts Mall API Based Travel Booking CVE-2019-7553 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stor ...) NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website CVE-2019-7552 (An issue was discovered in PHP Scripts Mall Investment MLM Software 2. ...) NOT-FOR-US: PHP Scripts Mall Investment MLM Software CVE-2019-7551 (Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4 ...) NOT-FOR-US: Cantemo Portal CVE-2019-7550 (In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whe ...) NOT-FOR-US: JForum CVE-2019-7549 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-7548 (SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be ...) {DLA-2811-1 DLA-1718-1} [experimental] - sqlalchemy 1.3.0~b3+ds1-1 - sqlalchemy 1.2.18+ds1-2 (bug #922669) NOTE: https://github.com/sqlalchemy/sqlalchemy/issues/4481 NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414 CVE-2019-7547 (An issue was discovered in SIDU 6.0. Because the database name is not ...) NOT-FOR-US: SIDU CVE-2019-7546 (An issue was discovered in SIDU 6.0. The dbs parameter of the conn.php ...) NOT-FOR-US: SIDU CVE-2019-7545 (In DbNinja 3.2.7, the Add Host function of the Manage Hosts pages has ...) NOT-FOR-US: DbNinja CVE-2019-7544 (An issue was discovered in MyWebSQL 3.7. The Add User function of the ...) NOT-FOR-US: MyWebSQL CVE-2019-7543 (In KindEditor 4.1.11, the php/demo.php content1 parameter has a reflec ...) NOT-FOR-US: KindEditor CVE-2019-7542 RESERVED CVE-2019-7541 (Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=use ...) NOT-FOR-US: Rukovoditel CVE-2019-7540 RESERVED CVE-2019-7539 (A code injection issue was discovered in ipycache through 2016-05-31. ...) NOT-FOR-US: ipycache CVE-2019-7538 RESERVED CVE-2019-7537 (An issue was discovered in Donfig 0.3.0. There is a vulnerability in t ...) NOT-FOR-US: Donfig CVE-2019-7536 RESERVED CVE-2019-7535 (index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive ...) NOT-FOR-US: Gurock TestRail CVE-2019-7534 RESERVED CVE-2019-7533 RESERVED CVE-2019-7532 RESERVED CVE-2019-7531 RESERVED CVE-2019-7530 RESERVED CVE-2019-7529 RESERVED CVE-2019-7528 RESERVED CVE-2019-7527 RESERVED CVE-2019-7526 RESERVED CVE-2019-7525 RESERVED CVE-2019-7524 (In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker ...) {DSA-4418-1 DLA-1736-1} - dovecot 1:2.3.4.1-3 NOTE: https://github.com/dovecot/core/commit/37eeaef1587a3b99be97cb090094de19e374905c NOTE: https://github.com/dovecot/core/commit/a02c16889f1f3411e9a16b96221c2795d5fdb974 CVE-2019-7523 RESERVED CVE-2019-7522 RESERVED CVE-2019-7521 RESERVED CVE-2019-7520 RESERVED CVE-2019-7519 RESERVED CVE-2019-7518 RESERVED CVE-2019-7517 RESERVED CVE-2019-7516 RESERVED CVE-2019-7515 RESERVED CVE-2019-7514 RESERVED CVE-2019-7513 RESERVED CVE-2019-7512 RESERVED CVE-2019-7511 RESERVED CVE-2019-7510 RESERVED CVE-2019-7509 RESERVED CVE-2019-7508 RESERVED CVE-2019-7507 RESERVED CVE-2019-7506 RESERVED CVE-2019-7505 RESERVED CVE-2019-7504 RESERVED CVE-2019-7503 RESERVED CVE-2019-7502 RESERVED CVE-2019-7501 RESERVED CVE-2019-7500 RESERVED CVE-2019-7499 RESERVED CVE-2019-7498 RESERVED CVE-2019-7497 RESERVED CVE-2019-7496 RESERVED CVE-2019-7495 RESERVED CVE-2019-7494 RESERVED CVE-2019-7493 RESERVED CVE-2019-7492 RESERVED CVE-2019-7491 RESERVED CVE-2019-7490 RESERVED CVE-2019-7489 (A vulnerability in SonicWall Email Security appliance allow an unauthe ...) NOT-FOR-US: SonicWall Email Security appliance CVE-2019-7488 (Weak default password cause vulnerability in SonicWall Email Security ...) NOT-FOR-US: SonicWall Email Security appliance CVE-2019-7487 (Installation of the SonicOS SSLVPN NACagent 3.5 on the Windows operati ...) NOT-FOR-US: onicOS SSLVPN NACagent CVE-2019-7486 (Code injection in SonicWall SMA100 allows an authenticated user to exe ...) NOT-FOR-US: SonicWall SMA100 CVE-2019-7485 (Buffer overflow in SonicWall SMA100 allows an authenticated user to ex ...) NOT-FOR-US: SonicWall SMA100 CVE-2019-7484 (Authenticated SQL Injection in SonicWall SMA100 allow user to gain rea ...) NOT-FOR-US: SonicWall SMA100 CVE-2019-7483 (In SonicWall SMA100, an unauthenticated Directory Traversal vulnerabil ...) NOT-FOR-US: SonicWall SMA100 CVE-2019-7482 (Stack-based buffer overflow in SonicWall SMA100 allows an unauthentica ...) NOT-FOR-US: SonicWall SMA100 CVE-2019-7481 (Vulnerability in SonicWall SMA100 allow unauthenticated user to gain r ...) NOT-FOR-US: SonicWall SMA100 CVE-2019-7480 RESERVED CVE-2019-7479 (A vulnerability in SonicOS allow authenticated read-only admin can ele ...) NOT-FOR-US: SonicOS CVE-2019-7478 (A vulnerability in GMS allow unauthenticated user to SQL injection in ...) NOT-FOR-US: SonicWall CVE-2019-7477 (A vulnerability in SonicWall SonicOS and SonicOSv TLS CBC Cipher allow ...) NOT-FOR-US: SonicWall CVE-2019-7476 (A vulnerability in SonicWall Global Management System (GMS), allow a r ...) NOT-FOR-US: SonicWall Global Management System CVE-2019-7475 (A vulnerability in SonicWall SonicOS and SonicOSv with management enab ...) NOT-FOR-US: SonicWall CVE-2019-7474 (A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated ...) NOT-FOR-US: SonicWall CVE-2019-7473 RESERVED CVE-2019-7472 RESERVED CVE-2019-7471 RESERVED CVE-2019-7470 RESERVED CVE-2019-7469 RESERVED CVE-2019-7468 RESERVED CVE-2019-7467 RESERVED CVE-2019-7466 RESERVED CVE-2019-7465 RESERVED CVE-2019-7464 RESERVED CVE-2019-7463 RESERVED CVE-2019-7462 RESERVED CVE-2019-XXXX [netmask: buffer overflow vulnerability] - netmask 2.4.4-1 (unimportant; bug #921565) [jessie] - netmask 2.3.12+deb8u1 NOTE: https://github.com/tlby/netmask/issues/3 NOTE: https://github.com/tlby/netmask/commit/29a9c239bd1008363f5b34ffd6c2cef906f3660c NOTE: No security impact due to toolchain hardening in stretch, negligable impact in older suites CVE-2019-1003023 (A cross-site scripting vulnerability exists in Jenkins Warnings Next G ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003022 (A denial of service vulnerability exists in Jenkins Monitoring Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003021 (An exposure of sensitive information vulnerability exists in Jenkins O ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003020 (A server-side request forgery vulnerability exists in Jenkins Kanboard ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003019 (An session fixation vulnerability exists in Jenkins GitHub Authenticat ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003018 (An exposure of sensitive information vulnerability exists in Jenkins G ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003017 (A data modification vulnerability exists in Jenkins Job Import Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003016 (An exposure of sensitive information vulnerability exists in Jenkins J ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003015 (An XML external entity processing vulnerability exists in Jenkins Job ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003014 (An cross-site scripting vulnerability exists in Jenkins Config File Pr ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003013 (An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plu ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003012 (A data modification vulnerability exists in Jenkins Blue Ocean Plugins ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003011 (An information exposure and denial of service vulnerability exists in ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003010 (A cross-site request forgery vulnerability exists in Jenkins Git Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003009 (An improper certificate validation vulnerability exists in Jenkins Act ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003008 (A cross-site request forgery vulnerability exists in Jenkins Warnings ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003007 (A cross-site request forgery vulnerability exists in Jenkins Warnings ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003006 (A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003005 (A sandbox bypass vulnerability exists in Jenkins Script Security Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2019-7461 RESERVED CVE-2019-7460 RESERVED CVE-2019-7459 RESERVED CVE-2019-7458 RESERVED CVE-2019-7457 RESERVED CVE-2019-7456 RESERVED CVE-2019-7455 RESERVED CVE-2019-7454 RESERVED CVE-2019-7453 RESERVED CVE-2019-7452 RESERVED CVE-2019-7451 RESERVED CVE-2019-7450 RESERVED CVE-2019-7449 RESERVED CVE-2019-7448 RESERVED CVE-2019-7447 RESERVED CVE-2019-7446 RESERVED CVE-2019-7445 RESERVED CVE-2019-7444 RESERVED CVE-2019-7443 (KDE KAuth before 5.55 allows the passing of parameters with arbitrary ...) - kauth 5.54.0-2 (bug #921995) [stretch] - kauth 5.28.0-2+deb9u1 - kde4libs (bug #922727) [buster] - kde4libs (Minor issue) [stretch] - kde4libs (Minor issue) [jessie] - kde4libs (Minor issue) NOTE: https://mail.kde.org/pipermail/kde-announce/2019-February/000011.html NOTE: https://github.com/KDE/kauth/commit/fc70fb0161c1b9144d26389434d34dd135cd3f4a CVE-2019-7442 (An XML external entity (XXE) vulnerability in the Password Vault Web A ...) NOT-FOR-US: CyberArk Enterprise Password Vault CVE-2019-7441 (** DISPUTED ** cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Chec ...) NOT-FOR-US: WooCommerce CVE-2019-7440 (JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Ke ...) NOT-FOR-US: JioFi CVE-2019-7439 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang ...) NOT-FOR-US: JioFi CVE-2019-7438 (cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML i ...) NOT-FOR-US: JioFi CVE-2019-7437 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected ...) NOT-FOR-US: PHP Scripts Mall CVE-2019-7436 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory ...) NOT-FOR-US: PHP Scripts Mall CVE-2019-7435 (PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected ...) NOT-FOR-US: PHP Scripts Mall CVE-2019-7434 (PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via ...) NOT-FOR-US: PHP Scripts Mall CVE-2019-7433 (PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forge ...) NOT-FOR-US: PHP Scripts Mall CVE-2019-7432 (PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the S ...) NOT-FOR-US: PHP Scripts Mall CVE-2019-7431 (PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal vi ...) NOT-FOR-US: PHP Scripts Mall CVE-2019-7430 (PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the ...) NOT-FOR-US: PHP Scripts Mall CVE-2019-7429 (PHP Scripts Mall Property Rental Software 2.1.4 has directory traversa ...) NOT-FOR-US: PHP Scripts Mall CVE-2019-7428 RESERVED CVE-2019-7427 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-7426 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-7425 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-7424 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-7423 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-7422 (XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 ...) NOT-FOR-US: Zoho ManageEngine Netflow Analyzer Professional CVE-2019-7421 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...) NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service CVE-2019-7420 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...) NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service CVE-2019-7419 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...) NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service CVE-2019-7418 (XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05. ...) NOT-FOR-US: SAMSUNG X7400GX SyncThru Web Service CVE-2019-7417 (XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple ...) NOT-FOR-US: Ericsson Active Library Explorer (ALEX) CVE-2019-7416 (XSS and/or a Client Side URL Redirect exists in OpenText Documentum We ...) NOT-FOR-US: OpenText Documentum Webtop CVE-2019-7415 RESERVED CVE-2019-7414 RESERVED CVE-2019-7413 (In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 ...) NOT-FOR-US: Wordpress plugin CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles san ...) NOT-FOR-US: Wordpress plugin CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...) NOT-FOR-US: MyThemeShop Launcher plugin for WordPress CVE-2019-7410 (There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remo ...) NOT-FOR-US: Galileo CMS CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...) NOT-FOR-US: ProfileDesign CMS CVE-2019-7408 RESERVED CVE-2019-7407 RESERVED CVE-2019-7406 RESERVED CVE-2019-7405 RESERVED CVE-2019-7404 (An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 rout ...) NOT-FOR-US: LG routers CVE-2019-7403 (An issue was discovered in PHPMyWind 5.5. It allows remote attackers t ...) NOT-FOR-US: PHPMyWind CVE-2019-7402 (An issue was discovered in PHPMyWind 5.5. The GetQQ function in includ ...) NOT-FOR-US: PHPMyWind CVE-2019-7401 (NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based ...) NOT-FOR-US: NGINX Unit (different from FLOSS nginx) CVE-2019-7400 (Rukovoditel before 2.4.1 allows XSS. ...) NOT-FOR-US: Rukovoditel CVE-2019-7399 (Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack agains ...) NOT-FOR-US: Amazon Fire OS CVE-2019-7398 (In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1453 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/20c360e14cd5d70b5bbd0b54afa241eae4aec45d CVE-2019-7397 (In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, seve ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) - graphicsmagick 1.4~hg15896-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/commit/306c1f0fa5754ca78efd16ab752f0e981d4f6b82 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1454 CVE-2019-7396 (In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/commit/748a03651e5b138bcaf160d15133de2f4b1b89ce NOTE: https://github.com/ImageMagick/ImageMagick/issues/1452 CVE-2019-7395 (In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChanne ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a43abefb38c5e29138e1c9c515b313363541c06 NOTE: https://github.com/ImageMagick/ImageMagick/issues/1451 CVE-2019-7394 (A privilege escalation vulnerability in the administrative user interf ...) NOT-FOR-US: CA Technologies CVE-2019-7393 (A UI redress vulnerability in the administrative user interface of CA ...) NOT-FOR-US: CA Technologies CVE-2019-7392 (An improper authentication vulnerability in CA Privileged Access Manag ...) NOT-FOR-US: CA Privileged Access Manager CVE-2019-7391 (ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cg ...) NOT-FOR-US: ZyXEL CVE-2019-7390 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices wit ...) NOT-FOR-US: D-Link CVE-2019-7389 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices wit ...) NOT-FOR-US: D-Link CVE-2019-7388 (An issue was discovered in /bin/goahead on D-Link DIR-823G devices wit ...) NOT-FOR-US: D-Link CVE-2019-7387 (A local file inclusion vulnerability exists in the web interface of Sy ...) NOT-FOR-US: Systrome CVE-2019-7386 (A Denial of Service issue has been discovered in the Gecko component o ...) NOT-FOR-US: KaiOS on Nokia devices CVE-2019-7385 (An authenticated shell command injection issue has been discovered in ...) NOT-FOR-US: Raisecom GPON Devices CVE-2019-7384 (An authenticated shell command injection issue has been discovered in ...) NOT-FOR-US: Raisecom GPON Devices CVE-2019-7383 (An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and IS ...) NOT-FOR-US: Systrome devices CVE-2019-7382 RESERVED CVE-2019-7381 RESERVED CVE-2019-7380 RESERVED CVE-2019-7379 RESERVED CVE-2019-7378 RESERVED CVE-2019-7377 RESERVED CVE-2019-7376 RESERVED CVE-2019-7375 RESERVED CVE-2019-7374 RESERVED CVE-2019-7373 RESERVED CVE-2019-7372 RESERVED CVE-2019-7371 RESERVED CVE-2019-7370 RESERVED CVE-2019-7369 RESERVED CVE-2019-7368 RESERVED CVE-2019-7367 RESERVED CVE-2019-7366 (Buffer overflow vulnerability in Autodesk FBX Software Development Kit ...) NOT-FOR-US: Autodesk FBX Software Development Kit CVE-2019-7365 (DLL preloading vulnerability in Autodesk Desktop Application versions ...) NOT-FOR-US: Autodesk Desktop Application CVE-2019-7364 (DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of ...) NOT-FOR-US: Autodesk CVE-2019-7363 (Use-after-free vulnerability in Autodesk Design Review versions 2011, ...) NOT-FOR-US: Autodesk CVE-2019-7362 (DLL preloading vulnerability in Autodesk Design Review versions 2011, ...) NOT-FOR-US: Autodesk CVE-2019-7361 (An attacker may convince a victim to open a malicious action micro (.a ...) NOT-FOR-US: Autodesk CVE-2019-7360 (An exploitable use-after-free vulnerability in the DXF-parsing functio ...) NOT-FOR-US: Autodesk CVE-2019-7359 (An exploitable heap overflow vulnerability in the AcCellMargin handlin ...) NOT-FOR-US: Autodesk CVE-2019-7358 (An exploitable heap overflow vulnerability in the DXF-parsing function ...) NOT-FOR-US: Autodesk CVE-2019-7357 (Subrion CMS 4.2.1 has CSRF in panel/modules/plugins/. The attacker can ...) NOT-FOR-US: Subrion CMS CVE-2019-7356 (Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. ...) NOT-FOR-US: Subrion CMS CVE-2019-1000024 (OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cro ...) NOT-FOR-US: OPT/NET BV CVE-2019-1000023 (OPT/NET BV OPTOSS Next Gen Network Management System (NG-NetMS) versio ...) NOT-FOR-US: OPT/NET BV CVE-2019-1000022 (Taoensso Sente version Prior to version 1.14.0 contains a Cross Site R ...) NOT-FOR-US: Taoensso Sente CVE-2019-1000021 (slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 ...) - slixmpp 1.4.2-1 (bug #922509) [stretch] - slixmpp (Minor issue) NOTE: https://lab.louiz.org/poezio/slixmpp/commit/7cd73b594e8122dddf847953fcfc85ab4d316416 CVE-2019-1000020 (libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onw ...) {DLA-1668-1} - libarchive 3.3.3-4 (low) [stretch] - libarchive 3.2.2-2+deb9u2 NOTE: https://github.com/libarchive/libarchive/pull/1120 NOTE: https://github.com/libarchive/libarchive/commit/8312eaa576014cd9b965012af51bc1f967b12423 CVE-2019-1000019 (libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onw ...) {DLA-1668-1} - libarchive 3.3.3-4 (low) [stretch] - libarchive 3.2.2-2+deb9u2 NOTE: https://github.com/libarchive/libarchive/pull/1120 NOTE: https://github.com/libarchive/libarchive/commit/65a23f5dbee4497064e9bb467f81138a62b0dae1 CVE-2019-1000017 (Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect A ...) NOT-FOR-US: Chamilo Chamilo-lms CVE-2019-1000016 (FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array In ...) - ffmpeg 7:4.1.1-1 (low; bug #922066) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/b97a4b658814b2de8b9f2a3bce491c002d34de31#diff-cd7e24986650014d67f484f3ffceef3f - libav [jessie] - libav (Vulnerable code not present) CVE-2019-1000015 (Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site S ...) NOT-FOR-US: Chamilo Chamilo-lms CVE-2019-1000014 (Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracl ...) - rebar (vulnerable code is not present) - rebar3 (bug #824773) NOTE: https://github.com/erlang/rebar3/pull/1986 CVE-2019-1000013 (Hex package manager hex_core version 0.3.0 and earlier contains a Sign ...) NOT-FOR-US: Hex package manager CVE-2019-1000012 (Hex package manager version 0.14.0 through 0.18.2 contains a Signing o ...) NOT-FOR-US: Hex package manager CVE-2019-1000011 (API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access ...) NOT-FOR-US: API Platform CVE-2019-1000010 (phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting (XSS ...) NOT-FOR-US: phpIPAM CVE-2019-1000009 (Helm ChartMuseum version >=0.1.0 and < 0.8.1 contains a CWE-22: ...) NOT-FOR-US: Helm ChartMuseum CVE-2019-1000008 (All versions of Helm between Helm >=2.0.0 and < 2.12.2 contains ...) - helm-kubernetes (bug #910799) CVE-2019-1000007 (aioxmpp version 0.10.2 and earlier contains a Improper Handling of Str ...) - python-aioxmpp 0.10.3-1 NOTE: https://github.com/horazont/aioxmpp/pull/268 CVE-2019-1000006 (RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e ...) NOT-FOR-US: RIOT RIOT-OS CVE-2019-1000005 (mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of ...) NOT-FOR-US: mPDF CVE-2019-1000004 (yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross ...) NOT-FOR-US: yugandhargangu JspMyAdmin2 CVE-2019-1000003 (MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery ...) NOT-FOR-US: Wordpress plugin CVE-2019-1000002 (Gitea version 1.6.2 and earlier contains a Incorrect Access Control vu ...) - gitea NOTE: https://github.com/go-gitea/gitea/pull/5631 CVE-2019-1000001 (TeamPass version 2.1.27 and earlier contains a Storing Passwords in a ...) - teampass (bug #730180) CVE-2019-7355 RESERVED CVE-2019-7354 RESERVED CVE-2019-7353 (An Incorrect Access Control issue was discovered in GitLab Community a ...) - gitlab (Only affects 11.7) NOTE: https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/ CVE-2019-7352 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2475 NOTE: https://github.com/ZoneMinder/zoneminder/commit/effd609ff736e7853e9d39eed81ed029b9525159 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7351 (Log Injection exists in ZoneMinder through 1.32.3, as an attacker can ...) - zoneminder (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2466 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7350 (Session fixation exists in ZoneMinder through 1.32.3, as an attacker c ...) - zoneminder (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2471 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7349 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2465 NOTE: https://github.com/ZoneMinder/zoneminder/commit/cef54feaf9bf1374f0404bf525cdd322300882b5 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7348 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2467 NOTE: https://github.com/ZoneMinder/zoneminder/commit/9ce05a9a09de47868398a09e6c5259645b9ee73e NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7347 (A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMind ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2476 NOTE: https://github.com/ZoneMinder/zoneminder/pull/2487 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7346 (A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a C ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2469 NOTE: https://github.com/ZoneMinder/zoneminder/commit/dbc1c7b72f8cab5094a4a498a66ca2c0d3f29872 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7345 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2468 NOTE: https://github.com/ZoneMinder/zoneminder/commit/6af2c4ad0e288fae5702e96391657d173bba2297 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7344 (Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacke ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2455 NOTE: https://github.com/ZoneMinder/zoneminder/commit/70e59ed546474bf18b9af2040d0ed732dce835bc NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7343 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2464 NOTE: https://github.com/ZoneMinder/zoneminder/commit/9705edfe24ca429fb8c7c6cac9ef947e8410219a NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7342 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2461 NOTE: https://github.com/ZoneMinder/zoneminder/commit/dd37808ef790a77100845c2c3c3bb28d9038950f NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7341 (Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2463 NOTE: https://github.com/ZoneMinder/zoneminder/commit/ef0e5f453a4e60a5bdd6bc347e517a87182b6cad NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7340 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2462 NOTE: https://github.com/ZoneMinder/zoneminder/commit/bb75dad091bfa35af49467fede06adb972ed0545 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7339 (POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2460 NOTE: https://github.com/ZoneMinder/zoneminder/commit/c9d597dced27f7a826bac1c6fccd1003d8643064 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7338 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2454 NOTE: https://github.com/ZoneMinder/zoneminder/commit/7b0ee8a6a22576b66c341ee6f09668852769cbb6 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7337 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2456 NOTE: https://github.com/ZoneMinder/zoneminder/commit/fcbc22b6a27b2375327327c3d75995fe6a3cafd9 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7336 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2457 NOTE: https://github.com/ZoneMinder/zoneminder/commit/d7ede4643df3efd21d3cb8a758cfabf244f38b16 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7335 (Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2453 NOTE: https://github.com/ZoneMinder/zoneminder/commit/255806bd549392114af4306422cd23445e843259 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7334 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2443 NOTE: https://github.com/ZoneMinder/zoneminder/commit/02f09aad7f4ff50f1dd113c964f10d8e675da916 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7333 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2441 NOTE: https://github.com/ZoneMinder/zoneminder/commit/0b38e72f882aea7006dac01d3348f2465bcc8c09 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7332 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2442 NOTE: https://github.com/ZoneMinder/zoneminder/commit/61f6a92cc050f3db831f04c3c19f8f2d52cbe08e NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7331 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2451 NOTE: https://github.com/ZoneMinder/zoneminder/commit/254b7286b4d2654b95080a175c44195667e42ea8 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7330 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2448 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone NOTE: https://github.com/ZoneMinder/zoneminder/commit/b2a97ee190c6dc3e30b9c36b9c33c33348dde4d6 CVE-2019-7329 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2446 NOTE: https://github.com/ZoneMinder/zoneminder/commit/a97711de89d808edcec1b422b5c97645dbd9f501 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7328 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2449 NOTE: https://github.com/ZoneMinder/zoneminder/commit/b2a97ee190c6dc3e30b9c36b9c33c33348dde4d6 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7327 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2447 NOTE: https://github.com/ZoneMinder/zoneminder/commit/b2a97ee190c6dc3e30b9c36b9c33c33348dde4d6 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7326 (Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2452 NOTE: https://github.com/ZoneMinder/zoneminder/commit/fa6716a64b7481677b0d8d73d460200e60429410 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7325 (Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...) - zoneminder 1.34.6-1 (unimportant; bug #922724) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2450 NOTE: https://github.com/ZoneMinder/zoneminder/commit/99f1e23c5b115b46265ab78d57fd6548490c6802 NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone CVE-2019-7324 (app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination ...) - kanboard (bug #790814) CVE-2019-7323 (GUP (generic update process) in LightySoft LogMX before 7.4.0 does not ...) NOT-FOR-US: LightySoft LogMX CVE-2019-7322 RESERVED CVE-2019-7321 (Usage of an uninitialized variable in the function fz_load_jpeg in Art ...) - mupdf (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700560 NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;h=7d52765c5b8a5c76e459d148cd94dbaf51e562ec (1.15.0-rc1) NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=2be83b57e77938fddbb06bdffb11979ad89a9c7d (1.15.0-rc1) CVE-2019-7320 RESERVED CVE-2019-7319 (An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When usin ...) NOT-FOR-US: Cloudera CVE-2019-7318 RESERVED CVE-2019-7317 (png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after- ...) {DSA-4451-1 DSA-4448-1 DSA-4435-1 DLA-1806-1 DLA-1800-1} - libpng1.6 1.6.36-4 (bug #921355) - libpng [jessie] - libpng (Vulnerable code not present) [experimental] - firefox 67.0-1 - firefox 67.0-2 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803 NOTE: https://github.com/glennrp/libpng/issues/275 NOTE: https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-7317 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-7317 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-7317 CVE-2019-7316 (An issue was discovered in CSS-TRICKS Chat2 through 2015-05-05. The us ...) NOT-FOR-US: CSS-TRICKS Chat2 CVE-2019-7315 (Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices ...) NOT-FOR-US: Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices CVE-2019-7314 (liblivemedia in Live555 before 2019.02.03 mishandles the termination o ...) {DSA-4408-1 DLA-1690-1} [experimental] - liblivemedia 2019.02.03-1 - liblivemedia 2018.11.26-1.1 (bug #924656) NOTE: http://lists.live555.com/pipermail/live-devel/2019-February/021143.html CVE-2019-7313 (www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the ...) - buildbot 2.0.0-1 (bug #921271) [stretch] - buildbot (Vulnerable code introduced in 0.9.0) [jessie] - buildbot (Vulnerable code introduced in 0.9.0) NOTE: https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code NOTE: https://github.com/buildbot/buildbot/pull/4584/files#diff-a2e7e3ee5f6a1d3cd9c6abf0328c21e0 CVE-2019-7312 (Limited plaintext disclosure exists in PRIMX Zed Entreprise for Window ...) NOT-FOR-US: PRIMX Zed Enterprise CVE-2019-7311 (An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. A ...) NOT-FOR-US: Linksys CVE-2019-7310 (In Poppler 0.73.0, a heap-based buffer over-read (due to an integer si ...) {DLA-2440-1 DLA-1706-1} - poppler 0.71.0-4 (bug #921215) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797 NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/717 NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/172 NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/b54e1fc3e0d2600621a28d50f9f085b9e38619c2 CVE-2019-7309 (In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp fun ...) - glibc 2.28-6 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24155 NOTE: https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html NOTE: x32 not officially supported CVE-2019-7308 (kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undes ...) - linux 4.19.20-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1711 NOTE: Fixed by: https://git.kernel.org/linus/979d63d50c0c0f7bc537bf821e056cc9fe5abd38 NOTE: Fixed by: https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda CVE-2019-7307 (Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2. ...) NOT-FOR-US: Apport CVE-2019-7306 (Byobu Apport hook may disclose sensitive information since it automati ...) - byobu (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202 NOTE: Issue in /usr/share/apport/package-hooks/source_byobu.py hook, NOTE: non-issue in Debian as Apport not present. CVE-2019-7305 (Information Exposure vulnerability in eXtplorer makes the /usr/ and /e ...) - extplorer NOTE: https://bugs.launchpad.net/ubuntu/+source/extplorer/+bug/1822013 CVE-2019-7304 (Canonical snapd before version 2.37.1 incorrectly performed socket own ...) - snapd 2.37.1-1 [stretch] - snapd (Vulnerable code introduced later) NOTE: https://bugs.launchpad.net/snapd/+bug/1813365 NOTE: Introduced in 2.28, fixed in 2.37.1 CVE-2019-7303 (A vulnerability in the seccomp filters of Canonical snapd before versi ...) - snapd 2.37.4-1 (low) [stretch] - snapd (Minor issue) NOTE: https://bugs.launchpad.net/snapd/+bug/1812973 CVE-2019-7302 RESERVED CVE-2019-7301 (Zen Load Balancer 3.10.1 allows remote authenticated admin users to ex ...) NOT-FOR-US: Zen Load Balancer CVE-2019-7300 (Artica Proxy 3.06.200056 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Artica Proxy CVE-2019-7299 (A stored cross-site scripting (XSS) vulnerability in the submit_ticket ...) NOT-FOR-US: WP Support Plus Responsive Ticket System plugin for WordPress CVE-2019-7298 (An issue was discovered on D-Link DIR-823G devices with firmware throu ...) NOT-FOR-US: D-Link CVE-2019-7297 (An issue was discovered on D-Link DIR-823G devices with firmware throu ...) NOT-FOR-US: D-Link CVE-2019-7296 (typora through 0.9.64 has XSS, with resultant remote command execution ...) NOT-FOR-US: typora CVE-2019-7295 (typora through 0.9.63 has XSS, with resultant remote command execution ...) NOT-FOR-US: typora CVE-2019-7294 RESERVED CVE-2019-7293 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-7292 (A validation issue was addressed with improved logic. This issue is fi ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-7291 (A denial of service issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-7290 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Shortcuts for iOS CVE-2019-7289 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Shortcuts for iOS CVE-2019-7288 (The issue was addressed with improved validation on the FaceTime serve ...) NOT-FOR-US: Apple CVE-2019-7287 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-7286 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-7285 (A use after free issue was addressed with improved memory management. ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-7284 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-7281 (Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated u ...) NOT-FOR-US: Prima Systems FlexAir CVE-2019-7280 (Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of ...) NOT-FOR-US: Prima Systems FlexAir CVE-2019-7279 (Optergy Proton/Enterprise devices have Hard-coded Credentials. ...) NOT-FOR-US: Optergy Proton CVE-2019-7278 (Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending ...) NOT-FOR-US: Optergy Proton CVE-2019-7277 (Optergy Proton/Enterprise devices allow Unauthenticated Internal Netwo ...) NOT-FOR-US: Optergy Proton CVE-2019-7276 (Optergy Proton/Enterprise devices allow Remote Root Code Execution via ...) NOT-FOR-US: Optergy Proton CVE-2019-7275 (Optergy Proton/Enterprise devices allow Open Redirect. ...) NOT-FOR-US: Optergy Proton CVE-2019-7274 (Optergy Proton/Enterprise devices allow Authenticated File Upload with ...) NOT-FOR-US: Optergy Proton CVE-2019-7273 (Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CS ...) NOT-FOR-US: Optergy Proton CVE-2019-7272 (Optergy Proton/Enterprise devices allow Username Disclosure. ...) NOT-FOR-US: Optergy Proton CVE-2019-7271 (Nortek Linear eMerge 50P/5000P devices have Default Credentials. ...) NOT-FOR-US: Nortek Linear CVE-2019-7270 (Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF ...) NOT-FOR-US: Linear eMerge 50P/5000P devices CVE-2019-7269 (Linear eMerge 50P/5000P devices allow Authenticated Command Injection ...) NOT-FOR-US: Linear eMerge 50P/5000P devices CVE-2019-7268 (Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. ...) NOT-FOR-US: Linear eMerge 50P/5000P devices CVE-2019-7267 (Linear eMerge 50P/5000P devices allow Cookie Path Traversal. ...) NOT-FOR-US: Linear eMerge 50P/5000P devices CVE-2019-7266 (Linear eMerge 50P/5000P devices allow Authentication Bypass. ...) NOT-FOR-US: Linear eMerge 50P/5000P devices CVE-2019-7265 (Linear eMerge E3-Series devices allow Remote Code Execution (root acce ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7264 (Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7263 (Linear eMerge E3-Series devices have a Version Control Failure. ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7262 (Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7261 (Linear eMerge E3-Series devices have Hard-coded Credentials. ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7260 (Linear eMerge E3-Series devices have Cleartext Credentials in a Databa ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7259 (Linear eMerge E3-Series devices allow Authorization Bypass with Inform ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7258 (Linear eMerge E3-Series devices allow Privilege Escalation. ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7257 (Linear eMerge E3-Series devices allow Unrestricted File Upload. ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7256 (Linear eMerge E3-Series devices allow Command Injections. ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7255 (Linear eMerge E3-Series devices allow XSS. ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7254 (Linear eMerge E3-Series devices allow File Inclusion. ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7253 (Linear eMerge E3-Series devices allow Directory Traversal. ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7252 (Linear eMerge E3-Series devices have Default Credentials. ...) NOT-FOR-US: Linear eMerge E3-Series devices CVE-2019-7251 (An Integer Signedness issue (for a return code) in the res_pjsip_sdp_r ...) - asterisk 1:16.2.1~dfsg-1 (bug #923690) [stretch] - asterisk (Vulnerable code not present) [jessie] - asterisk (Vulnerable code introduced later) NOTE: https://downloads.asterisk.org/pub/security/AST-2019-001.html CVE-2019-7250 (An issue was discovered in the Cross Reference Add-on 36 for Google Do ...) NOT-FOR-US: Cross Reference Add-on for Google Docs CVE-2019-7249 (In Keybase before 2.12.6 on macOS, the move RPC to the Helper was susc ...) NOT-FOR-US: Keybase on MacOS CVE-2019-7283 (An issue was discovered in rcp in NetKit through 0.17. For an rcp oper ...) {DLA-2822-1} - netkit-rsh 0.17-20 (bug #920486) [jessie] - netkit-rsh (Minor issue) CVE-2019-7282 (In NetKit through 0.17, rcp.c in the rcp client allows remote rsh serv ...) {DLA-2822-1} - netkit-rsh 0.17-20 (bug #920486) [jessie] - netkit-rsh (Minor issue) CVE-2019-7248 RESERVED CVE-2019-7247 (An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulner ...) NOT-FOR-US: AMD CVE-2019-7246 (An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardwar ...) NOT-FOR-US: AMD CVE-2019-7245 (An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23. ...) NOT-FOR-US: TechPowerUp GPU-Z CVE-2019-7244 (An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vuln ...) NOT-FOR-US: AIDA64 CVE-2019-7243 RESERVED CVE-2019-7242 RESERVED CVE-2019-7241 RESERVED CVE-2019-7240 (An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83 ...) NOT-FOR-US: Moo0 System Monitor CVE-2019-7239 RESERVED CVE-2019-7238 (Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access C ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2019-7237 (An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/e ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-7236 (An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admin ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-7235 (An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=app ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-7234 (An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=app ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-7233 (In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer ...) - catdoc (unimportant) NOTE: https://github.com/uvoteam/libdoc/issues/6 NOTE: Crash in CLI tool, no security impact CVE-2019-7232 (The ABB IDAL HTTP server is vulnerable to a buffer overflow when a lon ...) NOT-FOR-US: ABB IDAL HTTP server CVE-2019-7231 (The ABB IDAL FTP server is vulnerable to a buffer overflow when a long ...) NOT-FOR-US: ABB IDAL FTP server CVE-2019-7230 (The ABB IDAL FTP server mishandles format strings in a username during ...) NOT-FOR-US: ABB IDAL FTP server CVE-2019-7229 (The ABB CP635 HMI uses two different transmission methods to upgrade i ...) NOT-FOR-US: ABB CP635 HMI CVE-2019-7228 (The ABB IDAL HTTP server mishandles format strings in a username or co ...) NOT-FOR-US: ABB IDAL HTTP server CVE-2019-7227 (In the ABB IDAL FTP server, an authenticated attacker can traverse to ...) NOT-FOR-US: ABB IDAL FTP server CVE-2019-7226 (The ABB IDAL HTTP server CGI interface contains a URL that allows an u ...) NOT-FOR-US: ABB IDAL HTTP server CVE-2019-7225 (The ABB HMI components implement hidden administrative accounts that a ...) NOT-FOR-US: ABB HMI components CVE-2019-7224 RESERVED CVE-2019-7223 (InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save i ...) NOT-FOR-US: InvoicePlane CVE-2019-7222 (The KVM implementation in the Linux kernel through 4.20.5 has an Infor ...) {DLA-1771-1 DLA-1731-1} - linux 4.19.20-1 [stretch] - linux 4.9.161-1 NOTE: https://git.kernel.org/linus/353c0956a618a07ba4bbe7ad00ff29fe70e8412a NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1759&desc=2 CVE-2019-7221 (The KVM implementation in the Linux kernel through 4.20.5 has a Use-af ...) {DLA-1771-1 DLA-1731-1} - linux 4.19.20-1 [stretch] - linux 4.9.161-1 NOTE: https://git.kernel.org/linus/ecec76885bcfe3294685dc363fd1273df0d5d65f NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1760 CVE-2019-7220 (X-Cart V5 is vulnerable to XSS via the CategoryFilter2 parameter. ...) NOT-FOR-US: X-Cart CVE-2019-7219 (Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa ...) - zarafa (bug #658433) CVE-2019-7218 (Citrix ShareFile before 19.23 allows a downgrade from two-factor authe ...) NOT-FOR-US: Citrix ShareFile CVE-2019-7217 (Citrix ShareFile before 19.12 allows User Enumeration. It is possible ...) NOT-FOR-US: Citrix ShareFile CVE-2019-7216 (An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi ...) NOT-FOR-US: FileChucker CVE-2019-7215 (Progress Sitefinity 10.1.6536 does not invalidate session cookies upon ...) NOT-FOR-US: Progress Sitefinity CVE-2019-7214 (SmarterTools SmarterMail 16.x before build 6985 allows deserialization ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2019-7213 (SmarterTools SmarterMail 16.x before build 6985 allows directory trave ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2019-7212 (SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret k ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2019-7211 (SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaSc ...) NOT-FOR-US: SmarterTools SmarterMail CVE-2019-7210 RESERVED CVE-2019-7209 RESERVED CVE-2019-7208 RESERVED CVE-2019-7207 RESERVED CVE-2019-7206 RESERVED CVE-2019-7205 RESERVED CVE-2019-7204 RESERVED CVE-2019-7203 RESERVED CVE-2019-7202 RESERVED CVE-2019-7201 (An unquoted service path vulnerability is reported to affect the servi ...) NOT-FOR-US: QNAP NetBak Replicator CVE-2019-7200 RESERVED CVE-2019-7199 RESERVED CVE-2019-7198 (This command injection vulnerability allows attackers to execute arbit ...) NOT-FOR-US: QNAP CVE-2019-7197 (A stored cross-site scripting (XSS) vulnerability has been reported to ...) NOT-FOR-US: QNAP CVE-2019-7196 RESERVED CVE-2019-7195 (This external control of file name or path vulnerability allows remote ...) NOT-FOR-US: QNAP CVE-2019-7194 (This external control of file name or path vulnerability allows remote ...) NOT-FOR-US: QNAP CVE-2019-7193 (This improper input validation vulnerability allows remote attackers t ...) NOT-FOR-US: QNAP CVE-2019-7192 (This improper access control vulnerability allows remote attackers to ...) NOT-FOR-US: QNAP CVE-2019-7191 RESERVED CVE-2019-7190 RESERVED CVE-2019-7189 RESERVED CVE-2019-7188 RESERVED CVE-2019-7187 RESERVED CVE-2019-7186 RESERVED CVE-2019-7185 (This cross-site scripting (XSS) vulnerability in Music Station allows ...) NOT-FOR-US: QNAP CVE-2019-7184 (This cross-site scripting (XSS) vulnerability in Video Station allows ...) NOT-FOR-US: QNAP CVE-2019-7183 (This improper link resolution vulnerability allows remote attackers to ...) NOT-FOR-US: QNAP CVE-2019-7182 RESERVED CVE-2019-7181 (Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and ea ...) NOT-FOR-US: myQNAPcloud Connect CVE-2019-7180 RESERVED CVE-2019-7179 RESERVED CVE-2019-7178 (Pexip Infinity before 20.1 allows privilege escalation by restoring a ...) NOT-FOR-US: Pexip Infinity CVE-2019-7177 (Pexip Infinity before 20.1 allows Code Injection onto nodes via an adm ...) NOT-FOR-US: Pexip Infinity CVE-2019-7176 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-7175 (In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage ...) {DSA-4712-1} - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/commit/1e6a3ace073c9ec9c71e439c111d23c6e66cb6ae NOTE: https://github.com/ImageMagick/ImageMagick/issues/1450 CVE-2019-7174 (Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Ren ...) NOT-FOR-US: Roxy Fileman CVE-2019-7173 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...) NOT-FOR-US: Croogo CVE-2019-7172 (A stored-self XSS exists in ATutor through v2.2.4, allowing an attacke ...) NOT-FOR-US: ATutor CVE-2019-7171 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...) NOT-FOR-US: Croogo CVE-2019-7170 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...) NOT-FOR-US: Croogo CVE-2019-7169 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...) NOT-FOR-US: Croogo CVE-2019-7168 (A stored-self XSS exists in Croogo through v3.0.5, allowing an attacke ...) NOT-FOR-US: Croogo CVE-2019-7167 (Zcash, before the Sapling network upgrade (2018-10-28), had a counterf ...) NOT-FOR-US: Zcash CVE-2019-7166 RESERVED CVE-2019-7165 (A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitra ...) {DSA-4478-1 DLA-1845-1} - dosbox 0.74-3-1 (bug #931222) NOTE: Fixed in 0.74-3 upstream. NOTE: Upstream clarification https://sourceforge.net/p/dosbox/bugs/508/ NOTE: Fixed by https://sourceforge.net/p/dosbox/code-0/3925/ CVE-2019-7164 (SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injecti ...) {DLA-2811-1 DLA-1718-1} [experimental] - sqlalchemy 1.3.0~b3+ds1-1 - sqlalchemy 1.2.18+ds1-2 (bug #922669) NOTE: https://github.com/sqlalchemy/sqlalchemy/issues/4481 NOTE: https://github.com/sqlalchemy/sqlalchemy/commit/30307c4616ad67c01ddae2e1e8e34fabf6028414 CVE-2019-7163 (The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 dev ...) NOT-FOR-US: Alcatel CVE-2019-7162 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Bu ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-7161 (An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.x th ...) NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2019-7160 (idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Trav ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-7159 (OX App Suite 7.10.1 and earlier allows Information Exposure. ...) NOT-FOR-US: Open-Xchange App Suite CVE-2019-7158 (OX App Suite 7.10.0 and earlier has Incorrect Access Control. ...) NOT-FOR-US: Open-Xchange App Suite CVE-2019-7157 RESERVED CVE-2019-7156 (In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows divi ...) - catdoc (unimportant) NOTE: https://github.com/uvoteam/libdoc/issues/5 NOTE: catdoc embeds the code; crash in CLI tool, no security impact CVE-2019-7155 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-7154 (The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap- ...) - binaryen 66-1 (bug #920853) NOTE: https://github.com/WebAssembly/binaryen/issues/1876 NOTE: https://github.com/WebAssembly/binaryen/commit/79a4fbc80d7ffce4cbcfd04315ce3a0efa88d7fa CVE-2019-7153 (A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder:: ...) - binaryen 66-1 (bug #920853) NOTE: https://github.com/WebAssembly/binaryen/issues/1879 NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e CVE-2019-7152 (A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilde ...) - binaryen 66-1 (bug #920853) NOTE: https://github.com/WebAssembly/binaryen/issues/1880 NOTE: Same set of fixes as for https://github.com/WebAssembly/binaryen/issues/1879 NOTE: address the issue. NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e CVE-2019-7151 (A NULL pointer dereference was discovered in wasm::Module::getFunction ...) - binaryen 66-1 (bug #920853) NOTE: https://github.com/WebAssembly/binaryen/issues/1881 NOTE: Same set of fixes as for https://github.com/WebAssembly/binaryen/issues/1879 NOTE: address the issue. NOTE: https://github.com/WebAssembly/binaryen/commit/2127e64f42da55bb5b9b0ab1995b3ca7fc4e0d0b NOTE: https://github.com/WebAssembly/binaryen/commit/85e95e315a8023c46eb804fe80ebc244bcfdae3e CVE-2019-7150 (An issue was discovered in elfutils 0.175. A segmentation fault can oc ...) {DLA-2802-1 DLA-1689-1} - elfutils 0.176-1 (low; bug #920909) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24103 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00070.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=da5c5336a1eaf519de246f7d9f0f5585e1d4ac59 CVE-2019-7149 (A heap-based buffer over-read was discovered in the function read_srcl ...) {DLA-1689-1} - elfutils 0.176-1 (low; bug #920910) [stretch] - elfutils (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24102 NOTE: https://sourceware.org/ml/elfutils-devel/2019-q1/msg00068.html NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2562759d6fe5b364fe224852e64e8bda39eb2e35 CVE-2019-7148 (An attempted excessive memory allocation was discovered in the functio ...) - elfutils 0.176-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24085 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=e32380ecefbb23448541367283d3b94930762986 NOTE: malloc can fail on invalid file, but "nothing" bad with security implication will NOTE: happen, negligible security impact. CVE-2019-7147 (A buffer over-read exists in the function crc64ib in crc64.c in nasmli ...) - nasm (Vulnerable code introduced later) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392544 CVE-2019-7146 (In elfutils 0.175, there is a buffer over-read in the ebl_object_note ...) - elfutils 0.176-1 (bug #920911) [stretch] - elfutils (Vulnerable code introduced in 0.175) [jessie] - elfutils (Vulnerable code introduced in 0.175) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24075 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24081 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=012018907ca05eb0ab51d424a596ef38fc87cae1 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=cd7ded3df43f655af945c869976401a602e46fcd CVE-2019-7145 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7144 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7143 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7142 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7141 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7140 (Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7139 (An unauthenticated user can execute SQL statements that allow arbitrar ...) NOT-FOR-US: Magento CVE-2019-7138 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...) NOT-FOR-US: Adobe CVE-2019-7137 (Adobe Bridge CC versions 9.0.2 have a memory corruption vulnerability. ...) NOT-FOR-US: Adobe CVE-2019-7136 (Adobe Bridge CC versions 9.0.2 have an use after free vulnerability. S ...) NOT-FOR-US: Adobe CVE-2019-7135 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...) NOT-FOR-US: Adobe CVE-2019-7134 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...) NOT-FOR-US: Adobe CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnerabilit ...) NOT-FOR-US: Adobe CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...) NOT-FOR-US: Adobe CVE-2019-7131 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...) NOT-FOR-US: Adobe CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...) NOT-FOR-US: Adobe CVE-2019-7128 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7127 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7126 RESERVED CVE-2019-7125 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7124 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7123 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7122 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7121 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7120 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7119 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7118 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7117 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7116 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7115 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7114 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7113 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7112 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7111 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7110 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7109 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7108 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...) NOT-FOR-US: Adobe Flash Player CVE-2019-7107 (Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink proc ...) NOT-FOR-US: Adobe CVE-2019-7106 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...) NOT-FOR-US: Adobe CVE-2019-7105 (Adobe XD versions 16.0 and earlier have a path traversal vulnerability ...) NOT-FOR-US: Adobe CVE-2019-7104 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...) NOT-FOR-US: Adobe CVE-2019-7103 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...) NOT-FOR-US: Adobe CVE-2019-7102 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...) NOT-FOR-US: Adobe CVE-2019-7101 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...) NOT-FOR-US: Adobe CVE-2019-7100 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...) NOT-FOR-US: Adobe CVE-2019-7099 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...) NOT-FOR-US: Adobe CVE-2019-7098 (Adobe Shockwave Player versions 12.3.4.204 and earlier have a memory c ...) NOT-FOR-US: Adobe CVE-2019-7097 (Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol ...) NOT-FOR-US: Adobe CVE-2019-7096 (Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and ear ...) NOT-FOR-US: Adobe Flash Player CVE-2019-7095 (Adobe Digital Editions versions 4.5.10.185749 and below have a heap ov ...) NOT-FOR-US: Adobe CVE-2019-7094 (Adobe Photoshop CC 19.1.7 and earlier, and 20.0.2 and earlier have a h ...) NOT-FOR-US: Adobe CVE-2019-7093 (Creative Cloud Desktop Application (installer) versions 4.7.0.400 and ...) NOT-FOR-US: Adobe CVE-2019-7092 (ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Up ...) NOT-FOR-US: Adobe CVE-2019-7091 (ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Up ...) NOT-FOR-US: Adobe CVE-2019-7090 (Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Pl ...) NOT-FOR-US: Adobe CVE-2019-7089 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7088 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7087 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7086 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7085 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7084 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7083 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7082 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7081 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7080 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7079 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7078 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7077 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7076 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7075 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7074 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7073 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7072 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7071 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7070 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7069 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7068 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7067 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7066 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7065 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7064 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7063 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7062 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7061 (Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7060 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7059 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7058 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7057 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7056 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7055 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7054 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7053 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7052 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7051 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7050 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7049 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7048 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7047 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7046 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7045 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7044 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7043 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7042 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7041 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7040 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7039 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7038 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7037 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7036 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7035 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7034 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7033 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7032 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7031 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7030 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7029 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7028 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7027 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7026 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7025 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7024 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7023 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7022 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7021 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7020 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7019 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7018 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010 ...) NOT-FOR-US: Adobe CVE-2019-7017 REJECTED CVE-2019-7016 REJECTED CVE-2019-7015 REJECTED CVE-2019-7014 REJECTED CVE-2019-7013 REJECTED CVE-2019-7012 REJECTED CVE-2019-7011 REJECTED CVE-2019-7010 REJECTED CVE-2019-7009 REJECTED CVE-2019-7008 REJECTED CVE-2019-7007 (A directory traversal vulnerability has been found in the Avaya Equino ...) NOT-FOR-US: Avaya CVE-2019-7006 (Avaya one-X Communicator uses weak cryptographic algorithms in the cli ...) NOT-FOR-US: Avaya CVE-2019-7005 (A vulnerability was discovered in the web interface component of IP Of ...) NOT-FOR-US: IP Office CVE-2019-7004 (A Cross-Site Scripting (XSS) vulnerability in the WebUI component of I ...) NOT-FOR-US: Avaya CVE-2019-7003 (A SQL injection vulnerability in the reporting component of Avaya Cont ...) NOT-FOR-US: Avaya CVE-2019-7002 REJECTED CVE-2019-7001 (A SQL injection vulnerability in the WebUI component of IP Office Cont ...) NOT-FOR-US: IP Office Contact Center CVE-2019-7000 (A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura ...) NOT-FOR-US: Web UI of Avaya Aura Conferencing CVE-2019-6999 REJECTED CVE-2019-6998 RESERVED CVE-2019-6997 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6996 (An issue was discovered in GitLab Enterprise Edition 10.x (starting in ...) - gitlab (Only affects EE) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6995 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6994 RESERVED CVE-2019-6993 RESERVED CVE-2019-6992 (A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ...) - zoneminder 1.32.3-2 (bug #920999) NOTE: https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498 NOTE: https://github.com/ZoneMinder/zoneminder/issues/2445 CVE-2019-6991 (A classic Stack-based buffer overflow exists in the zmLoadUser() funct ...) - zoneminder 1.32.3-2 (bug #921000) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2478 NOTE: https://github.com/ZoneMinder/zoneminder/pull/2482 CVE-2019-6990 (A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneM ...) - zoneminder 1.32.3-2 (bug #921001) NOTE: https://github.com/ZoneMinder/zoneminder/commit/a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a NOTE: https://github.com/ZoneMinder/zoneminder/issues/2444 CVE-2019-1000018 (rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Speci ...) {DSA-4377-1 DLA-1650-1} - rssh 2.3.4-9 (bug #919623) NOTE: https://sourceforge.net/p/rssh/mailman/message/36519118/ CVE-2019-6989 (TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caus ...) NOT-FOR-US: TP-Link CVE-2019-6988 (An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers ...) - openjpeg2 (low; bug #922648) [bullseye] - openjpeg2 (Minor issue) [buster] - openjpeg2 (Minor issue) [stretch] - openjpeg2 (Minor issue) [jessie] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1178 CVE-2019-6987 RESERVED CVE-2019-6986 (SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to exe ...) NOT-FOR-US: VIVO Vitro CVE-2019-6985 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...) NOT-FOR-US: Foxit Reader CVE-2019-6984 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...) NOT-FOR-US: Foxit Reader CVE-2019-6983 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...) NOT-FOR-US: Foxit Reader CVE-2019-6982 (An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for ...) NOT-FOR-US: Foxit Reader CVE-2019-6981 (Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in t ...) NOT-FOR-US: Zimbra CVE-2019-6980 (Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecur ...) NOT-FOR-US: Zimbra CVE-2019-6979 (An issue was discovered in the User IP History Logs (aka IP_History_Lo ...) NOT-FOR-US: IP History Logs plugin for MyBB CVE-2019-6978 (The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdI ...) {DSA-4384-1 DLA-1651-1} - libgd2 2.2.5-5.1 (bug #920728) NOTE: https://github.com/libgd/libgd/issues/492 NOTE: https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0 CVE-2019-1000029 [DoS due to changing # of allowed users in root channel] - mumble 1.3.0~git20190125.440b173+dfsg-1 (bug #920476) [stretch] - mumble (Vulnerable code introduced later) [jessie] - mumble (Vulnerable code introduced later) NOTE: https://github.com/mumble-voip/mumble/issues/3585 NOTE: Introduced in: https://github.com/mumble-voip/mumble/commit/84b1bcecef790a84d10b2d1f2060c1681a2bb836 NOTE: Fixed by: https://github.com/mumble-voip/mumble/commit/3edc46ff7308691d342f8c08ce1afaaefce35a5c CVE-2019-6977 (gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka ...) {DSA-4384-1 DLA-1679-1 DLA-1651-1} - libgd2 2.2.5-5.1 (bug #920645) - php7.3 7.3.1-1 (unimportant) - php7.0 (unimportant) - php5 (unimportant) NOTE: Fixed in 5.6.40, 7.1.26, 7.2.14, 7.3.1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77270 NOTE: https://github.com/php/php-src/commit/7a12dad4dd6c370835b13afae214b240082c7538 CVE-2019-6976 (libvips before 8.7.4 generates output images from uninitialized memory ...) - vips 8.7.4-1 (low) [stretch] - vips 8.4.5-1+deb9u1 [jessie] - vips (Minor Issue) NOTE: https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a CVE-2019-6975 (Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2. ...) {DSA-4476-1} - python-django 1:1.11.20-1 (low; bug #922027) [jessie] - python-django (Vulnerable code not present) NOTE: Upstream re-released https://code.djangoproject.com/ticket/30175 NOTE: https://www.djangoproject.com/weblog/2019/feb/11/security-releases/ NOTE: https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227 (1.11 branch) CVE-2019-6974 (In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm ...) {DLA-1771-1 DLA-1731-1} - linux 4.19.20-1 [stretch] - linux 4.9.161-1 NOTE: https://git.kernel.org/linus/cfa39381173d5f969daf43582c95ad679189cbc9 CVE-2019-6973 (Sricam IP CCTV cameras are vulnerable to denial of service via multipl ...) NOT-FOR-US: Sricam IP CCTV cameras CVE-2019-6972 (An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credent ...) NOT-FOR-US: TP-Link CVE-2019-6971 (An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker ...) NOT-FOR-US: TP-Link CVE-2019-6970 (Moodle 3.5.x before 3.5.4 allows SSRF. ...) - moodle CVE-2019-6969 (The web interface of the D-Link DVA-5592 20180823 is vulnerable to an ...) NOT-FOR-US: D-Link CVE-2019-6968 (The web interface of the D-Link DVA-5592 20180823 is vulnerable to XSS ...) NOT-FOR-US: D-Link CVE-2019-6967 (AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. ...) NOT-FOR-US: AirTies devices CVE-2019-6966 (An issue was discovered in Bento4 1.5.1-628. The AP4_ElstAtom class in ...) NOT-FOR-US: Bento4 CVE-2019-6965 (An XSS issue was discovered in i-doit Open 1.12 via the src/tools/php/ ...) NOT-FOR-US: i-doit CVE-2019-6964 (A heap-based buffer over-read in Service_SetParamStringValue in cosa_x ...) NOT-FOR-US: RDK (Reference Design Kit) CVE-2019-6963 (A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-2018 ...) NOT-FOR-US: RDK (Reference Design Kit) CVE-2019-6962 (A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 ...) NOT-FOR-US: RDK (Reference Design Kit) CVE-2019-6961 (Incorrect access control in actionHandlerUtility.php in the RDK RDKB-2 ...) NOT-FOR-US: RDK (Reference Design Kit) CVE-2019-6960 (An issue was discovered in GitLab Community and Enterprise Edition 9.x ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6959 RESERVED CVE-2019-6958 (A recently discovered security vulnerability affects all Bosch Video M ...) NOT-FOR-US: Bosch CVE-2019-6957 (A recently discovered security vulnerability affects all Bosch Video M ...) NOT-FOR-US: Bosch CVE-2019-6956 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...) {DLA-2792-1 DLA-1899-1} - faad2 2.8.8-3.1 (bug #914641) [buster] - faad2 (Minor issue) NOTE: https://sourceforge.net/p/faac/bugs/240/ NOTE: https://github.com/knik0/faad2/issues/39 NOTE: https://github.com/knik0/faad2/commit/6823e6610c9af1b0080cb22b9da03efb208d7d57 CVE-2019-6955 RESERVED CVE-2019-6954 RESERVED CVE-2019-6953 RESERVED CVE-2019-6952 RESERVED CVE-2019-6951 RESERVED CVE-2019-6950 RESERVED CVE-2019-6949 RESERVED CVE-2019-6948 RESERVED CVE-2019-6947 RESERVED CVE-2019-6946 RESERVED CVE-2019-6945 RESERVED CVE-2019-6944 RESERVED CVE-2019-6943 RESERVED CVE-2019-6942 RESERVED CVE-2019-6941 RESERVED CVE-2019-6940 RESERVED CVE-2019-6939 RESERVED CVE-2019-6938 RESERVED CVE-2019-6937 RESERVED CVE-2019-6936 RESERVED CVE-2019-6935 RESERVED CVE-2019-6934 RESERVED CVE-2019-6933 RESERVED CVE-2019-6932 RESERVED CVE-2019-6931 RESERVED CVE-2019-6930 RESERVED CVE-2019-6929 RESERVED CVE-2019-6928 RESERVED CVE-2019-6927 RESERVED CVE-2019-6926 RESERVED CVE-2019-6925 RESERVED CVE-2019-6924 RESERVED CVE-2019-6923 RESERVED CVE-2019-6922 RESERVED CVE-2019-6921 RESERVED CVE-2019-6920 RESERVED CVE-2019-6919 RESERVED CVE-2019-6918 RESERVED CVE-2019-6917 RESERVED CVE-2019-6916 RESERVED CVE-2019-6915 RESERVED CVE-2019-6914 RESERVED CVE-2019-6913 RESERVED CVE-2019-6912 RESERVED CVE-2019-6911 RESERVED CVE-2019-6910 RESERVED CVE-2019-6909 RESERVED CVE-2019-6908 RESERVED CVE-2019-6907 RESERVED CVE-2019-6906 RESERVED CVE-2019-6905 RESERVED CVE-2019-6904 RESERVED CVE-2019-6903 RESERVED CVE-2019-6902 RESERVED CVE-2019-6901 RESERVED CVE-2019-6900 RESERVED CVE-2019-6899 RESERVED CVE-2019-6898 RESERVED CVE-2019-6897 RESERVED CVE-2019-6896 RESERVED CVE-2019-6895 RESERVED CVE-2019-6894 RESERVED CVE-2019-6893 RESERVED CVE-2019-6892 RESERVED CVE-2019-6891 RESERVED CVE-2019-6890 RESERVED CVE-2019-6889 RESERVED CVE-2019-6888 RESERVED CVE-2019-6887 RESERVED CVE-2019-6886 RESERVED CVE-2019-6885 RESERVED CVE-2019-6884 RESERVED CVE-2019-6883 RESERVED CVE-2019-6882 RESERVED CVE-2019-6881 RESERVED CVE-2019-6880 RESERVED CVE-2019-6879 RESERVED CVE-2019-6878 RESERVED CVE-2019-6877 RESERVED CVE-2019-6876 RESERVED CVE-2019-6875 RESERVED CVE-2019-6874 RESERVED CVE-2019-6873 RESERVED CVE-2019-6872 RESERVED CVE-2019-6871 RESERVED CVE-2019-6870 RESERVED CVE-2019-6869 RESERVED CVE-2019-6868 RESERVED CVE-2019-6867 RESERVED CVE-2019-6866 RESERVED CVE-2019-6865 RESERVED CVE-2019-6864 RESERVED CVE-2019-6863 RESERVED CVE-2019-6862 RESERVED CVE-2019-6861 RESERVED CVE-2019-6860 RESERVED CVE-2019-6859 (A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modico ...) NOT-FOR-US: Modicon CVE-2019-6858 (A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX ...) NOT-FOR-US: MSX Configurator CVE-2019-6857 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Modicon CVE-2019-6856 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Modicon CVE-2019-6855 (Incorrect Authorization vulnerability exists in EcoStruxure Control Ex ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2019-6854 (A CWE-287: Improper Authentication vulnerability exists in a folder wi ...) NOT-FOR-US: EcoStruxure Geo SCADA Expert CVE-2019-6853 (A CWE-79: Failure to Preserve Web Page Structure vulnerability exists ...) NOT-FOR-US: Andover Continuum CVE-2019-6852 (A CWE-200: Information Exposure vulnerability exists in Modicon Contro ...) NOT-FOR-US: Schneider Electric CVE-2019-6851 (A CWE-538: File and Directory Information Exposure vulnerability exist ...) NOT-FOR-US: Modicon CVE-2019-6850 (A CWE-200: Information Exposure vulnerability exists in Modicon M580, ...) NOT-FOR-US: Modicon CVE-2019-6849 (A CWE-200: Information Exposure vulnerability exists in Modicon M580, ...) NOT-FOR-US: Modicon CVE-2019-6848 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...) NOT-FOR-US: Modicon CVE-2019-6847 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...) NOT-FOR-US: Modicon CVE-2019-6846 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...) NOT-FOR-US: Modicon CVE-2019-6845 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...) NOT-FOR-US: Modicon CVE-2019-6844 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...) NOT-FOR-US: Modicon CVE-2019-6843 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...) NOT-FOR-US: Modicon CVE-2019-6842 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...) NOT-FOR-US: Modicon CVE-2019-6841 (A CWE-755: Improper Handling of Exceptional Conditions vulnerability e ...) NOT-FOR-US: Modicon CVE-2019-6840 (A Format String: CWE-134 vulnerability exists in U.motion Server (MEG6 ...) NOT-FOR-US: Schneider CVE-2019-6839 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) NOT-FOR-US: Schneider CVE-2019-6838 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...) NOT-FOR-US: Schneider CVE-2019-6837 (A Server-Side Request Forgery (SSRF): CWE-918 vulnerability exists in ...) NOT-FOR-US: Schneider CVE-2019-6836 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...) NOT-FOR-US: Schneider CVE-2019-6835 (A Cross-Site Scripting (XSS) CWE-79 vulnerability exists in U.motion S ...) NOT-FOR-US: Schneider CVE-2019-6834 RESERVED CVE-2019-6833 (A CWE-754 – Improper Check for Unusual or Exceptional Conditions ...) NOT-FOR-US: Schneider CVE-2019-6832 (A CWE-287: Authentication vulnerability exists in spaceLYnk (all versi ...) NOT-FOR-US: Schneider CVE-2019-6831 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider CVE-2019-6830 (A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all ...) NOT-FOR-US: Schneider CVE-2019-6829 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...) NOT-FOR-US: Schneider CVE-2019-6828 (A CWE-248: Uncaught Exception vulnerability exists Modicon M580 (firmw ...) NOT-FOR-US: Schneider CVE-2019-6827 (A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Gra ...) NOT-FOR-US: Interactive Graphical SCADA System (IGSS) CVE-2019-6826 (A CWE-426: Untrusted Search Path vulnerability exists in SoMachine HVA ...) NOT-FOR-US: Schneider CVE-2019-6825 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...) NOT-FOR-US: ProClima CVE-2019-6824 (A CWE-119: Buffer Errors vulnerability exists in ProClima (all version ...) NOT-FOR-US: ProClima CVE-2019-6823 (A CWE-94: Code Injection vulnerability exists in ProClima (all version ...) NOT-FOR-US: ProClima CVE-2019-6822 (A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 a ...) NOT-FOR-US: Zelio Soft 2 CVE-2019-6821 (CWE-330: Use of Insufficiently Random Values vulnerability, which coul ...) NOT-FOR-US: Schneider Electric CVE-2019-6820 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Schneider Electric CVE-2019-6819 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider Electric CVE-2019-6818 RESERVED CVE-2019-6817 RESERVED CVE-2019-6816 (In Modicon Quantum all firmware versions, a CWE-94: Code Injection vul ...) NOT-FOR-US: Schneider Electric CVE-2019-6815 (In Modicon Quantum all firmware versions, CWE-264: Permissions, Privil ...) NOT-FOR-US: Schneider Electric CVE-2019-6814 (A CWE-287: Improper Authentication vulnerability exists in the NET55XX ...) NOT-FOR-US: Schneider Electric CVE-2019-6813 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Schneider CVE-2019-6812 (A CWE-798 use of hardcoded credentials vulnerability exists in BMX-NOR ...) NOT-FOR-US: Schneider Electric CVE-2019-6811 (An Improper Check for Unusual or Exceptional Conditions (CWE-754) vuln ...) NOT-FOR-US: Schneider CVE-2019-6810 (CWE-284: Improper Access Control vulnerability exists in BMXNOR0200H E ...) NOT-FOR-US: Schneider CVE-2019-6809 (A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 (fi ...) NOT-FOR-US: Schneider CVE-2019-6808 (A CWE-284: Improper Access Control vulnerability exists in all version ...) NOT-FOR-US: Schneider Electric CVE-2019-6807 (A CWE-248: Uncaught Exception vulnerability exists in all versions of ...) NOT-FOR-US: Schneider Electric CVE-2019-6806 (A CWE-200: Information Exposure vulnerability exists in all versions o ...) NOT-FOR-US: Schneider Electric CVE-2019-6805 (SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi ...) NOT-FOR-US: S-CMS CVE-2019-6804 (An XSS issue was discovered on the Job Edit page in Rundeck Community ...) NOT-FOR-US: Rundeck Community Edition CVE-2019-6803 (typora through 0.9.9.20.3 beta has XSS, with resultant remote command ...) NOT-FOR-US: Typora CVE-2019-6802 (CRLF Injection in pypiserver 1.2.5 and below allows attackers to set a ...) NOT-FOR-US: pypiserver CVE-2019-6801 RESERVED CVE-2019-6800 (In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam ...) NOT-FOR-US: TitanHQ SpamTitan CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...) {DLA-1692-1} - phpmyadmin 4:4.9.1+dfsg1-2 (bug #920823) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://www.phpmyadmin.net/security/PMASA-2019-1/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900 CVE-2019-6798 (An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability wa ...) - phpmyadmin 4:4.9.1+dfsg1-2 (bug #920822) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 [jessie] - phpmyadmin (Vulnerable code introduced later >= 4.5.0) NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435 CVE-2019-6797 (An information disclosure issue was discovered in GitLab Enterprise Ed ...) - gitlab (Only affects EE) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6796 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6795 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6794 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6793 (An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11 ...) - gitlab (Only affects EE) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6792 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6791 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6790 (An Incorrect Access Control (issue 2 of 3) issue was discovered in Git ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6789 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6788 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6787 (An Incorrect Access Control issue was discovered in GitLab Community a ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6786 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6785 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6784 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6783 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6782 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6781 (An Improper Input Validation issue was discovered in GitLab Community ...) - gitlab 11.5.10+dfsg-1 (bug #921059) NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ CVE-2019-6780 (The Wise Chat plugin before 2.7 for WordPress mishandles external link ...) NOT-FOR-US: WordPress plugin wise-chat CVE-2019-6779 (Cscms 4.1.8 allows admin.php/links/save CSRF to add, modify, or delete ...) NOT-FOR-US: Cscms CVE-2019-6778 (In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer ove ...) {DSA-4454-1 DLA-1694-1} - qemu 1:3.1+dfsg-3 (bug #921525) - qemu-kvm - slirp4netns 0.2.1-1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg03132.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=a7104eda7dab99d0cdbd3595c211864cba415905 NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-j2r5-xwp8-m8m9 CVE-2019-6777 (An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in ...) - zoneminder 1.32.3-2 (bug #920375) NOTE: https://github.com/ZoneMinder/zoneminder/issues/2436 NOTE: https://github.com/mnoorenberghe/ZoneMinder/commit/59cc65411f02c7e39a270fda3ecb4966d7b48d41 CVE-2019-6776 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-6775 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6774 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6773 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-6772 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-6771 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-6770 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-6769 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6768 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6767 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6766 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-6765 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-6764 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6763 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6762 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-6761 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6760 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6759 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6758 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-6757 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6756 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-6755 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6754 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6753 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-6752 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-6751 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2019-6750 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2019-6749 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2019-6748 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2019-6747 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2019-6746 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2019-6745 REJECTED CVE-2019-6744 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Samsung CVE-2019-6743 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Xiaomi Mi6 Browser CVE-2019-6742 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: GameServiceReceiver update mechanism as used in Samsung Galaxy S9 CVE-2019-6741 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Samsung CVE-2019-6740 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Samsung CVE-2019-6739 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Malwarebytes Antimalware CVE-2019-6738 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bitdefender SafePay CVE-2019-6737 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bitdefender SafePay CVE-2019-6736 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bitdefender SafePay CVE-2019-6735 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-6734 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-6733 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-6732 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-6731 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2019-6730 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6729 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6728 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2019-6727 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2019-6726 (The WP Fastest Cache plugin through 0.8.9.0 for WordPress allows remot ...) NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2019-6725 (The rpWLANRedirect.asp ASP page is accessible without authentication o ...) NOT-FOR-US: ZyXEL CVE-2019-6724 (The barracudavpn component of the Barracuda VPN Client prior to versio ...) NOT-FOR-US: Barracuda VPN Client CVE-2019-6723 RESERVED CVE-2019-6722 RESERVED CVE-2019-6721 RESERVED CVE-2019-6720 RESERVED CVE-2019-6719 (An issue has been found in libIEC61850 v1.3.1. There is a use-after-fr ...) NOT-FOR-US: libIEC61850 CVE-2019-6718 RESERVED CVE-2019-6717 RESERVED CVE-2019-6716 (An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket C ...) NOT-FOR-US: LogonBox Nervepoint Access Manager CVE-2019-6715 (pub/sns.php in the W3 Total Cache plugin before 0.9.4 for WordPress al ...) NOT-FOR-US: W3 Total Cache plugin for WordPress CVE-2019-6714 (An issue was discovered in BlogEngine.NET through 3.3.6.0. A path trav ...) NOT-FOR-US: BlogEngine.NET CVE-2019-6713 (app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows ...) NOT-FOR-US: ThinkCMF CVE-2019-6712 RESERVED CVE-2019-6711 RESERVED CVE-2019-6710 (Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. ...) NOT-FOR-US: Zyxel CVE-2019-6709 RESERVED CVE-2019-6708 (PHPSHE 1.7 has SQL injection via the admin.php?mod=order state paramet ...) NOT-FOR-US: PHPSHE CVE-2019-6707 (PHPSHE 1.7 has SQL injection via the admin.php?mod=product&act=sta ...) NOT-FOR-US: PHPSHE CVE-2019-6706 (Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For examp ...) - lua5.3 5.3.6-1 (bug #920321) [bullseye] - lua5.3 (Minor issue, revisit when fixed upstream) [buster] - lua5.3 (Minor issue, revisit when fixed upstream) [stretch] - lua5.3 (Minor issue, revisit when fixed upstream) - lua5.2 (Vulnerable code introduced later) - lua5.1 (Vulnerable code introduced later) - lua50 (Vulnerable code introduced later) NOTE: http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html NOTE: lua50 and lua5.1 don't have the affected code. NOTE: lua5.2 is not vulnerable as it doesn't free the value before using it. CVE-2019-6705 RESERVED CVE-2019-6704 RESERVED CVE-2019-6703 (Incorrect access control in migla_ajax_functions.php in the Calmar Web ...) NOT-FOR-US: Calmar Webmedia Total Donations plugin for WordPress CVE-2019-6702 (The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certifica ...) NOT-FOR-US: MasterCard Qkr! app CVE-2019-6701 RESERVED CVE-2019-6700 (An information exposure vulnerability in the external authentication p ...) NOT-FOR-US: FortiSIEM (Fortiguard) CVE-2019-6699 (An improper neutralization of input vulnerability in Fortinet FortiADC ...) NOT-FOR-US: Fortiguard CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...) NOT-FOR-US: Fortinet CVE-2019-6697 RESERVED CVE-2019-6696 (An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6. ...) NOT-FOR-US: Fortiguard CVE-2019-6695 (Lack of root file system integrity checking in Fortinet FortiManager V ...) NOT-FOR-US: Fortinet CVE-2019-6694 RESERVED CVE-2019-6693 (Use of a hard-coded cryptographic key to cipher sensitive data in Fort ...) NOT-FOR-US: Fortinet CVE-2019-6692 (A malicious DLL preload vulnerability in Fortinet FortiClient for Wind ...) NOT-FOR-US: Fortinet CVE-2019-6691 (phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=bac ...) NOT-FOR-US: phpwind CVE-2019-6690 (python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg t ...) {DLA-1675-1} - python-gnupg 0.4.4-1 [stretch] - python-gnupg (Minor issue) NOTE: https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability NOTE: https://github.com/vsajip/python-gnupg/commit/39eca266dd837e2ad89c94eb17b7a6f50b25e7cf#diff-88b99bb28683bd5b7e3a204826ead112 NOTE: https://github.com/vsajip/python-gnupg/commit/3003b654ca1c29b0510a54b9848571b3ad57df19#diff-88b99bb28683bd5b7e3a204826ead112 CVE-2019-6689 (An issue was discovered in Dillon Kane Tidal Workload Automation Agent ...) NOT-FOR-US: Dillon Kane Tidal Workload Automation Agent CVE-2019-6688 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6687 (On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services pr ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6686 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6685 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6684 (On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6683 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6682 (On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6681 (On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6680 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6679 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6678 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6677 (On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6676 (On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM m ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6675 (BIG-IP configurations using Active Directory, LDAP, or Client Certific ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6674 (On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash ...) NOT-FOR-US: F5 CVE-2019-6673 (On versions 15.0.0-15.0.1 and 14.0.0-14.1.2, when the BIG-IP is config ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6672 (On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, and 13.1.0-13.1.3.1, when ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6671 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6670 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6669 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6668 (The BIG-IP APM Edge Client for macOS bundled with BIG-IP APM 15.0.0-15 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6667 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.1.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6666 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, and 13.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6665 (On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6664 (On BIG-IP 15.0.0 and 14.1.0-14.1.0.6, under certain conditions, networ ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6663 (The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6662 (On BIG-IP 13.1.0-13.1.1.4, sensitive information is logged into the lo ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6661 (When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6660 (On BIG-IP 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.1, undisclosed ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6659 (On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enable ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6658 (On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1. ...) NOT-FOR-US: F5 CVE-2019-6657 (On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a refle ...) NOT-FOR-US: F5 CVE-2019-6656 (BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs t ...) NOT-FOR-US: F5 CVE-2019-6655 (On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5. ...) NOT-FOR-US: F5 CVE-2019-6654 (On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11 ...) NOT-FOR-US: F5 CVE-2019-6653 (There is a Stored Cross Site Scripting vulnerability in the undisclose ...) NOT-FOR-US: F5 CVE-2019-6652 (In BIG-IQ 6.0.0-6.1.0, services for stats do not require authenticatio ...) NOT-FOR-US: F5 CVE-2019-6651 (In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...) NOT-FOR-US: F5 CVE-2019-6650 (F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1. ...) NOT-FOR-US: F5 CVE-2019-6649 (F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 1 ...) NOT-FOR-US: F5 CVE-2019-6648 (On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Ser ...) NOT-FOR-US: F5 CVE-2019-6647 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1 ...) NOT-FOR-US: F5 CVE-2019-6646 (On BIG-IP 11.5.2-11.6.4 and Enterprise Manager 3.1.1, REST users with ...) NOT-FOR-US: F5 CVE-2019-6645 (On BIG-IP 14.0.0-14.1.0.5, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6 ...) NOT-FOR-US: F5 CVE-2019-6644 (Similar to the issue identified in CVE-2018-12120, on versions 14.1.0- ...) NOT-FOR-US: F5 CVE-2019-6643 (On versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12 ...) NOT-FOR-US: F5 CVE-2019-6642 (In BIG-IP 15.0.0, 14.0.0-14.1.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.2, a ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6641 (On BIG-IP 12.1.0-12.1.4.1, undisclosed requests can cause iControl RES ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6640 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6639 (On BIG-IP (AFM, PEM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6638 (On BIG-IP 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, Malformed http requests ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6637 (On BIG-IP (ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6636 (On BIG-IP (AFM, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6635 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6634 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6633 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6632 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6631 (On BIG-IP 11.5.1-11.6.4, iRules performing HTTP header manipulation ma ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6630 (On F5 SSL Orchestrator 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, undisclose ...) NOT-FOR-US: F5 SSL Orchestrator CVE-2019-6629 (On BIG-IP 14.1.0-14.1.0.5, undisclosed SSL traffic to a virtual server ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6628 (On BIG-IP PEM 14.1.0-14.1.0.5 and 14.0.0-14.0.0.4, under certain condi ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6627 (On F5 SSL Orchestrator 14.1.0-14.1.0.5, on rare occasions, specific to ...) NOT-FOR-US: F5 SSL Orchestrator CVE-2019-6626 (On BIG-IP (AFM, Analytics, ASM) 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6625 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6624 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6623 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6622 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6621 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6620 (On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.5, 13.0.0-13.1.1.4, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6619 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Tra ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6618 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6617 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6616 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6615 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6614 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, interna ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6613 (On BIG-IP 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2- ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6612 (On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6611 (When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6610 (On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6609 (Platform dependent weakness. This issue only impacts iSeries platforms ...) NOT-FOR-US: BIG-IP APM CVE-2019-6608 (On BIG-IP 11.5.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1.1.1, and 14.0.0-14 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6607 (On BIG-IP ASM 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, 13.0.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6606 (On BIG-IP 11.5.1-11.6.3.4, 12.1.0-12.1.3.7, 13.0.0-13.1.1.3, and 14.0. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6605 (On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed seq ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6604 (On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6603 (In BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3, and 13.0.0-13.0 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6602 (In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility l ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6601 (In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6600 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, 11.6.1-11 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6599 (In BIG-IP 11.6.1-11.6.3.2 or 11.5.1-11.5.8, or Enterprise Manager 3.1. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6598 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6597 (In BIG-IP 13.0.0-13.1.1.1, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6596 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11 ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6595 (Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Ma ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6594 (On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6593 (On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configur ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6592 (On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file whe ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6591 (On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12. ...) NOT-FOR-US: BIG-IP CVE-2019-6590 (On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain c ...) NOT-FOR-US: BIG-IP CVE-2019-6589 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6. ...) NOT-FOR-US: F5 BIG-IP CVE-2019-6588 (In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in th ...) NOT-FOR-US: Liferay Portal CE CVE-2019-6587 RESERVED CVE-2019-6586 RESERVED CVE-2019-6585 (A vulnerability has been identified in SCALANCE S602 (All versions > ...) NOT-FOR-US: Siemens CVE-2019-6584 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0 ...) NOT-FOR-US: Siemens CVE-2019-6583 RESERVED CVE-2019-6582 (A vulnerability has been identified in Siveillance VMS 2017 R2 (All ve ...) NOT-FOR-US: Siemens CVE-2019-6581 (A vulnerability has been identified in Siveillance VMS 2017 R2 (All ve ...) NOT-FOR-US: Siemens CVE-2019-6580 (A vulnerability has been identified in Siveillance VMS 2017 R2 (All ve ...) NOT-FOR-US: Siemens CVE-2019-6579 (A vulnerability has been identified in Spectrum Power 4 (with Web Offi ...) NOT-FOR-US: Spectrum Power CVE-2019-6578 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 ...) NOT-FOR-US: Siemens CVE-2019-6577 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...) NOT-FOR-US: Siemens CVE-2019-6576 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...) NOT-FOR-US: Siemens CVE-2019-6575 (A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All ve ...) NOT-FOR-US: Siemens CVE-2019-6574 (A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 ...) NOT-FOR-US: Siemens CVE-2019-6573 RESERVED CVE-2019-6572 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...) NOT-FOR-US: Siemens CVE-2019-6571 (A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0 ...) NOT-FOR-US: Siemens CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2019-6569 (The monitor barrier of the affected products insufficiently blocks dat ...) NOT-FOR-US: Scalance CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...) NOT-FOR-US: Siemens CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2019-6566 (GE Communicator, all versions prior to 4.0.517, allows a non-administr ...) NOT-FOR-US: GE Communicator CVE-2019-6565 (Moxa IKS and EDS fails to properly validate user input, giving unauthe ...) NOT-FOR-US: Moxa CVE-2019-6564 (GE Communicator, all versions prior to 4.0.517, allows a non-administr ...) NOT-FOR-US: GE Communicator CVE-2019-6563 (Moxa IKS and EDS generate a predictable cookie calculated with an MD5 ...) NOT-FOR-US: Moxa CVE-2019-6562 (In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the softwa ...) NOT-FOR-US: Philips CVE-2019-6561 (Cross-site request forgery has been identified in Moxa IKS and EDS, wh ...) NOT-FOR-US: Moxa CVE-2019-6560 (In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and ...) NOT-FOR-US: Auto-Maskin RP210E CVE-2019-6559 (Moxa IKS and EDS allow remote authenticated users to cause a denial of ...) NOT-FOR-US: Moxa CVE-2019-6558 (In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and ...) NOT-FOR-US: Auto-Maskin RP210E CVE-2019-6557 (Several buffer overflow vulnerabilities have been identified in Moxa I ...) NOT-FOR-US: Moxa CVE-2019-6556 (When processing project files, the application (Omron CX-Programmer v9 ...) NOT-FOR-US: Omron CVE-2019-6555 (Cscape, 9.80 SP4 and prior. An improper input validation vulnerability ...) NOT-FOR-US: Cscape CVE-2019-6554 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper acces ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-6553 (A vulnerability was found in Rockwell Automation RSLinx Classic versio ...) NOT-FOR-US: Rockwell Automation CVE-2019-6552 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple command ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-6551 (Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior al ...) NOT-FOR-US: Pangea Communications Internet FAX ATA CVE-2019-6550 (Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-ba ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-6549 (An attacker could retrieve plain-text credentials stored in a XML file ...) NOT-FOR-US: PR100088 Modbus CVE-2019-6548 (GE Communicator, all versions prior to 4.0.517, contains two backdoor ...) NOT-FOR-US: GE Communicator CVE-2019-6547 (Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00 ...) NOT-FOR-US: Delta Industrial Automation CNCSoft CVE-2019-6546 (GE Communicator, all versions prior to 4.0.517, allows an attacker to ...) NOT-FOR-US: GE Communicator CVE-2019-6545 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...) NOT-FOR-US: AVEVA CVE-2019-6544 (GE Communicator, all versions prior to 4.0.517, has a service running ...) NOT-FOR-US: GE Communicator CVE-2019-6543 (AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and I ...) NOT-FOR-US: AVEVA CVE-2019-6542 (ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior t ...) NOT-FOR-US: ENTTEC firmware CVE-2019-6541 (A memory corruption vulnerability has been identified in WECON LeviStu ...) NOT-FOR-US: WECON CVE-2019-6540 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...) NOT-FOR-US: Medtronic CVE-2019-6539 (Several heap-based buffer overflow vulnerabilities in WECON LeviStudio ...) NOT-FOR-US: WECON CVE-2019-6538 (The Conexus telemetry protocol utilized within Medtronic MyCareLink Mo ...) NOT-FOR-US: Medtronic CVE-2019-6537 (Multiple stack-based buffer overflow vulnerabilities in WECON LeviStud ...) NOT-FOR-US: WECON CVE-2019-6536 (Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file ...) NOT-FOR-US: LCDS CVE-2019-6535 (Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and pri ...) NOT-FOR-US: Mitsubishi Electric MELSEC-Q Series PLCs CVE-2019-6534 (The uncontrolled search path element vulnerability in Gemalto Sentinel ...) NOT-FOR-US: Gemalto Sentinel UltraPro Client Library ux32w.dll CVE-2019-6533 (Registers used to store Modbus values can be read and written from the ...) NOT-FOR-US: PR100088 Modbus CVE-2019-6532 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created ...) NOT-FOR-US: Panasonic CVE-2019-6531 (An attacker could retrieve passwords from a HTTP GET request from the ...) NOT-FOR-US: Kunbus CVE-2019-6530 (Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created ...) NOT-FOR-US: Panasonic CVE-2019-6529 (An attacker could specially craft an FTP request that could crash the ...) NOT-FOR-US: Kunbus CVE-2019-6528 (PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit fa ...) NOT-FOR-US: PSI GridConnect GmbH CVE-2019-6527 (PR100088 Modbus gateway versions prior to Release R02 (or Software Ver ...) NOT-FOR-US: PR100088 Modbus CVE-2019-6526 (Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version ...) NOT-FOR-US: Moxa CVE-2019-6525 (AVEVA Wonderware System Platform 2017 Update 2 and prior uses an Arche ...) NOT-FOR-US: AVEVA Wonderware System Platform CVE-2019-6524 (Moxa IKS and EDS do not implement sufficient measures to prevent multi ...) NOT-FOR-US: Moxa CVE-2019-6523 (WebAccess/SCADA, Version 8.3. The software does not properly sanitize ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-6522 (Moxa IKS and EDS fails to properly check array bounds which may allow ...) NOT-FOR-US: Moxa CVE-2019-6521 (WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-6520 (Moxa IKS and EDS does not properly check authority on server side, whi ...) NOT-FOR-US: Moxa CVE-2019-6519 (WebAccess/SCADA, Version 8.3. An improper authentication vulnerability ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-6518 (Moxa IKS and EDS store plaintext passwords, which may allow sensitive ...) NOT-FOR-US: Moxa CVE-2019-6517 (BD FACSLyric Research Use Only, Windows 10 Professional Operating Syst ...) NOT-FOR-US: BD FACSLyric CVE-2019-6516 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible ...) NOT-FOR-US: WSO2 CVE-2019-6515 (An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents ...) NOT-FOR-US: WSO2 CVE-2019-6514 (An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible ...) NOT-FOR-US: WSO2 CVE-2019-6513 (An issue was discovered in WSO2 API Manager 2.6.0. It is possible for ...) NOT-FOR-US: WSO2 CVE-2019-6512 (An issue was discovered in WSO2 API Manager 2.6.0. It is possible to f ...) NOT-FOR-US: WSO2 CVE-2019-6511 RESERVED CVE-2019-6510 (An issue was discovered in creditease-sec insight through 2018-09-11. ...) NOT-FOR-US: creditease-sec CVE-2019-6509 (An issue was discovered in creditease-sec insight through 2018-09-11. ...) NOT-FOR-US: creditease-sec CVE-2019-6508 (An issue was discovered in creditease-sec insight through 2018-09-11. ...) NOT-FOR-US: creditease-sec CVE-2019-6507 (An issue was discovered in creditease-sec insight through 2018-09-11. ...) NOT-FOR-US: creditease-sec CVE-2019-6506 (SuiteCRM before 7.8.28, 7.9.x and 7.10.x before 7.10.15, and 7.11.x be ...) NOT-FOR-US: SalesAgility SuiteCRM CVE-2019-6505 RESERVED CVE-2019-6504 (Insufficient output sanitization in the Automic Web Interface (AWI), i ...) NOT-FOR-US: CA Automic Workload Automation CVE-2019-6503 (There is a deserialization vulnerability in Chatopera cosin v3.10.0. A ...) NOT-FOR-US: Chatopera cosin CVE-2019-6502 (sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory ...) - opensc 0.20.0-1 (unimportant) NOTE: https://github.com/OpenSC/OpenSC/issues/1586 NOTE: https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9 (0.20.0-rc1) NOTE: Negligible security impact, assigning a CVE seems out of proportion... CVE-2019-1003004 (An improper authorization vulnerability exists in Jenkins 2.158 and ea ...) - jenkins CVE-2019-1003003 (An improper authorization vulnerability exists in Jenkins 2.158 and ea ...) - jenkins CVE-2019-1003002 (A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003001 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 ...) NOT-FOR-US: Jenkins plugin CVE-2019-1003000 (A sandbox bypass vulnerability exists in Script Security Plugin 1.49 a ...) NOT-FOR-US: Jenkins plugin CVE-2019-6501 (In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allow ...) - qemu 1:3.1+dfsg-3 (bug #920222) [stretch] - qemu (vulnerable code introduced later) [jessie] - qemu (vulnerable code introduced later) - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg02324.html NOTE: Code introduced by https://git.qemu.org/?p=qemu.git;a=commit;h=6c219fc8a1 , NOTE: but but the overflow was already possible before. NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e909ff93698851777faac3c45d03c1b73f311ea6 NOTE: Overflow introduced by https://git.qemu.org/?p=qemu.git;a=commit;h=a71c775b24, NOTE: vulnerability not present prior 2.12.50 CVE-2019-6500 (In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Trav ...) NOT-FOR-US: Axway File Transfer Direct CVE-2019-6499 (Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcode ...) NOT-FOR-US: Teradata Viewpoint CVE-2019-6498 (GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in d ...) NOT-FOR-US: GattLib CVE-2019-6497 (Hotels_Server through 2018-11-05 has SQL Injection via the controller/ ...) NOT-FOR-US: Hotels_Server CVE-2019-6496 (The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88 ...) NOT-FOR-US: ThreadX-based firmware on Marvell Avastar Wi-Fi devices CVE-2019-6495 RESERVED CVE-2019-6494 (IMFForceDelete.sys in IObit Malware Fighter 6.2 allows a low privilege ...) NOT-FOR-US: IObit Malware Fighter CVE-2019-6493 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...) NOT-FOR-US: IObit Smart Defrag CVE-2019-6492 (SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an exe ...) NOT-FOR-US: IObit Smart Defrag CVE-2019-6491 (RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection. ...) NOT-FOR-US: RISI Gestao de Horarios CVE-2019-6490 RESERVED CVE-2019-6489 (Certain Lexmark CX, MX, X, XC, XM, XS, and 6500e devices before 2019-0 ...) NOT-FOR-US: Lexmark CVE-2019-6488 (The string component in the GNU C Library (aka glibc or libc6) through ...) - glibc 2.28-6 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24097 NOTE: x32 not officially supported CVE-2019-6487 (TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3. ...) NOT-FOR-US: TP-Link CVE-2019-6486 (Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 e ...) {DSA-4380-1 DSA-4379-1 DLA-1664-1} - golang-1.12 1.12~beta2-2 (bug #920548) - golang-1.11 1.11.5-1 - golang-1.10 - golang-1.8 - golang-1.7 - golang NOTE: https://groups.google.com/forum/m/#!topic/golang-announce/mVeX35iXuSw NOTE: https://golang.org/issue/29903 NOTE: https://github.com/golang/go/commit/42b42f71 CVE-2019-6485 (Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60 ...) NOT-FOR-US: Citrix CVE-2019-6484 RESERVED CVE-2019-6338 (In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8. ...) {DSA-4370-1 DLA-1685-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2019-001 CVE-2019-6339 (In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8. ...) {DSA-4370-1 DLA-1659-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2019-002 CVE-2019-6483 RESERVED CVE-2019-6482 RESERVED CVE-2019-6481 (Abine Blur 7.8.2431 allows remote attackers to conduct "Second-Factor ...) NOT-FOR-US: Abine Blur CVE-2019-6480 RESERVED CVE-2019-6479 REJECTED CVE-2019-6478 REJECTED CVE-2019-6477 (With pipelining enabled each incoming query on a TCP connection requir ...) - bind9 1:9.11.14+dfsg-1 (bug #945171) [buster] - bind9 1:9.11.5.P4+dfsg-5.1+deb10u1 [stretch] - bind9 (Vulnerable code not present, no TCP pipelining support) [jessie] - bind9 (Vulnerable code not present) NOTE: https://kb.isc.org/docs/cve-2019-6477 CVE-2019-6476 (A defect in code added to support QNAME minimization can cause named t ...) - bind9 (Vulnerable code not present) NOTE: https://kb.isc.org/docs/cve-2019-6476 CVE-2019-6475 (Mirror zones are a BIND feature allowing recursive servers to pre-cach ...) - bind9 (Vulnerable code not present) NOTE: https://kb.isc.org/docs/cve-2019-6475 CVE-2019-6474 (A missing check on incoming client requests can be exploited to cause ...) - isc-kea 1.7.5-1 (bug #936040) [stretch] - isc-kea (Minor issue) NOTE: https://kb.isc.org/docs/cve-2019-6474 CVE-2019-6473 (An invalid hostname option can trigger an assertion failure in the Kea ...) - isc-kea 1.7.5-1 (bug #936040) [stretch] - isc-kea (Minor issue) NOTE: https://kb.isc.org/docs/cve-2019-6473 CVE-2019-6472 (A packet containing a malformed DUID can cause the Kea DHCPv6 server p ...) - isc-kea 1.7.5-1 (bug #936040) [stretch] - isc-kea (Minor issue) NOTE: https://kb.isc.org/docs/cve-2019-6472 CVE-2019-6471 (A race condition which may occur when discarding malformed packets can ...) - bind9 1:9.11.5.P4+dfsg-5.1 (bug #930746) [stretch] - bind9 (Only affects 9.11 and later) [jessie] - bind9 (Only affects 9.11 and later) NOTE: https://kb.isc.org/v1/docs/cve-2019-6471 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/60c42f849d520564ed42e5ed0ba46b4b69c07712 (master) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb80d4a609b86427406d9dd783199920b5b (v9_11) CVE-2019-6470 (There had existed in one of the ISC BIND libraries a bug in a function ...) - isc-dhcp 4.4.1-2 (bug #896122) [stretch] - isc-dhcp (Issue triggerable only when build against bind >= 9.11.3) [jessie] - isc-dhcp (Issue triggerable only when build against bind >= 9.11.3) NOTE: https://bugs.isc.org/Public/Ticket/Display.html?id=48804 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1641246 NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/isc-dhcp/%2Bbug/1781699 NOTE: Issue is caused by https://gitlab.isc.org/wpk/bind9/commit/65a483106e45704e19781bfe4f4634db4f77562e NOTE: isc-dhcp builds against system bind library, and commit for upstream NOTE: issue 4829 is first introduced in 9.11.3+dfsg-1. The underlying issue NOTE: is only uncovered when build gainst versions >= 9.11.3. CVE-2019-6469 (An error in the EDNS Client Subnet (ECS) feature for recursive resolve ...) - bind9 (Only affects Supported Preview Edition/Subscription Edition) NOTE: https://kb.isc.org/docs/cve-2019-6469 CVE-2019-6468 (In BIND Supported Preview Edition, an error in the nxdomain-redirect f ...) - bind9 (Only affects Supported Preview Edition/Subscription Edition) NOTE: https://kb.isc.org/docs/cve-2019-6468 CVE-2019-6467 (A programming error in the nxdomain-redirect feature can cause an asse ...) - bind9 (Vulnerable code only present in 9.12 onwards) NOTE: https://kb.isc.org/docs/cve-2019-6467 CVE-2019-6466 REJECTED CVE-2019-6465 (Controls for zone transfers may not be properly applied to Dynamically ...) {DSA-4440-1 DLA-1697-1} - bind9 1:9.11.5.P4+dfsg-1 (low; bug #922955) NOTE: https://kb.isc.org/docs/cve-2019-6465 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/a9307de85e147f4756c75d15aa221d2262df7d67 CVE-2019-6464 RESERVED CVE-2019-6463 RESERVED CVE-2019-6462 (An issue was discovered in cairo 1.16.0. There is an infinite loop in ...) - cairo (low; bug #929945) [bullseye] - cairo (Minor issue) [buster] - cairo (Minor issue) [stretch] - cairo (Minor issue) [jessie] - cairo (Minor issue) NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/353 CVE-2019-6461 (An issue was discovered in cairo 1.16.0. There is an assertion problem ...) - cairo (low; bug #929944) [bullseye] - cairo (Minor issue) [buster] - cairo (Minor issue) [stretch] - cairo (Minor issue) [jessie] - cairo (Minor issue) NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/352 CVE-2019-6460 (An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-6459 (An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-6458 (An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-6457 (An issue was discovered in GNU Recutils 1.8. There is a memory leak in ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-6456 (An issue was discovered in GNU Recutils 1.8. There is a NULL pointer d ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-6455 (An issue was discovered in GNU Recutils 1.8. There is a double-free pr ...) - recutils (unimportant) NOTE: Negligible security impact CVE-2019-6454 (An issue was discovered in sd-bus in systemd 239. bus_process_object() ...) {DSA-4393-1 DLA-1684-1} - systemd 240-6 NOTE: https://www.openwall.com/lists/oss-security/2019/02/18/3 NOTE: https://github.com/systemd/systemd/commit/798ebaf9aea9b8ae3b8a0cc2702bc8de71acb3c6 NOTE: https://github.com/systemd/systemd/commit/6d586a13717ae057aa1b4127400c3de61cd5b9e7 NOTE: https://github.com/systemd/systemd/commit/f519a19bcd5afe674a9b8fc462cd77d8bad403c1 CVE-2019-6453 (mIRC before 7.55 allows remote command execution by using argument inj ...) NOT-FOR-US: mIRC CVE-2019-6452 (Kyocera Command Center RX TASKalfa4501i and TASKalfa5052ci allows remo ...) NOT-FOR-US: Kyocera Command Center CVE-2019-6451 (On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthe ...) NOT-FOR-US: SOYAL AR-727H and AR-829Ev5 devices CVE-2019-6450 RESERVED CVE-2019-6449 RESERVED CVE-2019-6448 RESERVED CVE-2019-6447 (The ES File Explorer File Manager application through 4.1.9.7.4 for An ...) NOT-FOR-US: ES File Explorer File Manager application CVE-2019-6446 - python-numpy 1:1.10.4-1 [jessie] - python-numpy (Minor issue) NOTE: https://github.com/numpy/numpy/issues/12759 NOTE: For upstream this works as intended and is documented. NOTE: https://github.com/numpy/numpy/commit/a2bd3a7eabfe053d6d16a2130fdcad9e5211f6bb NOTE: added support to disable use of picke in load/save, marking that as the fixed NOTE: version. The use of that is at the discretion of anyone using numpy NOTE: Further discussion at https://github.com/numpy/numpy/pull/12889 CVE-2019-6445 (An issue was discovered in NTPsec before 1.1.3. An authenticated attac ...) - ntpsec 1.1.3+dfsg1-1 (bug #919513) NOTE: https://gitlab.com/NTPsec/ntpsec/issues/509 NOTE: https://gitlab.com/NTPsec/ntpsec/commit/acb2ecdcabad2ab42e9c6352999e174dd102eb3f CVE-2019-6444 (An issue was discovered in NTPsec before 1.1.3. process_control() in n ...) - ntpsec 1.1.3+dfsg1-1 (bug #919513) CVE-2019-6443 (An issue was discovered in NTPsec before 1.1.3. Because of a bug in ct ...) - ntpsec 1.1.3+dfsg1-1 (bug #919513) CVE-2019-6442 (An issue was discovered in NTPsec before 1.1.3. An authenticated attac ...) - ntpsec 1.1.3+dfsg1-1 (bug #919513) CVE-2019-6441 (An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0 ...) NOT-FOR-US: Shenzhen Coship devices CVE-2019-6440 (Zemana AntiMalware before 3.0.658 Beta mishandles update logic. ...) NOT-FOR-US: Zemana AntiMalware CVE-2019-6439 (examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through ...) - wolfssl 4.1.0+dfsg-1 (unimportant) NOTE: https://github.com/wolfSSL/wolfssl/issues/2032 NOTE: Issue only in example code CVE-2019-6438 (SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bi ...) {DLA-2143-1} - slurm-llnl 18.08.5.2-1 (low; bug #920997) [stretch] - slurm-llnl 16.05.9-1+deb9u3 NOTE: https://www.schedmd.com/news.php?id=213 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2019/000018.html NOTE: https://github.com/SchedMD/slurm/commit/750cc23edcc6fddfff21d33bdaf4fb7deb28cfda NOTE: https://github.com/SchedMD/slurm/commit/a8159065d1a57d6eadf802efa6837ebf4e56f671 CVE-2019-6437 RESERVED CVE-2019-6436 RESERVED CVE-2019-6435 RESERVED CVE-2019-6434 RESERVED CVE-2019-6433 RESERVED CVE-2019-6432 RESERVED CVE-2019-6431 RESERVED CVE-2019-6430 RESERVED CVE-2019-6429 RESERVED CVE-2019-6428 RESERVED CVE-2019-6427 RESERVED CVE-2019-6426 RESERVED CVE-2019-6425 RESERVED CVE-2019-6424 RESERVED CVE-2019-6423 RESERVED CVE-2019-6422 RESERVED CVE-2019-6421 RESERVED CVE-2019-6420 RESERVED CVE-2019-6419 RESERVED CVE-2019-6418 RESERVED CVE-2019-6417 RESERVED CVE-2019-6416 RESERVED CVE-2019-6415 RESERVED CVE-2019-6414 RESERVED CVE-2019-6413 RESERVED CVE-2019-6412 RESERVED CVE-2019-6411 RESERVED CVE-2019-6410 RESERVED CVE-2019-6409 RESERVED CVE-2019-6408 RESERVED CVE-2019-6407 RESERVED CVE-2019-6406 RESERVED CVE-2019-6405 RESERVED CVE-2019-6404 RESERVED CVE-2019-6403 RESERVED CVE-2019-6402 RESERVED CVE-2019-6401 RESERVED CVE-2019-6400 RESERVED CVE-2019-6399 RESERVED CVE-2019-6398 RESERVED CVE-2019-6397 RESERVED CVE-2019-6396 RESERVED CVE-2019-6395 RESERVED CVE-2019-6394 RESERVED CVE-2019-6393 RESERVED CVE-2019-6392 RESERVED CVE-2019-6391 RESERVED CVE-2019-6390 RESERVED CVE-2019-6389 RESERVED CVE-2019-6388 RESERVED CVE-2019-6387 RESERVED CVE-2019-6386 RESERVED CVE-2019-6385 RESERVED CVE-2019-6384 RESERVED CVE-2019-6383 RESERVED CVE-2019-6382 RESERVED CVE-2019-6381 RESERVED CVE-2019-6380 RESERVED CVE-2019-6379 RESERVED CVE-2019-6378 RESERVED CVE-2019-6377 RESERVED CVE-2019-6376 RESERVED CVE-2019-6375 RESERVED CVE-2019-6374 RESERVED CVE-2019-6373 RESERVED CVE-2019-6372 RESERVED CVE-2019-6371 RESERVED CVE-2019-6370 RESERVED CVE-2019-6369 RESERVED CVE-2019-6368 RESERVED CVE-2019-6367 RESERVED CVE-2019-6366 RESERVED CVE-2019-6365 RESERVED CVE-2019-6364 RESERVED CVE-2019-6363 RESERVED CVE-2019-6362 RESERVED CVE-2019-6361 RESERVED CVE-2019-6360 RESERVED CVE-2019-6359 RESERVED CVE-2019-6358 RESERVED CVE-2019-6357 RESERVED CVE-2019-6356 RESERVED CVE-2019-6355 RESERVED CVE-2019-6354 RESERVED CVE-2019-6353 RESERVED CVE-2019-6352 RESERVED CVE-2019-6351 RESERVED CVE-2019-6350 RESERVED CVE-2019-6349 RESERVED CVE-2019-6348 RESERVED CVE-2019-6347 RESERVED CVE-2019-6346 RESERVED CVE-2019-6345 RESERVED CVE-2019-6344 RESERVED CVE-2019-6343 RESERVED CVE-2019-6342 (An access bypass vulnerability exists when the experimental Workspaces ...) - drupal7 (Drupal 7 not affected) NOTE: https://www.drupal.org/sa-core-2019-008 CVE-2019-6340 (Some field types do not properly sanitize data from non-form sources i ...) - drupal7 (Drupal 7 core not affected) NOTE: https://www.drupal.org/sa-core-2019-003 CVE-2019-6337 (For the printers listed a maliciously crafted print file might cause c ...) NOT-FOR-US: HP Inkjet printers CVE-2019-6336 RESERVED CVE-2019-6335 (A potential security vulnerability has been identified with Samsung La ...) NOT-FOR-US: Samsung Laser Printers CVE-2019-6334 (HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Prin ...) NOT-FOR-US: HP printers CVE-2019-6333 (A potential security vulnerability has been identified with certain ve ...) NOT-FOR-US: HP Touchpoint Analytics CVE-2019-6332 (A potential security vulnerability has been identified with certain HP ...) NOT-FOR-US: HP InkJet printers CVE-2019-6331 (An issue was found in Samsung Mobile Print (Android) versions prior to ...) NOT-FOR-US: HP CVE-2019-6330 (A potential security vulnerability has been identified in the software ...) NOT-FOR-US: HP Access Control CVE-2019-6329 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...) NOT-FOR-US: HP Support Assistant CVE-2019-6328 (HP Support Assistant 8.7.50 and earlier allows a user to gain system p ...) NOT-FOR-US: HP Support Assistant CVE-2019-6327 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...) NOT-FOR-US: HP CVE-2019-6326 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...) NOT-FOR-US: HP CVE-2019-6325 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...) NOT-FOR-US: HP CVE-2019-6324 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...) NOT-FOR-US: HP CVE-2019-6323 (HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v ...) NOT-FOR-US: HP CVE-2019-6322 (HP has identified a security vulnerability with some versions of Works ...) NOT-FOR-US: HP CVE-2019-6321 (HP has identified a security vulnerability with some versions of Works ...) NOT-FOR-US: HP CVE-2019-6320 (Certain HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4 ...) NOT-FOR-US: HP DeskJet 3630 All-in-One Printers models CVE-2019-6319 (HP DeskJet 3630 All-in-One Printers models F5S43A - F5S57A, K4T93A - K ...) NOT-FOR-US: HP DeskJet 3630 All-in-One Printers models CVE-2019-6318 (HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP L ...) NOT-FOR-US: HP CVE-2019-6317 RESERVED CVE-2019-6316 RESERVED CVE-2019-6315 RESERVED CVE-2019-6314 RESERVED CVE-2019-6313 RESERVED CVE-2019-6312 RESERVED CVE-2019-6311 RESERVED CVE-2019-6310 RESERVED CVE-2019-6309 RESERVED CVE-2019-6308 RESERVED CVE-2019-6307 RESERVED CVE-2019-6306 RESERVED CVE-2019-6305 RESERVED CVE-2019-6304 RESERVED CVE-2019-6303 RESERVED CVE-2019-6302 RESERVED CVE-2019-6301 RESERVED CVE-2019-6300 RESERVED CVE-2019-6299 RESERVED CVE-2019-6298 RESERVED CVE-2019-6297 RESERVED CVE-2019-6296 (Cleanto 5.0 has SQL Injection via the assets/lib/export_ajax.php id pa ...) NOT-FOR-US: Cleanto CVE-2019-6295 (Cleanto 5.0 has SQL Injection via the assets/lib/service_method_ajax.p ...) NOT-FOR-US: Cleanto CVE-2019-6294 (An issue was discovered in EasyCMS 1.5. There is CSRF via the index.ph ...) NOT-FOR-US: EasyCMS CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in nf ...) - flex (unimportant; bug #919428) NOTE: https://github.com/westes/flex/issues/414 NOTE: Negligible security impact CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYam ...) - yaml-cpp 0.6.3-1 (low; bug #919430) [buster] - yaml-cpp (Minor issue) [stretch] - yaml-cpp (Minor issue) [jessie] - yaml-cpp (Minor issue) - yaml-cpp0.3 [stretch] - yaml-cpp0.3 (Minor issue) [jessie] - yaml-cpp0.3 (Minor issue) NOTE: https://github.com/jbeder/yaml-cpp/issues/657 CVE-2019-6291 (An issue was discovered in the function expr6 in eval.c in Netwide Ass ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392549 NOTE: Crash in CLI tool, no security impact CVE-2019-6290 (An infinite recursion issue was discovered in eval.c in Netwide Assemb ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392548 NOTE: Crash in CLI tool, no security impact CVE-2019-6289 (uploads/include/dialog/select_soft.php in DedeCMS V57_UTF8_SP2 allows ...) NOT-FOR-US: DedeCMS CVE-2019-6288 (Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Comman ...) NOT-FOR-US: Edgecore ECS2020 Firmware CVE-2019-6287 (In Rancher 2.0.0 through 2.1.5, project members have continued access ...) NOT-FOR-US: Rancher CVE-2019-6286 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...) - libsass 3.5.5-3 (low) [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/2815 CVE-2019-6285 (The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibY ...) - yaml-cpp 0.6.3-1 (low; bug #919432) [buster] - yaml-cpp (Minor issue) [stretch] - yaml-cpp (Minor issue) [jessie] - yaml-cpp (Minor issue) - yaml-cpp0.3 [stretch] - yaml-cpp0.3 (Minor issue) [jessie] - yaml-cpp0.3 (Minor issue) NOTE: https://github.com/jbeder/yaml-cpp/issues/660 CVE-2019-6284 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...) - libsass 3.5.5-3 (low) [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/2816 CVE-2019-6283 (In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelex ...) - libsass 3.5.5-3 (low) [stretch] - libsass (Minor issue) NOTE: https://github.com/sass/libsass/issues/2814 CVE-2019-6282 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W ...) NOT-FOR-US: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices CVE-2019-6281 RESERVED CVE-2019-6280 RESERVED CVE-2019-6279 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W ...) NOT-FOR-US: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices CVE-2019-6278 (XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with ...) NOT-FOR-US: JPress CVE-2019-6277 RESERVED CVE-2019-6276 RESERVED CVE-2019-6275 (Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-L ...) NOT-FOR-US: GL.iNet GL-AR300M-Lite devices CVE-2019-6274 (Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M- ...) NOT-FOR-US: GL.iNet GL-AR300M-Lite devices CVE-2019-6273 (download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 all ...) NOT-FOR-US: GL.iNet GL-AR300M-Lite devices CVE-2019-6272 (Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite ...) NOT-FOR-US: GL.iNet GL-AR300M-Lite devices CVE-2019-6271 RESERVED CVE-2019-6270 RESERVED CVE-2019-6269 RESERVED CVE-2019-6268 RESERVED CVE-2019-6267 (The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPre ...) NOT-FOR-US: Premium WP Suite Easy Redirect Manager plugin for WordPress CVE-2019-6266 (Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affe ...) NOT-FOR-US: Cordaware bestinformed CVE-2019-6265 (The Scripting and AutoUpdate functionality in Cordaware bestinformed M ...) NOT-FOR-US: Cordaware bestinformed CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping i ...) NOT-FOR-US: Joomla! CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...) NOT-FOR-US: Joomla! CVE-2019-6262 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...) NOT-FOR-US: Joomla! CVE-2019-6261 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping i ...) NOT-FOR-US: Joomla! CVE-2019-6260 (The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) ha ...) NOT-FOR-US: ASPEED CVE-2019-6259 (An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injec ...) NOT-FOR-US: idreamsoft iCMS CVE-2019-6258 (D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow ...) NOT-FOR-US: D-Link CVE-2019-6257 (A Server Side Request Forgery (SSRF) vulnerability in elFinder before ...) NOT-FOR-US: elFinder CVE-2019-6256 (A Denial of Service issue was discovered in the LIVE555 Streaming Medi ...) {DSA-4408-1 DLA-1690-1} - liblivemedia 2018.11.26-1 (bug #919529) NOTE: https://github.com/rgaufman/live555/issues/19 CVE-2019-6255 RESERVED CVE-2019-6254 RESERVED CVE-2019-6253 RESERVED CVE-2019-6252 RESERVED CVE-2019-6251 (WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to add ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://gitlab.gnome.org/GNOME/epiphany/issues/532 NOTE: https://bugs.webkit.org/show_bug.cgi?id=194131 NOTE: https://bugs.webkit.org/show_bug.cgi?id=194208 NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-6249 (An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerabilit ...) NOT-FOR-US: HuCart CVE-2019-6250 (A pointer overflow, with code execution, was discovered in ZeroMQ libz ...) {DSA-4368-1} - zeromq3 4.3.1-1 (bug #919098) [jessie] - zeromq3 (Vulnerable code introduced later) NOTE: https://github.com/zeromq/libzmq/issues/3351 CVE-2019-6248 (PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 ...) NOT-FOR-US: PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script CVE-2019-6247 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...) - svgpp (unimportant; bug #919321) NOTE: https://github.com/svgpp/svgpp/issues/70 NOTE: Issue only in src:svgpp which does not call the AGG-API in correct way. NOTE: No security impact, only used to build examples, see #921097 CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the ...) - svgpp 1.2.3+dfsg1-5 (bug #919321) NOTE: https://github.com/svgpp/svgpp/issues/70 CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...) {DLA-1656-1} - agg 1:2.4-r127+dfsg1-1 (low; bug #919322) [stretch] - agg (Minor issue) - svgpp (unimportant; bug #919321) NOTE: https://github.com/svgpp/svgpp/issues/70 NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/ NOTE: and possibly already fixed with the inclusion of 05-fix-recursion-crash.patch NOTE: in 2.5+dfsg1-3. NOTE: No security impact on svgpp, only used to build examples, see #921097 CVE-2019-6244 (An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t ...) NOT-FOR-US: UsualToolCMS CVE-2019-6243 (Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin ...) NOT-FOR-US: Frog CMS CVE-2019-6242 (** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read t ...) NOT-FOR-US: Kentico CVE-2019-6241 (In Bevywise MQTTRoute 1.1 build 1018-002, a connect packet combined wi ...) NOT-FOR-US: Bevywise MQTTRoute CVE-2019-6240 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) - gitlab 11.5.7+dfsg-1 (bug #919822) NOTE: https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/ CVE-2019-6239 (This issue was addressed with improved handling of file metadata. This ...) NOT-FOR-US: Apple CVE-2019-6238 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2019-6237 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-6236 (A race condition existed during the installation of iCloud for Windows ...) NOT-FOR-US: Apple CVE-2019-6235 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-6234 (A memory corruption issue was addressed with improved memory handling. ...) - webkit2gtk 2.22.4-1 (unimportant) NOTE: Not covered by security support CVE-2019-6233 (A memory corruption issue was addressed with improved memory handling. ...) - webkit2gtk 2.22.4-1 (unimportant) NOTE: Not covered by security support CVE-2019-6232 (A race condition existed during the installation of iTunes for Windows ...) NOT-FOR-US: Apple CVE-2019-6231 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-6230 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2019-6229 (A logic issue was addressed with improved validation. This issue is fi ...) - webkit2gtk 2.22.5-1 (unimportant) NOTE: Not covered by security support CVE-2019-6228 (A cross-site scripting issue existed in Safari. This issue was address ...) NOT-FOR-US: Apple Safari CVE-2019-6227 (A memory corruption issue was addressed with improved memory handling. ...) - webkit2gtk 2.22.5-1 (unimportant) NOTE: Not covered by security support CVE-2019-6226 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.22.0-2 (unimportant) NOTE: Not covered by security support CVE-2019-6225 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-6224 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2019-6223 (A logic issue existed in the handling of Group FaceTime calls. The iss ...) NOT-FOR-US: Apple CVE-2019-6222 (A consistency issue was addressed with improved state handling. This i ...) NOT-FOR-US: Apple CVE-2019-6221 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-6220 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-6219 (A denial of service issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-6218 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-6217 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.22.5-1 (unimportant) NOTE: Not covered by security support CVE-2019-6216 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.22.5-1 (unimportant) NOTE: Not covered by security support CVE-2019-6215 (A type confusion issue was addressed with improved memory handling. Th ...) - webkit2gtk 2.22.6-1 (unimportant) NOTE: Not covered by security support CVE-2019-6214 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2019-6213 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2019-6212 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.22.6-1 (unimportant) NOTE: Not covered by security support CVE-2019-6211 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-6210 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-6209 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2019-6208 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2019-6207 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2019-6206 (An issue existed with autofill resuming after it was canceled. The iss ...) NOT-FOR-US: autofill in iOS CVE-2019-6205 (A memory corruption issue was addressed with improved lock state check ...) NOT-FOR-US: Apple CVE-2019-6204 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2019-6203 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-6202 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-6201 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-6200 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-6199 RESERVED CVE-2019-6198 RESERVED CVE-2019-6197 RESERVED CVE-2019-6196 (A symbolic link vulnerability in some Lenovo installation packages, pr ...) NOT-FOR-US: Lenovo CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...) NOT-FOR-US: Lenovo CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in ...) NOT-FOR-US: Lenovo CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo XClarit ...) NOT-FOR-US: Lenovo CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power Management ...) NOT-FOR-US: Lenovo CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper software ver ...) NOT-FOR-US: Lenovo CVE-2019-6190 (Lenovo was notified of a potential denial of service vulnerability, af ...) NOT-FOR-US: Lenovo CVE-2019-6189 (A potential vulnerability was reported in Lenovo System Interface Foun ...) NOT-FOR-US: Lenovo CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) NOT-FOR-US: Lenovo CVE-2019-6187 (A stored CSV Injection vulnerability was reported in Lenovo XClarity C ...) NOT-FOR-US: Lenovo CVE-2019-6186 (A potential vulnerability was reported in Lenovo System Interface Foun ...) NOT-FOR-US: Lenovo CVE-2019-6185 RESERVED CVE-2019-6184 (A potential vulnerability in the discontinued Customer Engagement Serv ...) NOT-FOR-US: Lenovo CVE-2019-6183 (A denial of service vulnerability has been reported in Lenovo Energy M ...) NOT-FOR-US: Lenovo CVE-2019-6182 (A stored CSV Injection vulnerability was reported in Lenovo XClarity A ...) NOT-FOR-US: Lenovo CVE-2019-6181 (A reflected cross-site scripting (XSS) vulnerability was reported in L ...) NOT-FOR-US: Lenovo CVE-2019-6180 (A stored cross-site scripting (XSS) vulnerability was reported in Leno ...) NOT-FOR-US: Lenovo CVE-2019-6179 (An XML External Entity (XXE) processing vulnerability was reported in ...) NOT-FOR-US: Lenovo CVE-2019-6178 (An information leakage vulnerability in Iomega and LenovoEMC NAS produ ...) NOT-FOR-US: Iomega and LenovoEMC NAS products CVE-2019-6177 (A vulnerability reported in Lenovo Solution Center version 03.12.003, ...) NOT-FOR-US: Lenovo CVE-2019-6176 (A potential vulnerability reported in ThinkPad USB-C Dock Firmware ver ...) NOT-FOR-US: Lenovo CVE-2019-6175 (A denial of service vulnerability was reported in Lenovo System Update ...) NOT-FOR-US: Lenovo CVE-2019-6174 RESERVED CVE-2019-6173 (A DLL search path vulnerability could allow privilege escalation in so ...) NOT-FOR-US: Lenovo CVE-2019-6172 (A potential vulnerability in the SMI callback function used in Legacy ...) NOT-FOR-US: Lenovo CVE-2019-6171 (A vulnerability was reported in various BIOS versions of older ThinkPa ...) NOT-FOR-US: Lenovo CVE-2019-6170 (A potential vulnerability in the SMI callback function used in the Leg ...) NOT-FOR-US: Lenovo CVE-2019-6169 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...) NOT-FOR-US: Lenovo Service Bridge CVE-2019-6168 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...) NOT-FOR-US: Lenovo Service Bridge CVE-2019-6167 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...) NOT-FOR-US: Lenovo Service Bridge CVE-2019-6166 (A vulnerability reported in Lenovo Service Bridge before version 4.1.0 ...) NOT-FOR-US: Lenovo Service Bridge CVE-2019-6165 (A DLL search path vulnerability was reported in PaperDisplay Hotkey Se ...) NOT-FOR-US: Lenovo CVE-2019-6164 RESERVED CVE-2019-6163 (A denial of service vulnerability was reported in Lenovo System Update ...) NOT-FOR-US: Lenovo System Update CVE-2019-6162 RESERVED CVE-2019-6161 (An internal product security audit discovered a session handling vulne ...) NOT-FOR-US: Lenovo CVE-2019-6160 (A vulnerability in various versions of Iomega and LenovoEMC NAS produc ...) NOT-FOR-US: Iomega and LenovoEMC NAS products CVE-2019-6159 (A stored cross-site scripting (XSS) vulnerability exists in various fi ...) NOT-FOR-US: IBM CVE-2019-6158 (An internal product security audit of Lenovo XClarity Administrator (L ...) NOT-FOR-US: Lenovo XClarity Administrator (LXCA) CVE-2019-6157 (In various firmware versions of Lenovo System x, the integrated manage ...) NOT-FOR-US: Lenovo CVE-2019-6156 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...) NOT-FOR-US: Lenovo CVE-2019-6155 (A potential vulnerability was found in an SMI handler in various BIOS ...) NOT-FOR-US: Lenovo CVE-2019-6154 (A DLL search path vulnerability was reported in Lenovo Bootable Genera ...) NOT-FOR-US: Lenovo CVE-2019-6153 REJECTED CVE-2019-6152 REJECTED CVE-2019-6151 REJECTED CVE-2019-6150 REJECTED CVE-2019-6149 (An unquoted search path vulnerability was identified in Lenovo Dynamic ...) NOT-FOR-US: Lenovo CVE-2019-6148 RESERVED CVE-2019-6147 (Forcepoint NGFW Security Management Center (SMC) versions lower than 6 ...) NOT-FOR-US: Forcepoint NGFW Security Management Center CVE-2019-6146 (It has been reported that cross-site scripting (XSS) is possible in Fo ...) NOT-FOR-US: Forcepoint Web Security CVE-2019-6145 (Forcepoint VPN Client for Windows versions lower than 6.6.1 have an un ...) NOT-FOR-US: Forcepoint CVE-2019-6144 (This vulnerability allows a normal (non-admin) user to disable the For ...) NOT-FOR-US: Forcepoint CVE-2019-6143 (Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4 ...) NOT-FOR-US: Forcepoint Next Generation Firewall (Forcepoint NGFW) CVE-2019-6142 (It has been reported that XSS is possible in Forcepoint Email Security ...) NOT-FOR-US: Forcepoint CVE-2019-6141 RESERVED CVE-2019-6140 (A configuration issue has been discovered in Forcepoint Email Security ...) NOT-FOR-US: Forcepoint Email Security CVE-2019-6139 (Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbi ...) NOT-FOR-US: Forcepoint User ID (FUID) server CVE-2019-6138 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc and Memor ...) NOT-FOR-US: libIEC61850 CVE-2019-6137 (An issue was discovered in lib60870 2.1.1. LinkLayer_setAddress in lin ...) NOT-FOR-US: lib60870 CVE-2019-6136 (An issue has been found in libIEC61850 v1.3.1. Ethernet_setProtocolFil ...) NOT-FOR-US: libIEC61850 CVE-2019-6135 (An issue has been found in libIEC61850 v1.3.1. Memory_malloc in hal/me ...) NOT-FOR-US: libIEC61850 CVE-2019-6134 RESERVED CVE-2019-6133 (In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...) {DLA-1799-1 DLA-1644-1} - linux 4.19.16-1 [stretch] - linux 4.9.161-1 - policykit-1 0.105-25 (bug #918985) [stretch] - policykit-1 (Minor issue, kernel mitigation will land in next 4.9.x rebase) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 NOTE: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19 NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 NOTE: Issue can be mitigated in kernel with NOTE: https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf (landed in 4.9.150) CVE-2019-6132 (An issue was discovered in Bento4 v1.5.1-627. There is a memory leak i ...) NOT-FOR-US: Bento4 CVE-2019-6131 (svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack co ...) - mupdf 1.14.0+ds1-3 (bug #918970) [stretch] - mupdf (vulnerable code not present) [jessie] - mupdf (vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700442 NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b CVE-2019-6130 (Artifex MuPDF 1.14.0 has a SEGV in the function fz_load_page of the fi ...) {DLA-2289-1 DLA-1838-1} - mupdf 1.14.0+ds1-3 (bug #918971) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700446 NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?faf47b94e24314d74907f3f6bc874105f2c962ed CVE-2019-6129 (** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a ...) - libpng1.6 (unimportant) - libpng (unimportant) NOTE: https://github.com/glennrp/libpng/issues/269 NOTE: Memory leak in CLI tool, no security impact CVE-2019-6128 (The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory l ...) {DLA-2009-1} - tiff 4.0.10-4 (bug #921157; unimportant) - tiff3 (unimportant) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2836 NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971 CVE-2019-6127 (An issue was discovered in XiaoCms 20141229. It allows admin/index.php ...) NOT-FOR-US: XiaoCms CVE-2019-6126 (The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1 ...) NOT-FOR-US: Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script CVE-2019-6125 RESERVED CVE-2019-6124 RESERVED CVE-2019-6123 RESERVED CVE-2019-6122 (A Username Enumeration via Error Message issue was discovered in NiceH ...) NOT-FOR-US: NiceHash Miner CVE-2019-6121 (An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Auth ...) NOT-FOR-US: NiceHash Miner CVE-2019-6120 (An issue was discovered in NiceHash Miner before 2.0.3.0. A missing ra ...) NOT-FOR-US: NiceHash Miner CVE-2019-6119 RESERVED CVE-2019-6118 RESERVED CVE-2019-6117 (The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via t ...) NOT-FOR-US: wpape APE GALLERY plugin for WordPress CVE-2019-6116 (In Artifex Ghostscript through 9.26, ephemeral or transient procedures ...) {DSA-4372-1 DLA-1670-1} - ghostscript 9.26a~dfsg-1 NOTE: https://www.openwall.com/lists/oss-security/2019/01/23/5 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36f8181db66a91bcc8cea139998b53a8996 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9c66135601efb103d8db7d020a672308db NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f13091a3f309bdc95d275ea9fec10bb9f42d9a NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4deef90c1598ff50616519d5576756b4495 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a6dddb83f5c061207a7ed2813999c1b5c9 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092da88ef6bb0aa281fe294ae0925a44b5b9 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1729 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700317 CVE-2019-6115 RESERVED CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. An int ...) NOT-FOR-US: Corel PaintShop Pro CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...) NOT-FOR-US: ONKYO CVE-2019-6112 (A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in ...) NOT-FOR-US: Sell Media plugin for WordPress CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation ...) {DSA-4387-2 DSA-4387-1 DLA-1728-1} - openssh 1:7.9p1-9 (bug #923486) NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt NOTE: https://github.com/openssh/openssh-portable/commit/391ffc4b9d31fa1f4ad566499fef9176ff8a07dc NOTE: https://github.com/openssh/openssh-portable/commit/3d896c157c722bc47adca51a58dca859225b5874 NOTE: For unstable partially fixed in 1:7.9p1-6, applied complete fix in 1:7.9p1-9. CVE-2019-6110 (In OpenSSH 7.9, due to accepting and displaying arbitrary stderr outpu ...) - openssh (unimportant) NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt NOTE: Not considered a vulnerability by upstream, cf. NOTE: https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.html CVE-2019-6109 (An issue was discovered in OpenSSH 7.9. Due to missing character encod ...) {DSA-4387-1 DLA-1728-1} - openssh 1:7.9p1-6 (bug #793412) NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=2434 NOTE: Patch: https://bugzilla.mindrot.org/attachment.cgi?id=3228 NOTE: Fixed by: https://github.com/openssh/openssh-portable/commit/8976f1c4b2721c26e878151f52bdf346dfe2d54c NOTE: possibly additionally needed: https://github.com/openssh/openssh-portable/commit/bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb CVE-2019-6108 RESERVED CVE-2019-6107 RESERVED CVE-2019-6106 RESERVED CVE-2019-6105 RESERVED CVE-2019-6104 RESERVED CVE-2019-6103 RESERVED CVE-2019-6102 RESERVED CVE-2019-6101 RESERVED CVE-2019-6100 RESERVED CVE-2019-6099 RESERVED CVE-2019-6098 RESERVED CVE-2019-6097 RESERVED CVE-2019-6096 RESERVED CVE-2019-6095 RESERVED CVE-2019-6094 RESERVED CVE-2019-6093 RESERVED CVE-2019-6092 RESERVED CVE-2019-6091 RESERVED CVE-2019-6090 RESERVED CVE-2019-6089 RESERVED CVE-2019-6088 RESERVED CVE-2019-6087 RESERVED CVE-2019-6086 RESERVED CVE-2019-6085 RESERVED CVE-2019-6084 RESERVED CVE-2019-6083 RESERVED CVE-2019-6082 RESERVED CVE-2019-6081 RESERVED CVE-2019-6080 RESERVED CVE-2019-6079 RESERVED CVE-2019-6078 RESERVED CVE-2019-6077 RESERVED CVE-2019-6076 RESERVED CVE-2019-6075 RESERVED CVE-2019-6074 RESERVED CVE-2019-6073 RESERVED CVE-2019-6072 RESERVED CVE-2019-6071 RESERVED CVE-2019-6070 RESERVED CVE-2019-6069 RESERVED CVE-2019-6068 RESERVED CVE-2019-6067 RESERVED CVE-2019-6066 RESERVED CVE-2019-6065 RESERVED CVE-2019-6064 RESERVED CVE-2019-6063 RESERVED CVE-2019-6062 RESERVED CVE-2019-6061 RESERVED CVE-2019-6060 RESERVED CVE-2019-6059 RESERVED CVE-2019-6058 RESERVED CVE-2019-6057 RESERVED CVE-2019-6056 RESERVED CVE-2019-6055 RESERVED CVE-2019-6054 RESERVED CVE-2019-6053 RESERVED CVE-2019-6052 RESERVED CVE-2019-6051 RESERVED CVE-2019-6050 RESERVED CVE-2019-6049 RESERVED CVE-2019-6048 RESERVED CVE-2019-6047 RESERVED CVE-2019-6046 RESERVED CVE-2019-6045 RESERVED CVE-2019-6044 RESERVED CVE-2019-6043 RESERVED CVE-2019-6042 RESERVED CVE-2019-6041 RESERVED CVE-2019-6040 RESERVED CVE-2019-6039 RESERVED CVE-2019-6038 RESERVED CVE-2019-6037 RESERVED CVE-2019-6036 (Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 p ...) NOT-FOR-US: F-RevoCRM CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier allows remot ...) NOT-FOR-US: Athenz CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver ...) NOT-FOR-US: a-blog cms CVE-2019-6033 (Cross-site scripting vulnerability in a-blog cms versions prior to Ver ...) NOT-FOR-US: a-blog cms CVE-2019-6032 (The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates f ...) NOT-FOR-US: NTV News24 CVE-2019-6031 (Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 ...) NOT-FOR-US: KINZA for Windows CVE-2019-6030 (Cross-site request forgery (CSRF) vulnerability in Custom Body Class 0 ...) NOT-FOR-US: Custom Body Class CVE-2019-6029 (Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earl ...) NOT-FOR-US: Custom Body Class CVE-2019-6028 RESERVED CVE-2019-6027 (Cross-site request forgery (CSRF) vulnerability in WP Spell Check 7.1. ...) NOT-FOR-US: WP Spell Check Wordpress Plugin CVE-2019-6026 (Privilege escalation vulnerability in Multiple MOTEX products (LanScop ...) NOT-FOR-US: MOTEX CVE-2019-6025 (Open redirect vulnerability in Movable Type series Movable Type 7 r.46 ...) - movabletype-opensource CVE-2019-6024 (Rakuma App for Android version 7.15.0 and earlier, and for iOS version ...) NOT-FOR-US: Rakuma App for Android CVE-2019-6023 (Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers t ...) NOT-FOR-US: Cybozu Office CVE-2019-6022 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 al ...) NOT-FOR-US: Cybozu Office CVE-2019-6021 (Open redirect vulnerability in Library Information Management System L ...) NOT-FOR-US: Library Information Management System LIMEDIO CVE-2019-6020 (Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x ...) NOT-FOR-US: PowerCMS CVE-2019-6019 (Untrusted search path vulnerability in STAMP Workbench installer all v ...) NOT-FOR-US: STAMP Workbench installer CVE-2019-6018 (Cross-site scripting vulnerability in NetCommons 3.2.2 and earlier (Ne ...) NOT-FOR-US: NetCommons CVE-2019-6017 (REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier ...) NOT-FOR-US: REMISE Payment Module CVE-2019-6016 (Cross-site scripting vulnerability in REMISE Payment Module (2.11, 2.1 ...) NOT-FOR-US: REMISE Payment Module CVE-2019-6015 (FON2601E-SE, FON2601E-RE, FON2601E-FSW-S, and FON2601E-FSW-B with firm ...) NOT-FOR-US: FON routers CVE-2019-6014 (DBA-1510P firmware 1.70b009 and earlier allows an attacker to execute ...) NOT-FOR-US: DBA-1510P firmware CVE-2019-6013 (DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers ...) NOT-FOR-US: DBA-1510P firmware CVE-2019-6012 (SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 an ...) NOT-FOR-US: wpDataTables Lite CVE-2019-6011 (Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 ...) NOT-FOR-US: wpDataTables Lite CVE-2019-6010 (Integer overflow vulnerability in LINE(Android) from 4.4.0 to the vers ...) NOT-FOR-US: LINE(Android) CVE-2019-6009 (Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows rem ...) NOT-FOR-US: SHIRASAGI CVE-2019-6008 (An unquoted search path vulnerability in Multiple Yokogawa products fo ...) NOT-FOR-US: Yokogawa CVE-2019-6007 (Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows ...) NOT-FOR-US: apng-drawable CVE-2019-6006 RESERVED CVE-2019-6005 (Smart TV Box firmware version prior to 1300 allows remote attackers to ...) NOT-FOR-US: Smart TV Box CVE-2019-6004 (Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 ...) NOT-FOR-US: ApeosWare Management Suite CVE-2019-6003 (Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugi ...) NOT-FOR-US: EC-CUBE CVE-2019-6002 (Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 a ...) NOT-FOR-US: Central Dogma CVE-2019-6001 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...) NOT-FOR-US: Canon CVE-2019-6000 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...) NOT-FOR-US: Canon CVE-2019-5999 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...) NOT-FOR-US: Canon CVE-2019-5998 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...) NOT-FOR-US: Canon CVE-2019-5997 (Video Insight VMS 7.5 and earlier allows remote attackers to conduct c ...) NOT-FOR-US: Video Insight VMS CVE-2019-5996 (SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earli ...) NOT-FOR-US: Video Insight VMS CVE-2019-5995 (Missing authorization vulnerability exists in EOS series digital camer ...) NOT-FOR-US: Canon CVE-2019-5994 (Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digit ...) NOT-FOR-US: Canon CVE-2019-5993 (Cross-site request forgery (CSRF) vulnerability in Category Specific R ...) NOT-FOR-US: Category Specific RSS feed Subscription CVE-2019-5992 (Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Sim ...) NOT-FOR-US: WordPress Ultra Simple Paypal Shopping Cart CVE-2019-5991 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allow ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5990 (Access analysis CGI An-Analyzer released in 2019 June 24 and earlier a ...) NOT-FOR-US: CGI An-Analyzer CVE-2019-5989 (DOM-based cross-site scripting vulnerability in Access analysis CGI An ...) NOT-FOR-US: CGI An-Analyzer CVE-2019-5988 (Stored cross-site scripting vulnerability in Access analysis CGI An-An ...) NOT-FOR-US: CGI An-Analyzer CVE-2019-5987 (Access analysis CGI An-Analyzer released in 2019 June 24 and earlier a ...) NOT-FOR-US: CGI An-Analyzer CVE-2019-5986 (Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router ...) NOT-FOR-US: Hikari CVE-2019-5985 (Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay ...) NOT-FOR-US: Hikari CVE-2019-5984 (Cross-site request forgery (CSRF) vulnerability in Custom CSS Pro 1.0. ...) NOT-FOR-US: Custom CSS Pro CVE-2019-5983 (Cross-site request forgery (CSRF) vulnerability in HTML5 Maps 1.6.5.6 ...) NOT-FOR-US: HTML5 Maps CVE-2019-5982 (Improper download file verification vulnerability in VAIO Update 7.3.0 ...) NOT-FOR-US: VAIO Update CVE-2019-5981 (Improper authorization vulnerability in VAIO Update 7.3.0.03150 and ea ...) NOT-FOR-US: VAIO Update CVE-2019-5980 (Cross-site request forgery (CSRF) vulnerability in Related YouTube Vid ...) NOT-FOR-US: Related YouTube Videos CVE-2019-5979 (Cross-site request forgery (CSRF) vulnerability in Personalized WooCom ...) NOT-FOR-US: Personalized WooCommerce Cart Page CVE-2019-5978 (Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows re ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5977 (Mail header injection vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 m ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5976 (Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative r ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5975 (DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5974 (Cross-site request forgery (CSRF) vulnerability in Contest Gallery ver ...) NOT-FOR-US: Contest Gallery CVE-2019-5973 (Cross-site request forgery (CSRF) vulnerability in Online Lesson Booki ...) NOT-FOR-US: Online Lesson Booking CVE-2019-5972 (Cross-site scripting vulnerability in Online Lesson Booking 0.8.6 and ...) NOT-FOR-US: Online Lesson Booking CVE-2019-5971 (Cross-site request forgery (CSRF) vulnerability in Attendance Manager ...) NOT-FOR-US: Attendance Manager CVE-2019-5970 (Cross-site scripting vulnerability in Attendance Manager 0.5.6 and ear ...) NOT-FOR-US: Attendance Manager CVE-2019-5969 (Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote ...) NOT-FOR-US: GROWI CVE-2019-5968 (Cross-site request forgery (CSRF) vulnerability in GROWI v3.4.6 and ea ...) NOT-FOR-US: GROWI CVE-2019-5967 (Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and ear ...) NOT-FOR-US: Joruri CMS CVE-2019-5966 (Joruri Mail 2.1.4 and earlier does not properly manage sessions, which ...) NOT-FOR-US: Joruri Mail CVE-2019-5965 (Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows re ...) NOT-FOR-US: Joruri Mail CVE-2019-5964 (iDoors Reader 2.10.17 and earlier allows an attacker on the same netwo ...) NOT-FOR-US: iDoors Reader CVE-2019-5963 (Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 ...) NOT-FOR-US: Zoho SalesIQ CVE-2019-5962 (Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier a ...) NOT-FOR-US: Zoho SalesIQ CVE-2019-5961 (The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does ...) NOT-FOR-US: Android App 'Tootdon for Mastodon' CVE-2019-5960 (Cross-site request forgery (CSRF) vulnerability in WP Open Graph 1.6.1 ...) NOT-FOR-US: WP Open Graph CVE-2019-5959 RESERVED CVE-2019-5958 (Untrusted search path vulnerability in Electronic reception and examin ...) NOT-FOR-US: Electronic reception and examination of application for radio licenses Offline CVE-2019-5957 (Untrusted search path vulnerability in Installer of Electronic recepti ...) NOT-FOR-US: Electronic reception and examination of application for radio licenses Online CVE-2019-5956 (Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allow ...) NOT-FOR-US: WonderCMS CVE-2019-5955 (CREATE SD official App for Android version 1.0.2 and earlier allows re ...) NOT-FOR-US: CREATE SD official App for Android CVE-2019-5954 (JR East Japan train operation information push notification App for An ...) NOT-FOR-US: JR East Japan train operation information push notification App for Android CVE-2019-5953 (Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers ...) {DSA-4425-1 DLA-1760-1} - wget 1.20.1-1.1 (bug #926389) NOTE: https://jvn.jp/en/jp/JVN25261088/ NOTE: https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00001.html NOTE: https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00012.html NOTE: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c NOTE: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17 (removed unneeded debug lines in fixing commit) NOTE: Fixed in 1.20.3 CVE-2019-5952 RESERVED CVE-2019-5951 RESERVED CVE-2019-5950 RESERVED CVE-2019-5949 RESERVED CVE-2019-5948 RESERVED CVE-2019-5947 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 al ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5946 (Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows re ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5945 (Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the use ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5944 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5943 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5942 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5941 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5940 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5939 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5938 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5937 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 al ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5936 (Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 all ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5935 (Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5934 (SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allow ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5933 (Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5932 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 all ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5931 (Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter t ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5930 (Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5929 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5928 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 all ...) NOT-FOR-US: Cybozu Garoon CVE-2019-5927 (Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 an ...) NOT-FOR-US: 'an' App for iOS CVE-2019-5926 (Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 ...) NOT-FOR-US: KinagaCMS CVE-2019-5925 (Cross-site scripting vulnerability in Dradis Community Edition Dradis ...) NOT-FOR-US: Dradis CVE-2019-5924 (Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 ...) NOT-FOR-US: Smart Forms CVE-2019-5923 (Directory traversal vulnerability in iChain Insurance Wallet App for i ...) NOT-FOR-US: iChain Insurance Wallet App for iOS CVE-2019-5922 (Untrusted search path vulnerability in The installer of Microsoft Team ...) NOT-FOR-US: Microsoft CVE-2019-5921 (Untrusted search path vulnerability in Windows 7 allows an attacker to ...) NOT-FOR-US: Microsoft Windows CVE-2019-5920 (Cross-site request forgery (CSRF) vulnerability in FormCraft 1.2.1 and ...) NOT-FOR-US: FormCraft CVE-2019-5919 (An incomplete cryptography of the data store function by using hidden ...) NOT-FOR-US: Nablarch CVE-2019-5918 (Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML ...) NOT-FOR-US: Nablarch CVE-2019-5917 (azure-umqtt-c (available through GitHub prior to 2017 October 6) allow ...) NOT-FOR-US: azure-umqtt-c CVE-2019-5916 (Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and ea ...) NOT-FOR-US: POWER EGG CVE-2019-5915 (Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allow ...) NOT-FOR-US: OpenAM (different from src:openam) CVE-2019-5914 (V20 PRO L-01J software version L01J20c and L01J20d has a NULL pointer ...) NOT-FOR-US: V20 PRO L-01J CVE-2019-5913 (Untrusted search path vulnerability in the installer of LHMelting (LHM ...) NOT-FOR-US: LHMelting CVE-2019-5912 (Untrusted search path vulnerability in the installer of UNARJ32.DLL (U ...) NOT-FOR-US: Some Windows installer CVE-2019-5911 (Untrusted search path vulnerability in the installer of UNLHA32.DLL (U ...) NOT-FOR-US: Some Windows installer CVE-2019-5910 (Directory traversal vulnerability in HOUSE GATE App for iOS 1.7.8 and ...) NOT-FOR-US: HOUSE GATE App for iOS CVE-2019-5909 (License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6 ...) NOT-FOR-US: Yokogawa License Manager Service CVE-2019-5908 RESERVED CVE-2019-5907 RESERVED CVE-2019-5906 RESERVED CVE-2019-5905 RESERVED CVE-2019-5904 RESERVED CVE-2019-5903 RESERVED CVE-2019-5902 RESERVED CVE-2019-5901 RESERVED CVE-2019-5900 RESERVED CVE-2019-5899 RESERVED CVE-2019-5898 RESERVED CVE-2019-5897 RESERVED CVE-2019-5896 RESERVED CVE-2019-5895 RESERVED CVE-2019-5894 RESERVED CVE-2019-5893 (Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/qu ...) NOT-FOR-US: Nelson Open Source ERP CVE-2019-5892 (bgpd in FRRouting FRR (aka Free Range Routing) 2.x and 3.x before 3.0. ...) - frr (Fixed before initial upload) CVE-2019-5891 (An issue was discovered in OverIT Geocall 6.3 before build 2:346977. A ...) NOT-FOR-US: OverIT Geocall CVE-2019-5890 (An issue was discovered in OverIT Geocall 6.3 before build 2:346977. W ...) NOT-FOR-US: OverIT Geocall CVE-2019-5889 (An log-management directory traversal issue was discovered in OverIT G ...) NOT-FOR-US: OverIT Geocall CVE-2019-5888 (Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 bef ...) NOT-FOR-US: OverIT Geocall CVE-2019-5887 (An issue was discovered in ShopXO 1.2.0. In the UnlinkDir method of th ...) NOT-FOR-US: ShopXO CVE-2019-5886 (An issue was discovered in ShopXO 1.2.0. In the application\install\co ...) NOT-FOR-US: ShopXO CVE-2019-5885 (Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentic ...) - matrix-synapse 0.34.1.1-1 NOTE: https://matrix.org/blog/2019/01/10/critical-security-update-synapse-0-34-0-1-synapse-0-34-1-1/ NOTE: https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/ CVE-2019-5884 (php/elFinder.class.php in elFinder before 2.1.45 leaks information if ...) NOT-FOR-US: elFinder CVE-2019-5883 (An Incorrect Access Control issue was discovered in GitLab Community a ...) - gitlab 11.3.11+dfsg-1 NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/ CVE-2019-5881 (Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865. ...) - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5880 (Insufficient policy enforcement in Blink in Google Chrome prior to 77. ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5879 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5878 (Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5877 (Out of bounds memory access in JavaScript in Google Chrome prior to 77 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5876 (Use after free in media in Google Chrome on Android prior to 77.0.3865 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5875 (Insufficient data validation in downloads in Google Chrome prior to 77 ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5874 (Insufficient filtering in URI schemes in Google Chrome on Windows prio ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5873 (Insufficient policy validation in navigation in Google Chrome on iOS p ...) - chromium (iOS specific issue) CVE-2019-5872 (Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5871 (Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 al ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5870 (Use after free in media in Google Chrome prior to 77.0.3865.75 allowed ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5869 (Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowe ...) {DSA-4562-1} - chromium 78.0.3904.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5868 (Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allow ...) {DSA-4500-1} - chromium 76.0.3809.100-1 [stretch] - chromium (see DSA 4562) CVE-2019-5867 (Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.1 ...) {DSA-4500-1} - chromium 76.0.3809.100-1 [stretch] - chromium (see DSA 4562) CVE-2019-5866 (Out of bounds memory access in JavaScript in Google Chrome prior to 75 ...) - chromium 76.0.3809.71-1 [stretch] - chromium (see DSA 4562) CVE-2019-5865 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5864 (Insufficient data validation in CORS in Google Chrome prior to 76.0.38 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5863 REJECTED CVE-2019-5862 (Insufficient data validation in AppCache in Google Chrome prior to 76. ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5861 (Insufficient data validation in Blink in Google Chrome prior to 76.0.3 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5860 (Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowe ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5859 (Insufficient filtering in URI schemes in Google Chrome on Windows prio ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5858 (Incorrect security UI in MacOS services integration in Google Chrome o ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5857 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5856 (Insufficient policy enforcement in storage in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5855 (Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allo ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5854 (Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allo ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5853 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5852 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5851 (Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allo ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5850 (Use after free in offline mode in Google Chrome prior to 76.0.3809.87 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5849 (Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allo ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) - firefox 69.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-25/#CVE-2019-5849 CVE-2019-5848 (Incorrect font handling in autofill in Google Chrome prior to 75.0.377 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5847 (Inappropriate implementation in JavaScript in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 76.0.3809.87-1 [stretch] - chromium (see DSA 4562) CVE-2019-5846 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...) {DSA-4421-1} - chromium 73.0.3683.75-1 [stretch] - chromium (see DSA 4562) CVE-2019-5845 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...) {DSA-4421-1} - chromium 73.0.3683.75-1 [stretch] - chromium (see DSA 4562) CVE-2019-5844 (Out of bounds access in SwiftShader in Google Chrome prior to 73.0.368 ...) {DSA-4421-1} - chromium 73.0.3683.75-1 [stretch] - chromium (see DSA 4562) CVE-2019-5843 (Out of bounds memory access in JavaScript in Google Chrome prior to 74 ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5842 (Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed ...) {DSA-4500-1} - chromium 75.0.3770.90-1 [stretch] - chromium (see DSA 4562) CVE-2019-5841 (Out of bounds memory access in JavaScript in Google Chrome prior to 75 ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5840 (Incorrect security UI in popup blocker in Google Chrome on iOS prior t ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5839 (Excessive data validation in URL parser in Google Chrome prior to 75.0 ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5838 (Insufficient policy enforcement in extensions API in Google Chrome pri ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5837 (Resource size information leakage in Blink in Google Chrome prior to 7 ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5836 (Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 a ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5835 (Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3 ...) - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5834 (Insufficient data validation in Blink in Google Chrome prior to 75.0.3 ...) {DSA-4500-1} - chromium (iOS-specific) CVE-2019-5833 (Incorrect dialog box scoping in browser in Google Chrome on Android pr ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5832 (Insufficient policy enforcement in XMLHttpRequest in Google Chrome pri ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5831 (Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 al ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5830 (Insufficient policy enforcement in CORS in Google Chrome prior to 75.0 ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5829 (Integer overflow in download manager in Google Chrome prior to 75.0.37 ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5828 (Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0 ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5827 (Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3 ...) {DSA-4500-1 DLA-2340-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) - sqlite3 3.27.2-3 [jessie] - sqlite3 (Minor issue; mainly with inpact in chromium) NOTE: https://www.sqlite.org/src/info/07ee06fd390bfebe NOTE: https://www.sqlite.org/src/info/0b6ae032c28e7fe3 CVE-2019-5826 (Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 all ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5825 (Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683. ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5824 (Parameter passing error in media in Google Chrome prior to 74.0.3729.1 ...) {DSA-4500-1} - chromium 75.0.3770.80-1 [stretch] - chromium (see DSA 4562) CVE-2019-5823 (Insufficient policy enforcement in service workers in Google Chrome pr ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5822 (Inappropriate implementation in Blink in Google Chrome prior to 74.0.3 ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5821 (Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 all ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5820 (Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 all ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5819 (Insufficient data validation in developer tools in Google Chrome on OS ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5818 (Uninitialized data in media in Google Chrome prior to 74.0.3729.108 al ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5817 (Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74. ...) - chromium (Windows-specific) CVE-2019-5816 (Process lifetime issue in Chrome in Google Chrome on Android prior to ...) - chromium (Android-specific issue) CVE-2019-5815 (Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1. ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5814 (Insufficient policy enforcement in Blink in Google Chrome prior to 74. ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5813 (Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5812 (Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.1 ...) - chromium (iOS specific) CVE-2019-5811 (Incorrect handling of CORS in ServiceWorker in Google Chrome prior to ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5810 (Information leak in autofill in Google Chrome prior to 74.0.3729.108 a ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5809 (Use after free in file chooser in Google Chrome prior to 74.0.3729.108 ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5808 (Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowe ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5807 (Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 al ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5806 (Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.37 ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5805 (Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allow ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2019-5804 (Incorrect command line processing in Chrome in Google Chrome prior to ...) - chromium (Windows-specific) CVE-2019-5803 (Insufficient policy enforcement in Content Security Policy in Google C ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5802 (Incorrect handling of download origins in Navigation in Google Chrome ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5801 (Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to ...) - chromium (iOS specific) CVE-2019-5800 (Insufficient policy enforcement in Blink in Google Chrome prior to 73. ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5799 (Incorrect inheritance of a new document's policy in Content Security P ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5798 (Lack of correct bounds checking in Skia in Google Chrome prior to 73.0 ...) {DSA-4451-1 DSA-4448-1 DSA-4421-1 DLA-1806-1 DLA-1800-1} - chromium 73.0.3683.75-1 - firefox-esr 60.7.0esr-1 - thunderbird 1:60.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-5798 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2019-5798 CVE-2019-5797 RESERVED {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5796 (Data race in extensions guest view in Google Chrome prior to 73.0.3683 ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5795 (Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allo ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5794 (Incorrect handling of cancelled requests in Navigation in Google Chrom ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5793 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5792 (Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allo ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5791 (Inappropriate optimization in V8 in Google Chrome prior to 73.0.3683.7 ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5790 (An integer overflow leading to an incorrect capacity of a buffer in Ja ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5789 (An integer overflow that leads to a use-after-free in WebMIDI in Googl ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5788 (An integer overflow that leads to a use-after-free in Blink Storage in ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5787 (Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3 ...) {DSA-4421-1} - chromium 73.0.3683.75-1 CVE-2019-5786 (Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 ...) {DSA-4404-1} - chromium 72.0.3626.121-1 CVE-2019-5785 (Incorrect convexity calculations in Skia in Google Chrome prior to 72. ...) {DSA-4392-1 DSA-4391-1 DLA-1678-1 DLA-1677-1} - firefox 65.0.1-1 - firefox-esr 60.5.1esr-1 - thunderbird 1:60.5.1-1 - skia (bug #818180) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2019-5785 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2019-5785 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2019-5785 CVE-2019-5784 (Incorrect handling of deferred code in V8 in Google Chrome prior to 72 ...) {DSA-4395-1} - chromium 72.0.3626.109-1 CVE-2019-5783 (Missing URI encoding of untrusted input in DevTools in Google Chrome p ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5782 (Incorrect optimization assumptions in V8 in Google Chrome prior to 72. ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5781 (Incorrect handling of a confusable character in Omnibox in Google Chro ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5780 (Insufficient restrictions on what can be done with Apple Events in Goo ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5779 (Insufficient policy validation in ServiceWorker in Google Chrome prior ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5778 (A missing case for handling special schemes in permission request chec ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5777 (Incorrect handling of a confusable character in Omnibox in Google Chro ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5776 (Incorrect handling of a confusable character in Omnibox in Google Chro ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5775 (Incorrect handling of a confusable character in Omnibox in Google Chro ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5774 (Omission of the .desktop filetype from the Safe Browsing checklist in ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5773 (Insufficient origin validation in IndexedDB in Google Chrome prior to ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5772 (Sharing of objects over calls into JavaScript runtime in PDFium in Goo ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5771 (An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior ...) - chromium (chromium package does not build swiftshader) CVE-2019-5770 (Insufficient input validation in WebGL in Google Chrome prior to 72.0. ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5769 (Incorrect handling of invalid end character position when front render ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5768 (DevTools API not correctly gating on extension capability in DevTools ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5767 (Insufficient protection of permission UI in WebAPKs in Google Chrome o ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5766 (Incorrect handling of origin taint checking in Canvas in Google Chrome ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5765 (An exposed debugging endpoint in the browser in Google Chrome on Andro ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5764 (Incorrect pointer management in WebRTC in Google Chrome prior to 72.0. ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5763 (Failure to check error conditions in V8 in Google Chrome prior to 72.0 ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5762 (Inappropriate memory management when caching in PDFium in Google Chrom ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5761 (Incorrect object lifecycle management in SwiftShader in Google Chrome ...) - chromium (chromium package does not build swiftshader) CVE-2019-5760 (Insufficient checks of pointer validity in WebRTC in Google Chrome pri ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5759 (Incorrect lifetime handling in HTML select elements in Google Chrome o ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5758 (Incorrect object lifecycle management in Blink in Google Chrome prior ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5757 (An incorrect object type assumption in SVG in Google Chrome prior to 7 ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5756 (Inappropriate memory management when caching in PDFium in Google Chrom ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5755 (Incorrect handling of negative zero in V8 in Google Chrome prior to 72 ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5754 (Implementation error in QUIC Networking in Google Chrome prior to 72.0 ...) {DSA-4395-1} - chromium 72.0.3626.81-1 CVE-2019-5882 (Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are ex ...) - irssi 1.1.2-1 (bug #918865) [stretch] - irssi (Vulnerable code not present) [jessie] - irssi (Vulnerable code not present) NOTE: https://irssi.org/security/irssi_sa_2019_01.txt NOTE: https://github.com/irssi/irssi/pull/948 NOTE: https://github.com/irssi/irssi//commit/8684ccb45c267fdeaaa779fce9323047aa5a9e38 NOTE: Introduced with support for hidden lines in https://github.com/irssi/irssi/commit/8dfeca57ede1e726de07522a87203ce13676882d CVE-2019-5753 RESERVED CVE-2019-5752 RESERVED CVE-2019-5751 RESERVED CVE-2019-5750 RESERVED CVE-2019-5749 RESERVED CVE-2019-5748 (In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might ...) NOT-FOR-US: Traccar Server CVE-2019-5747 (An issue was discovered in BusyBox through 1.30.0. An out of bounds re ...) - busybox 1:1.30.1-2 [buster] - busybox (Incomplete fix for CVE-2018-20679 did not reach buster) [stretch] - busybox (Incomplete fix for CVE-2018-20679 not applied) [jessie] - busybox (Incomplete fix for CVE-2018-20679 not applied) NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506 NOTE: https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06 CVE-2019-5746 RESERVED CVE-2019-5745 RESERVED CVE-2019-5744 RESERVED CVE-2019-5743 RESERVED CVE-2019-5742 RESERVED CVE-2019-5741 RESERVED CVE-2019-5740 RESERVED CVE-2019-5739 (Keep-alive HTTP and HTTPS connections can remain open and inactive for ...) - nodejs 8.9.3~dfsg-5 (unimportant) NOTE: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ NOTE: Nodejs not covered by security support CVE-2019-5738 RESERVED CVE-2019-5737 (In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before ...) - nodejs 10.15.2~dfsg-1 (unimportant) NOTE: https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/ NOTE: Nodejs not covered by security support CVE-2019-8308 (Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc ...) {DSA-4390-1} - flatpak 1.2.3-1 (bug #922059) CVE-2019-5736 (runc through 1.0-rc6, as used in Docker before 18.09.2 and other produ ...) - lxc 1:3.1.0+really3.0.3-4 (bug #922169; unimportant) - runc 1.0.0~rc6+dfsg1-2 (bug #922050) [stretch] - runc 0.1.1+dfsg1-2+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2019/02/11/2 NOTE: runc: Fixed by: https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b NOTE: lxc: Fixed by: https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d NOTE: Not considered a security issue by LXC upstream CVE-2019-5735 REJECTED CVE-2019-5734 RESERVED CVE-2019-5733 RESERVED CVE-2019-5732 REJECTED CVE-2019-5731 REJECTED CVE-2019-5730 RESERVED CVE-2019-5729 (Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS ...) NOT-FOR-US: Splunk CVE-2019-5728 RESERVED CVE-2019-5727 (Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9 ...) NOT-FOR-US: Splunk CVE-2019-5726 RESERVED CVE-2019-5725 (qibosoft through V7 allows remote attackers to read arbitrary files vi ...) NOT-FOR-US: qibosoft CVE-2019-5724 RESERVED CVE-2019-5723 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Passwor ...) NOT-FOR-US: portier vision CVE-2019-5722 (An issue was discovered in portier vision 4.4.4.2 and 4.4.4.6. Due to ...) NOT-FOR-US: portier vision CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was ...) - wireshark 2.6.1-1 [stretch] - wireshark 2.6.3-1~deb9u1 [jessie] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe NOTE: https://www.wireshark.org/security/wnpa-sec-2019-05.html NOTE: Fix for 2.4.x was a cherry pick of: NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf (2.5.1) CVE-2019-5720 (includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a ...) - frontaccounting CVE-2019-5719 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector ...) {DSA-4416-1 DLA-1645-1} - wireshark 2.6.6-1 (low) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15374 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5b02f2a9b8772d8814096f86c60a32889d61f2c NOTE: https://www.wireshark.org/security/wnpa-sec-2019-04.html CVE-2019-5718 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector an ...) {DSA-4416-1} - wireshark 2.6.6-1 (low) [jessie] - wireshark (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1746 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-03.html CVE-2019-5717 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector c ...) {DSA-4416-1 DLA-1645-1} - wireshark 2.6.6-1 (low) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bf9272a92f3df1e4ccfaad434e123222ae5313f7 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-02.html CVE-2019-5716 (In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This w ...) {DSA-4416-1 DLA-1645-1} - wireshark 2.6.6-1 (low) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010 NOTE: https://www.wireshark.org/security/wnpa-sec-2019-01.html CVE-2019-5715 (All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versi ...) NOT-FOR-US: SilverStripe CVE-2019-5714 REJECTED CVE-2019-5713 REJECTED CVE-2019-5712 REJECTED CVE-2019-5711 REJECTED CVE-2019-5710 REJECTED CVE-2019-5709 REJECTED CVE-2019-5708 REJECTED CVE-2019-5707 REJECTED CVE-2019-5706 REJECTED CVE-2019-5705 REJECTED CVE-2019-5704 REJECTED CVE-2019-5703 REJECTED CVE-2019-5702 (NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vu ...) NOT-FOR-US: NVIDIA CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.0.118, contains ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2019-5700 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software con ...) NOT-FOR-US: NVIDIA Shield TV Experience CVE-2019-5699 (NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader c ...) NOT-FOR-US: NVIDIA Shield TV Experience CVE-2019-5698 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2019-5697 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2019-5696 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2019-5695 (NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Dr ...) NOT-FOR-US: NVIDIA CVE-2019-5694 (NVIDIA Windows GPU Display Driver, R390 driver version, contains a vul ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2019-5693 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2019-5692 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2019-5691 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2019-5690 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2019-5689 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2019-5688 (NVIDIA NVFlash, NVUFlash Tool prior to v5.588.0 and GPUModeSwitch Tool ...) NOT-FOR-US: NVIDIA CVE-2019-5687 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows driver CVE-2019-5686 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows driver CVE-2019-5685 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows driver CVE-2019-5684 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows driver CVE-2019-5683 (NVIDIA Windows GPU Display Driver (all versions) contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows driver CVE-2019-5682 (NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Shield CVE-2019-5681 (NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Shield CVE-2019-5680 (In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra boot ...) NOT-FOR-US: NVIDIA CVE-2019-5679 (NVIDIA Shield TV Experience prior to v8.0, NVIDIA Tegra bootloader con ...) NOT-FOR-US: NVIDIA Shield CVE-2019-5678 (NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerabil ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2019-5677 (NVIDIA Windows GPU Display driver software for Windows (all versions) ...) NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows CVE-2019-5676 (NVIDIA Windows GPU Display driver software for Windows (all versions) ...) NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows CVE-2019-5675 (NVIDIA Windows GPU Display driver software for Windows (all versions) ...) NOT-FOR-US: NVIDIA Windows GPU Display driver software for Windows CVE-2019-5674 (NVIDIA GeForce Experience before 3.18 contains a vulnerability when Sh ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2019-5673 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on al ...) NOT-FOR-US: Nvidia Tegra CVE-2019-5672 (NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Teg ...) NOT-FOR-US: Nvidia Tegra CVE-2019-5671 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: Nvidia drivers on Windows CVE-2019-5670 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: Nvidia drivers on Windows CVE-2019-5669 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: Nvidia drivers on Windows CVE-2019-5668 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: Nvidia drivers on Windows CVE-2019-5667 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: Nvidia drivers on Windows CVE-2019-5666 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) NOT-FOR-US: Nvidia drivers on Windows CVE-2019-5665 (NVIDIA Windows GPU Display driver contains a vulnerability in the 3D v ...) NOT-FOR-US: Nvidia drivers on Windows CVE-2019-5664 REJECTED CVE-2019-5663 REJECTED CVE-2019-5662 REJECTED CVE-2019-5661 REJECTED CVE-2019-5660 REJECTED CVE-2019-5659 REJECTED CVE-2019-5658 REJECTED CVE-2019-5657 REJECTED CVE-2019-5656 REJECTED CVE-2019-5655 REJECTED CVE-2019-5654 REJECTED CVE-2019-5653 REJECTED CVE-2019-5652 REJECTED CVE-2019-5651 REJECTED CVE-2019-5650 REJECTED CVE-2019-5649 RESERVED CVE-2019-5648 (Authenticated, administrative access to a Barracuda Load Balancer ADC ...) NOT-FOR-US: Barracuda CVE-2019-5647 (The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser se ...) NOT-FOR-US: Chrome Plugin for Rapid7 AppSpider CVE-2019-5646 RESERVED CVE-2019-5645 (By sending a specially crafted HTTP GET request to a listening Rapid7 ...) NOT-FOR-US: Rapid7 Metasploit CVE-2019-5644 (Computing For Good's Basic Laboratory Information System (also known a ...) NOT-FOR-US: Computing For Good's Basic Laboratory Information System CVE-2019-5643 (Computing For Good's Basic Laboratory Information System (also known a ...) NOT-FOR-US: Computing For Good's Basic Laboratory Information System CVE-2019-5642 (Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from ...) NOT-FOR-US: Rapid7 Metasploit Pro CVE-2019-5641 RESERVED CVE-2019-5640 (Rapid7 Nexpose versions prior to 6.6.114 suffer from an information ex ...) NOT-FOR-US: Rapid7 Nexpose CVE-2019-5639 RESERVED CVE-2019-5638 (Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient sess ...) NOT-FOR-US: Rapid7 Nexpose CVE-2019-5637 (When Beckhoff TwinCAT is configured to use the Profinet driver, a deni ...) NOT-FOR-US: Beckhoff CVE-2019-5636 (When a Beckhoff TwinCAT Runtime receives a malformed UDP packet, the A ...) NOT-FOR-US: Beckhoff CVE-2019-5635 (A cleartext transmission of sensitive information vulnerability is pre ...) NOT-FOR-US: Hickory CVE-2019-5634 (An inclusion of sensitive information in log files vulnerability is pr ...) NOT-FOR-US: Hickory CVE-2019-5633 (An insecure storage of sensitive information vulnerability is present ...) NOT-FOR-US: Hickory CVE-2019-5632 (An insecure storage of sensitive information vulnerability is present ...) NOT-FOR-US: Hickory CVE-2019-5631 (The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerabi ...) NOT-FOR-US: Rapid7 InsightAppSec broker CVE-2019-5630 (A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 ...) NOT-FOR-US: Rapid7 Nexpose InsightVM Security Console CVE-2019-5629 (Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local pr ...) NOT-FOR-US: Rapid7 Insight Agent CVE-2019-5628 RESERVED CVE-2019-5627 (The iOS mobile application BlueCats Reveal before 5.14 stores the user ...) NOT-FOR-US: iOS mobile application BlueCats Reveal CVE-2019-5626 (The Android mobile application BlueCats Reveal before 3.0.19 stores th ...) NOT-FOR-US: Android mobile application BlueCats Reveal CVE-2019-5625 (The Android mobile application Halo Home before 1.11.0 stores OAuth au ...) NOT-FOR-US: Android mobile application Halo Home CVE-2019-5624 (Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improp ...) NOT-FOR-US: Rapid7 Metasploit Framework CVE-2019-5623 (Accellion File Transfer Appliance version FTA_8_0_540 suffers from an ...) NOT-FOR-US: Accellion File Transfer Appliance CVE-2019-5622 (Accellion File Transfer Appliance version FTA_8_0_540 suffers from an ...) NOT-FOR-US: Accellion File Transfer Appliance CVE-2019-5621 (ABBS Software Audio Media Player version 3.1 suffers from an instance ...) NOT-FOR-US: ABBS Software Audio Media Player CVE-2019-5620 (ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE- ...) NOT-FOR-US: ABB MicroSCADA Pro SYS600 CVE-2019-5619 (AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: ...) NOT-FOR-US: AASync.com AASync CVE-2019-5618 (A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: St ...) NOT-FOR-US: A-PDF CVE-2019-5617 (Computing For Good's Basic Laboratory Information System (also known a ...) NOT-FOR-US: Computing For Good's Basic Laboratory Information System CVE-2019-5616 (CircuitWerkes Sicon-8, a hardware device used for managing electrical ...) NOT-FOR-US: CircuitWerkes Sicon-8 CVE-2019-5615 (Users with Site-level permissions can access files containing the user ...) NOT-FOR-US: Rapid7 InsightVM CVE-2019-5614 (In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:10.ipfw.asc CVE-2019-5613 (In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in th ...) - kfreebsd-10 (Only affects kfreebsd 12) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:02.ipsec.asc CVE-2019-5612 (In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc CVE-2019-5611 (In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:22.mbuf.asc CVE-2019-5610 (In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2019-5609 (In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc CVE-2019-5608 (In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2019-5607 (In FreeBSD 12.0-STABLE before r350222, 12.0-RELEASE before 12.0-RELEAS ...) NOT-FOR-US: FreeBSD userspace CVE-2019-5606 (In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:13.pts.asc CVE-2019-5605 (In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:14.freebsd32.asc CVE-2019-5604 (In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEAS ...) NOT-FOR-US: bhyve CVE-2019-5603 (In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc CVE-2019-5602 (In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:11.cd_ioctl.asc NOTE: kfreebsd not covered by security support CVE-2019-5601 (In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc NOTE: kfreebsd not covered by security support CVE-2019-5600 (In FreeBSD 12.0-STABLE before r349622, 12.0-RELEASE before 12.0-RELEAS ...) NOT-FOR-US: FreeBSD iconv CVE-2019-5599 (In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-REL ...) - kfreebsd-10 (Only affects FreeBSD 12) CVE-2019-5598 (In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, ...) - kfreebsd-10 (unimportant) NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc NOTE: kfreebsd not covered by security support CVE-2019-5597 (In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc NOTE: kfreebsd not covered by security support CVE-2019-5596 (In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE b ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:02.fd.asc NOTE: kfreebsd not covered by security support CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:01.syscall.asc NOTE: kfreebsd not covered by security support CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation ("Cross ...) NOT-FOR-US: Fortinet CVE-2019-5593 (Improper permission or value checking in the CLI console may allow a n ...) NOT-FOR-US: FortiOS CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...) NOT-FOR-US: Fortinet CVE-2019-5591 (A Default Configuration vulnerability in FortiOS may allow an unauthen ...) NOT-FOR-US: Fortinet CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...) NOT-FOR-US: Fortinet CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...) NOT-FOR-US: FortiGuard CVE-2019-5588 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...) NOT-FOR-US: Fortinet FortiOS CVE-2019-5587 (Lack of root file system integrity checking in Fortinet FortiOS VM app ...) NOT-FOR-US: Fortinet FortiOS CVE-2019-5586 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...) NOT-FOR-US: Fortinet FortiOS CVE-2019-5585 (An improper access control vulnerability in FortiClientMac before 6.0. ...) NOT-FOR-US: Fortiguard FortiClientMac CVE-2019-5584 REJECTED CVE-2019-5583 REJECTED CVE-2019-5582 REJECTED CVE-2019-5581 REJECTED CVE-2019-5580 REJECTED CVE-2019-5579 REJECTED CVE-2019-5578 REJECTED CVE-2019-5577 REJECTED CVE-2019-5576 REJECTED CVE-2019-5575 REJECTED CVE-2019-5574 REJECTED CVE-2019-5573 REJECTED CVE-2019-5572 REJECTED CVE-2019-5571 REJECTED CVE-2019-5570 REJECTED CVE-2019-5569 REJECTED CVE-2019-5568 REJECTED CVE-2019-5567 REJECTED CVE-2019-5566 REJECTED CVE-2019-5565 REJECTED CVE-2019-5564 REJECTED CVE-2019-5563 REJECTED CVE-2019-5562 REJECTED CVE-2019-5561 REJECTED CVE-2019-5560 REJECTED CVE-2019-5559 REJECTED CVE-2019-5558 REJECTED CVE-2019-5557 REJECTED CVE-2019-5556 REJECTED CVE-2019-5555 REJECTED CVE-2019-5554 REJECTED CVE-2019-5553 REJECTED CVE-2019-5552 REJECTED CVE-2019-5551 REJECTED CVE-2019-5550 REJECTED CVE-2019-5549 REJECTED CVE-2019-5548 REJECTED CVE-2019-5547 REJECTED CVE-2019-5546 REJECTED CVE-2019-5545 RESERVED CVE-2019-5544 (OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap ove ...) {DLA-2025-1} - openslp-dfsg NOTE: https://www.openwall.com/lists/oss-security/2019/12/06/1 CVE-2019-5543 (For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VM ...) NOT-FOR-US: VMware CVE-2019-5542 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...) NOT-FOR-US: VMware CVE-2019-5541 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...) NOT-FOR-US: VMware CVE-2019-5540 (VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1 ...) NOT-FOR-US: VMware CVE-2019-5539 (VMware Workstation (15.x prior to 15.5.1) and Horizon View Agent (7.10 ...) NOT-FOR-US: VMware CVE-2019-5538 (Sensitive information disclosure vulnerability resulting from a lack o ...) NOT-FOR-US: VMware CVE-2019-5537 (Sensitive information disclosure vulnerability resulting from a lack o ...) NOT-FOR-US: VMware CVE-2019-5536 (VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2019-5535 (VMware Workstation and Fusion contain a network denial-of-service vuln ...) NOT-FOR-US: VMware CVE-2019-5534 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and ...) NOT-FOR-US: VMware CVE-2019-5533 (In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloClo ...) NOT-FOR-US: VMware CVE-2019-5532 (VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and ...) NOT-FOR-US: VMware CVE-2019-5531 (VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to E ...) NOT-FOR-US: VMware CVE-2019-5530 (Windows binaries generated with InstallBuilder versions earlier than 1 ...) NOT-FOR-US: InstallBuilder CVE-2019-5529 RESERVED CVE-2019-5528 (VMware ESXi 6.5 suffers from partial denial of service vulnerability i ...) NOT-FOR-US: VMware CVE-2019-5527 (ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after ...) NOT-FOR-US: VMware CVE-2019-5526 (VMware Workstation (15.x before 15.1.0) contains a DLL hijacking issue ...) NOT-FOR-US: VMware CVE-2019-5525 (VMware Workstation (15.x before 15.1.0) contains a use-after-free vuln ...) NOT-FOR-US: VMware CVE-2019-5524 (VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6 ...) NOT-FOR-US: VMware CVE-2019-5523 (VMware vCloud Director for Service Providers 9.5.x prior to 9.5.0.3 up ...) NOT-FOR-US: VMware vCloud Director for Service Providers CVE-2019-5522 (VMware Tools for Windows update addresses an out of bounds read vulner ...) NOT-FOR-US: VMware CVE-2019-5521 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2019-5520 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2019-5519 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-20190300 ...) NOT-FOR-US: VMware CVE-2019-5518 (VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-20190300 ...) NOT-FOR-US: VMware CVE-2019-5517 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2019-5516 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2019-5515 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion ...) NOT-FOR-US: VMware CVE-2019-5514 (VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerab ...) NOT-FOR-US: VMware CVE-2019-5513 (VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, ...) NOT-FOR-US: VMware CVE-2019-5512 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on ...) NOT-FOR-US: VMware CVE-2019-5511 (VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on ...) NOT-FOR-US: VMware CVE-2019-5510 RESERVED CVE-2019-5509 (ONTAP Select Deploy administration utility versions 2.11.2 through 2.1 ...) NOT-FOR-US: ONTAP Select Deploy administration utility CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vul ...) NOT-FOR-US: Clustered Data ONTAP CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a v ...) NOT-FOR-US: SnapManager for Oracle CVE-2019-5506 (Clustered Data ONTAP versions 9.0 and higher do not enforce hostname v ...) NOT-FOR-US: Clustered Data ONTAP CVE-2019-5505 (ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 ...) NOT-FOR-US: ONTAP CVE-2019-5504 (ONTAP Select Deploy administration utility versions 2.12 & 2.12.1 ...) NOT-FOR-US: ONTAP CVE-2019-5503 (OnCommand Workflow Automation versions prior to 5.0 shipped without ce ...) NOT-FOR-US: OnCommand Workflow Automation CVE-2019-5502 (SMB in Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 has we ...) NOT-FOR-US: Data ONTAP CVE-2019-5501 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 may disclose ...) NOT-FOR-US: Data ONTAP CVE-2019-5500 (Certain versions of the NetApp Service Processor and Baseboard Managem ...) NOT-FOR-US: NetApp CVE-2019-5499 REJECTED CVE-2019-5498 (OnCommand Insight versions through 7.3.6 may disclose sensitive accoun ...) NOT-FOR-US: OnCommand Insight CVE-2019-5497 (NetApp AFF A700s Baseboard Management Controller (BMC) firmware versio ...) NOT-FOR-US: NetApp AFF A700s Baseboard Management Controller firmware CVE-2019-5496 (Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP ...) NOT-FOR-US: Oncommand Insight / Netapp CVE-2019-5495 (OnCommand Unified Manager for VMware vSphere, Linux and Windows prior ...) NOT-FOR-US: OnCommand Unified Manager for VMware vSphere, Linux and Windows / Netapp CVE-2019-5494 (OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped withou ...) NOT-FOR-US: OnCommand Unified Manager 7-Mode / Netapp CVE-2019-5493 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P3 are susceptib ...) NOT-FOR-US: Data ONTAP CVE-2019-5492 (Element Plug-in for vCenter Server versions prior to 4.2.3 may disclos ...) NOT-FOR-US: NetApp HCI Compute Node CVE-2019-5491 (Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 a ...) NOT-FOR-US: Clustered Data ONTAP CVE-2019-5490 (Certain versions between 2.x to 5.x (refer to advisory) of the NetApp ...) NOT-FOR-US: NetApp CVE-2019-5488 (EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac= ...) NOT-FOR-US: EARCLINK ESPCMS-P8 CVE-2019-5489 (The mincore() implementation in mm/mincore.c in the Linux kernel throu ...) {DSA-4465-1 DLA-1824-1 DLA-1823-1} - linux 4.19.37-4 CVE-2019-5487 (An improper access control vulnerability exists in Gitlab EE <v12.3 ...) - gitlab (Only affects Gitlab EE) NOTE: https://hackerone.com/reports/692252 CVE-2019-5486 (A authentication bypass vulnerability exists in GitLab CE/EE <v12.3 ...) - gitlab 12.6.8-3 NOTE: https://hackerone.com/reports/617896 NOTE: https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/ CVE-2019-5485 (NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injec ...) NOT-FOR-US: node gitlabhook CVE-2019-5484 (Bower before 1.8.8 has a path traversal vulnerability permitting file ...) NOT-FOR-US: Bower CVE-2019-5483 (Seneca < 3.9.0 contains a vulnerability that could lead to exposing ...) NOT-FOR-US: Seneca CVE-2019-5482 (Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7. ...) {DSA-4633-1 DLA-1917-1} - curl 7.66.0-1 (bug #940010) NOTE: https://curl.haxx.se/docs/CVE-2019-5482.html NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e9500c2e447d48aa9b3f24a6ca70f9 NOTE: Fixed by: https://github.com/curl/curl/commit/facb0e4662415b5f28163e853dc6742ac5fafb3d (curl-7_66_0) CVE-2019-5481 (Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7 ...) {DSA-4633-1} - curl 7.66.0-1 (bug #940009) [jessie] - curl (Vulnerable code introduced later) NOTE: https://curl.haxx.se/docs/CVE-2019-5481.html NOTE: Introduced by: https://github.com/curl/curl/commit/0649433da53c7165f839e24e889e131e2894dd32 (curl-7_52_0) NOTE: Fixed by: https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5 (curl-7_66_0) CVE-2019-5480 (A path traversal vulnerability in <= v0.9.7 of statichttpserver npm ...) NOT-FOR-US: Node statichttpserver CVE-2019-5479 (An unintended require vulnerability in <v0.5.5 larvitbase-api may a ...) NOT-FOR-US: Node larvitbase-api CVE-2019-5478 (A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ dev ...) NOT-FOR-US: Encrypt Only boot mode in Zynq UltraScale+ devices CVE-2019-5477 (A command injection vulnerability in Nokogiri v1.10.3 and earlier allo ...) {DLA-1933-1} - rexical 1.0.7-1 (bug #940905) [buster] - rexical (Minor issue, can be fixed via point release) [stretch] - rexical (Minor issue, can be fixed via point release) - ruby-nokogiri 1.10.4+dfsg1-1 (bug #934802) [buster] - ruby-nokogiri (Minor issue, can be fixed via point release) [stretch] - ruby-nokogiri (Minor issue, can be fixed via point release) NOTE: https://github.com/sparklemotion/nokogiri/issues/1915 NOTE: Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file NOTE: is being passed untrusted user input. NOTE: https://github.com/tenderlove/rexical/commit/a652474dbc66be350055db3e8f9b3a7b3fd75926 NOTE: Change in rexical is covered by the scope of this CVE. CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running o ...) NOT-FOR-US: Nextcloud Lookup-Server CVE-2019-5475 (The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Exe ...) NOT-FOR-US: Nexus Yum Repository Plugin CVE-2019-5474 (An authorization issue was discovered in GitLab EE < 12.1.2, < 1 ...) - gitlab (Only affects Gitlab EE 11.8 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5473 (An authentication issue was discovered in GitLab that allowed a bypass ...) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5472 (An authorization issue was discovered in Gitlab versions < 12.1.2, ...) - gitlab (Only affects Gitlab EE 10.7 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5471 (An input validation and output encoding issue was discovered in the Gi ...) - gitlab (Only affects Gitlab EE 8.9 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5470 (An information disclosure issue was discovered GitLab versions < 12 ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab 12.6.8-3 (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5469 (An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and & ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab 12.6.8-3 (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5468 (An privilege escalation issue was discovered in Gitlab versions < 1 ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab 12.6.8-3 (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5467 (An input validation and output encoding issue was discovered in the Gi ...) - gitlab (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5466 (An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab 12.6.8-3 (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5465 (An information disclosure issue was discovered in GitLab CE/EE 8.14 an ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab 12.6.8-3 (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5464 (A flawed DNS rebinding protection issue was discovered in GitLab CE/EE ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab 12.6.8-3 (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5463 (An authorization issue was discovered in the GitLab CE/EE CI badge ima ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab 12.6.8-3 (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5462 (A privilege escalation issue was discovered in GitLab CE/EE 9.0 and la ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab 12.6.8-3 (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5461 (An input validation problem was discovered in the GitHub service integ ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab 12.6.8-3 (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5460 (Double Free in VLC versions <= 3.0.6 leads to a crash. ...) {DSA-4459-1} - vlc 3.0.7-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://hackerone.com/reports/503208 CVE-2019-5459 (An Integer underflow in VLC Media Player versions < 3.0.7 leads to ...) {DSA-4459-1} - vlc 3.0.7-1 [jessie] - vlc (https://lists.debian.org/debian-security-announce/2018/msg00130.html) NOTE: https://hackerone.com/reports/502816 CVE-2019-5458 (Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...) NOT-FOR-US: http-file-server Node.js module CVE-2019-5457 (Cross-site scripting (XSS) vulnerability in min-http-server (all versi ...) NOT-FOR-US: min-http-server Node module CVE-2019-5456 (SMTP MITM refers to a malicious actor setting up an SMTP proxy server ...) NOT-FOR-US: SMTP MITM CVE-2019-5455 (Bypassing lock protection exists in Nextcloud Android app 3.6.0 when c ...) NOT-FOR-US: Nextcloud Android app CVE-2019-5454 (SQL Injection in the Nextcloud Android app prior to version 3.0.0 allo ...) NOT-FOR-US: Nextcloud Android app CVE-2019-5453 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...) NOT-FOR-US: Nextcloud Android app CVE-2019-5452 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...) NOT-FOR-US: Nextcloud Android app CVE-2019-5451 (Bypass lock protection in the Nextcloud Android app prior to version 3 ...) NOT-FOR-US: Nextcloud Android app CVE-2019-5450 (Improper sanitization of HTML in directory names in the Nextcloud Andr ...) NOT-FOR-US: Nextcloud Android app CVE-2019-5449 (A missing check in the Nextcloud Server prior to version 15.0.1 causes ...) - nextcloud (bug #835086) CVE-2019-5448 (Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...) - node-yarnpkg 1.13.0-3 (bug #941354) [buster] - node-yarnpkg 1.13.0-1+deb10u1 NOTE: https://hackerone.com/reports/640904 NOTE: https://github.com/ChALkeR/notes/blob/master/Yarn-vuln.md NOTE: https://github.com/yarnpkg/yarn/pull/7393 NOTE: https://github.com/yarnpkg/yarn/commit/2f08a7405cc3f6fe47c30293050bb0ac94850932 CVE-2019-5447 (A path traversal vulnerability in <= v0.2.6 of http-file-server npm ...) NOT-FOR-US: http-file-server Node.js module CVE-2019-5446 (Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin ...) NOT-FOR-US: EdgeSwitch CVE-2019-5445 (DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash ...) NOT-FOR-US: EdgeSwitch CVE-2019-5444 (Path traversal vulnerability in version up to v1.1.3 in serve-here.js ...) NOT-FOR-US: serve-here.js npm module CVE-2019-5443 (A non-privileged user or program can put code and a config file in a k ...) - curl (Windows-specific build issue) CVE-2019-5442 (XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results i ...) NOT-FOR-US: Pippo CVE-2019-5441 REJECTED CVE-2019-5440 (Use of cryptographically weak PRNG in the password recovery token gene ...) NOT-FOR-US: Revive Adserver CVE-2019-5438 (Path traversal using symlink in npm harp module versions <= 0.29.0. ...) NOT-FOR-US: npm harp module CVE-2019-5437 (Information exposure through the directory listing in npm's harp modul ...) NOT-FOR-US: npm harp module CVE-2019-5436 (A heap buffer overflow in the TFTP receiving code allows for DoS or ar ...) {DLA-1804-1} - curl 7.64.0-4 (bug #929351) [stretch] - curl 7.52.1-5+deb9u10 NOTE: https://curl.haxx.se/docs/CVE-2019-5436.html NOTE: Introduced by: https://github.com/curl/curl/commit/0516ce7786e95 NOTE: Fixed by: https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275 CVE-2019-5435 (An integer overflow in curl's URL API results in a buffer overflow in ...) - curl 7.64.0-4 (bug #929352) [stretch] - curl (Vulnerable code introduced later) [jessie] - curl (Vulnerable code introduced later) NOTE: https://curl.haxx.se/docs/CVE-2019-5435.html NOTE: Introduced by: https://github.com/curl/curl/commit/fb30ac5a2d63773c52 NOTE: Fixed by: https://github.com/curl/curl/commit/5fc28510a4664f4 CVE-2019-5434 (An attacker could send a specifically crafted payload to the XML-RPC i ...) NOT-FOR-US: Revive Adserver CVE-2019-5433 (A user having access to the UI of a Revive Adserver instance could be ...) NOT-FOR-US: Revive Adserver CVE-2019-5432 (A specifically malformed MQTT Subscribe packet crashes MQTT Brokers us ...) - node-mqtt-packet 6.0.0-2 (bug #928673) NOTE: https://hackerone.com/reports/541354 CVE-2019-5431 (This vulnerability was caused by an incomplete fix to CVE-2017-0911. T ...) NOT-FOR-US: Twitter Kit for iOS CVE-2019-5430 (In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, i ...) NOT-FOR-US: Ubiquiti Networks UniFi Video CVE-2019-5429 (Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacke ...) - filezilla 3.45.1-1 (low; bug #928282) [buster] - filezilla 3.39.0-2+deb10u1 [stretch] - filezilla (Minor issue) [jessie] - filezilla (Minor issue) NOTE: https://svn.filezilla-project.org/filezilla?revision=9097&view=revision NOTE: https://www.tenable.com/security/research/tra-2019-14 CVE-2019-5428 REJECTED CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack ...) - c3p0 (low; bug #927936) [bullseye] - c3p0 (Minor issue) [buster] - c3p0 (Minor issue) [stretch] - c3p0 (Minor issue) [jessie] - c3p0 (Minor issue) NOTE: https://hackerone.com/reports/509315 NOTE: Fixed by: https://github.com/swaldman/c3p0/commit/f38f27635c384806c2a9d6500d80183d9f09d78b CVE-2019-5426 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated ...) NOT-FOR-US: Ubiquiti CVE-2019-5425 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated u ...) NOT-FOR-US: Ubiquiti CVE-2019-5424 (In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user ...) NOT-FOR-US: Ubiquiti CVE-2019-5423 (Path traversal vulnerability in http-live-simulator npm package versio ...) NOT-FOR-US: http-live-simulator node module CVE-2019-5422 (XSS in buttle npm package version 0.2.0 causes execution of attacker-p ...) NOT-FOR-US: buttle node module CVE-2019-5421 (Plataformatec Devise version 4.5.0 and earlier, using the lockable mod ...) - ruby-devise 4.5.0-3 (bug #926348) [stretch] - ruby-devise (Minor issue) NOTE: https://github.com/plataformatec/devise/issues/4981 NOTE: https://github.com/plataformatec/devise/pull/4996 CVE-2019-5420 (A remote code execution vulnerability in development mode Rails <5. ...) - rails 2:5.2.2.1+dfsg-1 (bug #924521) [stretch] - rails (Vulnerable code not present) [jessie] - rails (vulnerable code is not present in 4.x) NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/3 NOTE: Introduced in https://github.com/rails/rails/commit/69f976b859cae7f9d050152103da018b7f5dda6d CVE-2019-5419 (There is a possible denial of service vulnerability in Action View (Ra ...) {DLA-1739-1} - rails 2:5.2.2.1+dfsg-1 (bug #924520) [stretch] - rails 2:4.2.7.1-1+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/4 CVE-2019-5418 (There is a File Content Disclosure vulnerability in Action View <5. ...) {DLA-1739-1} - rails 2:5.2.2.1+dfsg-1 (bug #924520) [stretch] - rails 2:4.2.7.1-1+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2019/03/13/5 CVE-2019-5417 (A path traversal vulnerability in serve npm package version 7.0.1 allo ...) NOT-FOR-US: node serve module CVE-2019-5416 (A path traversal vulnerability in localhost-now npm package version 1. ...) NOT-FOR-US: node localhost-now module CVE-2019-5415 (A bug in handling the ignore files and directories feature in serve 6. ...) NOT-FOR-US: node serve module CVE-2019-5414 (If an attacker can control the port, which in itself is a very sensiti ...) NOT-FOR-US: kill-port node module CVE-2019-5413 (An attacker can use the format parameter to inject arbitrary commands ...) NOT-FOR-US: morgan node module CVE-2019-5412 REJECTED CVE-2019-5411 REJECTED CVE-2019-5410 REJECTED CVE-2019-5409 REJECTED CVE-2019-5408 (Command View Advanced Edition (CVAE) products contain a vulnerability ...) NOT-FOR-US: Command View Advanced Edition (CVAE) products CVE-2019-5407 (A remote information disclosure vulnerability was discovered in HPE 3P ...) NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media CVE-2019-5406 (A remote session reuse vulnerability was discovered in HPE 3PAR StoreS ...) NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media CVE-2019-5405 (A remote authorization bypass vulnerability was discovered in HPE 3PAR ...) NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media CVE-2019-5404 (A remote script injection vulnerability was discovered in HPE 3PAR Sto ...) NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media CVE-2019-5403 (A remote multiple cross-site scripting vulnerability was discovered in ...) NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media CVE-2019-5402 (A remote authorization bypass vulnerability was discovered in HPE 3PAR ...) NOT-FOR-US: HPE 3PAR StoreServ Management and Core Software Media CVE-2019-5401 (A potential security vulnerability has been identified in HP2910al-48G ...) NOT-FOR-US: HP HP2910al-48G CVE-2019-5400 (A remote session reuse vulnerability was discovered in HPE 3PAR Servic ...) NOT-FOR-US: HPE CVE-2019-5399 (A remote gain authorized access vulnerability was discovered in HPE 3P ...) NOT-FOR-US: HPE CVE-2019-5398 (A remote multiple multiple cross-site vulnerability was discovered in ...) NOT-FOR-US: HPE CVE-2019-5397 (A remote bypass of security restrictions vulnerability was discovered ...) NOT-FOR-US: HPE CVE-2019-5396 (A remote authentication bypass vulnerability was discovered in HPE 3PA ...) NOT-FOR-US: HPE CVE-2019-5395 (A remote arbitrary file upload vulnerability was discovered in HPE 3PA ...) NOT-FOR-US: HPE CVE-2019-5394 (The HPE Nonstop Maintenance Entity family of products are vulnerable t ...) NOT-FOR-US: HPE CVE-2019-5393 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5392 (A disclosure of information vulnerability was identified in HPE Intell ...) NOT-FOR-US: HPE CVE-2019-5391 (A stack buffer overflow vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5390 (A remote command injection vulnerability was identified in HPE Intelli ...) NOT-FOR-US: HPE CVE-2019-5389 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5388 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5387 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5386 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5385 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5384 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5383 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5382 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5381 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5380 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5379 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5378 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5377 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5376 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5375 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5374 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5373 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5372 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5371 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5370 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5369 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5368 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5367 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5366 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5365 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5364 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5363 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5362 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5361 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5360 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5359 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5358 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5357 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5356 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5355 (A remote denial of service vulnerability was identified in HPE Intelli ...) NOT-FOR-US: HPE CVE-2019-5354 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5353 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5352 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5351 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5350 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5349 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5348 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5347 (A remote authentication bypass vulnerability was identified in HPE Int ...) NOT-FOR-US: HPE CVE-2019-5346 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5345 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5344 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5343 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5342 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5341 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5340 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5339 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5338 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2019-5337 REJECTED CVE-2019-5336 REJECTED CVE-2019-5335 REJECTED CVE-2019-5334 REJECTED CVE-2019-5333 REJECTED CVE-2019-5332 REJECTED CVE-2019-5331 REJECTED CVE-2019-5330 REJECTED CVE-2019-5329 REJECTED CVE-2019-5328 REJECTED CVE-2019-5327 REJECTED CVE-2019-5326 (An administrative application user of or application user with write a ...) NOT-FOR-US: Aruba Airwave VisualRF CVE-2019-5325 RESERVED CVE-2019-5324 REJECTED CVE-2019-5323 (There are command injection vulnerabilities present in the AirWave app ...) NOT-FOR-US: Aruba Airwave CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...) NOT-FOR-US: Edge Switch models CVE-2019-5321 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5 ...) NOT-FOR-US: Aruba Intelligent Edge Switch Series CVE-2019-5320 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5 ...) NOT-FOR-US: Aruba Intelligent Edge Switch Series CVE-2019-5319 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) NOT-FOR-US: Aruba CVE-2019-5318 (A remote cross-site request forgery (csrf) vulnerability was discovere ...) NOT-FOR-US: Aruba CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...) NOT-FOR-US: Aruba CVE-2019-5316 RESERVED CVE-2019-5315 (A command injection vulnerability is present in the web management int ...) NOT-FOR-US: ArubaOS CVE-2019-5314 (Some web components in the ArubaOS software are vulnerable to HTTP Res ...) NOT-FOR-US: ArubaOS CVE-2019-5313 RESERVED CVE-2019-5312 (An issue was discovered in weixin-java-tools v3.3.0. There is an XXE v ...) NOT-FOR-US: weixin-java-tools CVE-2019-5311 (An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.p ...) NOT-FOR-US: YUNUCMS CVE-2019-5310 (YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because craft ...) NOT-FOR-US: YUNUCMS CVE-2019-5309 (Honor play smartphones with versions earlier than 9.1.0.333(C00E333R1P ...) NOT-FOR-US: Honor play smartphones CVE-2019-5308 (Mate 20 RS smartphones with versions earlier than 9.1.0.135(C786E133R3 ...) NOT-FOR-US: Mate 20 RS smartphones CVE-2019-5307 (Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01 ...) NOT-FOR-US: Huawei CVE-2019-5306 (There is a Factory Reset Protection (FRP) bypass security vulnerabilit ...) NOT-FOR-US: Huawei CVE-2019-5305 (The image processing module of some Huawei Mate 10 smartphones version ...) NOT-FOR-US: Huawei CVE-2019-5304 (Some Huawei products have a buffer error vulnerability. An unauthentic ...) NOT-FOR-US: Huawei CVE-2019-5303 (There are two denial of service vulnerabilities on some Huawei smartph ...) NOT-FOR-US: Huawei CVE-2019-5302 (There are two denial of service vulnerabilities on some Huawei smartph ...) NOT-FOR-US: Huawei CVE-2019-5301 (Huawei smart phones Honor V20 with the versions before 9.0.1.161(C00E1 ...) NOT-FOR-US: Huawei CVE-2019-5300 (There is a digital signature verification bypass vulnerability in AR12 ...) NOT-FOR-US: Huawei CVE-2019-5299 (Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL0 ...) NOT-FOR-US: Huawei CVE-2019-5298 (There is an improper authentication vulnerability in some Huawei AP pr ...) NOT-FOR-US: Huawei CVE-2019-5297 (Emily-L29C Huawei phones versions earlier than 9.0.0.159 (C185E2R1P12T ...) NOT-FOR-US: Huawei CVE-2019-5296 (Mate20 Huawei smartphones versions earlier than HMA-AL00C00B175 have a ...) NOT-FOR-US: Huawei CVE-2019-5295 (Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0 ...) NOT-FOR-US: Huawei CVE-2019-5294 (There is an out of bound read vulnerability in some Huawei products. A ...) NOT-FOR-US: Huawei CVE-2019-5293 (Some Huawei products have a memory leak vulnerability when handling so ...) NOT-FOR-US: Huawei CVE-2019-5292 (Honor 10 Lite, Honor 8A, Huawei Y6 mobile phones with the versions bef ...) NOT-FOR-US: Huawei CVE-2019-5291 (Some Huawei products have an insufficient verification of data authent ...) NOT-FOR-US: Huawei CVE-2019-5290 (Huawei S5700 and S6700 have a DoS security vulnerability. Attackers wi ...) NOT-FOR-US: Huawei CVE-2019-5289 (Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out ...) NOT-FOR-US: Huawei CVE-2019-5288 (P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E1 ...) NOT-FOR-US: Huawei CVE-2019-5287 (P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E1 ...) NOT-FOR-US: Huawei CVE-2019-5286 (There is a reflection XSS vulnerability in the HedEx products. Remote ...) NOT-FOR-US: HedEx / Huawei CVE-2019-5285 (Some Huawei S series switches have a DoS vulnerability. An unauthentic ...) NOT-FOR-US: Huawei CVE-2019-5284 (There is a DoS vulnerability in RTSP module of Leland-AL00A Huawei sma ...) NOT-FOR-US: Huawei CVE-2019-5283 (There is Factory Reset Protection (FRP) bypass security vulnerability ...) NOT-FOR-US: Huawei CVE-2019-5282 (Bastet module of some Huawei smartphones with Versions earlier than Em ...) NOT-FOR-US: Huawei CVE-2019-5281 (There is an information leak vulnerability in some Huawei phones, vers ...) NOT-FOR-US: Huawei CVE-2019-5280 (The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has ...) NOT-FOR-US: Huawei CVE-2019-5279 (Huawei smart phones Emily-L29C with Versions earlier than 9.1.0.311(C1 ...) NOT-FOR-US: Huawei CVE-2019-5278 (There is an out-of-bounds read vulnerability in the Advanced Packages ...) NOT-FOR-US: Huawei CVE-2019-5277 (Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak v ...) NOT-FOR-US: Huawei CVE-2019-5276 (Huawei smart phones with earlier versions than ELLE-AL00B 9.1.0.222(C0 ...) NOT-FOR-US: Huawei CVE-2019-5275 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...) NOT-FOR-US: Huawei CVE-2019-5274 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...) NOT-FOR-US: Huawei CVE-2019-5273 (USG9500 with versions of V500R001C30;V500R001C60 have a denial of serv ...) NOT-FOR-US: Huawei CVE-2019-5272 (USG9500 with versions of V500R001C30;V500R001C60 have a missing integr ...) NOT-FOR-US: Huawei CVE-2019-5271 (There is an information leak vulnerability in Huawei smart speaker Myn ...) NOT-FOR-US: Huawei CVE-2019-5270 RESERVED CVE-2019-5269 (Some Huawei home routers have an improper authorization vulnerability. ...) NOT-FOR-US: Huawei CVE-2019-5268 (Some Huawei home routers have an input validation vulnerability. Due t ...) NOT-FOR-US: Huawei CVE-2019-5267 (Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vu ...) NOT-FOR-US: Huawei CVE-2019-5266 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an ...) NOT-FOR-US: Huawei CVE-2019-5265 (Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an ...) NOT-FOR-US: Huawei CVE-2019-5264 (There is an information disclosure vulnerability in certain Huawei sma ...) NOT-FOR-US: Huawei CVE-2019-5263 (HiSuite with 9.1.0.305 and earlier versions and 9.1.0.305(MAC) and ear ...) NOT-FOR-US: Huawei CVE-2019-5262 RESERVED CVE-2019-5261 RESERVED CVE-2019-5260 (Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of s ...) NOT-FOR-US: Huawei CVE-2019-5259 (There is an information leakage vulnerability on some Huawei products( ...) NOT-FOR-US: Huawei CVE-2019-5258 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...) NOT-FOR-US: Huawei CVE-2019-5257 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...) NOT-FOR-US: Huawei CVE-2019-5256 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...) NOT-FOR-US: Huawei CVE-2019-5255 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...) NOT-FOR-US: Huawei CVE-2019-5254 (Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600 ...) NOT-FOR-US: Huawei CVE-2019-5253 (E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an impro ...) NOT-FOR-US: Huawei CVE-2019-5252 (There is an improper authentication vulnerability in Huawei smartphone ...) NOT-FOR-US: Huawei CVE-2019-5251 (There is a path traversal vulnerability in several Huawei smartphones. ...) NOT-FOR-US: Huawei CVE-2019-5250 (Mate 20 Pro smartphones with versions earlier than 9.1.0.135(C00E133R3 ...) NOT-FOR-US: Mate 20 Pro smartphones CVE-2019-5249 RESERVED CVE-2019-5248 (CloudEngine 12800 has a DoS vulnerability. An attacker of a neighborin ...) NOT-FOR-US: CloudEngine 12800 CVE-2019-5247 (Huawei Atlas 300, Atlas 500 have a buffer overflow vulnerability. A lo ...) NOT-FOR-US: Huawei CVE-2019-5246 (Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0 ...) NOT-FOR-US: Huawei CVE-2019-5245 (HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulner ...) NOT-FOR-US: Huawei CVE-2019-5244 (Mate 9 Pro Huawei smartphones earlier than LON-L29C 8.0.0.361(C636) ve ...) NOT-FOR-US: Huawei CVE-2019-5243 (There is a Clickjacking vulnerability in Huawei HG255s product. An att ...) NOT-FOR-US: Huawei CVE-2019-5242 (There is a code execution vulnerability in Huawei PCManager versions e ...) NOT-FOR-US: Huawei CVE-2019-5241 (There is a privilege escalation vulnerability in Huawei PCManager vers ...) NOT-FOR-US: Huawei CVE-2019-5240 RESERVED CVE-2019-5239 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...) NOT-FOR-US: Huawei CVE-2019-5238 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...) NOT-FOR-US: Huawei CVE-2019-5237 (Huawei PCManager with the versions before 9.0.1.66 (Oversea) and versi ...) NOT-FOR-US: Huawei CVE-2019-5236 (Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1. ...) NOT-FOR-US: Huawei CVE-2019-5235 (Some Huawei smart phones have a null pointer dereference vulnerability ...) NOT-FOR-US: Huawei CVE-2019-5234 RESERVED CVE-2019-5233 (Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(S ...) NOT-FOR-US: Huawei CVE-2019-5232 (There is a use of insufficiently random values vulnerability in Huawei ...) NOT-FOR-US: Huawei CVE-2019-5231 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E18 ...) NOT-FOR-US: Huawei CVE-2019-5230 (P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte ...) NOT-FOR-US: Huawei CVE-2019-5229 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E19 ...) NOT-FOR-US: P30 smartphones CVE-2019-5228 (Certain detection module of P30, P30 Pro, Honor V20 smartphone whith V ...) NOT-FOR-US: Huawei CVE-2019-5227 (P30, P30 Pro, Mate 20 smartphones with software of versions earlier th ...) NOT-FOR-US: Huawei CVE-2019-5226 (P30, P30 Pro, Mate 20 smartphones with software of versions earlier th ...) NOT-FOR-US: Huawei CVE-2019-5225 (P30, Mate 20, P30 Pro smartphones with software of versions earlier th ...) NOT-FOR-US: Huawei CVE-2019-5224 (P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193(C00E19 ...) NOT-FOR-US: Huawei CVE-2019-5223 (PCManager 9.1.3.1 has an improper authentication vulnerability. The ce ...) NOT-FOR-US: PCManager CVE-2019-5222 (There is an information disclosure vulnerability on Secure Input of ce ...) NOT-FOR-US: Huawei CVE-2019-5221 (There is a path traversal vulnerability on Huawei Share. The software ...) NOT-FOR-US: Huawei CVE-2019-5220 (There is a Factory Reset Protection (FRP) bypass vulnerability on seve ...) NOT-FOR-US: Huawei CVE-2019-5219 (There is a double free vulnerability on certain drivers of Huawei Mate ...) NOT-FOR-US: Huawei CVE-2019-5218 (There is an insufficient authentication vulnerability in Huawei Band 2 ...) NOT-FOR-US: Huawei CVE-2019-5217 (There is an information disclosure vulnerability on Mate 9 Pro Huawei ...) NOT-FOR-US: Huawei CVE-2019-5216 (There is a race condition vulnerability on Huawei Honor V10 smartphone ...) NOT-FOR-US: Huawei CVE-2019-5215 (There is a man-in-the-middle (MITM) vulnerability on Huawei P30 smartp ...) NOT-FOR-US: Huawei CVE-2019-5214 (There is a use after free vulnerability on certain driver component in ...) NOT-FOR-US: Huawei CVE-2019-5213 (Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0. ...) NOT-FOR-US: Honor play smartphones CVE-2019-5212 (There is an improper access control vulnerability in Huawei Share. The ...) NOT-FOR-US: Huawei CVE-2019-5211 (The Huawei Share function of P20 phones with versions earlier than Emi ...) NOT-FOR-US: Huawei CVE-2019-5210 (Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.19 ...) NOT-FOR-US: Huawei CVE-2019-5209 REJECTED CVE-2019-5208 REJECTED CVE-2019-5207 REJECTED CVE-2019-5206 REJECTED CVE-2019-5205 REJECTED CVE-2019-5204 RESERVED CVE-2019-5203 RESERVED CVE-2019-5202 RESERVED CVE-2019-5201 RESERVED CVE-2019-5200 RESERVED CVE-2019-5199 RESERVED CVE-2019-5198 RESERVED CVE-2019-5197 RESERVED CVE-2019-5196 RESERVED CVE-2019-5195 RESERVED CVE-2019-5194 RESERVED CVE-2019-5193 RESERVED CVE-2019-5192 RESERVED CVE-2019-5191 RESERVED CVE-2019-5190 RESERVED CVE-2019-5189 RESERVED CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing funct ...) {DLA-2290-1 DLA-2156-1} - e2fsprogs 1.45.5-1 (bug #948508) [buster] - e2fsprogs 1.44.5-1+deb10u3 NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff NOTE: Further hardening: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba137571ba13755337e19c9a826dfc874562a36e1b24d3 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973 CVE-2019-5187 (An exploitable out-of-bounds write vulnerability exists in the TIFread ...) NOT-FOR-US: Accusoft ImageGear CVE-2019-5186 (An exploitable stack buffer overflow vulnerability vulnerability exist ...) NOT-FOR-US: WAGO CVE-2019-5185 (An exploitable stack buffer overflow vulnerability vulnerability exist ...) NOT-FOR-US: WAGO CVE-2019-5184 (An exploitable double free vulnerability exists in the iocheckd servic ...) NOT-FOR-US: WAGO CVE-2019-5183 (An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL ...) NOT-FOR-US: AMD ATIDXX64.DLL driver CVE-2019-5182 (An exploitable stack buffer overflow vulnerability vulnerability exist ...) NOT-FOR-US: WAGO CVE-2019-5181 (An exploitable stack buffer overflow vulnerability vulnerability exist ...) NOT-FOR-US: WAGO CVE-2019-5180 (An exploitable stack buffer overflow vulnerability vulnerability exist ...) NOT-FOR-US: WAGO CVE-2019-5179 (An exploitable stack buffer overflow vulnerability vulnerability exist ...) NOT-FOR-US: WAGO CVE-2019-5178 (An exploitable stack buffer overflow vulnerability vulnerability exist ...) NOT-FOR-US: WAGO CVE-2019-5177 (An exploitable stack buffer overflow vulnerability vulnerability exist ...) NOT-FOR-US: WAGO CVE-2019-5176 (An exploitable stack buffer overflow vulnerability vulnerability exist ...) NOT-FOR-US: WAGO CVE-2019-5175 (An exploitable command injection vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5174 (An exploitable command injection vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5173 (An exploitable command injection vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5172 (An exploitable command injection vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5171 (An exploitable command injection vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5170 (An exploitable command injection vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5169 (An exploitable command injection vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5168 (An exploitable command injection vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5167 (An exploitable command injection vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5166 (An exploitable stack buffer overflow vulnerability exists in the ioche ...) NOT-FOR-US: WAGO CVE-2019-5165 (An exploitable authentication bypass vulnerability exists in the hostn ...) NOT-FOR-US: Moxa CVE-2019-5164 (An exploitable code execution vulnerability exists in the ss-manager b ...) - shadowsocks-libev 3.3.3+ds-2 [buster] - shadowsocks-libev (Minor issue) [stretch] - shadowsocks-libev (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0958 NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2537 NOTE: Mitigation: Using a unix socket with ss-manager via --manager-socket. NOTE: Exposing ss-manager to pubic is always dangerous. CVE-2019-5163 (An exploitable denial-of-service vulnerability exists in the UDPRelay ...) - shadowsocks-libev 3.3.3+ds-2 [buster] - shadowsocks-libev (Minor issue) [stretch] - shadowsocks-libev (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0956 NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2536 CVE-2019-5162 (An exploitable improper access control vulnerability exists in the iw_ ...) NOT-FOR-US: Moxa CVE-2019-5161 (An exploitable remote code execution vulnerability exists in the Cloud ...) NOT-FOR-US: WAGO CVE-2019-5160 (An exploitable improper host validation vulnerability exists in the Cl ...) NOT-FOR-US: WAGO CVE-2019-5159 (An exploitable improper input validation vulnerability exists in the f ...) NOT-FOR-US: WAGO CVE-2019-5158 (An exploitable firmware downgrade vulnerability exists in the firmware ...) NOT-FOR-US: WAGO CVE-2019-5157 (An exploitable command injection vulnerability exists in the Cloud Con ...) NOT-FOR-US: WAGO CVE-2019-5156 (An exploitable command injection vulnerability exists in the cloud con ...) NOT-FOR-US: WAGO CVE-2019-5155 (An exploitable command injection vulnerability exists in the cloud con ...) NOT-FOR-US: WAGO CVE-2019-5154 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...) NOT-FOR-US: LEADTOOLS CVE-2019-5153 (An exploitable remote code execution vulnerability exists in the iw_we ...) NOT-FOR-US: Moxa CVE-2019-5152 (An exploitable information disclosure vulnerability exists in the netw ...) - shadowsocks-libev (unimportant) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0942 NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2525 NOTE: Upstream has no plan to remove stream ciphers as per NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/2525#issuecomment-557551274 NOTE: Documented insecure use case provided for backwards compatibility. CVE-2019-5151 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A ...) NOT-FOR-US: YouPHPTube CVE-2019-5150 (An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. Wh ...) NOT-FOR-US: YouPHPTube CVE-2019-5149 (The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on ...) NOT-FOR-US: WAGO CVE-2019-5148 (An exploitable denial-of-service vulnerability exists in ServiceAgent ...) NOT-FOR-US: Moxa CVE-2019-5147 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...) NOT-FOR-US: AMD ATIDXX64.DLL driver CVE-2019-5146 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...) NOT-FOR-US: AMD ATIDXX64.DLL driver CVE-2019-5145 (An exploitable use-after-free vulnerability exists in the JavaScript e ...) NOT-FOR-US: Foxit PDF Reader CVE-2019-5144 (An exploitable heap underflow vulnerability exists in the derive_taps_ ...) NOT-FOR-US: Kakadu Software SDK CVE-2019-5143 (An exploitable format string vulnerability exists in the iw_console co ...) NOT-FOR-US: Moxa CVE-2019-5142 (An exploitable command injection vulnerability exists in the hostname ...) NOT-FOR-US: Moxa CVE-2019-5141 (An exploitable command injection vulnerability exists in the iw_webs f ...) NOT-FOR-US: Moxa CVE-2019-5140 (An exploitable command injection vulnerability exists in the iwwebs fu ...) NOT-FOR-US: Moxa CVE-2019-5139 (An exploitable use of hard-coded credentials vulnerability exists in m ...) NOT-FOR-US: Moxa CVE-2019-5138 (An exploitable command injection vulnerability exists in encrypted dia ...) NOT-FOR-US: Moxa CVE-2019-5137 (The usage of hard-coded cryptographic keys within the ServiceAgent bin ...) NOT-FOR-US: Moxa CVE-2019-5136 (An exploitable privilege escalation vulnerability exists in the iw_con ...) NOT-FOR-US: Moxa CVE-2019-5135 (An exploitable timing discrepancy vulnerability exists in the authenti ...) NOT-FOR-US: WAGO CVE-2019-5134 (An exploitable regular expression without anchors vulnerability exists ...) NOT-FOR-US: WAGO CVE-2019-5133 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: ImageGear CVE-2019-5132 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: ImageGear CVE-2019-5131 (An exploitable use-after-free vulnerability exists in the JavaScript e ...) NOT-FOR-US: Foxit PDF Reader CVE-2019-5130 (An exploitable use-after-free vulnerability exists in the JavaScript e ...) NOT-FOR-US: Foxit PDF Reader CVE-2019-5129 (A command injection have been found in YouPHPTube Encoder. A successfu ...) NOT-FOR-US: YouPHPTube Encoder CVE-2019-5128 (A command injection have been found in YouPHPTube Encoder. A successfu ...) NOT-FOR-US: YouPHPTube Encoder CVE-2019-5127 (A command injection have been found in YouPHPTube Encoder. A successfu ...) NOT-FOR-US: YouPHPTube Encoder CVE-2019-5126 (An exploitable use-after-free vulnerability exists in the JavaScript e ...) NOT-FOR-US: Foxit PDF Reader CVE-2019-5125 (An exploitable heap overflow vulnerability exists in the JPEG2000 pars ...) NOT-FOR-US: LEADTOOLS CVE-2019-5124 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...) NOT-FOR-US: AMD ATIDXX64.DLL driver CVE-2019-5123 (Specially crafted web requests can cause SQL injections in YouPHPTube ...) NOT-FOR-US: YouPHPTube CVE-2019-5122 (SQL injection vulnerabilities exists in the authenticated part of YouP ...) NOT-FOR-US: YouPHPTube CVE-2019-5121 (SQL injection vulnerabilities exists in the authenticated part of YouP ...) NOT-FOR-US: YouPHPTube CVE-2019-5120 (An exploitable SQL injection vulnerability exists in the authenticated ...) NOT-FOR-US: YouPHPTube CVE-2019-5119 (An exploitable SQL injection vulnerability exist in the authenticated ...) NOT-FOR-US: YouPHPTube CVE-2019-5118 RESERVED CVE-2019-5117 (Exploitable SQL injection vulnerabilities exists in the authenticated ...) NOT-FOR-US: YouPHPTube CVE-2019-5116 (An exploitable SQL injection vulnerability exists in the authenticated ...) NOT-FOR-US: YouPHPTube CVE-2019-5115 RESERVED CVE-2019-5114 (An exploitable SQL injection vulnerability exists in the authenticated ...) NOT-FOR-US: YouPHPTube CVE-2019-5113 RESERVED CVE-2019-5112 (Exploitable SQL injection vulnerability exists in the authenticated po ...) NOT-FOR-US: Forma LMS CVE-2019-5111 (Exploitable SQL injection vulnerability exists in the authenticated po ...) NOT-FOR-US: Forma LMS CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authenticated p ...) NOT-FOR-US: Forma LMS CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated ...) NOT-FOR-US: Forma LMS CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linux ker ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.3.7-1 [buster] - linux 4.19.98-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 NOTE: https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e CVE-2019-5107 (A cleartext transmission vulnerability exists in the network communica ...) NOT-FOR-US: WAGO CVE-2019-5106 (A hard-coded encryption key vulnerability exists in the authentication ...) NOT-FOR-US: WAGO CVE-2019-5105 (An exploitable memory corruption vulnerability exists in the Name Serv ...) NOT-FOR-US: 3S-Smart Software Solutions CODESYS GatewayService CVE-2019-5104 REJECTED CVE-2019-5103 RESERVED CVE-2019-5102 (An exploitable information leak vulnerability exists in the ustream-ss ...) NOT-FOR-US: ustream-ssl library of OpenWrt CVE-2019-5101 (An exploitable information leak vulnerability exists in the ustream-ss ...) NOT-FOR-US: ustream-ssl library of OpenWrt CVE-2019-5100 (An exploitable integer overflow vulnerability exists in the BMP header ...) NOT-FOR-US: LEADTOOLS CVE-2019-5099 (An exploitable integer underflow vulnerability exists in the CMP-parsi ...) NOT-FOR-US: LEADTOOLS CVE-2019-5098 (An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64 ...) NOT-FOR-US: AMD ATIDXX64.DLL driver CVE-2019-5097 (A denial-of-service vulnerability exists in the processing of multi-pa ...) NOT-FOR-US: GoAhead CVE-2019-5096 (An exploitable code execution vulnerability exists in the processing o ...) NOT-FOR-US: GoAhead CVE-2019-5095 (An issue summary information disclosure vulnerability exists in Atlass ...) NOT-FOR-US: Atlassian CVE-2019-5094 (An exploitable code execution vulnerability exists in the quota file f ...) {DSA-4535-1 DLA-1935-1} - e2fsprogs 1.45.4-1 (bug #941139) NOTE: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=8dbe7b475ec5e91ed767239f0e85880f416fc384 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887 CVE-2019-5093 (An exploitable code execution vulnerability exists in the DICOM networ ...) NOT-FOR-US: LEADTOOLS CVE-2019-5092 (An exploitable heap out of bounds write vulnerability exists in the UI ...) NOT-FOR-US: LEADTOOLS CVE-2019-5091 (An exploitable denial-of-service vulnerability exists in the Dicom-pac ...) NOT-FOR-US: LEADTOOLS CVE-2019-5090 (An exploitable information disclosure vulnerability exists in the DICO ...) NOT-FOR-US: LEADTOOLS CVE-2019-5089 (An exploitable memory corruption vulnerability exists in Investintech ...) NOT-FOR-US: Investintech CVE-2019-5088 (An exploitable memory corruption vulnerability exists in Investintech ...) NOT-FOR-US: Investintech CVE-2019-5087 (An exploitable integer overflow vulnerability exists in the flattenInc ...) {DLA-2553-1} - xcftools 1.0.7-6.1 (bug #945317) [buster] - xcftools 1.0.7-6+deb10u1 NOTE: https://github.com/j-jorge/xcftools/issues/13 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879 CVE-2019-5086 (An exploitable integer overflow vulnerability exists in the flattenInc ...) {DLA-2553-1} - xcftools 1.0.7-6.1 (bug #945317) [buster] - xcftools 1.0.7-6+deb10u1 NOTE: https://github.com/j-jorge/xcftools/issues/12 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878 CVE-2019-5085 (An exploitable code execution vulnerability exists in the DICOM packet ...) NOT-FOR-US: LEADTOOLS CVE-2019-5084 (An exploitable heap out-of-bounds write vulnerability exists in the TI ...) NOT-FOR-US: LEADTOOLS CVE-2019-5083 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2019-5082 (An exploitable heap buffer overflow vulnerability exists in the iochec ...) NOT-FOR-US: WAGO Firmware CVE-2019-5081 (An exploitable heap buffer overflow vulnerability exists in the iochec ...) NOT-FOR-US: WAGO CVE-2019-5080 (An exploitable denial-of-service vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5079 (An exploitable heap buffer overflow vulnerability exists in the iochec ...) NOT-FOR-US: WAGO CVE-2019-5078 (An exploitable denial of service vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5077 (An exploitable denial-of-service vulnerability exists in the iocheckd ...) NOT-FOR-US: WAGO CVE-2019-5076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2019-5075 (An exploitable stack buffer overflow vulnerability exists in the comma ...) NOT-FOR-US: WAGO CVE-2019-5074 (An exploitable stack buffer overflow vulnerability exists in the ioche ...) NOT-FOR-US: WAGO CVE-2019-5073 (An exploitable information exposure vulnerability exists in the iochec ...) NOT-FOR-US: WAGO CVE-2019-5072 (An exploitable command injection vulnerability exists in the /goform/W ...) NOT-FOR-US: Tenda CVE-2019-5071 (An exploitable command injection vulnerability exists in the /goform/W ...) NOT-FOR-US: Tenda CVE-2019-5070 (An exploitable SQL injection vulnerability exists in the unauthenticat ...) NOT-FOR-US: eFront LMS CVE-2019-5069 (A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. ...) NOT-FOR-US: Epignosis eFront LMS CVE-2019-5068 (An exploitable shared memory permissions vulnerability exists in the f ...) {DLA-1993-1} - mesa 19.2.6-1 (low; bug #944298) [buster] - mesa 18.3.6-2+deb10u1 [stretch] - mesa (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857 NOTE: https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html NOTE: https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc CVE-2019-5067 (An uninitialized memory access vulnerability exists in the way Aspose. ...) NOT-FOR-US: Aspose CVE-2019-5066 (An exploitable use-after-free vulnerability exists in the way LZW-comp ...) NOT-FOR-US: Aspose CVE-2019-5065 (An exploitable information disclosure vulnerability exists in the pack ...) NOT-FOR-US: Blynk CVE-2019-5064 (An exploitable heap buffer overflow vulnerability exists in the data s ...) [experimental] - opencv 4.2.0+dfsg-1 - opencv 4.2.0+dfsg-3 (bug #948180) [buster] - opencv (Vulnerable code introduced later) [stretch] - opencv (Vulnerable code introduced later) [jessie] - opencv (The vulnerable code was introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853 NOTE: Fixed by: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111 (4.2.0) NOTE: https://github.com/opencv/opencv/issues/15857 NOTE: Persistence implementation refactored in: https://github.com/opencv/opencv/pull/13011 CVE-2019-5063 (An exploitable heap buffer overflow vulnerability exists in the data s ...) [experimental] - opencv 4.2.0+dfsg-1 - opencv 4.2.0+dfsg-3 (bug #948180) [buster] - opencv (Vulnerable code introduced later) [stretch] - opencv (Vulnerable code introduced later) [jessie] - opencv (The vulnerable code was introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0852 NOTE: Fixed by: https://github.com/opencv/opencv/commit/f42d5399aac80d371b17d689851406669c9b9111 (4.2.0) NOTE: https://github.com/opencv/opencv/issues/15857 NOTE: Persistence implementation refactored in: https://github.com/opencv/opencv/pull/13011 CVE-2019-5062 (An exploitable denial-of-service vulnerability exists in the 802.11w s ...) - wpa (unimportant) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0850 NOTE: Issue is not considered the report recieved bogus and at most with very NOTE: negligible impact. Issue likely would need to be disputed or rejected. CVE-2019-5061 (An exploitable denial-of-service vulnerability exists in the hostapd 2 ...) - wpa 2:2.9+git20200213+877d9a0-1 (unimportant) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0849 NOTE: https://w1.fi/cgit/hostap/commit/?id=018edec9b2bd3db20605117c32ff79c1e625c432 NOTE: removes IAPP functionality from hostapd. IAPP implementation furthermore NOTE: was never really completed on wpa side and this obsoleted functionality in NOTE: hostapd had been moved to the kernel driver already. CVE-2019-5060 (An exploitable code execution vulnerability exists in the XPM image re ...) - libsdl2-image 2.0.5+dfsg1-1 [buster] - libsdl2-image (Minor issue) [stretch] - libsdl2-image (Minor issue) [jessie] - libsdl2-image (Minor issue) - sdl-image1.2 1.2.12-12 [buster] - sdl-image1.2 (Minor issue) [stretch] - sdl-image1.2 (Minor issue) [jessie] - sdl-image1.2 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844 NOTE: https://hg.libsdl.org/SDL_image/rev/26061e601c81 CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM image re ...) - libsdl2-image 2.0.5+dfsg1-1 [buster] - libsdl2-image (Minor issue) [stretch] - libsdl2-image (Minor issue) [jessie] - libsdl2-image (Minor issue) - sdl-image1.2 1.2.12-12 [buster] - sdl-image1.2 (Minor issue) [stretch] - sdl-image1.2 (Minor issue) [jessie] - sdl-image1.2 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843 NOTE: https://hg.libsdl.org/SDL_image/rev/95fc7da55247 CVE-2019-5058 (An exploitable code execution vulnerability exists in the XCF image re ...) - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 [jessie] - libsdl2-image 2.0.0+dfsg-3+deb8u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 [jessie] - sdl-image1.2 1.2.12-5+deb8u2 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842 NOTE: https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10 NOTE: CVE-2019-5058 can be considered a CVE for an incomplete fix for CVE-2018-3977. CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX image-re ...) - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 [jessie] - libsdl2-image (Minor issue) - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 [jessie] - sdl-image1.2 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841 NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb CVE-2019-5056 RESERVED CVE-2019-5055 (An exploitable denial-of-service vulnerability exists in the Host Acce ...) NOT-FOR-US: Netgear CVE-2019-5054 (An exploitable denial-of-service vulnerability exists in the session h ...) NOT-FOR-US: Netgear CVE-2019-5053 (An exploitable use-after-free vulnerability exists in the Length parsi ...) NOT-FOR-US: NitroPDF CVE-2019-5052 (An exploitable integer overflow vulnerability exists when loading a PC ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0821 NOTE: https://hg.libsdl.org/SDL_image/rev/b920be2b3fc6 CVE-2019-5051 (An exploitable heap-based buffer overflow vulnerability exists when lo ...) {DLA-1865-1 DLA-1861-1} - libsdl2-image 2.0.5+dfsg1-1 (bug #932754) [buster] - libsdl2-image 2.0.4+dfsg1-1+deb10u1 [stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2 - sdl-image1.2 1.2.12-11 (bug #932755) [buster] - sdl-image1.2 1.2.12-10+deb10u1 [stretch] - sdl-image1.2 1.2.12-5+deb9u2 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820 NOTE: https://hg.libsdl.org/SDL_image/rev/e7e9786a1a34 CVE-2019-5050 (A specifically crafted PDF file can lead to a heap corruption when ope ...) NOT-FOR-US: NitroPDF CVE-2019-5049 (An exploitable memory corruption vulnerability exists in AMD ATIDXX64. ...) NOT-FOR-US: AMD Windows driver CVE-2019-5048 (A specifically crafted PDF file can lead to a heap corruption when ope ...) NOT-FOR-US: NitroPDF CVE-2019-5047 (An exploitable Use After Free vulnerability exists in the CharProcs pa ...) NOT-FOR-US: NitroPDF CVE-2019-5046 (A specifically crafted jpeg2000 file embedded in a PDF file can lead t ...) NOT-FOR-US: NitroPDF CVE-2019-5045 (A specifically crafted jpeg2000 file embedded in a PDF file can lead t ...) NOT-FOR-US: NitroPDF CVE-2019-5044 REJECTED CVE-2019-5043 (An exploitable denial-of-service vulnerability exists in the Weave dae ...) NOT-FOR-US: Nest CVE-2019-5042 (An exploitable Use-After-Free vulnerability exists in the way Function ...) NOT-FOR-US: Aspose CVE-2019-5041 (An exploitable Stack Based Buffer Overflow vulnerability exists in the ...) NOT-FOR-US: Aspose CVE-2019-5040 (An exploitable information disclosure vulnerability exists in the Weav ...) NOT-FOR-US: OpenWeave CVE-2019-5039 (An exploitable command execution vulnerability exists in the ASN1 cert ...) NOT-FOR-US: OpenWeave CVE-2019-5038 (An exploitable command execution vulnerability exists in the print-tlv ...) NOT-FOR-US: OpenWeave CVE-2019-5037 (An exploitable denial-of-service vulnerability exists in the Weave cer ...) NOT-FOR-US: Nest CVE-2019-5036 (An exploitable denial-of-service vulnerability exists in the Weave err ...) NOT-FOR-US: Nest CVE-2019-5035 (An exploitable information disclosure vulnerability exists in the Weav ...) NOT-FOR-US: Nest CVE-2019-5034 (An exploitable information disclosure vulnerability exists in the Weav ...) NOT-FOR-US: Nest CVE-2019-5033 (An exploitable out-of-bounds read vulnerability exists in the Number r ...) NOT-FOR-US: Aspose CVE-2019-5032 (An exploitable out-of-bounds read vulnerability exists in the LabelSst ...) NOT-FOR-US: Aspose CVE-2019-5031 (An exploitable memory corruption vulnerability exists in the JavaScrip ...) NOT-FOR-US: Foxit PDF Reader CVE-2019-5030 (A buffer overflow vulnerability exists in the PowerPoint document conv ...) NOT-FOR-US: Rainbow PDF Office Server Document Converter CVE-2019-5029 (An exploitable command injection vulnerability exists in the Config ed ...) NOT-FOR-US: Exhibitor Web UI CVE-2019-5028 REJECTED CVE-2019-5027 REJECTED CVE-2019-5026 REJECTED CVE-2019-5025 REJECTED CVE-2019-5024 (A restricted environment escape vulnerability exists in the “kio ...) NOT-FOR-US: Capsule Technologies SmartLinx Neuron CVE-2019-5023 (An exploitable vulnerability exists in the grsecurity PaX patch for th ...) - linux-grsec CVE-2019-5022 REJECTED CVE-2019-5021 (Versions of the Official Alpine Linux Docker images (since v3.3) conta ...) NOT-FOR-US: Official Alpine Linux Docker images CVE-2019-5020 (An exploitable denial of service vulnerability exists in the object lo ...) - yara 3.9.0-1 [stretch] - yara (dex module introduced in 3.8.0) [jessie] - yara (dex module introduced in 3.8.0) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0781 NOTE: https://github.com/VirusTotal/yara/issues/1023 NOTE: https://github.com/VirusTotal/yara/commit/1ecb0e66431bf5c5b4c2fdf622be969eb5f4a7cc NOTE: https://github.com/VirusTotal/yara/commit/a3784d3855029bd0ad24071e72746cc0c31b8cba CVE-2019-5019 (A heap-based overflow vulnerability exists in the PowerPoint document ...) NOT-FOR-US: Rainbow PDF Office Server Document Converter CVE-2019-5018 (An exploitable use after free vulnerability exists in the window funct ...) - sqlite3 3.27.2-3 (bug #928770) [stretch] - sqlite3 (windowfuncs introduced in 3.25.0) [jessie] - sqlite3 (windowfuncs introduced in 3.25.0) NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777 CVE-2019-5017 (An exploitable information disclosure vulnerability exists in the KCod ...) NOT-FOR-US: NETGEAR CVE-2019-5016 (An exploitable arbitrary memory read vulnerability exists in the KCode ...) NOT-FOR-US: NETGEAR CVE-2019-5015 (A local privilege escalation vulnerability exists in the Mac OS X vers ...) NOT-FOR-US: Apple CVE-2019-5014 (An exploitable improper access control vulnerability exists in the blu ...) NOT-FOR-US: Winco Fireworks FireFly FW-1007 CVE-2019-5013 (An exploitable privilege escalation vulnerability exists in the Wacom, ...) NOT-FOR-US: Wacom MacOS driver CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the Wacom, ...) NOT-FOR-US: Wacom MacOS driver CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...) NOT-FOR-US: CleanMyMac CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the X509 cert ...) {DLA-2337-1 DLA-2280-1 DLA-1834-1 DLA-1663-1} - python3.7 3.7.2-2 (bug #921064) - python3.6 (bug #921063) - python3.5 - python3.4 - python2.7 2.7.15-6 (bug #921040) NOTE: https://bugs.python.org/issue35746 NOTE: https://github.com/python/cpython/pull/11569 NOTE: https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031 (3.7.x) NOTE: https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a (3.6.x) NOTE: https://github.com/python/cpython/commit/06b15424b0dcacb1c551b2a36e739fffa8d0c595 (2.7.x) CVE-2019-5009 (Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extens ...) NOT-FOR-US: Vtiger CRM CVE-2019-5008 (hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dere ...) - qemu 1:3.1+dfsg-8 (low; bug #927439) [buster] - qemu 1:3.1+dfsg-8~deb10u1 [stretch] - qemu (Vulnerable code not present) [jessie] - qemu (Vulnerable code not present) - qemu-kvm NOTE: https://fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/ NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ad280559c68360c9f1cd7be063857853759e6a73 (4.0.0-rc0) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=25c5d5acfbaa148b2da64b1f2c1401f87ebb0bb4 (MemoryRegionOps introduced in 2.12) CVE-2019-5007 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...) NOT-FOR-US: Foxit Reader and PhantomPDF CVE-2019-5006 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...) NOT-FOR-US: Foxit Reader and PhantomPDF CVE-2019-5005 (An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on W ...) NOT-FOR-US: Foxit Reader and PhantomPDF CVE-2019-5004 RESERVED CVE-2019-5003 REJECTED CVE-2019-5002 REJECTED CVE-2019-5001 REJECTED CVE-2019-5000 REJECTED CVE-2019-4999 REJECTED CVE-2019-4998 REJECTED CVE-2019-4997 REJECTED CVE-2019-4996 REJECTED CVE-2019-4995 REJECTED CVE-2019-4994 REJECTED CVE-2019-4993 REJECTED CVE-2019-4992 REJECTED CVE-2019-4991 REJECTED CVE-2019-4990 REJECTED CVE-2019-4989 REJECTED CVE-2019-4988 REJECTED CVE-2019-4987 REJECTED CVE-2019-4986 REJECTED CVE-2019-4985 REJECTED CVE-2019-4984 REJECTED CVE-2019-4983 REJECTED CVE-2019-4982 REJECTED CVE-2019-4981 REJECTED CVE-2019-4980 REJECTED CVE-2019-4979 REJECTED CVE-2019-4978 REJECTED CVE-2019-4977 REJECTED CVE-2019-4976 REJECTED CVE-2019-4975 REJECTED CVE-2019-4974 REJECTED CVE-2019-4973 REJECTED CVE-2019-4972 REJECTED CVE-2019-4971 REJECTED CVE-2019-4970 REJECTED CVE-2019-4969 REJECTED CVE-2019-4968 REJECTED CVE-2019-4967 REJECTED CVE-2019-4966 REJECTED CVE-2019-4965 REJECTED CVE-2019-4964 REJECTED CVE-2019-4963 REJECTED CVE-2019-4962 REJECTED CVE-2019-4961 REJECTED CVE-2019-4960 REJECTED CVE-2019-4959 REJECTED CVE-2019-4958 REJECTED CVE-2019-4957 REJECTED CVE-2019-4956 REJECTED CVE-2019-4955 REJECTED CVE-2019-4954 REJECTED CVE-2019-4953 REJECTED CVE-2019-4952 REJECTED CVE-2019-4951 REJECTED CVE-2019-4950 REJECTED CVE-2019-4949 REJECTED CVE-2019-4948 REJECTED CVE-2019-4947 REJECTED CVE-2019-4946 REJECTED CVE-2019-4945 REJECTED CVE-2019-4944 REJECTED CVE-2019-4943 REJECTED CVE-2019-4942 REJECTED CVE-2019-4941 REJECTED CVE-2019-4940 REJECTED CVE-2019-4939 REJECTED CVE-2019-4938 REJECTED CVE-2019-4937 REJECTED CVE-2019-4936 REJECTED CVE-2019-4935 REJECTED CVE-2019-4934 REJECTED CVE-2019-4933 REJECTED CVE-2019-4932 REJECTED CVE-2019-4931 REJECTED CVE-2019-4930 REJECTED CVE-2019-4929 REJECTED CVE-2019-4928 REJECTED CVE-2019-4927 REJECTED CVE-2019-4926 REJECTED CVE-2019-4925 REJECTED CVE-2019-4924 REJECTED CVE-2019-4923 REJECTED CVE-2019-4922 REJECTED CVE-2019-4921 REJECTED CVE-2019-4920 REJECTED CVE-2019-4919 REJECTED CVE-2019-4918 REJECTED CVE-2019-4917 REJECTED CVE-2019-4916 REJECTED CVE-2019-4915 REJECTED CVE-2019-4914 REJECTED CVE-2019-4913 REJECTED CVE-2019-4912 REJECTED CVE-2019-4911 REJECTED CVE-2019-4910 REJECTED CVE-2019-4909 REJECTED CVE-2019-4908 REJECTED CVE-2019-4907 REJECTED CVE-2019-4906 REJECTED CVE-2019-4905 REJECTED CVE-2019-4904 REJECTED CVE-2019-4903 REJECTED CVE-2019-4902 REJECTED CVE-2019-4901 REJECTED CVE-2019-4900 REJECTED CVE-2019-4899 REJECTED CVE-2019-4898 REJECTED CVE-2019-4897 REJECTED CVE-2019-4896 REJECTED CVE-2019-4895 REJECTED CVE-2019-4894 REJECTED CVE-2019-4893 REJECTED CVE-2019-4892 REJECTED CVE-2019-4891 REJECTED CVE-2019-4890 REJECTED CVE-2019-4889 REJECTED CVE-2019-4888 REJECTED CVE-2019-4887 REJECTED CVE-2019-4886 REJECTED CVE-2019-4885 REJECTED CVE-2019-4884 REJECTED CVE-2019-4883 REJECTED CVE-2019-4882 REJECTED CVE-2019-4881 REJECTED CVE-2019-4880 REJECTED CVE-2019-4879 REJECTED CVE-2019-4878 REJECTED CVE-2019-4877 REJECTED CVE-2019-4876 REJECTED CVE-2019-4875 REJECTED CVE-2019-4874 REJECTED CVE-2019-4873 REJECTED CVE-2019-4872 REJECTED CVE-2019-4871 REJECTED CVE-2019-4870 REJECTED CVE-2019-4869 REJECTED CVE-2019-4868 REJECTED CVE-2019-4867 REJECTED CVE-2019-4866 REJECTED CVE-2019-4865 REJECTED CVE-2019-4864 REJECTED CVE-2019-4863 REJECTED CVE-2019-4862 REJECTED CVE-2019-4861 REJECTED CVE-2019-4860 REJECTED CVE-2019-4859 REJECTED CVE-2019-4858 REJECTED CVE-2019-4857 REJECTED CVE-2019-4856 REJECTED CVE-2019-4855 REJECTED CVE-2019-4854 REJECTED CVE-2019-4853 REJECTED CVE-2019-4852 REJECTED CVE-2019-4851 REJECTED CVE-2019-4850 REJECTED CVE-2019-4849 REJECTED CVE-2019-4848 REJECTED CVE-2019-4847 REJECTED CVE-2019-4846 REJECTED CVE-2019-4845 REJECTED CVE-2019-4844 REJECTED CVE-2019-4843 REJECTED CVE-2019-4842 REJECTED CVE-2019-4841 REJECTED CVE-2019-4840 REJECTED CVE-2019-4839 REJECTED CVE-2019-4838 REJECTED CVE-2019-4837 REJECTED CVE-2019-4836 REJECTED CVE-2019-4835 REJECTED CVE-2019-4834 REJECTED CVE-2019-4833 REJECTED CVE-2019-4832 REJECTED CVE-2019-4831 REJECTED CVE-2019-4830 REJECTED CVE-2019-4829 REJECTED CVE-2019-4828 REJECTED CVE-2019-4827 REJECTED CVE-2019-4826 REJECTED CVE-2019-4825 REJECTED CVE-2019-4824 REJECTED CVE-2019-4823 REJECTED CVE-2019-4822 REJECTED CVE-2019-4821 REJECTED CVE-2019-4820 REJECTED CVE-2019-4819 REJECTED CVE-2019-4818 REJECTED CVE-2019-4817 REJECTED CVE-2019-4816 REJECTED CVE-2019-4815 REJECTED CVE-2019-4814 REJECTED CVE-2019-4813 REJECTED CVE-2019-4812 REJECTED CVE-2019-4811 REJECTED CVE-2019-4810 REJECTED CVE-2019-4809 REJECTED CVE-2019-4808 REJECTED CVE-2019-4807 REJECTED CVE-2019-4806 REJECTED CVE-2019-4805 REJECTED CVE-2019-4804 REJECTED CVE-2019-4803 REJECTED CVE-2019-4802 REJECTED CVE-2019-4801 REJECTED CVE-2019-4800 REJECTED CVE-2019-4799 REJECTED CVE-2019-4798 REJECTED CVE-2019-4797 REJECTED CVE-2019-4796 REJECTED CVE-2019-4795 REJECTED CVE-2019-4794 REJECTED CVE-2019-4793 REJECTED CVE-2019-4792 REJECTED CVE-2019-4791 REJECTED CVE-2019-4790 REJECTED CVE-2019-4789 REJECTED CVE-2019-4788 REJECTED CVE-2019-4787 REJECTED CVE-2019-4786 REJECTED CVE-2019-4785 REJECTED CVE-2019-4784 REJECTED CVE-2019-4783 REJECTED CVE-2019-4782 REJECTED CVE-2019-4781 REJECTED CVE-2019-4780 REJECTED CVE-2019-4779 REJECTED CVE-2019-4778 REJECTED CVE-2019-4777 REJECTED CVE-2019-4776 REJECTED CVE-2019-4775 REJECTED CVE-2019-4774 REJECTED CVE-2019-4773 REJECTED CVE-2019-4772 REJECTED CVE-2019-4771 REJECTED CVE-2019-4770 REJECTED CVE-2019-4769 REJECTED CVE-2019-4768 REJECTED CVE-2019-4767 REJECTED CVE-2019-4766 REJECTED CVE-2019-4765 REJECTED CVE-2019-4764 REJECTED CVE-2019-4763 REJECTED CVE-2019-4762 (IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to ...) NOT-FOR-US: IBM CVE-2019-4761 RESERVED CVE-2019-4760 RESERVED CVE-2019-4759 RESERVED CVE-2019-4758 RESERVED CVE-2019-4757 RESERVED CVE-2019-4756 RESERVED CVE-2019-4755 RESERVED CVE-2019-4754 RESERVED CVE-2019-4753 RESERVED CVE-2019-4752 (IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Manageme ...) NOT-FOR-US: IBM CVE-2019-4751 (IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace o ...) NOT-FOR-US: IBM CVE-2019-4750 (IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross- ...) NOT-FOR-US: IBM CVE-2019-4749 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2019-4748 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2019-4747 (IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vul ...) NOT-FOR-US: IBM CVE-2019-4746 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...) NOT-FOR-US: IBM CVE-2019-4745 (IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to d ...) NOT-FOR-US: IBM CVE-2019-4744 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scri ...) NOT-FOR-US: IBM CVE-2019-4743 (IBM Financial Transaction Manager 3.0 does not set the secure attribut ...) NOT-FOR-US: IBM CVE-2019-4742 (IBM Financial Transaction Manager 3.0 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2019-4741 (IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forge ...) NOT-FOR-US: IBM CVE-2019-4740 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...) NOT-FOR-US: IBM CVE-2019-4739 RESERVED CVE-2019-4738 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 a ...) NOT-FOR-US: IBM CVE-2019-4737 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...) NOT-FOR-US: IBM CVE-2019-4736 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site requ ...) NOT-FOR-US: IBM CVE-2019-4735 (IBM MaaS360 3.96.62 for iOS could allow an attacker with physical acce ...) NOT-FOR-US: IBM CVE-2019-4734 RESERVED CVE-2019-4733 RESERVED CVE-2019-4732 (IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7. ...) NOT-FOR-US: IBM CVE-2019-4731 (IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highl ...) NOT-FOR-US: IBM CVE-2019-4730 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External En ...) NOT-FOR-US: IBM CVE-2019-4729 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...) NOT-FOR-US: IBM CVE-2019-4728 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...) NOT-FOR-US: IBM CVE-2019-4727 RESERVED CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...) NOT-FOR-US: IBM CVE-2019-4725 (IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2019-4724 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...) NOT-FOR-US: IBM CVE-2019-4723 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...) NOT-FOR-US: IBM CVE-2019-4722 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...) NOT-FOR-US: IBM CVE-2019-4721 RESERVED CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2019-4719 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...) NOT-FOR-US: IBM CVE-2019-4718 (IBM Jazz for Service Management 3.13 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2019-4717 RESERVED CVE-2019-4716 (IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configur ...) NOT-FOR-US: IBM CVE-2019-4715 (IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated atta ...) NOT-FOR-US: IBM CVE-2019-4714 RESERVED CVE-2019-4713 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remo ...) NOT-FOR-US: IBM CVE-2019-4712 RESERVED CVE-2019-4711 RESERVED CVE-2019-4710 RESERVED CVE-2019-4709 RESERVED CVE-2019-4708 RESERVED CVE-2019-4707 (IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML ...) NOT-FOR-US: IBM CVE-2019-4706 (IBM Security Identity Manager Virtual Appliance 7.0.2 writes informati ...) NOT-FOR-US: IBM CVE-2019-4705 (IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensit ...) NOT-FOR-US: IBM CVE-2019-4704 (IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the ...) NOT-FOR-US: IBM CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft ...) NOT-FOR-US: IBM CVE-2019-4702 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissi ...) NOT-FOR-US: IBM CVE-2019-4701 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with a ...) NOT-FOR-US: IBM CVE-2019-4700 RESERVED CVE-2019-4699 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error ...) NOT-FOR-US: IBM CVE-2019-4698 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require t ...) NOT-FOR-US: IBM CVE-2019-4697 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user creden ...) NOT-FOR-US: IBM CVE-2019-4696 RESERVED CVE-2019-4695 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages t ...) NOT-FOR-US: IBM CVE-2019-4694 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-code ...) NOT-FOR-US: IBM CVE-2019-4693 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user creden ...) NOT-FOR-US: IBM CVE-2019-4692 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitiv ...) NOT-FOR-US: IBM CVE-2019-4691 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to c ...) NOT-FOR-US: IBM CVE-2019-4690 RESERVED CVE-2019-4689 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remo ...) NOT-FOR-US: IBM CVE-2019-4688 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the s ...) NOT-FOR-US: IBM CVE-2019-4687 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores sensitive i ...) NOT-FOR-US: IBM CVE-2019-4686 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the s ...) NOT-FOR-US: IBM CVE-2019-4685 RESERVED CVE-2019-4684 RESERVED CVE-2019-4683 RESERVED CVE-2019-4682 RESERVED CVE-2019-4681 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2019-4680 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 i ...) NOT-FOR-US: IBM CVE-2019-4679 (IBM Content Navigator 3.0CD could allow an authenticated user to gain ...) NOT-FOR-US: IBM CVE-2019-4678 RESERVED CVE-2019-4677 RESERVED CVE-2019-4676 (IBM Security Identity Manager Virtual Appliance 7.0.2 stores user cred ...) NOT-FOR-US: IBM CVE-2019-4675 (IBM Security Identity Manager 7.0.1 contains hard-coded credentials, s ...) NOT-FOR-US: IBM CVE-2019-4674 (IBM Security Identity Manager 7.0.1 could allow a remote attacker to t ...) NOT-FOR-US: IBM CVE-2019-4673 RESERVED CVE-2019-4672 (IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacke ...) NOT-FOR-US: IBM CVE-2019-4671 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to SQL injec ...) NOT-FOR-US: IBM CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2019-4669 (IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 ...) NOT-FOR-US: IBM CVE-2019-4668 (IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in ...) NOT-FOR-US: IBM CVE-2019-4667 (IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to ob ...) NOT-FOR-US: IBM CVE-2019-4666 (IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could a ...) NOT-FOR-US: IBM CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2019-4664 RESERVED CVE-2019-4663 (IBM WebSphere Application Server - Liberty is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2019-4662 RESERVED CVE-2019-4661 RESERVED CVE-2019-4660 RESERVED CVE-2019-4659 RESERVED CVE-2019-4658 RESERVED CVE-2019-4657 RESERVED CVE-2019-4656 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...) NOT-FOR-US: IBM CVE-2019-4655 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is ...) NOT-FOR-US: IBM CVE-2019-4654 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly va ...) NOT-FOR-US: IBM CVE-2019-4653 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2019-4652 (IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file per ...) NOT-FOR-US: IBM Spectrum Protect Plus CVE-2019-4651 (IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injectio ...) NOT-FOR-US: IBM CVE-2019-4650 (IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A ...) NOT-FOR-US: IBM CVE-2019-4649 RESERVED CVE-2019-4648 RESERVED CVE-2019-4647 RESERVED CVE-2019-4646 RESERVED CVE-2019-4645 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2019-4644 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2019-4643 RESERVED CVE-2019-4642 RESERVED CVE-2019-4641 RESERVED CVE-2019-4640 (IBM Security Secret Server 10.7 processes patches, image backups and o ...) NOT-FOR-US: IBM CVE-2019-4639 (IBM Security Secret Server 10.7 uses weaker than expected cryptographi ...) NOT-FOR-US: IBM CVE-2019-4638 (IBM Security Secret Server 10.7 does not set the secure attribute on a ...) NOT-FOR-US: IBM CVE-2019-4637 (IBM Security Secret Server 10.7 uses incomplete blacklisting for input ...) NOT-FOR-US: IBM CVE-2019-4636 (IBM Security Secret Server 10.7 could disclose sensitive information t ...) NOT-FOR-US: IBM CVE-2019-4635 (IBM Security Secret Server 10.7 could allow a privileged user to perfo ...) NOT-FOR-US: IBM CVE-2019-4634 RESERVED CVE-2019-4633 (IBM Security Secret Server 10.7 could allow an attacker to obtain sens ...) NOT-FOR-US: IBM CVE-2019-4632 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2019-4631 (IBM Security Secret Server 10.7 could allow a remote attacker to condu ...) NOT-FOR-US: IBM CVE-2019-4630 RESERVED CVE-2019-4629 RESERVED CVE-2019-4628 RESERVED CVE-2019-4627 RESERVED CVE-2019-4626 RESERVED CVE-2019-4625 RESERVED CVE-2019-4624 RESERVED CVE-2019-4623 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2019-4622 RESERVED CVE-2019-4621 (IBM DataPower Gateway 7.6.0.0-7 throug 6.0.14 and 2018.4.1.0 through 2 ...) NOT-FOR-US: IBM CVE-2019-4620 (IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypas ...) NOT-FOR-US: IBM CVE-2019-4619 (IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C ...) NOT-FOR-US: IBM CVE-2019-4618 RESERVED CVE-2019-4617 (IBM Cloud Automation Manager 3.2.1.0 does not renew a session variable ...) NOT-FOR-US: IBM CVE-2019-4616 (IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute ...) NOT-FOR-US: IBM CVE-2019-4615 RESERVED CVE-2019-4614 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Que ...) NOT-FOR-US: IBM CVE-2019-4613 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...) NOT-FOR-US: IBM CVE-2019-4612 (IBM Planning Analytics 2.0 is vulnerable to malicious file upload in t ...) NOT-FOR-US: IBM CVE-2019-4611 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2019-4610 RESERVED CVE-2019-4609 (IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic alg ...) NOT-FOR-US: IBM CVE-2019-4608 (IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2019-4607 RESERVED CVE-2019-4606 (IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a ...) NOT-FOR-US: IBM CVE-2019-4605 RESERVED CVE-2019-4604 RESERVED CVE-2019-4603 (IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authe ...) NOT-FOR-US: IBM CVE-2019-4602 (IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2019-4601 (IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authe ...) NOT-FOR-US: IBM CVE-2019-4600 (IBM API Connect version V5.0.0.0 through 5.0.8.7 could reveal sensitiv ...) NOT-FOR-US: IBM CVE-2019-4599 RESERVED CVE-2019-4598 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...) NOT-FOR-US: IBM CVE-2019-4597 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...) NOT-FOR-US: IBM CVE-2019-4596 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...) NOT-FOR-US: IBM CVE-2019-4595 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 c ...) NOT-FOR-US: IBM CVE-2019-4594 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obt ...) NOT-FOR-US: IBM CVE-2019-4593 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that incl ...) NOT-FOR-US: IBM CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow ...) NOT-FOR-US: IBM CVE-2019-4591 (IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate sessio ...) NOT-FOR-US: IBM CVE-2019-4590 RESERVED CVE-2019-4589 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalatio ...) NOT-FOR-US: IBM CVE-2019-4588 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4587 RESERVED CVE-2019-4586 RESERVED CVE-2019-4585 RESERVED CVE-2019-4584 RESERVED CVE-2019-4583 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authen ...) NOT-FOR-US: IBM CVE-2019-4582 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2019-4580 RESERVED CVE-2019-4579 (IBM Resilient SOAR 38 uses incomplete blacklisting for input validatio ...) NOT-FOR-US: IBM CVE-2019-4578 RESERVED CVE-2019-4577 RESERVED CVE-2019-4576 (IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA d ...) NOT-FOR-US: IBM CVE-2019-4575 RESERVED CVE-2019-4574 RESERVED CVE-2019-4573 RESERVED CVE-2019-4572 (IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations ...) NOT-FOR-US: IBM CVE-2019-4571 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2019-4570 (IBM Tivoli Netcool Impact 7.1.0 through 7.1.0.16 generates an error me ...) NOT-FOR-US: IBM CVE-2019-4569 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.16 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2019-4568 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attac ...) NOT-FOR-US: IBM CVE-2019-4567 RESERVED CVE-2019-4566 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 stores user credentia ...) NOT-FOR-US: IBM CVE-2019-4565 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that ...) NOT-FOR-US: IBM CVE-2019-4564 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnera ...) NOT-FOR-US: IBM CVE-2019-4563 (IBM Security Directory Server 6.4.0 does not set the secure attribute ...) NOT-FOR-US: IBM CVE-2019-4562 (IBM Security Directory Server 6.4.0 stores sensitive information in UR ...) NOT-FOR-US: IBM CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...) NOT-FOR-US: IBM CVE-2019-4560 (IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulne ...) NOT-FOR-US: IBM CVE-2019-4559 (IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to ...) NOT-FOR-US: IBM CVE-2019-4558 (A security vulnerability has been identified in all levels of IBM Spec ...) NOT-FOR-US: IBM CVE-2019-4557 (IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expect ...) NOT-FOR-US: IBM CVE-2019-4556 (IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting fo ...) NOT-FOR-US: IBM CVE-2019-4555 (IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2019-4554 RESERVED CVE-2019-4553 (IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expecte ...) NOT-FOR-US: IBM CVE-2019-4552 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...) NOT-FOR-US: IBM CVE-2019-4551 (IBM Security Directory Server 6.4.0 does not perform an authentication ...) NOT-FOR-US: IBM CVE-2019-4550 (IBM Security Directory Server 6.4.0 is deployed with active debugging ...) NOT-FOR-US: IBM CVE-2019-4549 (IBM Security Directory Server 6.4.0 discloses sensitive information to ...) NOT-FOR-US: IBM CVE-2019-4548 (IBM Security Directory Server 6.4.0 could allow a remote attacker to h ...) NOT-FOR-US: IBM CVE-2019-4547 (IBM Security Directory Server 6.4.0 generates an error message that in ...) NOT-FOR-US: IBM CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment Manager ...) NOT-FOR-US: IBM CVE-2019-4545 (IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Au ...) NOT-FOR-US: IBM CVE-2019-4544 RESERVED CVE-2019-4543 RESERVED CVE-2019-4542 (IBM Security Directory Server 6.4.0 is vulnerable to cross-site script ...) NOT-FOR-US: IBM CVE-2019-4541 (IBM Security Directory Server 6.4.0 uses incomplete blacklisting for i ...) NOT-FOR-US: IBM CVE-2019-4540 (IBM Security Directory Server 6.4.0 uses weaker than expected cryptogr ...) NOT-FOR-US: IBM CVE-2019-4539 (IBM Security Directory Server 6.4.0 does not properly neutralize speci ...) NOT-FOR-US: IBM CVE-2019-4538 (IBM Security Directory Server 6.4.0 could allow a remote attacker to c ...) NOT-FOR-US: IBM CVE-2019-4537 (IBM WebSphere Service Registry and Repository 8.5 could allow a user t ...) NOT-FOR-US: IBM CVE-2019-4536 (IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a ...) NOT-FOR-US: IBM CVE-2019-4535 RESERVED CVE-2019-4534 RESERVED CVE-2019-4533 (IBM Resilient SOAR V38.0 users may experience a denial of service of t ...) NOT-FOR-US: IBM CVE-2019-4532 RESERVED CVE-2019-4531 RESERVED CVE-2019-4530 (IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an aut ...) NOT-FOR-US: IBM CVE-2019-4529 RESERVED CVE-2019-4528 RESERVED CVE-2019-4527 RESERVED CVE-2019-4526 RESERVED CVE-2019-4525 RESERVED CVE-2019-4524 RESERVED CVE-2019-4523 (IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable ...) NOT-FOR-US: IBM CVE-2019-4522 RESERVED CVE-2019-4521 (Platform System Manager in IBM Cloud Pak System 2.3 is potentially vul ...) NOT-FOR-US: IBM CVE-2019-4520 (IBM Security Directory Server 6.4.0 uses an inadequate account lockout ...) NOT-FOR-US: IBM CVE-2019-4519 RESERVED CVE-2019-4518 RESERVED CVE-2019-4517 RESERVED CVE-2019-4516 RESERVED CVE-2019-4515 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2019-4514 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 discloses ...) NOT-FOR-US: IBM CVE-2019-4513 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vul ...) NOT-FOR-US: IBM CVE-2019-4512 (IBM Maximo Asset Management 7.6.1.1 generates an error message that in ...) NOT-FOR-US: IBM CVE-2019-4511 RESERVED CVE-2019-4510 RESERVED CVE-2019-4509 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authoriza ...) NOT-FOR-US: IBM CVE-2019-4508 (IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in so ...) NOT-FOR-US: IBM CVE-2019-4507 RESERVED CVE-2019-4506 RESERVED CVE-2019-4505 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deploy ...) NOT-FOR-US: IBM CVE-2019-4504 RESERVED CVE-2019-4503 RESERVED CVE-2019-4502 RESERVED CVE-2019-4501 RESERVED CVE-2019-4500 RESERVED CVE-2019-4499 RESERVED CVE-2019-4498 RESERVED CVE-2019-4497 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...) NOT-FOR-US: IBM CVE-2019-4496 RESERVED CVE-2019-4495 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...) NOT-FOR-US: IBM CVE-2019-4494 (IBM Jazz Reporting Service (JRS) 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0. ...) NOT-FOR-US: IBM CVE-2019-4493 RESERVED CVE-2019-4492 RESERVED CVE-2019-4491 RESERVED CVE-2019-4490 RESERVED CVE-2019-4489 RESERVED CVE-2019-4488 RESERVED CVE-2019-4487 RESERVED CVE-2019-4486 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2019-4485 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...) NOT-FOR-US: IBM CVE-2019-4484 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...) NOT-FOR-US: IBM CVE-2019-4483 (IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend A ...) NOT-FOR-US: IBM CVE-2019-4482 (IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2019-4481 (IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend A ...) NOT-FOR-US: IBM CVE-2019-4480 RESERVED CVE-2019-4479 RESERVED CVE-2019-4478 (IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authentica ...) NOT-FOR-US: IBM CVE-2019-4477 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2019-4476 RESERVED CVE-2019-4475 RESERVED CVE-2019-4474 RESERVED CVE-2019-4473 (Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on ...) NOT-FOR-US: IBM CVE-2019-4472 RESERVED CVE-2019-4471 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ob ...) NOT-FOR-US: IBM CVE-2019-4470 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2019-4469 RESERVED CVE-2019-4468 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2019-4467 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2019-4466 RESERVED CVE-2019-4465 (IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored loc ...) NOT-FOR-US: IBM CVE-2019-4464 RESERVED CVE-2019-4463 RESERVED CVE-2019-4462 RESERVED CVE-2019-4461 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is ...) NOT-FOR-US: IBM CVE-2019-4460 (IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a ...) NOT-FOR-US: IBM CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...) NOT-FOR-US: IBM CVE-2019-4458 RESERVED CVE-2019-4457 (IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and ...) NOT-FOR-US: IBM CVE-2019-4456 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 ...) NOT-FOR-US: IBM CVE-2019-4455 RESERVED CVE-2019-4454 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2019-4453 RESERVED CVE-2019-4452 RESERVED CVE-2019-4451 (IBM Security Identity Manager 6.0.0 is vulnerable to cross-site script ...) NOT-FOR-US: IBM CVE-2019-4450 (IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2019-4449 RESERVED CVE-2019-4448 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...) NOT-FOR-US: IBM CVE-2019-4447 (IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1 ...) NOT-FOR-US: IBM CVE-2019-4446 (IBM Maximo Asset Management 7.6 could allow an authenticated user perf ...) NOT-FOR-US: IBM CVE-2019-4445 RESERVED CVE-2019-4444 (IBM API Connect 2018.1 through 2018.4.1.7 Developer Portal's user regi ...) NOT-FOR-US: IBM CVE-2019-4443 RESERVED CVE-2019-4442 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a ...) NOT-FOR-US: IBM CVE-2019-4441 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could ...) NOT-FOR-US: IBM CVE-2019-4440 RESERVED CVE-2019-4439 (IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session ...) NOT-FOR-US: IBM CVE-2019-4438 RESERVED CVE-2019-4437 (IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensi ...) NOT-FOR-US: IBM CVE-2019-4436 RESERVED CVE-2019-4435 RESERVED CVE-2019-4434 RESERVED CVE-2019-4433 (IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere I ...) NOT-FOR-US: IBM CVE-2019-4432 RESERVED CVE-2019-4431 (IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2019-4430 (IBM Maximo Asset Management 7.6 could allow a remote attacker to trave ...) NOT-FOR-US: IBM CVE-2019-4429 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2019-4428 (IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is ...) NOT-FOR-US: IBM CVE-2019-4427 (IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using ...) NOT-FOR-US: IBM CVE-2019-4426 (The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and ...) NOT-FOR-US: IBM CVE-2019-4425 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...) NOT-FOR-US: IBM CVE-2019-4424 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...) NOT-FOR-US: IBM CVE-2019-4423 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote ...) NOT-FOR-US: IBM CVE-2019-4422 (IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege ...) NOT-FOR-US: IBM CVE-2019-4421 RESERVED CVE-2019-4420 (IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose ...) NOT-FOR-US: IBM CVE-2019-4419 (IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2019-4418 RESERVED CVE-2019-4417 RESERVED CVE-2019-4416 RESERVED CVE-2019-4415 (IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain e ...) NOT-FOR-US: IBM CVE-2019-4414 RESERVED CVE-2019-4413 RESERVED CVE-2019-4412 (IBM Cognos Controller stores sensitive information in URL parameters. ...) NOT-FOR-US: IBM CVE-2019-4411 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow a ...) NOT-FOR-US: IBM CVE-2019-4410 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...) NOT-FOR-US: IBM CVE-2019-4409 (HCL Traveler versions 9.x and earlier are susceptible to cross-site sc ...) NOT-FOR-US: HCL Traveler CVE-2019-4408 RESERVED CVE-2019-4407 RESERVED CVE-2019-4406 (IBM Spectrum Protect Backup-Archive Client 7.1 and 8.1 may be vulnerab ...) NOT-FOR-US: IBM CVE-2019-4405 RESERVED CVE-2019-4404 RESERVED CVE-2019-4403 (IBM Connections 6.0 is vulnerable to cross-site scripting. This vulner ...) NOT-FOR-US: IBM CVE-2019-4402 (IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow ...) NOT-FOR-US: IBM CVE-2019-4401 RESERVED CVE-2019-4400 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...) NOT-FOR-US: IBM CVE-2019-4399 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 use ...) NOT-FOR-US: IBM CVE-2019-4398 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...) NOT-FOR-US: IBM CVE-2019-4397 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 throu ...) NOT-FOR-US: IBM CVE-2019-4396 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is ...) NOT-FOR-US: IBM CVE-2019-4395 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 cou ...) NOT-FOR-US: IBM CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 con ...) NOT-FOR-US: IBM CVE-2019-4393 (HCL AppScan Standard is vulnerable to excessive authorization attempts ...) NOT-FOR-US: HCL AppScan CVE-2019-4392 (HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded cred ...) NOT-FOR-US: HCL AppScan CVE-2019-4391 (HCL AppScan Standard is vulnerable to XML External Entity Injection (X ...) NOT-FOR-US: HCL AppScan CVE-2019-4390 RESERVED CVE-2019-4389 RESERVED CVE-2019-4388 (HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site s ...) NOT-FOR-US: HCL AppScan Source CVE-2019-4387 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 i ...) NOT-FOR-US: IBM CVE-2019-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2019-4385 (IBM Spectrum Protect Plus 10.1.2 may display the vSnap CIFS password i ...) NOT-FOR-US: IBM CVE-2019-4384 (IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse ...) NOT-FOR-US: IBM CVE-2019-4383 (When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to pro ...) NOT-FOR-US: IBM CVE-2019-4382 (IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized us ...) NOT-FOR-US: IBM CVE-2019-4381 (IBM i 7.27.3 Clustering could allow a local attacker to obtain sensiti ...) NOT-FOR-US: IBM CVE-2019-4380 RESERVED CVE-2019-4379 RESERVED CVE-2019-4378 (IBM MQ 7.5.0.0 - 7.5.0.9, 7.1.0.0 - 7.1.0.9, 8.0.0.0 - 8.0.0.12, 9.0.0 ...) NOT-FOR-US: IBM CVE-2019-4377 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive info ...) NOT-FOR-US: IBM CVE-2019-4376 RESERVED CVE-2019-4375 RESERVED CVE-2019-4374 RESERVED CVE-2019-4373 RESERVED CVE-2019-4372 RESERVED CVE-2019-4371 RESERVED CVE-2019-4370 RESERVED CVE-2019-4369 REJECTED CVE-2019-4368 RESERVED CVE-2019-4367 RESERVED CVE-2019-4366 (IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information di ...) NOT-FOR-US: IBM CVE-2019-4365 RESERVED CVE-2019-4364 (IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which ...) NOT-FOR-US: IBM CVE-2019-4363 RESERVED CVE-2019-4362 RESERVED CVE-2019-4361 RESERVED CVE-2019-4360 RESERVED CVE-2019-4359 RESERVED CVE-2019-4358 RESERVED CVE-2019-4357 (When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to pro ...) NOT-FOR-US: IBM CVE-2019-4356 RESERVED CVE-2019-4355 RESERVED CVE-2019-4354 RESERVED CVE-2019-4353 RESERVED CVE-2019-4352 RESERVED CVE-2019-4351 RESERVED CVE-2019-4350 RESERVED CVE-2019-4349 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 application ...) NOT-FOR-US: IBM CVE-2019-4348 RESERVED CVE-2019-4347 RESERVED CVE-2019-4346 RESERVED CVE-2019-4345 RESERVED CVE-2019-4344 RESERVED CVE-2019-4343 (IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-orig ...) NOT-FOR-US: IBM CVE-2019-4342 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2019-4341 RESERVED CVE-2019-4340 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable ...) NOT-FOR-US: IBM CVE-2019-4339 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker t ...) NOT-FOR-US: IBM CVE-2019-4338 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not prop ...) NOT-FOR-US: IBM CVE-2019-4337 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...) NOT-FOR-US: IBM CVE-2019-4336 (IBM Robotic Process Automation with Automation Anywhere 11 uses an ina ...) NOT-FOR-US: IBM CVE-2019-4335 (IBM Watson Studio Local 1.2.3 stores key files in the user's home dire ...) NOT-FOR-US: IBM CVE-2019-4334 (IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information ...) NOT-FOR-US: IBM CVE-2019-4333 RESERVED CVE-2019-4332 RESERVED CVE-2019-4331 RESERVED CVE-2019-4330 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set ...) NOT-FOR-US: IBM CVE-2019-4329 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomple ...) NOT-FOR-US: IBM CVE-2019-4328 RESERVED CVE-2019-4327 ("HCL AppScan Enterprise uses hard-coded credentials which can be explo ...) NOT-FOR-US: HCL AppScan Enterprise CVE-2019-4326 ("HCL AppScan Enterprise security rules update administration section o ...) NOT-FOR-US: HCL CVE-2019-4325 ("HCL AppScan Enterprise makes use of broken or risky cryptographic alg ...) NOT-FOR-US: HCL CVE-2019-4324 ("HCL AppScan Enterprise is susceptible to Cross-Site Scripting while i ...) NOT-FOR-US: HCL CVE-2019-4323 ("HCL AppScan Enterprise advisory API documentation is susceptible to c ...) NOT-FOR-US: HCL CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4321 (IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Ope ...) NOT-FOR-US: IBM CVE-2019-4320 RESERVED CVE-2019-4319 RESERVED CVE-2019-4318 RESERVED CVE-2019-4317 RESERVED CVE-2019-4316 RESERVED CVE-2019-4315 RESERVED CVE-2019-4314 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores sensit ...) NOT-FOR-US: IBM CVE-2019-4313 RESERVED CVE-2019-4312 RESERVED CVE-2019-4311 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 discloses sen ...) NOT-FOR-US: IBM CVE-2019-4310 (IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inade ...) NOT-FOR-US: IBM CVE-2019-4309 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard cod ...) NOT-FOR-US: IBM CVE-2019-4308 (IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 1 ...) NOT-FOR-US: IBM CVE-2019-4307 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 stores user c ...) NOT-FOR-US: IBM CVE-2019-4306 (IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies per ...) NOT-FOR-US: IBM CVE-2019-4305 (IBM WebSphere Application Server Liberty could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2019-4304 (IBM WebSphere Application Server - Liberty could allow a remote attack ...) NOT-FOR-US: IBM CVE-2019-4303 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2019-4302 RESERVED CVE-2019-4301 (BigFix Self-Service Application (SSA) is vulnerable to arbitrary code ...) NOT-FOR-US: BigFix Self-Service Application CVE-2019-4300 RESERVED CVE-2019-4299 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...) NOT-FOR-US: IBM CVE-2019-4298 (IBM Robotic Process Automation with Automation Anywhere 11 uses a high ...) NOT-FOR-US: IBM CVE-2019-4297 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...) NOT-FOR-US: IBM CVE-2019-4296 (IBM Robotic Process Automation with Automation Anywhere 11 information ...) NOT-FOR-US: IBM CVE-2019-4295 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...) NOT-FOR-US: IBM CVE-2019-4294 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7 ...) NOT-FOR-US: IBM CVE-2019-4293 (IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attac ...) NOT-FOR-US: IBM CVE-2019-4292 (IBM Security Guardium 10.5 could allow a remote attacker to upload arb ...) NOT-FOR-US: IBM CVE-2019-4291 RESERVED CVE-2019-4290 RESERVED CVE-2019-4289 RESERVED CVE-2019-4288 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could discl ...) NOT-FOR-US: IBM CVE-2019-4287 RESERVED CVE-2019-4286 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could discl ...) NOT-FOR-US: IBM CVE-2019-4285 (IBM WebSphere Application Server - Liberty Admin Center could allow a ...) NOT-FOR-US: IBM CVE-2019-4284 (IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local ...) NOT-FOR-US: IBM CVE-2019-4283 RESERVED CVE-2019-4282 RESERVED CVE-2019-4281 RESERVED CVE-2019-4280 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive i ...) NOT-FOR-US: IBM CVE-2019-4279 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...) NOT-FOR-US: IBM CVE-2019-4278 RESERVED CVE-2019-4277 RESERVED CVE-2019-4276 RESERVED CVE-2019-4275 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allo ...) NOT-FOR-US: IBM CVE-2019-4274 RESERVED CVE-2019-4273 RESERVED CVE-2019-4272 RESERVED CVE-2019-4271 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console ...) NOT-FOR-US: IBM CVE-2019-4270 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console ...) NOT-FOR-US: IBM CVE-2019-4269 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console ...) NOT-FOR-US: IBM CVE-2019-4268 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2019-4267 (The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerab ...) NOT-FOR-US: IBM CVE-2019-4266 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not ha ...) NOT-FOR-US: IBM CVE-2019-4265 (IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have devic ...) NOT-FOR-US: IBM CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file inclusion, all ...) NOT-FOR-US: IBM CVE-2019-4262 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forge ...) NOT-FOR-US: IBM CVE-2019-4261 (IBM WebSphere MQ V7.1, 7.5, IBM MQ V8, IBM MQ V9.0LTS, IBM MQ V9.1 LTS ...) NOT-FOR-US: IBM CVE-2019-4260 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0 ...) NOT-FOR-US: IBM CVE-2019-4259 (A security vulnerability has been identified in IBM Spectrum Scale 4.1 ...) NOT-FOR-US: IBM CVE-2019-4258 (IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 Standard Edition is vu ...) NOT-FOR-US: IBM CVE-2019-4257 (IBM InfoSphere Information Server 11.5 and 11.7 is affected by an info ...) NOT-FOR-US: IBM CVE-2019-4256 (IBM API Connect 5.0.0.0 through 5.0.8.6 uses weaker than expected cryp ...) NOT-FOR-US: IBM CVE-2019-4255 RESERVED CVE-2019-4254 RESERVED CVE-2019-4253 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...) NOT-FOR-US: IBM CVE-2019-4252 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 co ...) NOT-FOR-US: IBM CVE-2019-4251 RESERVED CVE-2019-4250 (IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Man ...) NOT-FOR-US: IBM CVE-2019-4249 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...) NOT-FOR-US: IBM CVE-2019-4248 RESERVED CVE-2019-4247 RESERVED CVE-2019-4246 (IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal para ...) NOT-FOR-US: IBM CVE-2019-4245 RESERVED CVE-2019-4244 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote atta ...) NOT-FOR-US: IBM CVE-2019-4243 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 allows unauthorized discl ...) NOT-FOR-US: IBM CVE-2019-4242 RESERVED CVE-2019-4241 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an auth ...) NOT-FOR-US: IBM CVE-2019-4240 RESERVED CVE-2019-4239 (IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stor ...) NOT-FOR-US: IBM CVE-2019-4238 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2019-4237 (A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Se ...) NOT-FOR-US: IBM CVE-2019-4236 (A IBM Spectrum Protect 7.l client backup or archive operation running ...) NOT-FOR-US: IBM CVE-2019-4235 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require th ...) NOT-FOR-US: IBM CVE-2019-4234 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the imp ...) NOT-FOR-US: IBM CVE-2019-4233 RESERVED CVE-2019-4232 RESERVED CVE-2019-4231 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request ...) NOT-FOR-US: IBM CVE-2019-4230 RESERVED CVE-2019-4229 RESERVED CVE-2019-4228 RESERVED CVE-2019-4227 (IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9 ...) NOT-FOR-US: IBM CVE-2019-4226 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2019-4225 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially ...) NOT-FOR-US: IBM CVE-2019-4224 (IBM PureApplication System 2.2.3.0 through 2.2.5.3 is vulnerable to SQ ...) NOT-FOR-US: IBM CVE-2019-4223 RESERVED CVE-2019-4222 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could ...) NOT-FOR-US: IBM CVE-2019-4221 RESERVED CVE-2019-4220 (IBM InfoSphere Information Server 11.7.1.0 stores a common hard coded ...) NOT-FOR-US: IBM CVE-2019-4219 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 generate ...) NOT-FOR-US: IBM CVE-2019-4218 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 allows w ...) NOT-FOR-US: IBM CVE-2019-4217 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could al ...) NOT-FOR-US: IBM CVE-2019-4216 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 is vulnerable to possible ...) NOT-FOR-US: IBM CVE-2019-4215 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote atta ...) NOT-FOR-US: IBM CVE-2019-4214 (IBM SmartCloud Analytics 1.3.1 through 1.3.5 does not set the secure a ...) NOT-FOR-US: IBM CVE-2019-4213 RESERVED CVE-2019-4212 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forger ...) NOT-FOR-US: IBM CVE-2019-4211 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2019-4210 (IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication expo ...) NOT-FOR-US: IBM CVE-2019-4209 (HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnera ...) NOT-FOR-US: HCL CVE-2019-4208 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an X ...) NOT-FOR-US: IBM CVE-2019-4207 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitiv ...) NOT-FOR-US: IBM CVE-2019-4206 RESERVED CVE-2019-4205 RESERVED CVE-2019-4204 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19. ...) NOT-FOR-US: IBM CVE-2019-4203 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited ...) NOT-FOR-US: IBM CVE-2019-4202 (IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to ...) NOT-FOR-US: IBM CVE-2019-4201 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allo ...) NOT-FOR-US: IBM CVE-2019-4200 RESERVED CVE-2019-4199 RESERVED CVE-2019-4198 RESERVED CVE-2019-4197 RESERVED CVE-2019-4196 RESERVED CVE-2019-4195 RESERVED CVE-2019-4194 (IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing ...) NOT-FOR-US: IBM CVE-2019-4193 (IBM Jazz for Service Management 1.1.3 and 1.1.3.2 stores sensitive inf ...) NOT-FOR-US: IBM CVE-2019-4192 RESERVED CVE-2019-4191 RESERVED CVE-2019-4190 RESERVED CVE-2019-4189 RESERVED CVE-2019-4188 RESERVED CVE-2019-4187 RESERVED CVE-2019-4186 (IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header inj ...) NOT-FOR-US: IBM CVE-2019-4185 (IBM InfoSphere Information Server 11.7.1 containers are vulnerable to ...) NOT-FOR-US: IBM CVE-2019-4184 (IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross- ...) NOT-FOR-US: IBM CVE-2019-4183 (IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of servi ...) NOT-FOR-US: IBM CVE-2019-4182 RESERVED CVE-2019-4181 RESERVED CVE-2019-4180 RESERVED CVE-2019-4179 RESERVED CVE-2019-4178 (IBM Cognos Analytics 11 could allow a remote attacker to traverse dire ...) NOT-FOR-US: IBM CVE-2019-4177 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allow ...) NOT-FOR-US: IBM CVE-2019-4176 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...) NOT-FOR-US: IBM CVE-2019-4175 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 uses weaker t ...) NOT-FOR-US: IBM CVE-2019-4174 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allow ...) NOT-FOR-US: IBM CVE-2019-4173 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could ...) NOT-FOR-US: IBM CVE-2019-4172 RESERVED CVE-2019-4171 (IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set ...) NOT-FOR-US: IBM CVE-2019-4170 RESERVED CVE-2019-4169 (IBM Open Power Firmware OP910 and OP920 could allow access to BMC via ...) NOT-FOR-US: IBM CVE-2019-4168 RESERVED CVE-2019-4167 (IBM StoredIQ 7.6.0 is vulnerable to cross-site request forgery which c ...) NOT-FOR-US: IBM CVE-2019-4166 (IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing att ...) NOT-FOR-US: IBM CVE-2019-4165 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2019-4164 RESERVED CVE-2019-4163 (IBM StoreIQ 7.6.0.0. through 7.6.0.18 could allow an authenticated use ...) NOT-FOR-US: IBM CVE-2019-4162 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 is missi ...) NOT-FOR-US: IBM CVE-2019-4161 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 disclose ...) NOT-FOR-US: IBM CVE-2019-4160 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than e ...) NOT-FOR-US: IBM CVE-2019-4159 REJECTED CVE-2019-4158 (IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a ...) NOT-FOR-US: IBM CVE-2019-4157 (IBM Security Access Manager 9.0.1 through 9.0.6 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2019-4156 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expec ...) NOT-FOR-US: IBM CVE-2019-4155 (IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted b ...) NOT-FOR-US: IBM CVE-2019-4154 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4153 (IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote a ...) NOT-FOR-US: IBM CVE-2019-4152 (IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate se ...) NOT-FOR-US: IBM CVE-2019-4151 (IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expec ...) NOT-FOR-US: IBM CVE-2019-4150 (IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or ...) NOT-FOR-US: IBM CVE-2019-4149 (IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM B ...) NOT-FOR-US: IBM CVE-2019-4148 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...) NOT-FOR-US: IBM CVE-2019-4147 (IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL ...) NOT-FOR-US: IBM CVE-2019-4146 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could ...) NOT-FOR-US: IBM CVE-2019-4145 (IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly se ...) NOT-FOR-US: IBM CVE-2019-4144 RESERVED CVE-2019-4143 (The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 ...) NOT-FOR-US: IBM CVE-2019-4142 (IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2019-4141 (IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0 ...) NOT-FOR-US: IBM CVE-2019-4140 (IBM Tivoli Storage Manager Server (IBM Spectrum Protect 7.1 and 8.1) c ...) NOT-FOR-US: IBM CVE-2019-4139 (IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-s ...) NOT-FOR-US: IBM CVE-2019-4138 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 could al ...) NOT-FOR-US: IBM CVE-2019-4137 (IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulne ...) NOT-FOR-US: IBM CVE-2019-4136 (IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 is vu ...) NOT-FOR-US: IBM CVE-2019-4135 (IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a secur ...) NOT-FOR-US: IBM CVE-2019-4134 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2019-4133 (IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the ...) NOT-FOR-US: IBM CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertl ...) NOT-FOR-US: IBM CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...) NOT-FOR-US: IBM CVE-2019-4130 (IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2019-4129 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...) NOT-FOR-US: IBM CVE-2019-4128 RESERVED CVE-2019-4127 RESERVED CVE-2019-4126 RESERVED CVE-2019-4125 RESERVED CVE-2019-4124 RESERVED CVE-2019-4123 RESERVED CVE-2019-4122 RESERVED CVE-2019-4121 RESERVED CVE-2019-4120 (IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2019-4119 (IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 ...) NOT-FOR-US: IBM CVE-2019-4118 (IBM Multicloud Manager 3.1.0, 3.1.1, and 3.1.2 ibm-mcm-chart could all ...) NOT-FOR-US: IBM CVE-2019-4117 (IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request ...) NOT-FOR-US: IBM CVE-2019-4116 (IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensit ...) NOT-FOR-US: IBM CVE-2019-4115 (IBM WebSphere eXtreme Scale 8.6 Admin API is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2019-4114 RESERVED CVE-2019-4113 RESERVED CVE-2019-4112 (IBM WebSphere eXtreme Scale 8.6 Admin Console allows web pages to be s ...) NOT-FOR-US: IBM CVE-2019-4111 RESERVED CVE-2019-4110 RESERVED CVE-2019-4109 (IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote att ...) NOT-FOR-US: IBM CVE-2019-4108 RESERVED CVE-2019-4107 RESERVED CVE-2019-4106 (IBM WebSphere eXtreme Scale 8.6 Admin Console is vulnerable to cross-s ...) NOT-FOR-US: IBM CVE-2019-4105 RESERVED CVE-2019-4104 RESERVED CVE-2019-4103 (IBM Tivoli Netcool/Impact 7.1.0 allows for remote execution of command ...) NOT-FOR-US: IBM CVE-2019-4102 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4101 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1 ...) NOT-FOR-US: IBM CVE-2019-4100 RESERVED CVE-2019-4099 RESERVED CVE-2019-4098 (IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2019-4097 RESERVED CVE-2019-4096 RESERVED CVE-2019-4095 (IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery w ...) NOT-FOR-US: IBM CVE-2019-4094 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4093 (IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could allow a ...) NOT-FOR-US: IBM CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2019-4091 ("HCL Marketing Platform is vulnerable to cross-site scripting during a ...) NOT-FOR-US: HCL Marketing Platform CVE-2019-4090 ("HCL Campaign is vulnerable to cross-site scripting when a user provid ...) NOT-FOR-US: HCL Campaign CVE-2019-4089 RESERVED CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allo ...) NOT-FOR-US: IBM CVE-2019-4087 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulner ...) NOT-FOR-US: IBM CVE-2019-4086 (IBM Cloud Application Performance Management 8.1.4 could allow a remot ...) NOT-FOR-US: IBM CVE-2019-4085 RESERVED CVE-2019-4084 (IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Man ...) NOT-FOR-US: IBM CVE-2019-4083 (IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Man ...) NOT-FOR-US: IBM CVE-2019-4082 RESERVED CVE-2019-4081 RESERVED CVE-2019-4080 (IBM WebSphere Application Server Admin Console 7.5, 8.0, 8.5, and 9.0 ...) NOT-FOR-US: IBM CVE-2019-4079 RESERVED CVE-2019-4078 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 cou ...) NOT-FOR-US: IBM CVE-2019-4077 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...) NOT-FOR-US: IBM CVE-2019-4076 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...) NOT-FOR-US: IBM CVE-2019-4075 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...) NOT-FOR-US: IBM CVE-2019-4074 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...) NOT-FOR-US: IBM CVE-2019-4073 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vu ...) NOT-FOR-US: IBM CVE-2019-4072 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard ...) NOT-FOR-US: IBM CVE-2019-4071 (IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard ...) NOT-FOR-US: IBM CVE-2019-4070 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...) NOT-FOR-US: IBM CVE-2019-4069 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not p ...) NOT-FOR-US: IBM CVE-2019-4068 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 is vulnera ...) NOT-FOR-US: IBM CVE-2019-4067 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 does not r ...) NOT-FOR-US: IBM CVE-2019-4066 (IBM Intelligent Operations Center (IOC) 5.1.0 through 5.2.0 could allo ...) NOT-FOR-US: IBM CVE-2019-4065 RESERVED CVE-2019-4064 RESERVED CVE-2019-4063 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 Standard Edition c ...) NOT-FOR-US: IBM CVE-2019-4062 (IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable ...) NOT-FOR-US: IBM CVE-2019-4061 (IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the r ...) NOT-FOR-US: IBM CVE-2019-4060 RESERVED CVE-2019-4059 (IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently pro ...) NOT-FOR-US: IBM CVE-2019-4058 (IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to ma ...) NOT-FOR-US: IBM CVE-2019-4057 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4056 (IBM Maximo Asset Management 7.6 Work Centers' application does not val ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2019-4055 (IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 ...) NOT-FOR-US: IBM CVE-2019-4054 (IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensiti ...) NOT-FOR-US: IBM CVE-2019-4053 RESERVED CVE-2019-4052 (IBM API Connect 2018.1 and 2018.4.1.2 apis can be leveraged by unauthe ...) NOT-FOR-US: IBM CVE-2019-4051 (Some URIs in IBM API Connect 2018.1 and 2018.4.1.3 disclose system spe ...) NOT-FOR-US: IBM CVE-2019-4050 RESERVED CVE-2019-4049 (IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial ...) NOT-FOR-US: IBM CVE-2019-4048 (IBM Maximo Asset Management 7.6 could allow a physical user of the sys ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2019-4047 (IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated us ...) NOT-FOR-US: IBM CVE-2019-4046 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2019-4045 (IBM Business Automation Workflow and IBM Business Process Manager 18.0 ...) NOT-FOR-US: IBM CVE-2019-4044 RESERVED CVE-2019-4043 (IBM Sterling B2B Integrator Standard Edition 5.2.0 snf 6.0.0.0 is vuln ...) NOT-FOR-US: IBM CVE-2019-4042 RESERVED CVE-2019-4041 RESERVED CVE-2019-4040 (IBM I 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerab ...) NOT-FOR-US: IBM CVE-2019-4039 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.9 and 9.0.0.0 through 9.1.1 cou ...) NOT-FOR-US: IBM CVE-2019-4038 (IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to c ...) NOT-FOR-US: IBM CVE-2019-4037 RESERVED CVE-2019-4036 (IBM Security Access Manager Appliance could allow unauthenticated atta ...) NOT-FOR-US: IBM CVE-2019-4035 (IBM Content Navigator 3.0CD could allow attackers to direct web traffi ...) NOT-FOR-US: IBM CVE-2019-4034 (IBM Content Navigator 3.0CD is could allow an attacker to execute arbi ...) NOT-FOR-US: IBM CVE-2019-4033 (IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site scri ...) NOT-FOR-US: IBM CVE-2019-4032 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...) NOT-FOR-US: IBM CVE-2019-4031 (IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a v ...) NOT-FOR-US: IBM CVE-2019-4030 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...) NOT-FOR-US: IBM CVE-2019-4029 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to c ...) NOT-FOR-US: IBM CVE-2019-4028 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to c ...) NOT-FOR-US: IBM CVE-2019-4027 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to c ...) NOT-FOR-US: IBM CVE-2019-4026 RESERVED CVE-2019-4025 RESERVED CVE-2019-4024 RESERVED CVE-2019-4023 RESERVED CVE-2019-4022 RESERVED CVE-2019-4021 RESERVED CVE-2019-4020 RESERVED CVE-2019-4019 RESERVED CVE-2019-4018 RESERVED CVE-2019-4017 RESERVED CVE-2019-4016 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4015 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4014 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4013 (IBM BigFix Platform 9.5 could allow any authenticated user to upload a ...) NOT-FOR-US: IBM CVE-2019-4012 (IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is ...) NOT-FOR-US: IBM CVE-2019-4011 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2019-4010 RESERVED CVE-2019-4009 RESERVED CVE-2019-4008 (API Connect V2018.1 through 2018.4.1.1 is impacted by access token lea ...) NOT-FOR-US: IBM CVE-2019-4007 RESERVED CVE-2019-4006 RESERVED CVE-2019-4005 RESERVED CVE-2019-4004 RESERVED CVE-2019-4003 RESERVED CVE-2019-4002 RESERVED CVE-2019-4001 (Improper input validation in Druva inSync Client 6.5.0 allows a local, ...) NOT-FOR-US: Druva inSync Client CVE-2019-4000 (Improper neutralization of directives in dynamically evaluated code in ...) NOT-FOR-US: Druva inSync Mac OS Client CVE-2019-3999 (Improper neutralization of special elements used in an OS command in D ...) NOT-FOR-US: Druva inSync Windows Client CVE-2019-3998 (Authentication bypass using an alternate path or channel in SimpliSafe ...) NOT-FOR-US: SimpliSafe SS3 firmware CVE-2019-3997 (Authentication bypass using an alternate path or channel in SimpliSafe ...) NOT-FOR-US: SimpliSafe SS3 firmware CVE-2019-3996 (ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy ...) NOT-FOR-US: Electronic Logbook (ELOG) CVE-2019-3995 (ELOG 3.1.4-57bea22 and below is affected by a denial of service vulner ...) NOT-FOR-US: Electronic Logbook (ELOG) CVE-2019-3994 (ELOG 3.1.4-57bea22 and below is affected by a denial of service vulner ...) NOT-FOR-US: Electronic Logbook (ELOG) CVE-2019-3993 (ELOG 3.1.4-57bea22 and below is affected by an information disclosure ...) NOT-FOR-US: Electronic Logbook (ELOG) CVE-2019-3992 (ELOG 3.1.4-57bea22 and below is affected by an information disclosure ...) NOT-FOR-US: Electronic Logbook (ELOG) CVE-2019-3991 RESERVED CVE-2019-3990 (A User Enumeration flaw exists in Harbor. The issue is present in the ...) NOT-FOR-US: Harbor CVE-2019-3989 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) NOT-FOR-US: Blink XT2 CVE-2019-3988 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) NOT-FOR-US: Blink XT2 CVE-2019-3987 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) NOT-FOR-US: Blink XT2 CVE-2019-3986 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) NOT-FOR-US: Blink XT2 CVE-2019-3985 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) NOT-FOR-US: Blink XT2 CVE-2019-3984 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) NOT-FOR-US: Blink XT2 Sync Module firmware CVE-2019-3983 (Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attacker ...) NOT-FOR-US: Blink XT2 CVE-2019-3982 (Nessus versions 8.6.0 and earlier were found to contain a Denial of Se ...) NOT-FOR-US: Nessus CVE-2019-3981 (MikroTik Winbox 3.20 and below is vulnerable to man in the middle atta ...) NOT-FOR-US: MikroTik Winbox CVE-2019-3980 (The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports s ...) NOT-FOR-US: Solarwinds CVE-2019-3979 (RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulne ...) NOT-FOR-US: RouterOS CVE-2019-3978 (RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow rem ...) NOT-FOR-US: RouterOS CVE-2019-3977 (RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insuffici ...) NOT-FOR-US: RouterOS CVE-2019-3976 (RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulne ...) NOT-FOR-US: RouterOS CVE-2019-3975 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-3974 (Nessus 8.5.2 and earlier on Windows platforms were found to contain an ...) NOT-FOR-US: Nessus CVE-2019-3973 (Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Deni ...) NOT-FOR-US: Comodo Antivirus CVE-2019-3972 (Comodo Antivirus versions 12.0.0.6810 and below are vulnerable to Deni ...) NOT-FOR-US: Comodo Antivirus CVE-2019-3971 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to a local ...) NOT-FOR-US: Comodo Antivirus CVE-2019-3970 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Arbitrar ...) NOT-FOR-US: Comodo Antivirus CVE-2019-3969 (Comodo Antivirus versions up to 12.0.0.6810 are vulnerable to Local Pr ...) NOT-FOR-US: Comodo Antivirus CVE-2019-3968 (In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute ar ...) NOT-FOR-US: OpenEMR CVE-2019-3967 (In OpenEMR 5.0.1 and earlier, the patient file download interface cont ...) NOT-FOR-US: OpenEMR CVE-2019-3966 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...) NOT-FOR-US: OpenEMR CVE-2019-3965 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...) NOT-FOR-US: OpenEMR CVE-2019-3964 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...) NOT-FOR-US: OpenEMR CVE-2019-3963 (In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS ...) NOT-FOR-US: OpenEMR CVE-2019-3962 (Content Injection vulnerability in Tenable Nessus prior to 8.5.0 may a ...) NOT-FOR-US: Nessus CVE-2019-3961 (Nessus versions 8.4.0 and earlier were found to contain a reflected XS ...) NOT-FOR-US: Nessus CVE-2019-3960 (Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 al ...) NOT-FOR-US: WallacePOS CVE-2019-3959 (Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacke ...) NOT-FOR-US: WallacePOS CVE-2019-3958 (Insufficient output sanitization in WallacePOS 1.4.3 allows a remote, ...) NOT-FOR-US: WallacePOS CVE-2019-3957 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...) NOT-FOR-US: Dameware Remote Mini Control CVE-2019-3956 (Dameware Remote Mini Control version 12.1.0.34 and prior contains an u ...) NOT-FOR-US: Dameware Remote Mini Control CVE-2019-3955 (Dameware Remote Mini Control version 12.1.0.34 and prior contains a un ...) NOT-FOR-US: Dameware Remote Mini Control CVE-2019-3954 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-3953 (Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2019-3952 RESERVED CVE-2019-3951 (Advantech WebAccess before 8.4.3 allows unauthenticated remote attacke ...) NOT-FOR-US: Advantech WebAccess CVE-2019-3950 (Arlo Basestation firmware 1.12.0.1_27940 and prior contain a hardcoded ...) NOT-FOR-US: Arlo Basestation firmware CVE-2019-3949 (Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a ...) NOT-FOR-US: Arlo Basestation firmware CVE-2019-3948 (The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000 ...) NOT-FOR-US: Amcrest IP2M-841B IP camera firmware CVE-2019-3947 (Fuji Electric V-Server before 6.0.33.0 stores database credentials in ...) NOT-FOR-US: Fuji Electric V-Server CVE-2019-3946 (Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of serv ...) NOT-FOR-US: Fuji Electric V-Server CVE-2019-3945 (Web server running on Parrot ANAFI can be crashed due to the SDK comma ...) NOT-FOR-US: Parrot ANAFI CVE-2019-3944 (Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing ...) NOT-FOR-US: Parrot ANAFI CVE-2019-3943 (MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 ...) NOT-FOR-US: MikroTik CVE-2019-3942 (Advantech WebAccess 8.3.4 does not properly restrict an RPC call that ...) NOT-FOR-US: Advantech WebAccess CVE-2019-3941 (Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to ...) NOT-FOR-US: Advantech WebAccess CVE-2019-3940 (Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via una ...) NOT-FOR-US: Advantech WebAccess CVE-2019-3939 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3938 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3937 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3936 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3935 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3934 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3933 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3932 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3931 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3930 (The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3929 (The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3928 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3927 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3926 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3925 (Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 ...) NOT-FOR-US: Crestron AM-100 CVE-2019-3924 (MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is v ...) NOT-FOR-US: MikroTik CVE-2019-3923 (Nessus versions 8.2.1 and earlier were found to contain a stored XSS v ...) NOT-FOR-US: Nessus CVE-2019-3922 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...) NOT-FOR-US: Alcatel Lucent CVE-2019-3921 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...) NOT-FOR-US: Alcatel Lucent CVE-2019-3920 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...) NOT-FOR-US: Alcatel Lucent CVE-2019-3919 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...) NOT-FOR-US: Alcatel Lucent CVE-2019-3918 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...) NOT-FOR-US: Alcatel Lucent CVE-2019-3917 (The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BO ...) NOT-FOR-US: Alcatel Lucent CVE-2019-3916 (Information disclosure vulnerability in Verizon Fios Quantum Gateway ( ...) NOT-FOR-US: Verizon CVE-2019-3915 (Authentication Bypass by Capture-replay vulnerability in Verizon Fios ...) NOT-FOR-US: Verizon CVE-2019-3914 (Remote command injection vulnerability in Verizon Fios Quantum Gateway ...) NOT-FOR-US: Verizon CVE-2019-3913 (Command manipulation in LabKey Server Community Edition before 18.3.0- ...) NOT-FOR-US: LabKey Server CVE-2019-3912 (An open redirect vulnerability in LabKey Server Community Edition befo ...) NOT-FOR-US: LabKey Server CVE-2019-3911 (Reflected cross-site scripting (XSS) vulnerability in LabKey Server Co ...) NOT-FOR-US: LabKey Server CVE-2019-3910 (Crestron AM-100 before firmware version 1.6.0.2 contains an authentica ...) NOT-FOR-US: Creston CVE-2019-3909 (Premisys Identicard version 3.1.190 database uses default credentials. ...) NOT-FOR-US: Premisys Identicard CVE-2019-3908 (Premisys Identicard version 3.1.190 stores backup files as encrypted z ...) NOT-FOR-US: Premisys Identicard CVE-2019-3907 (Premisys Identicard version 3.1.190 stores user credentials and other ...) NOT-FOR-US: Premisys Identicard CVE-2019-3906 (Premisys Identicard version 3.1.190 contains hardcoded credentials in ...) NOT-FOR-US: Premisys Identicard CVE-2019-3905 (Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. ...) NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2019-3904 RESERVED CVE-2019-3903 REJECTED CVE-2019-3902 (A flaw was found in Mercurial before 4.9. It was possible to use symli ...) {DLA-2293-1 DLA-1764-1} - mercurial 4.9-1 (bug #927674) [buster] - mercurial 4.8.2-1+deb10u1 NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.9_.282019-02-01.29 NOTE: https://www.mercurial-scm.org/repo/hg/rev/6c10eba6b9cd NOTE: https://www.mercurial-scm.org/repo/hg/rev/31286c9282df NOTE: https://www.mercurial-scm.org/repo/hg/rev/83377b4b4ae0 CVE-2019-3901 (A race condition in perf_event_open() allows local attackers to leak s ...) {DLA-1799-1} - linux 4.6.1-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=807 NOTE: Fixed by: https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438 CVE-2019-3900 (An infinite loop issue was found in the vhost_net kernel module in Lin ...) {DSA-4497-1 DLA-1885-1 DLA-1884-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 CVE-2019-3899 (It was found that default configuration of Heketi does not require any ...) - heketi (bug #903384) CVE-2019-3898 REJECTED CVE-2019-3897 (It has been discovered in redhat-certification that any unauthorized u ...) NOT-FOR-US: redhat-certification CVE-2019-3896 (A double-free can happen in idr_remove_all() in lib/idr.c in the Linux ...) - linux 3.2.41-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694812 CVE-2019-3895 (An access-control flaw was found in the Octavia service when the cloud ...) - octavia (Fixed before initial upload to the archive) NOTE: https://bugs.launchpad.net/octavia/+bug/1620629 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694608 CVE-2019-3894 (It was discovered that the ElytronManagedThread in Wildfly's Elytron s ...) - wildfly (bug #752018) CVE-2019-3893 (In Foreman it was discovered that the delete compute resource operatio ...) - foreman (bug #663101) CVE-2019-3892 REJECTED CVE-2019-3891 (It was discovered that a world-readable log file belonging to Candlepi ...) NOT-FOR-US: Candlepin CVE-2019-3890 (It was discovered evolution-ews before 3.31.3 does not check the valid ...) [experimental] - evolution-ews 3.31.90-1 - evolution-ews 3.30.5-1.1 (bug #926712) [stretch] - evolution-ews (Minor issue) [jessie] - evolution-ews (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution-ews/issues/27 NOTE: https://gitlab.gnome.org/GNOME/evolution-ews/issues/36 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678313 NOTE: https://gitlab.gnome.org/GNOME/evolution-ews/commit/915226eca9454b8b3e5adb6f2fff9698451778de NOTE: Depends on evolution-data-server patch: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/6672b8236139bd6ef41ecb915f4c72e2a052dba5 CVE-2019-3889 (A reflected XSS vulnerability exists in authorization flow of OpenShif ...) NOT-FOR-US: OpenShift CVE-2019-3888 (A vulnerability was found in Undertow web server before 2.0.21. An inf ...) - undertow 2.0.23-1 (bug #930349) NOTE: https://github.com/undertow-io/undertow/pull/736 CVE-2019-3887 (A flaw was found in the way KVM hypervisor handled x2APIC Machine Spec ...) - linux 4.19.37-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: Fixed by: https://git.kernel.org/linus/acff78477b9b4f26ecdf65733a4ed77fe837e9dc NOTE: Fixed by: https://git.kernel.org/linus/c73f4c998e1fd4249b9edfa39e23f4fda2b9b041 CVE-2019-3886 (An incorrect permissions check was discovered in libvirt 4.8.0 and abo ...) - libvirt 5.0.0-2 (low; bug #926418) [stretch] - libvirt (Vulnerable code not present) [jessie] - libvirt (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1694880 NOTE: https://www.redhat.com/archives/libvir-list/2019-April/msg00339.html NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1131595#c3 NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=25736a4c7ed50c101b4f87935f350f1a39a89f6e (v4.8.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=2a07c990bd9143d7a0fe8d1b6b7c763c52185240 NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=ae076bb40e0e150aef41361b64001138d04d6c60 CVE-2019-3885 (A use-after-free flaw was found in pacemaker up to and including versi ...) - pacemaker 2.0.1-3 (bug #927714) [stretch] - pacemaker (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1 NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master) NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1) NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html CVE-2019-3884 (A vulnerability exists in the garbage collection mechanism of atomic-o ...) NOT-FOR-US: atomic-openshift CVE-2019-3883 (In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...) {DLA-1779-1} - 389-ds-base 1.4.1.5-1 (bug #927939) [buster] - 389-ds-base (Minor issue) [stretch] - 389-ds-base (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693612 NOTE: https://pagure.io/389-ds-base/issue/50329 NOTE: https://pagure.io/389-ds-base/c/4d9cc24da (master) NOTE: https://pagure.io/389-ds-base/c/fcf2b5ddb (389-ds-base-1.4.0) NOTE: https://pagure.io/389-ds-base/c/dd4b69b55 (389-ds-base-1.3.9) NOTE: Patch was applied upstream but then reverted again, as it introduces NOTE: regressions: NOTE: https://pagure.io/389-ds-base/c/f35ad37100ab5915445d6d37f8921dd46f83656e NOTE: Fixed properly via: NOTE: https://pagure.io/389-ds-base/pull-request/50398 NOTE: https://pagure.io/389-ds-base/c/f20e982c68a700b5ba2c41e5b6f3cdeb5fcb5fab (389-ds-base-1.4.1.4) NOTE: https://pagure.io/389-ds-base/c/7b0e7f6f51f6a117f6a40aa3967cad656eafb811 (389-ds-base-1.4.0.24) NOTE: https://pagure.io/389-ds-base/c/33ac4f5a78d1a42385d1c011d88cef26771e99f5 (389-ds-base-1.3.9 branch) CVE-2019-3882 (A flaw was found in the Linux kernel's vfio interface implementation t ...) {DSA-4497-1 DLA-1885-1 DLA-1799-1} - linux 4.19.37-1 NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/1 NOTE: https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1689426 NOTE: Fixed by: https://git.kernel.org/linus/492855939bdb59c6f947b0b5b44af9ad82b7e38c CVE-2019-3881 (Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with ...) - bundler 1.16.1-2 (bug #881749; bug #796383) [stretch] - bundler (Minor issue) [jessie] - bundler (This version just uses mktmpdir which creates temporary directories with 0700 permissions by default.) NOTE: Upstream issue: https://github.com/bundler/bundler/issues/6501 NOTE: https://salsa.debian.org/ruby-team/bundler/blob/debian/1.16.1-2/debian/patches/0006-Don-t-use-insecure-temporary-directory-as-home-direc.patch NOTE: https://salsa.debian.org/ruby-team/bundler/blob/debian/1.16.1-2/debian/patches/0007-Remove-temporary-home-directories.patch CVE-2019-3880 (A flaw was found in the way samba implemented an RPC endpoint emulatin ...) {DSA-4427-1 DLA-1754-1} - samba 2:4.9.5+dfsg-3 NOTE: https://www.samba.org/samba/security/CVE-2019-3880.html CVE-2019-3879 (It was discovered that in the ovirt's REST API before version 4.3.2.1, ...) NOT-FOR-US: ovirt-engine CVE-2019-3878 (A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache ...) {DSA-4414-1} - libapache2-mod-auth-mellon 0.14.2-1 (bug #925197) [jessie] - libapache2-mod-auth-mellon (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1576719 NOTE: https://github.com/Uninett/mod_auth_mellon/pull/196 NOTE: https://github.com/Uninett/mod_auth_mellon/commit/e09a28a30e13e5c22b481010f26b4a7743a09280 CVE-2019-3877 (A vulnerability was found in mod_auth_mellon before v0.14.2. An open r ...) {DSA-4414-1} - libapache2-mod-auth-mellon 0.14.2-1 [jessie] - libapache2-mod-auth-mellon (Open redirect protection not present in the first place) NOTE: https://github.com/Uninett/mod_auth_mellon/commit/62041428a32de402e0be6ba45fe12df6a83bedb8 CVE-2019-3876 (A flaw was found in the /oauth/token/request custom endpoint of the Op ...) NOT-FOR-US: Openshift OAuth server CVE-2019-3875 (A vulnerability was found in keycloak before 6.0.2. The X.509 authenti ...) NOT-FOR-US: Keycloak CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not accounte ...) {DLA-2385-1} - linux 5.2.6-1 [buster] - linux 4.19.146-1 [stretch] - linux (Minor issue) [jessie] - linux (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686373 CVE-2019-3873 (It was found that Picketlink as shipped with Jboss Enterprise Applicat ...) NOT-FOR-US: Picketlink CVE-2019-3872 (It was found that a SAMLRequest containing a script could be processed ...) NOT-FOR-US: Picketlink CVE-2019-3871 (A vulnerability was found in PowerDNS Authoritative Server before 4.0. ...) {DSA-4424-1 DLA-1737-1} - pdns 4.1.6-2 (bug #924966) NOTE: https://github.com/PowerDNS/pdns/issues/7573 NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html NOTE: Patches: https://downloads.powerdns.com/patches/2019-03/ CVE-2019-3870 (A vulnerability was found in Samba from version (including) 4.9 to ver ...) - samba 2:4.9.5+dfsg-3 [stretch] - samba (Vulnerable code not present) [jessie] - samba (Vulnerable code not present) NOTE: https://www.samba.org/samba/security/CVE-2019-3870.html CVE-2019-3869 (When running Tower before 3.4.3 on OpenShift or Kubernetes, applicatio ...) NOT-FOR-US: Ansible Tower CVE-2019-3868 (Keycloak up to version 6.0.0 allows the end user token (access or id t ...) NOT-FOR-US: Keycloak CVE-2019-3867 (A vulnerability was found in the Quay web application. Sessions in the ...) NOT-FOR-US: OpenShift (web-cosnole issue specific to OpenShift only) CVE-2019-3866 (An information-exposure vulnerability was discovered where openstack-m ...) - python-oslo.utils 3.41.3-1 (low; bug #946060) [buster] - python-oslo.utils 3.36.5-0+deb10u1 [stretch] - python-oslo.utils (Minor issue; can be fixed via point release) [jessie] - python-oslo.utils (regex pattern rewrite) - python-mistral-lib 1.2.0-3 [buster] - python-mistral-lib (Minor issue) - mistral 5.1.0-2 [stretch] - mistral (Minor issue; can be fixed via point release) NOTE: In mistral/5.0.0 the problematic code was moved to the python library. NOTE: To be apply the fixes in mistral/python-mistral-lib as pre-requiste the NOTE: python-oslo.utils package needs an update. NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1768731 NOTE: https://bugs.launchpad.net/tripleo/+bug/1850843 NOTE: https://opendev.org/openstack/oslo.utils/commit/b41268417cecb12d1d5955ee3107067edf050221 NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449473654/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch NOTE: Patch for Pike and newer: https://launchpadlibrarian.net/449472809/0001-Ensure-we-mask-sensitive-data-from-Mistral-Action-lo.patch CVE-2019-3865 (A vulnerability was found in quay-2, where a stored XSS vulnerability ...) NOT-FOR-US: Quay CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before quay-3.0. ...) NOT-FOR-US: Quay CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1. A server could send a multip ...) {DSA-4431-1 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://www.libssh2.org/CVE-2019-3863.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.patch NOTE: https://github.com/libssh2/libssh2/pull/315 CVE-2019-3862 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...) {DSA-4431-1 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://libssh2.org/CVE-2019-3862.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch NOTE: https://github.com/libssh2/libssh2/pull/316 CVE-2019-3861 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...) {DSA-4431-1 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://libssh2.org/CVE-2019-3861.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch NOTE: https://github.com/libssh2/libssh2/pull/316 CVE-2019-3860 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...) {DSA-4431-1 DLA-1730-4 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://libssh2.org/CVE-2019-3860.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch NOTE: https://github.com/libssh2/libssh2/pull/316 CVE-2019-3859 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 in t ...) {DSA-4431-1 DLA-1730-3 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://www.libssh2.org/CVE-2019-3859.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch NOTE: https://github.com/libssh2/libssh2/pull/315 CVE-2019-3858 (An out of bounds read flaw was discovered in libssh2 before 1.8.1 when ...) {DSA-4431-1 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://libssh2.org/CVE-2019-3858.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch NOTE: https://github.com/libssh2/libssh2/pull/316 CVE-2019-3857 (An integer overflow flaw which could lead to an out of bounds write wa ...) {DSA-4431-1 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://www.libssh2.org/CVE-2019-3857.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch NOTE: https://github.com/libssh2/libssh2/pull/315 CVE-2019-3856 (An integer overflow flaw, which could lead to an out of bounds write, ...) {DSA-4431-1 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://www.libssh2.org/CVE-2019-3856.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch NOTE: https://github.com/libssh2/libssh2/pull/315 CVE-2019-3855 (An integer overflow flaw which could lead to an out of bounds write wa ...) {DSA-4431-1 DLA-1730-1} - libssh2 1.8.0-2.1 (bug #924965) NOTE: https://www.libssh2.org/CVE-2019-3855.html NOTE: Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch NOTE: https://github.com/libssh2/libssh2/pull/315 CVE-2019-3854 REJECTED CVE-2019-3853 REJECTED CVE-2019-3852 (A vulnerability was found in moodle before version 3.6.3. The get_with ...) - moodle CVE-2019-3851 (A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. T ...) - moodle CVE-2019-3850 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4. ...) - moodle CVE-2019-3849 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3 ...) - moodle CVE-2019-3848 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3 ...) - moodle CVE-2019-3847 (A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4. ...) - moodle CVE-2019-3846 (A flaw that allowed an attacker to corrupt memory and possibly escalat ...) {DSA-4465-1 DLA-1824-1 DLA-1823-1} - linux 4.19.37-4 NOTE: https://lore.kernel.org/linux-wireless/20190529125220.17066-1-tiwai@suse.de/ CVE-2019-3845 (A lack of access control was found in the message queues maintained by ...) NOT-FOR-US: qpid dispatch router CVE-2019-3844 (It was discovered that a systemd service that uses DynamicUser propert ...) [experimental] - systemd 242-1 - systemd 242-4 (bug #928102) [buster] - systemd (Minor issue; exploit vector needs control both of the service and a helper outside) [stretch] - systemd (Minor issue; exploit vector needs control both of the service and a helper outside) [jessie] - systemd (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1684610 NOTE: https://github.com/systemd/systemd/commit/bf65b7e0c9fc215897b676ab9a7c9d1c688143ba NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1771 NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814596 CVE-2019-3843 (It was discovered that a systemd service that uses DynamicUser propert ...) [experimental] - systemd 242-1 - systemd 242-4 (bug #928102) [buster] - systemd (Minor issue; exploit vector needs control both of the service and a helper outside) [stretch] - systemd (Minor issue; exploit vector needs control both of the service and a helper outside) [jessie] - systemd (Vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/commit/3c27973b13724ede05a06a5d346a569794cda433 NOTE: https://github.com/systemd/systemd/commit/f69567cbe26d09eac9d387c0be0fc32c65a83ada NOTE: https://github.com/systemd/systemd/commit/9d880b70ba5c6ca83c82952f4c90e86e56c7b70c NOTE: https://github.com/systemd/systemd/commit/7445db6eb70e8d5989f481d0c5a08ace7047ae5b NOTE: https://github.com/systemd/systemd/commit/62aa29247c3d74bcec0607c347f2be23cd90675d NOTE: https://github.com/systemd/systemd/commit/bf65b7e0c9fc215897b676ab9a7c9d1c688143ba NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1771 NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1814596 NOTE: https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable) CVE-2019-3842 (In systemd before v242-rc4, it was discovered that pam_systemd does no ...) {DSA-4428-1 DLA-1762-1} - systemd 241-3 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1756 NOTE: https://bugs.launchpad.net/bugs/1812316 NOTE: https://github.com/systemd/systemd/commit/83d4ab55336ff8a0643c6aa627b31e351a24040a CVE-2019-3841 (Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were re ...) NOT-FOR-US: KubeVirt CVE-2019-3840 (A NULL pointer dereference flaw was discovered in libvirt before versi ...) - libvirt 5.0.0-1 [stretch] - libvirt (Minor issue) [jessie] - libvirt (vulnerable code was introduced in 1.2.14) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1663051 NOTE: https://www.redhat.com/archives/libvir-list/2019-January/msg00241.html NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73 CVE-2019-3839 (It was found that in ghostscript some privileged operators remained ac ...) {DSA-4442-1 DLA-1792-1} - ghostscript 9.27~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9 NOTE: To prevent pdf2dsc regression additionally: NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=db24f253409d5d085c2760c814c3e1d3fa2dac59 CVE-2019-3838 (It was found that the forceput operator could be extracted from the De ...) {DSA-4432-1 DLA-1761-1} [experimental] - ghostscript 9.27~~dc1~dfsg-1 - ghostscript 9.27~dfsg-1 (bug #925257) NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd95bb01f0768bf273b2526732e381202319 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e8f95a2f2147f3b3b9e44ec2b8f3a6be8b NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700576 CVE-2019-3837 (It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kern ...) - linux 3.13.4-1 NOTE: https://git.kernel.org/linus/77873803363c9e831fc1d1e6895c084279090c22 NOTE: https://git.kernel.org/linus/7bced397510ab569d31de4c70b39e13355046387 CVE-2019-3836 (It was discovered in gnutls before version 3.6.7 upstream that there i ...) [experimental] - gnutls28 3.6.7-1 - gnutls28 3.6.7-2 [stretch] - gnutls28 (Vulnerable code introduced later in 3.6.4) [jessie] - gnutls28 (vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1678411 NOTE: https://gitlab.com/gnutls/gnutls/issues/704 NOTE: https://gitlab.com/gnutls/gnutls/commit/96e07075e8f105b13e76b11e493d5aa2dd937226 NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 NOTE: Upstream versions affected are 3.6.4 and later before 3.6.7 CVE-2019-3835 (It was found that the superexec operator was available in the internal ...) {DSA-4432-1 DLA-1761-1} [experimental] - ghostscript 9.27~~dc1~dfsg-1 - ghostscript 9.27~dfsg-1 (bug #925256) NOTE: https://www.openwall.com/lists/oss-security/2019/03/21/1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=205591753126802da850ada6511a0ff8411aa287 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e6450d74619e6277efeebfc222d9a5cb91 (needed dependency) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700585 CVE-2019-3834 (It was found that the fix for CVE-2014-0114 had been reverted in JBoss ...) NOT-FOR-US: JBoss Operations Network 3 (JON) specific CVE assignment CVE-2019-3833 (Openwsman, versions up to and including 2.6.9, are vulnerable to infin ...) - openwsman (bug #754501) CVE-2019-3832 (It was discovered the fix for CVE-2018-19758 (libsndfile) was not comp ...) {DLA-2418-1 DLA-1712-1} - libsndfile 1.0.28-6 (bug #922372) NOTE: https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436 NOTE: https://github.com/erikd/libsndfile/pull/460 NOTE: https://github.com/erikd/libsndfile/commit/6d7ce94c020cc720a6b28719d1a7879181790008 CVE-2019-3831 (A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 an ...) - vdsm (bug #668538) CVE-2019-3830 (A vulnerability was found in ceilometer before version 12.0.0.0rc1. An ...) - ceilometer 1:11.0.1-5 (bug #925298) [stretch] - ceilometer (Vulnerable code not present) [jessie] - ceilometer (vulnerable code is not present) NOTE: https://bugs.launchpad.net/ceilometer/+bug/1811098/ NOTE: Introduced in https://github.com/openstack/ceilometer/commit/50415c0d08a3199d2280f3638dd121779585f0fe (10.0.0.0) NOTE: Fixed in https://github.com/openstack/ceilometer/commit/8881a42af169a2d7c912b1434911f978883c83f3 CVE-2019-3829 (A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. ...) [experimental] - gnutls28 3.6.7-1 - gnutls28 3.6.7-2 [stretch] - gnutls28 3.5.8-5+deb9u5 [jessie] - gnutls28 (vulnerable code was introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1677048 NOTE: https://gitlab.com/gnutls/gnutls/issues/694 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/d39778e43d1674cb3ab3685157fd299816d535c0 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/372821c883a3d36ed3ed683844ad9d90818f6392 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/6b5cbc9ea5bdca704bdbe2f8fb551f720d634bc6 NOTE: Test: https://gitlab.com/gnutls/gnutls/commit/ad27713bef613e6c4600a0fb83ae48c6d390ff5b NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 NOTE: Upstream versions affected are from 3.5.8 and before 3.6.7. CVE-2019-3828 (Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path ...) {DSA-4396-1} - ansible 2.7.7+dfsg-1 (bug #922537) [jessie] - ansible (No remote expansion in fetch module) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676689 NOTE: https://github.com/ansible/ansible/pull/52133 NOTE: https://github.com/ansible/ansible/pull/68720 (CVE-2020-1735 follow-up) NOTE: Introduced in https://github.com/ansible/ansible/commit/bc4272d2a26e47418c7d588208482d05a34a34cd (1.8) CVE-2019-3827 (An incorrect permission check in the admin backend in gvfs before vers ...) - gvfs 1.38.1-3 (bug #921816) [stretch] - gvfs (Minor issue) [jessie] - gvfs (Vulnerable code not present) NOTE: https://gitlab.gnome.org/GNOME/gvfs/issues/355 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665578 NOTE: Affecting gvfs since 1.29.4 where admin backend was introduced. CVE-2019-3826 (A stored, DOM based, cross-site scripting (XSS) flaw was found in Prom ...) - prometheus 2.7.1+ds-1 (bug #921615) [stretch] - prometheus (Only affects 2.1.0 onwards) NOTE: https://github.com/prometheus/prometheus/pull/5163 CVE-2019-3825 (A vulnerability was discovered in gdm before 3.31.4. When timed login ...) - gdm3 3.30.2-3 (low; bug #921764) [stretch] - gdm3 (Minor issue) [jessie] - gdm3 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/460 CVE-2019-3824 (A flaw was found in the way an LDAP search expression could crash the ...) {DSA-4397-1 DLA-1699-1} - ldb 2:1.5.1+really1.4.3-2 - samba 2:4.9.5+dfsg-1 (unimportant) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13773 NOTE: Samba uses the System ldb library CVE-2019-3823 (libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap ...) {DSA-4386-1 DLA-1672-1} - curl 7.64.0-1 NOTE: https://curl.haxx.se/docs/CVE-2019-3823.html NOTE: Fixed by: https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484 NOTE: Introduced by: https://github.com/curl/curl/commit/2766262a68688c1dd8143f9c4be84b46c408b70a CVE-2019-3822 (libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stac ...) {DSA-4386-1 DLA-1672-1} - curl 7.64.0-1 NOTE: https://curl.haxx.se/docs/CVE-2019-3822.html NOTE: Fixed by: https://github.com/curl/curl/commit/50c9484278c63b958655a717844f0721263939cc NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62 CVE-2019-3821 (A flaw was found in the way civetweb frontend was handling requests fo ...) - ceph (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1656852 NOTE: https://github.com/ceph/civetweb/pull/33 CVE-2019-3820 (It was discovered that the gnome-shell lock screen since version 3.15. ...) - gnome-shell 3.30.2-3 (bug #921490) [stretch] - gnome-shell (Minor issue) [jessie] - gnome-shell (Vulnerable code not present) NOTE: Introduced by: https://bugzilla.gnome.org/show_bug.cgi?id=745039 NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gnome-shell/commit/c79d24b60e773262091023feb6ee1b3deef1c471 NOTE: Upstream issue: https://gitlab.gnome.org/GNOME/gnome-shell/issues/851 CVE-2019-3819 (A flaw was found in the Linux kernel in the function hid_debug_events_ ...) {DLA-1771-1 DLA-1731-1} - linux 4.19.20-1 [stretch] - linux 4.9.161-1 NOTE: Proposed patch: https://marc.info/?l=linux-input&m=154841031101012&w=2 CVE-2019-3818 (The kube-rbac-proxy container before version 0.4.1 as used in Red Hat ...) NOT-FOR-US: kube-rbac-proxy CVE-2019-3817 (A use-after-free flaw has been discovered in libcomps before version 0 ...) NOT-FOR-US: libcomps CVE-2019-3816 (Openwsman, versions up to and including 2.6.9, are vulnerable to arbit ...) - openwsman (bug #754501) CVE-2019-3815 (A memory leak was discovered in the backport of fixes for CVE-2018-168 ...) {DLA-1711-1} - systemd (This only affected backports to older suites, not the version in sid) [stretch] - systemd 232-25+deb9u8 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1666690 NOTE: For stable it affected DSA-4367-1 and was corrected in DSA-4367-2 NOTE: specifically the backport of the fix for CVE-2018-16864. CVE-2019-3814 (It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 in ...) {DSA-4385-1 DLA-1667-1} - dovecot 1:2.3.4.1-1 NOTE: https://www.openwall.com/lists/oss-security/2019/02/05/1 CVE-2019-3813 (Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-boun ...) {DSA-4375-1 DLA-1649-1} - spice 0.14.0-1.3 (bug #920762) NOTE: https://www.openwall.com/lists/oss-security/2019/01/28/2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665371 CVE-2019-3812 (QEMU, through version 2.10 and through version 3.1.0, is vulnerable to ...) {DSA-4454-1} - qemu 1:3.1+dfsg-5 (bug #922635) [jessie] - qemu (vulnerable code introduced later) - qemu-kvm NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b05b267840515730dbf6753495d5b7bd8b04ad1c NOTE: vulnerable code not present prior 2.6.50, introduced in NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=78c71af8049c40657b646d9dd722867fa15c0f1b CVE-2019-3811 (A vulnerability was found in sssd. If a user was configured with no ho ...) {DLA-1635-1} - sssd 2.2.0-1 (bug #919051) [buster] - sssd (Minor issue) [stretch] - sssd (Minor issue) NOTE: Upstream ticket: https://pagure.io/SSSD/sssd/issue/3901 NOTE: Pull request: https://github.com/SSSD/sssd/pull/703 NOTE: Fixed by: https://github.com/SSSD/sssd/commit/90f32399b4100ce39cf665649fde82d215e5eb49 (master) NOTE: Fixed by: https://github.com/SSSD/sssd/commit/28792523a01a7d21bcc8931794164f253e691a68 (sssd-1-16) CVE-2019-3810 (A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to ...) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=381230#p1536767 NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372 CVE-2019-3809 (A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsuppor ...) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=381229#p1536766 NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222 CVE-2019-3808 (A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to ...) - moodle NOTE: https://moodle.org/mod/forum/discuss.php?d=381228#p1536765 NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395 CVE-2019-3807 (An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1 ...) - pdns-recursor 4.1.9-1 [stretch] - pdns-recursor (Only affects 4.1.x) [jessie] - pdns-recursor (Only affects 4.1.x) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html CVE-2019-3806 (An issue has been found in PowerDNS Recursor versions after 4.1.3 befo ...) - pdns-recursor 4.1.9-1 [stretch] - pdns-recursor (Only affects 4.1.x) [jessie] - pdns-recursor (Only affects 4.1.x) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html CVE-2019-3805 (A flaw was discovered in wildfly versions up to 16.0.0.Final that woul ...) - wildfly (bug #752018) CVE-2019-3804 (It was found that cockpit before version 184 used glib's base64 decode ...) - cockpit 184-1 NOTE: https://github.com/cockpit-project/cockpit/pull/10819 NOTE: https://github.com/cockpit-project/cockpit/commit/c51f6177576d7e12 CVE-2019-3803 (Pivotal Concourse, all versions prior to 4.2.2, puts the user access t ...) NOT-FOR-US: Pivotal Concourse CVE-2019-3802 (This affects Spring Data JPA in versions up to and including 2.1.6, 2. ...) NOT-FOR-US: Pivotal Spring Data JPA CVE-2019-3801 (Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java com ...) NOT-FOR-US: Cloud Foundry CVE-2019-3800 (CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes t ...) NOT-FOR-US: Cloud Foundry CVE-2019-3799 (Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x pri ...) NOT-FOR-US: Spring Cloud Config CVE-2019-3798 (Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, ...) NOT-FOR-US: Cloud Foundry CVE-2019-3797 (This affects Spring Data JPA in versions up to and including 2.1.5, 2. ...) NOT-FOR-US: Spring Data JPA CVE-2019-3796 REJECTED CVE-2019-3795 (Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, ...) {DLA-1794-1} - libspring-security-2.0-java NOTE: https://github.com/spring-projects/spring-security/commit/6f02f690ac65ccf99d8df47ac3d730a68f87c569 CVE-2019-3794 (Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME- ...) NOT-FOR-US: Cloud Foundry CVE-2019-3793 (Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, vers ...) NOT-FOR-US: Pivotal CVE-2019-3792 (Pivotal Concourse version 5.0.0, contains an API that is vulnerable to ...) NOT-FOR-US: Pivotal CVE-2019-3791 REJECTED CVE-2019-3790 (The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x version ...) NOT-FOR-US: Pivotal Ops Manager CVE-2019-3789 (Cloud Foundry Routing Release, all versions prior to 0.188.0, contains ...) NOT-FOR-US: Cloud Foundry CVE-2019-3788 (Cloud Foundry UAA Release, versions prior to 71.0, allows clients to b ...) NOT-FOR-US: Cloud Foundry CVE-2019-3787 (Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending & ...) NOT-FOR-US: Cloud Foundry UAA CVE-2019-3786 (Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0 ...) NOT-FOR-US: Cloud Foundry CVE-2019-3785 (Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an e ...) NOT-FOR-US: Cloud Foundry CVE-2019-3784 (Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure s ...) NOT-FOR-US: Cloud Foundry Stratos CVE-2019-3783 (Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public ...) NOT-FOR-US: Cloud Foundry Stratos CVE-2019-3782 (Cloud Foundry CredHub CLI, versions prior to 2.2.1, inadvertently writ ...) NOT-FOR-US: Cloud Foundry CVE-2019-3781 (Cloud Foundry CLI, versions prior to v6.43.0, improperly exposes passw ...) NOT-FOR-US: Cloud Foundry CLI CVE-2019-3780 (Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s ...) NOT-FOR-US: Cloud Foundry CVE-2019-3779 (Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kub ...) NOT-FOR-US: Cloud Foundry CVE-2019-3778 (Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2 ...) NOT-FOR-US: Spring Security OAuth CVE-2019-3777 (Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3 ...) NOT-FOR-US: Pivotal CVE-2019-3776 (Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x vers ...) NOT-FOR-US: Pivotal CVE-2019-3775 (Cloud Foundry UAA, versions prior to v70.0, allows a user to update th ...) NOT-FOR-US: Cloud Foundry UAA CVE-2019-3774 (Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versi ...) NOT-FOR-US: Spring Batch CVE-2019-3773 (Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported vers ...) NOT-FOR-US: Spring Web Services CVE-2019-3772 (Spring Integration (spring-integration-xml and spring-integration-ws m ...) NOT-FOR-US: Spring Integration CVE-2019-3771 RESERVED CVE-2019-3770 (Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cr ...) NOT-FOR-US: Dell CVE-2019-3769 (Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cr ...) NOT-FOR-US: Dell CVE-2019-3768 (RSA Authentication Manager versions prior to 8.4 P7 contain an XML Ent ...) NOT-FOR-US: RSA Authentication Manager CVE-2019-3767 (Dell ImageAssist versions prior to 8.7.15 contain an information discl ...) NOT-FOR-US: Dell ImageAssist CVE-2019-3766 (Dell EMC ECS versions prior to 3.4.0.0 contain an improper restriction ...) NOT-FOR-US: EMC CVE-2019-3765 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...) NOT-FOR-US: EMC CVE-2019-3764 (Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to ...) NOT-FOR-US: EMC CVE-2019-3763 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...) NOT-FOR-US: RSA CVE-2019-3762 (Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 cont ...) NOT-FOR-US: Dell CVE-2019-3761 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...) NOT-FOR-US: RSA CVE-2019-3760 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...) NOT-FOR-US: RSA CVE-2019-3759 (The RSA Identity Governance and Lifecycle software and RSA Via Lifecyc ...) NOT-FOR-US: RSA CVE-2019-3758 (RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper au ...) NOT-FOR-US: RSA CVE-2019-3757 RESERVED CVE-2019-3756 (RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information ...) NOT-FOR-US: RSA CVE-2019-3755 RESERVED CVE-2019-3754 (Dell EMC Unity Operating Environment versions prior to 5.0.0.0.5.116, ...) NOT-FOR-US: EMC CVE-2019-3753 (Dell EMC PowerConnect 8024, 7000, M6348, M6220, M8024 and M8024-K runn ...) NOT-FOR-US: EMC CVE-2019-3752 (Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and ...) NOT-FOR-US: EMC Avamar Server CVE-2019-3751 (Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0 ...) NOT-FOR-US: EMC CVE-2019-3750 (Dell Command Update versions prior to 3.1 contain an Arbitrary File De ...) NOT-FOR-US: Dell Command Update CVE-2019-3749 (Dell Command Update versions prior to 3.1 contain an Arbitrary File De ...) NOT-FOR-US: Dell Command Update CVE-2019-3748 RESERVED CVE-2019-3747 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 co ...) NOT-FOR-US: EMC CVE-2019-3746 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do ...) NOT-FOR-US: EMC CVE-2019-3745 (The vulnerability is limited to the installers of Dell Encryption Ente ...) NOT-FOR-US: Dell CVE-2019-3744 (Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a pri ...) NOT-FOR-US: Dell/Alienware Digital Delivery CVE-2019-3743 RESERVED CVE-2019-3742 (Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a p ...) NOT-FOR-US: Dell/Alienware Digital Delivery CVE-2019-3741 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a ...) NOT-FOR-US: EMC CVE-2019-3740 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Inform ...) NOT-FOR-US: RSA CVE-2019-3739 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Informati ...) NOT-FOR-US: RSA CVE-2019-3738 (RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing ...) NOT-FOR-US: RSA CVE-2019-3737 (Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by a ...) NOT-FOR-US: Dell EMC Avamar ADMe Web Interface CVE-2019-3736 (Dell EMC Integrated Data Protection Appliance versions prior to 2.3 co ...) NOT-FOR-US: EMC CVE-2019-3735 (Dell SupportAssist for Business PCs version 2.0 and Dell SupportAssist ...) NOT-FOR-US: Dell SupportAssist CVE-2019-3734 (Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain an ...) NOT-FOR-US: EMC CVE-2019-3733 (RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vuln ...) NOT-FOR-US: RSA CVE-2019-3732 (RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) ...) NOT-FOR-US: RSA CVE-2019-3731 (RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro ...) NOT-FOR-US: RSA CVE-2019-3730 (RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and ...) NOT-FOR-US: RSA CVE-2019-3729 (RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, ...) NOT-FOR-US: RSA CVE-2019-3728 (RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) ...) NOT-FOR-US: RSA CVE-2019-3727 (Dell EMC RecoverPoint versions prior to 5.1.3 and RecoverPoint for VMs ...) NOT-FOR-US: Dell EMC RecoverPoint CVE-2019-3726 (An Uncontrolled Search Path Vulnerability is applicable to the followi ...) NOT-FOR-US: EMC CVE-2019-3725 (RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security An ...) NOT-FOR-US: RSA Netwitness Platform CVE-2019-3724 (RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an ...) NOT-FOR-US: RSA Netwitness Platform CVE-2019-3723 (Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1. ...) NOT-FOR-US: Dell EMC OpenManage Server Administrator CVE-2019-3722 (Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1. ...) NOT-FOR-US: Dell EMC OpenManage Server Administrator CVE-2019-3721 (Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3 ...) NOT-FOR-US: Dell CVE-2019-3720 (Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3 ...) NOT-FOR-US: Dell CVE-2019-3719 (Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote ...) NOT-FOR-US: Dell CVE-2019-3718 (Dell SupportAssist Client versions prior to 3.2.0.90 contain an improp ...) NOT-FOR-US: Dell CVE-2019-3717 (Select Dell Client Commercial and Consumer platforms contain an Improp ...) NOT-FOR-US: Select Dell Client Commercial and Consumer platforms CVE-2019-3716 (RSA Archer versions, prior to 6.5 SP2, contain an information exposure ...) NOT-FOR-US: RSA CVE-2019-3715 (RSA Archer versions, prior to 6.5 SP1, contain an information exposure ...) NOT-FOR-US: RSA CVE-2019-3714 RESERVED CVE-2019-3713 RESERVED CVE-2019-3712 (Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse Th ...) NOT-FOR-US: Dell CVE-2019-3711 (RSA Authentication Manager versions prior to 8.4 P1 contain an Insecur ...) NOT-FOR-US: RSA CVE-2019-3710 (Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptograp ...) NOT-FOR-US: Dell Networking OS10 CVE-2019-3709 (IsilonSD Management Server 1.1.0 contains a cross-site scripting vulne ...) NOT-FOR-US: IsilonSD Management Server CVE-2019-3708 (IsilonSD Management Server 1.1.0 contains a cross-site scripting vulne ...) NOT-FOR-US: IsilonSD Management Server CVE-2019-3707 (Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication ...) NOT-FOR-US: EMC CVE-2019-3706 (Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 a ...) NOT-FOR-US: EMC CVE-2019-3705 (Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior t ...) NOT-FOR-US: EMC CVE-2019-3704 (VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1 ...) NOT-FOR-US: EMC CVE-2019-3703 RESERVED CVE-2019-3702 (A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon ...) NOT-FOR-US: Lifesize CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux ...) {DLA-1771-1 DLA-1731-1} - linux 4.19.20-1 (unimportant) [stretch] - linux 4.9.161-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386 NOTE: https://marc.info/?l=linux-netdev&m=154651842302479&w=2 CVE-2019-3700 (yast2-security didn't use secure defaults to protect passwords. This b ...) NOT-FOR-US: yast2 CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging ...) NOT-FOR-US: SUSE-specific privoxy issue CVE-2019-3698 (UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob sh ...) NOT-FOR-US: SUSE-specific Nagios issue CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging ...) NOT-FOR-US: SuSE-specific issue in gnump3d (removed for a decade from Debian) CVE-2019-3696 (A Improper Limitation of a Pathname to a Restricted Directory vulnerab ...) NOT-FOR-US: SAP CVE-2019-3695 (A Improper Control of Generation of Code vulnerability in the packagin ...) NOT-FOR-US: SAP CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...) NOT-FOR-US: SuSE packaging of munin CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE ...) NOT-FOR-US: SuSE packaging of mailman CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Fact ...) NOT-FOR-US: SUSE packaging of inn CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...) NOT-FOR-US: SUSE packaging of munge CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks before c ...) NOT-FOR-US: SuSE-specific tool CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...) {DLA-1965-1} - nfs-utils 1:1.3.4-3 (bug #940848) [buster] - nfs-utils 1:1.3.4-2.5+deb10u1 [stretch] - nfs-utils 1:1.3.4-2.1+deb9u1 NOTE: https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...) - squid (/usr/lib/squid/pinger permissions are root:root) - squid3 (/usr/lib/squid/pinger permissions are root:root) CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed all loc ...) NOT-FOR-US: SuSE CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...) - openqa (Fixed before initial upload to Debian) NOTE: Fixed by: https://github.com/os-autoinst/openQA/commit/c172e8883d8f32fced5e02f9b6faaacc913df27b CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...) - osc (Affects 0.165.x only, bug #941667) CVE-2019-3684 (SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a71 ...) NOT-FOR-US: SUSE Manager CVE-2019-3683 (The keystone-json-assignment package in SUSE Openstack Cloud 8 before ...) NOT-FOR-US: SuSE Openstack Cloud CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7 ...) NOT-FOR-US: SuSE CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of SUSE L ...) - osc 0.169.1-1 (bug #969999) [buster] - osc (Minor issue) [stretch] - osc (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1122675 NOTE: https://github.com/openSUSE/osc/commit/a79c54418baf9b9785123bd07f350f12bd729ed3 (0.169.0) CVE-2019-3680 RESERVED CVE-2019-3679 RESERVED CVE-2019-3678 RESERVED CVE-2019-3677 RESERVED CVE-2019-3676 RESERVED CVE-2019-3675 RESERVED CVE-2019-3674 RESERVED CVE-2019-3673 RESERVED CVE-2019-3672 RESERVED CVE-2019-3671 RESERVED CVE-2019-3670 (Remote Code Execution vulnerability in the web interface in McAfee Web ...) NOT-FOR-US: McAfee CVE-2019-3669 RESERVED CVE-2019-3668 RESERVED CVE-2019-3667 (DLL Search Order Hijacking vulnerability in the Microsoft Windows clie ...) NOT-FOR-US: McAfee CVE-2019-3666 (API Abuse/Misuse vulnerability in the web interface in McAfee Web Advi ...) NOT-FOR-US: McAfee CVE-2019-3665 (Code Injection vulnerability in the web interface in McAfee Web Adviso ...) NOT-FOR-US: McAfee CVE-2019-3664 RESERVED CVE-2019-3663 (Unprotected Storage of Credentials vulnerability in McAfee Advanced Th ...) NOT-FOR-US: McAfee CVE-2019-3662 (Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Adva ...) NOT-FOR-US: McAfee CVE-2019-3661 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: McAfee CVE-2019-3660 (Improper Neutralization of HTTP requests in McAfee Advanced Threat Def ...) NOT-FOR-US: McAfee CVE-2019-3659 RESERVED CVE-2019-3658 RESERVED CVE-2019-3657 RESERVED CVE-2019-3656 RESERVED CVE-2019-3655 RESERVED CVE-2019-3654 (Authentication Bypass vulnerability in the Microsoft Windows client in ...) NOT-FOR-US: McAfee CVE-2019-3653 (Improper access control vulnerability in Configuration tool in McAfee ...) NOT-FOR-US: McAfee Endpoint Security (ENS) CVE-2019-3652 (Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Securit ...) NOT-FOR-US: McAfee Endpoint Security (ENS) CVE-2019-3651 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...) NOT-FOR-US: McAfee CVE-2019-3650 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...) NOT-FOR-US: McAfee CVE-2019-3649 (Information Disclosure vulnerability in McAfee Advanced Threat Defense ...) NOT-FOR-US: McAfee CVE-2019-3648 (A Privilege Escalation vulnerability in the Microsoft Windows client i ...) NOT-FOR-US: McAfee Total Protection CVE-2019-3647 RESERVED CVE-2019-3646 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...) NOT-FOR-US: McAfee CVE-2019-3645 RESERVED CVE-2019-3644 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...) NOT-FOR-US: McAfee CVE-2019-3643 (McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remo ...) NOT-FOR-US: McAfee CVE-2019-3642 RESERVED CVE-2019-3641 (Abuse of Authorization vulnerability in APIs exposed by TIE server in ...) NOT-FOR-US: McAfee CVE-2019-3640 (Unprotected Transport of Credentials in ePO extension in McAfee Data L ...) NOT-FOR-US: McAfee CVE-2019-3639 (Clickjack vulnerability in Adminstrator web console in McAfee Web Gate ...) NOT-FOR-US: McAfee CVE-2019-3638 (Reflected Cross Site Scripting vulnerability in Administrators web con ...) NOT-FOR-US: McAfee CVE-2019-3637 (Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.20 ...) NOT-FOR-US: McAfee CVE-2019-3636 (A File Masquerade vulnerability in McAfee Total Protection (MTP) versi ...) NOT-FOR-US: McAfee CVE-2019-3635 (Exfiltration of Data in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8. ...) NOT-FOR-US: McAfee CVE-2019-3634 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...) NOT-FOR-US: McAfee CVE-2019-3633 (Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x ...) NOT-FOR-US: McAfee CVE-2019-3632 (Directory Traversal vulnerability in McAfee Enterprise Security Manage ...) NOT-FOR-US: McAfee CVE-2019-3631 (Command Injection vulnerability in McAfee Enterprise Security Manager ...) NOT-FOR-US: McAfee CVE-2019-3630 (Command Injection vulnerability in McAfee Enterprise Security Manager ...) NOT-FOR-US: McAfee CVE-2019-3629 (Application protection bypass vulnerability in McAfee Enterprise Secur ...) NOT-FOR-US: McAfee CVE-2019-3628 (Privilege escalation in McAfee Enterprise Security Manager (ESM) 11.x ...) NOT-FOR-US: McAfee CVE-2019-3627 RESERVED CVE-2019-3626 RESERVED CVE-2019-3625 RESERVED CVE-2019-3624 RESERVED CVE-2019-3623 RESERVED CVE-2019-3622 (Files or Directories Accessible to External Parties in McAfee Data Los ...) NOT-FOR-US: McAfee CVE-2019-3621 (Authentication protection bypass vulnerability in McAfee Data Loss Pre ...) NOT-FOR-US: McAfee CVE-2019-3620 RESERVED CVE-2019-3619 (Information Disclosure vulnerability in the Agent Handler in McAfee eP ...) NOT-FOR-US: McAfee CVE-2019-3618 RESERVED CVE-2019-3617 (Privilege escalation vulnerability in McAfee Total Protection (ToPS) f ...) NOT-FOR-US: McAfee CVE-2019-3616 RESERVED CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in McAfee Data ...) NOT-FOR-US: McAfee CVE-2019-3614 RESERVED CVE-2019-3613 (DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to ...) NOT-FOR-US: McAfee CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and TIE Se ...) NOT-FOR-US: McAFee CVE-2019-3611 RESERVED CVE-2019-3610 (Data Leakage Attacks vulnerability in Microsoft Windows client in McAf ...) NOT-FOR-US: McAfee True Key CVE-2019-3609 RESERVED CVE-2019-3608 RESERVED CVE-2019-3607 RESERVED CVE-2019-3606 (Data Leakage Attacks vulnerability in the web portal component when in ...) NOT-FOR-US: McAfee CVE-2019-3605 RESERVED CVE-2019-3604 (Cross-Site Request Forgery (CSRF) vulnerability in McAfee ePO (legacy) ...) NOT-FOR-US: McAfee CVE-2019-3603 RESERVED CVE-2019-3602 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...) NOT-FOR-US: McAfee CVE-2019-3601 RESERVED CVE-2019-3600 RESERVED CVE-2019-3599 (Information Disclosure vulnerability in Remote logging (which is disab ...) NOT-FOR-US: McAfee Agent CVE-2019-3598 (Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x all ...) NOT-FOR-US: McAfee Agent CVE-2019-3597 (Authentication Bypass vulnerability in McAfee Network Security Manager ...) NOT-FOR-US: McAfee CVE-2019-3596 RESERVED CVE-2019-3595 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: McAfee CVE-2019-3594 RESERVED CVE-2019-3593 (Exploitation of Privilege/Trust vulnerability in Microsoft Windows cli ...) NOT-FOR-US: McAfee CVE-2019-3592 (Privilege escalation vulnerability in McAfee Agent (MA) before 5.6.1 H ...) NOT-FOR-US: McAfee CVE-2019-3591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) NOT-FOR-US: McAfee CVE-2019-3590 RESERVED CVE-2019-3589 RESERVED CVE-2019-3588 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...) NOT-FOR-US: McAfee CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows client i ...) NOT-FOR-US: McAfee CVE-2019-3586 (Protection Mechanism Failure in the Firewall in McAfee Endpoint Securi ...) NOT-FOR-US: McAfee CVE-2019-3585 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...) NOT-FOR-US: McAfee CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision Endpoint in Mc ...) NOT-FOR-US: McAfee CVE-2019-3583 RESERVED CVE-2019-3582 (Privilege Escalation vulnerability in Microsoft Windows client in McAf ...) NOT-FOR-US: McAfee CVE-2019-3581 (Improper input validation in the proxy component of McAfee Web Gateway ...) NOT-FOR-US: McAfee CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory T ...) NOT-FOR-US: OpenRefine CVE-2019-3579 (MyBB 1.8.19 allows remote attackers to obtain sensitive information be ...) NOT-FOR-US: MyBB CVE-2019-3578 (MyBB 1.8.19 has XSS in the resetpassword function. ...) NOT-FOR-US: MyBB CVE-2019-3577 (An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/P ...) NOT-FOR-US: Waimai Super Cms CVE-2019-3576 (inxedu through 2018-12-24 has a SQL Injection vulnerability that can l ...) NOT-FOR-US: inxedu CVE-2019-3575 (Sqla_yaml_fixtures 0.9.1 allows local users to execute arbitrary pytho ...) NOT-FOR-US: Sqla_yaml_fixtures CVE-2019-3574 (In libsixel v1.8.2, there is a heap-based buffer over-read in the func ...) - libsixel 1.8.2-2 (low; bug #922460) [buster] - libsixel 1.8.2-1+deb10u1 [stretch] - libsixel 1.5.2-2+deb9u1 [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/83 CVE-2019-3573 (In libsixel v1.8.2, there is an infinite loop in the function sixel_de ...) - libsixel 1.8.2-2 (low; bug #922460) [buster] - libsixel 1.8.2-1+deb10u1 [stretch] - libsixel 1.5.2-2+deb9u1 [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/83 CVE-2019-3572 (An issue was discovered in libming 0.4.8. There is a heap-based buffer ...) - ming NOTE: https://github.com/libming/libming/issues/169 CVE-2019-3571 (An input validation issue affected WhatsApp Desktop versions prior to ...) NOT-FOR-US: WhatsApp Desktop CVE-2019-3570 (Call to the scrypt_enc() function in HHVM can lead to heap corruption ...) - hhvm NOTE: https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html CVE-2019-3569 (HHVM, when used with FastCGI, would bind by default to all available i ...) - hhvm NOTE: https://hhvm.com/blog/2019/06/10/hhvm-4.9.0.html CVE-2019-3568 (A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote ...) NOT-FOR-US: Whatsapp CVE-2019-3567 (In some configurations an attacker can inject a new executable path in ...) NOT-FOR-US: osquery CVE-2019-3566 (A bug in WhatsApp for Android's messaging logic would potentially allo ...) NOT-FOR-US: WhatsApp for Android CVE-2019-3565 (Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would n ...) NOT-FOR-US: Thrift servers CVE-2019-3564 (Go Facebook Thrift servers would not error upon receiving messages wit ...) NOT-FOR-US: Thrift servers CVE-2019-3563 (Wangle's LineBasedFrameDecoder contains logic for identifying newlines ...) NOT-FOR-US: Facebook Wangle CVE-2019-3562 (A remote web page could inject arbitrary HTML code into the Oculus Bro ...) NOT-FOR-US: Oculus Browser UI CVE-2019-3561 (Insufficient boundary checks for the strrpos and strripos functions al ...) - hhvm CVE-2019-3560 (An improperly performed length calculation on a buffer in PlaintextRec ...) NOT-FOR-US: Fizz CVE-2019-3559 (Java Facebook Thrift servers would not error upon receiving messages w ...) NOT-FOR-US: Facebook Java Thrift (Debian packages Apache Thrift) CVE-2019-3558 (Python Facebook Thrift servers would not error upon receiving messages ...) NOT-FOR-US: Thrift servers CVE-2019-3557 (The implementations of streams for bz2 and php://output improperly imp ...) - hhvm CVE-2019-3556 (HHVM supports the use of an "admin" server which accepts administrativ ...) - hhvm CVE-2019-3555 RESERVED CVE-2019-3554 (Wangle's AcceptRoutingHandler incorrectly casts a socket when acceptin ...) NOT-FOR-US: Facebook Wangle CVE-2019-3553 (C++ Facebook Thrift servers would not error upon receiving messages de ...) NOT-FOR-US: Thrift servers CVE-2019-3552 (C++ Facebook Thrift servers (using cpp2) would not error upon receivin ...) NOT-FOR-US: Thrift servers CVE-2019-3551 RESERVED CVE-2019-3550 RESERVED CVE-2019-3549 RESERVED CVE-2019-3548 RESERVED CVE-2019-3547 RESERVED CVE-2019-3546 RESERVED CVE-2019-3545 RESERVED CVE-2019-3544 RESERVED CVE-2019-3543 RESERVED CVE-2019-3542 RESERVED CVE-2019-3541 RESERVED CVE-2019-3540 RESERVED CVE-2019-3539 RESERVED CVE-2019-3538 RESERVED CVE-2019-3537 RESERVED CVE-2019-3536 RESERVED CVE-2019-3535 RESERVED CVE-2019-3534 RESERVED CVE-2019-3533 RESERVED CVE-2019-3532 RESERVED CVE-2019-3531 RESERVED CVE-2019-3530 RESERVED CVE-2019-3529 RESERVED CVE-2019-3528 RESERVED CVE-2019-3527 RESERVED CVE-2019-3526 RESERVED CVE-2019-3525 RESERVED CVE-2019-3524 RESERVED CVE-2019-3523 RESERVED CVE-2019-3522 RESERVED CVE-2019-3521 RESERVED CVE-2019-3520 RESERVED CVE-2019-3519 RESERVED CVE-2019-3518 RESERVED CVE-2019-3517 RESERVED CVE-2019-3516 RESERVED CVE-2019-3515 RESERVED CVE-2019-3514 RESERVED CVE-2019-3513 RESERVED CVE-2019-3512 RESERVED CVE-2019-3511 RESERVED CVE-2019-3510 RESERVED CVE-2019-3509 RESERVED CVE-2019-3508 RESERVED CVE-2019-3507 RESERVED CVE-2019-3506 RESERVED CVE-2019-3505 RESERVED CVE-2019-3504 RESERVED CVE-2019-3503 RESERVED CVE-2019-3502 RESERVED CVE-2019-3501 (The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted ...) NOT-FOR-US: OUGC Awards plugin for MyBB CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Au ...) {DLA-1636-1} - aria2 1.34.0-4 (low; bug #918058) [stretch] - aria2 (Minor issue) NOTE: https://github.com/aria2/aria2/issues/1329 NOTE: Masking of all authorization and cookie header fields (but not userinfo in URL): NOTE: https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a CVE-2019-3499 RESERVED CVE-2019-3498 (In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before ...) {DSA-4363-1 DLA-1629-1} - python-django 1:1.11.18-1 (bug #918230) NOTE: https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ NOTE: https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a (1.11.x) NOTE: https://github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b (2.1.x) CVE-2019-3497 (An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x ...) NOT-FOR-US: Wifi-soft UniBox controller devices CVE-2019-3496 (An issue was discovered on Wifi-soft UniBox controller 3.x devices. Th ...) NOT-FOR-US: Wifi-soft UniBox controller devices CVE-2019-3495 (An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x ...) NOT-FOR-US: Wifi-soft UniBox controller devices CVE-2019-3494 (Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteC ...) NOT-FOR-US: Simply-Blog CVE-2019-3493 (A potential security vulnerability has been identified in Micro Focus ...) NOT-FOR-US: Micro Focus CVE-2019-3492 RESERVED CVE-2019-3491 RESERVED CVE-2019-3490 (A DOM based XSS vulnerability has been identified in the Netstorage co ...) NOT-FOR-US: Micro Focus Netstorage CVE-2019-3489 (An unauthenticated file upload vulnerability has been identified in th ...) NOT-FOR-US: Micro Focus Content Manager CVE-2019-3488 RESERVED CVE-2019-3487 RESERVED CVE-2019-3486 (Mitigates a stored cross site scripting issue in ArcSight Security Man ...) NOT-FOR-US: ArcSight Security Management Center CVE-2019-3485 (Mitigates a stored cross site scripting issue in ArcSight Logger versi ...) NOT-FOR-US: ArcSight Logger CVE-2019-3484 (Mitigates a remote code execution issue in ArcSight Logger versions pr ...) NOT-FOR-US: ArcSight Logger CVE-2019-3483 (Mitigates a potential information leakage issue in ArcSight Logger ver ...) NOT-FOR-US: ArcSight Logger CVE-2019-3482 (Mitigates a directory traversal issue in ArcSight Logger versions prio ...) NOT-FOR-US: ArcSight Logger CVE-2019-3481 (Mitigates a XML External Entity Parsing issue in ArcSight Logger versi ...) NOT-FOR-US: ArcSight Logger CVE-2019-3480 (Mitigates a stored/reflected XSS issue in ArcSight Logger versions pri ...) NOT-FOR-US: ArcSight Logger CVE-2019-3479 (Mitigates a potential remote code execution issue in ArcSight Logger v ...) NOT-FOR-US: ArcSight Logger CVE-2019-3478 RESERVED CVE-2019-3477 (Micro Focus Solution Business Manager versions prior to 11.4.2 is susc ...) NOT-FOR-US: Micro Focus Solution Business Manager CVE-2019-3476 (Remote arbitrary code execution in Micro Focus Data Protector, version ...) NOT-FOR-US: Micro Focus Data Protector CVE-2019-3475 (A local privilege escalation vulnerability in the famtd component of M ...) NOT-FOR-US: Micro Focus Filr CVE-2019-3474 (A path traversal vulnerability in the web application component of Mic ...) NOT-FOR-US: Micro Focus Filr CVE-2019-3473 REJECTED CVE-2019-3472 REJECTED CVE-2019-3471 REJECTED CVE-2019-3470 REJECTED CVE-2019-3469 REJECTED CVE-2019-3468 REJECTED CVE-2019-3466 (The pg_ctlcluster script in postgresql-common in versions prior to 210 ...) {DSA-4568-1 DLA-1994-1} - postgresql-common 210 NOTE: https://salsa.debian.org/postgresql/postgresql-common/commit/ec9d984b62ed79f61be97b786a9ff4381309979c NOTE: https://blog.mirch.io/2019/11/15/cve-2019-3466-debian-ubuntu-pg_ctlcluster-privilege-escalation/ CVE-2019-3465 (Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for exa ...) {DSA-4560-1 DLA-1983-1} - simplesamlphp 1.17.6-2 (bug #944107) NOTE: https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ NOTE: https://simplesamlphp.org/security/201911-01 CVE-2019-3464 (Insufficient sanitization of environment variables passed to rsync can ...) {DSA-4382-1 DLA-1660-1} - rssh 2.3.4-10 CVE-2019-3463 (Insufficient sanitization of arguments passed to rsync can bypass the ...) {DSA-4382-1 DLA-1660-1} - rssh 2.3.4-10 CVE-2019-3462 (Incorrect sanitation of the 302 redirect field in HTTP transport metho ...) {DSA-4371-1 DLA-1637-1} - apt 1.8.0~alpha3.1 NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1812353 NOTE: https://justi.cz/security/2019/01/22/apt-rce.html CVE-2019-3461 (Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a ...) {DSA-4365-1 DLA-1640-1} - tmpreaper 1.6.14 (bug #918956) CVE-2019-3460 (A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_ ...) {DLA-1799-1 DLA-1771-1} - linux 4.19.37-1 [stretch] - linux 4.9.168-1 NOTE: https://lore.kernel.org/linux-bluetooth/20190110062917.GB15047@kroah.com/ NOTE: https://git.kernel.org/linus/af3d5d1c87664a4f150fcf3534c6567cb19909b0 CVE-2019-3459 (A heap address information leak while using L2CAP_GET_CONF_OPT was dis ...) {DLA-1799-1 DLA-1771-1} - linux 4.19.37-1 [stretch] - linux 4.9.168-1 NOTE: https://lore.kernel.org/linux-bluetooth/20190110062833.GA15047@kroah.com/ NOTE: https://git.kernel.org/linus/7c9cbd0b5e38a1672fcd137894ace3b042dfbf69 CVE-2019-3458 RESERVED CVE-2019-3457 RESERVED CVE-2019-3456 RESERVED CVE-2019-3455 RESERVED CVE-2019-3454 RESERVED CVE-2019-3453 RESERVED CVE-2019-3452 RESERVED CVE-2019-3451 RESERVED CVE-2019-3450 RESERVED CVE-2019-3449 RESERVED CVE-2019-3448 RESERVED CVE-2019-3447 RESERVED CVE-2019-3446 RESERVED CVE-2019-3445 RESERVED CVE-2019-3444 RESERVED CVE-2019-3443 RESERVED CVE-2019-3442 RESERVED CVE-2019-3441 RESERVED CVE-2019-3440 RESERVED CVE-2019-3439 RESERVED CVE-2019-3438 RESERVED CVE-2019-3437 RESERVED CVE-2019-3436 RESERVED CVE-2019-3435 RESERVED CVE-2019-3434 RESERVED CVE-2019-3433 RESERVED CVE-2019-3432 RESERVED CVE-2019-3431 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...) NOT-FOR-US: ZTE CVE-2019-3430 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...) NOT-FOR-US: ZTE CVE-2019-3429 (All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product h ...) NOT-FOR-US: ZTE CVE-2019-3428 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...) NOT-FOR-US: ZTE CVE-2019-3427 (The version V6.01.03.01 of ZTE ZXCDN IAMWEB product is impacted by a c ...) NOT-FOR-US: ZTE CVE-2019-3426 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...) NOT-FOR-US: ZTE CVE-2019-3425 (The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZX ...) NOT-FOR-US: ZTE CVE-2019-3424 (authentication issues vulnerability, which exists in V2.1.14 and below ...) NOT-FOR-US: C520V21 smart camera devices CVE-2019-3423 (permission and access control vulnerability, which exists in V2.1.14 a ...) NOT-FOR-US: C520V21 smart camera devices CVE-2019-3422 (The Sec Consult Security Lab reported an information disclosure vulner ...) NOT-FOR-US: ZTE CVE-2019-3421 (The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE produc ...) NOT-FOR-US: ZTE CVE-2019-3420 (All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impa ...) NOT-FOR-US: ZTE CVE-2019-3419 (A security vulnerability exists in a management port in the version of ...) NOT-FOR-US: ZTE CVE-2019-3418 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...) NOT-FOR-US: ZTE CVE-2019-3417 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted ...) NOT-FOR-US: ZTE CVE-2019-3416 (All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impa ...) NOT-FOR-US: ZTE CVE-2019-3415 (ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traver ...) NOT-FOR-US: ZTE CVE-2019-3414 (All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS ...) NOT-FOR-US: ZTE CVE-2019-3413 (All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an ...) NOT-FOR-US: ZTE CVE-2019-3412 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by co ...) NOT-FOR-US: ZTE CVE-2019-3411 (All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by in ...) NOT-FOR-US: ZTE CVE-2019-3410 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE ...) NOT-FOR-US: ZTE CVE-2019-3409 (All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE ...) NOT-FOR-US: ZTE CVE-2019-3408 RESERVED CVE-2019-3407 RESERVED CVE-2019-3406 RESERVED CVE-2019-3405 (In the 3.1.3.64296 and lower version of 360F5, the third party can tri ...) NOT-FOR-US: 360F5 CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, the us ...) NOT-FOR-US: ofrouter CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...) NOT-FOR-US: Atlassian Jira CVE-2019-3402 (The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 a ...) NOT-FOR-US: Atlassian Jira CVE-2019-3401 (The ManageFilters.jspa resource in Jira before version 7.13.3 and from ...) NOT-FOR-US: Atlassian Jira CVE-2019-3400 (The labels gadget in Jira before version 7.13.2, and from version 8.0. ...) NOT-FOR-US: Atlassian CVE-2019-3399 (The BrowseProjects.jspa resource in Jira before version 7.13.2, and fr ...) NOT-FOR-US: Atlassian CVE-2019-3398 (Confluence Server and Data Center had a path traversal vulnerability i ...) NOT-FOR-US: Confluence Server and Data Center CVE-2019-3397 (Atlassian Bitbucket Data Center licensed instances starting with versi ...) NOT-FOR-US: Atlassian CVE-2019-3396 (The Widget Connector macro in Atlassian Confluence Server before versi ...) NOT-FOR-US: Atlassian Confluence Server CVE-2019-3395 (The WebDAV endpoint in Atlassian Confluence Server and Data Center bef ...) NOT-FOR-US: Atlassian Confluence Server CVE-2019-3394 (There was a local file disclosure vulnerability in Confluence Server a ...) NOT-FOR-US: Confluence CVE-2019-3393 RESERVED CVE-2019-3392 RESERVED CVE-2019-3391 RESERVED CVE-2019-3390 RESERVED CVE-2019-3389 RESERVED CVE-2019-3388 RESERVED CVE-2019-3387 RESERVED CVE-2019-3386 RESERVED CVE-2019-3385 RESERVED CVE-2019-3384 RESERVED CVE-2019-3383 RESERVED CVE-2019-3382 RESERVED CVE-2019-3381 RESERVED CVE-2019-3380 RESERVED CVE-2019-3379 RESERVED CVE-2019-3378 RESERVED CVE-2019-3377 RESERVED CVE-2019-3376 RESERVED CVE-2019-3375 RESERVED CVE-2019-3374 RESERVED CVE-2019-3373 RESERVED CVE-2019-3372 RESERVED CVE-2019-3371 RESERVED CVE-2019-3370 RESERVED CVE-2019-3369 RESERVED CVE-2019-3368 RESERVED CVE-2019-3367 RESERVED CVE-2019-3366 RESERVED CVE-2019-3365 RESERVED CVE-2019-3364 RESERVED CVE-2019-3363 RESERVED CVE-2019-3362 RESERVED CVE-2019-3361 RESERVED CVE-2019-3360 RESERVED CVE-2019-3359 RESERVED CVE-2019-3358 RESERVED CVE-2019-3357 RESERVED CVE-2019-3356 RESERVED CVE-2019-3355 RESERVED CVE-2019-3354 RESERVED CVE-2019-3353 RESERVED CVE-2019-3352 RESERVED CVE-2019-3351 RESERVED CVE-2019-3350 RESERVED CVE-2019-3349 RESERVED CVE-2019-3348 RESERVED CVE-2019-3347 RESERVED CVE-2019-3346 RESERVED CVE-2019-3345 RESERVED CVE-2019-3344 RESERVED CVE-2019-3343 RESERVED CVE-2019-3342 RESERVED CVE-2019-3341 RESERVED CVE-2019-3340 RESERVED CVE-2019-3339 RESERVED CVE-2019-3338 RESERVED CVE-2019-3337 RESERVED CVE-2019-3336 RESERVED CVE-2019-3335 RESERVED CVE-2019-3334 RESERVED CVE-2019-3333 RESERVED CVE-2019-3332 RESERVED CVE-2019-3331 RESERVED CVE-2019-3330 RESERVED CVE-2019-3329 RESERVED CVE-2019-3328 RESERVED CVE-2019-3327 RESERVED CVE-2019-3326 RESERVED CVE-2019-3325 RESERVED CVE-2019-3324 RESERVED CVE-2019-3323 RESERVED CVE-2019-3322 RESERVED CVE-2019-3321 RESERVED CVE-2019-3320 RESERVED CVE-2019-3319 RESERVED CVE-2019-3318 RESERVED CVE-2019-3317 RESERVED CVE-2019-3316 RESERVED CVE-2019-3315 RESERVED CVE-2019-3314 RESERVED CVE-2019-3313 RESERVED CVE-2019-3312 RESERVED CVE-2019-3311 RESERVED CVE-2019-3310 RESERVED CVE-2019-3309 RESERVED - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-3308 RESERVED CVE-2019-3307 RESERVED CVE-2019-3306 RESERVED CVE-2019-3305 RESERVED CVE-2019-3304 RESERVED CVE-2019-3303 RESERVED CVE-2019-3302 RESERVED CVE-2019-3301 RESERVED CVE-2019-3300 RESERVED CVE-2019-3299 RESERVED CVE-2019-3298 RESERVED CVE-2019-3297 RESERVED CVE-2019-3296 RESERVED CVE-2019-3295 RESERVED CVE-2019-3294 RESERVED CVE-2019-3293 RESERVED CVE-2019-3292 RESERVED CVE-2019-3291 RESERVED CVE-2019-3290 RESERVED CVE-2019-3289 RESERVED CVE-2019-3288 RESERVED CVE-2019-3287 RESERVED CVE-2019-3286 RESERVED CVE-2019-3285 RESERVED CVE-2019-3284 RESERVED CVE-2019-3283 RESERVED CVE-2019-3282 RESERVED CVE-2019-3281 RESERVED CVE-2019-3280 RESERVED CVE-2019-3279 RESERVED CVE-2019-3278 RESERVED CVE-2019-3277 RESERVED CVE-2019-3276 RESERVED CVE-2019-3275 RESERVED CVE-2019-3274 RESERVED CVE-2019-3273 RESERVED CVE-2019-3272 RESERVED CVE-2019-3271 RESERVED CVE-2019-3270 RESERVED CVE-2019-3269 RESERVED CVE-2019-3268 RESERVED CVE-2019-3267 RESERVED CVE-2019-3266 RESERVED CVE-2019-3265 RESERVED CVE-2019-3264 RESERVED CVE-2019-3263 RESERVED CVE-2019-3262 RESERVED CVE-2019-3261 RESERVED CVE-2019-3260 RESERVED CVE-2019-3259 RESERVED CVE-2019-3258 RESERVED CVE-2019-3257 RESERVED CVE-2019-3256 RESERVED CVE-2019-3255 RESERVED CVE-2019-3254 RESERVED CVE-2019-3253 RESERVED CVE-2019-3252 RESERVED CVE-2019-3251 RESERVED CVE-2019-3250 RESERVED CVE-2019-3249 RESERVED CVE-2019-3248 RESERVED CVE-2019-3247 RESERVED CVE-2019-3246 RESERVED CVE-2019-3245 RESERVED CVE-2019-3244 RESERVED CVE-2019-3243 RESERVED CVE-2019-3242 RESERVED CVE-2019-3241 RESERVED CVE-2019-3240 RESERVED CVE-2019-3239 RESERVED CVE-2019-3238 RESERVED CVE-2019-3237 RESERVED CVE-2019-3236 RESERVED CVE-2019-3235 RESERVED CVE-2019-3234 RESERVED CVE-2019-3233 RESERVED CVE-2019-3232 RESERVED CVE-2019-3231 RESERVED CVE-2019-3230 RESERVED CVE-2019-3229 RESERVED CVE-2019-3228 RESERVED CVE-2019-3227 RESERVED CVE-2019-3226 RESERVED CVE-2019-3225 RESERVED CVE-2019-3224 RESERVED CVE-2019-3223 RESERVED CVE-2019-3222 RESERVED CVE-2019-3221 RESERVED CVE-2019-3220 RESERVED CVE-2019-3219 RESERVED CVE-2019-3218 RESERVED CVE-2019-3217 RESERVED CVE-2019-3216 RESERVED CVE-2019-3215 RESERVED CVE-2019-3214 RESERVED CVE-2019-3213 RESERVED CVE-2019-3212 RESERVED CVE-2019-3211 RESERVED CVE-2019-3210 RESERVED CVE-2019-3209 RESERVED CVE-2019-3208 RESERVED CVE-2019-3207 RESERVED CVE-2019-3206 RESERVED CVE-2019-3205 RESERVED CVE-2019-3204 RESERVED CVE-2019-3203 RESERVED CVE-2019-3202 RESERVED CVE-2019-3201 RESERVED CVE-2019-3200 RESERVED CVE-2019-3199 RESERVED CVE-2019-3198 RESERVED CVE-2019-3197 RESERVED CVE-2019-3196 RESERVED CVE-2019-3195 RESERVED CVE-2019-3194 RESERVED CVE-2019-3193 RESERVED CVE-2019-3192 RESERVED CVE-2019-3191 RESERVED CVE-2019-3190 RESERVED CVE-2019-3189 RESERVED CVE-2019-3188 RESERVED CVE-2019-3187 RESERVED CVE-2019-3186 RESERVED CVE-2019-3185 RESERVED CVE-2019-3184 RESERVED CVE-2019-3183 RESERVED CVE-2019-3182 RESERVED CVE-2019-3181 RESERVED CVE-2019-3180 RESERVED CVE-2019-3179 RESERVED CVE-2019-3178 RESERVED CVE-2019-3177 RESERVED CVE-2019-3176 RESERVED CVE-2019-3175 RESERVED CVE-2019-3174 RESERVED CVE-2019-3173 RESERVED CVE-2019-3172 RESERVED CVE-2019-3171 RESERVED CVE-2019-3170 RESERVED CVE-2019-3169 RESERVED CVE-2019-3168 RESERVED CVE-2019-3167 RESERVED CVE-2019-3166 RESERVED CVE-2019-3165 RESERVED CVE-2019-3164 RESERVED CVE-2019-3163 RESERVED CVE-2019-3162 RESERVED CVE-2019-3161 RESERVED CVE-2019-3160 RESERVED CVE-2019-3159 RESERVED CVE-2019-3158 RESERVED CVE-2019-3157 RESERVED CVE-2019-3156 RESERVED CVE-2019-3155 RESERVED CVE-2019-3154 RESERVED CVE-2019-3153 RESERVED CVE-2019-3152 RESERVED CVE-2019-3151 RESERVED CVE-2019-3150 RESERVED CVE-2019-3149 RESERVED CVE-2019-3148 RESERVED CVE-2019-3147 RESERVED CVE-2019-3146 RESERVED CVE-2019-3145 RESERVED CVE-2019-3144 RESERVED CVE-2019-3143 RESERVED CVE-2019-3142 RESERVED CVE-2019-3141 RESERVED CVE-2019-3140 RESERVED CVE-2019-3139 RESERVED CVE-2019-3138 RESERVED CVE-2019-3137 RESERVED CVE-2019-3136 RESERVED CVE-2019-3135 RESERVED CVE-2019-3134 RESERVED CVE-2019-3133 RESERVED CVE-2019-3132 RESERVED CVE-2019-3131 RESERVED CVE-2019-3130 RESERVED CVE-2019-3129 RESERVED CVE-2019-3128 RESERVED CVE-2019-3127 RESERVED CVE-2019-3126 RESERVED CVE-2019-3125 RESERVED CVE-2019-3124 RESERVED CVE-2019-3123 RESERVED CVE-2019-3122 RESERVED CVE-2019-3121 RESERVED CVE-2019-3120 RESERVED CVE-2019-3119 RESERVED CVE-2019-3118 RESERVED CVE-2019-3117 RESERVED CVE-2019-3116 RESERVED CVE-2019-3115 RESERVED CVE-2019-3114 RESERVED CVE-2019-3113 RESERVED CVE-2019-3112 RESERVED CVE-2019-3111 RESERVED CVE-2019-3110 RESERVED CVE-2019-3109 RESERVED CVE-2019-3108 RESERVED CVE-2019-3107 RESERVED CVE-2019-3106 RESERVED CVE-2019-3105 RESERVED CVE-2019-3104 RESERVED CVE-2019-3103 RESERVED CVE-2019-3102 RESERVED CVE-2019-3101 RESERVED CVE-2019-3100 RESERVED CVE-2019-3099 RESERVED CVE-2019-3098 RESERVED CVE-2019-3097 RESERVED CVE-2019-3096 RESERVED CVE-2019-3095 RESERVED CVE-2019-3094 RESERVED CVE-2019-3093 RESERVED CVE-2019-3092 RESERVED CVE-2019-3091 RESERVED CVE-2019-3090 RESERVED CVE-2019-3089 RESERVED CVE-2019-3088 RESERVED CVE-2019-3087 RESERVED CVE-2019-3086 RESERVED CVE-2019-3085 RESERVED CVE-2019-3084 RESERVED CVE-2019-3083 RESERVED CVE-2019-3082 RESERVED CVE-2019-3081 RESERVED CVE-2019-3080 RESERVED CVE-2019-3079 RESERVED CVE-2019-3078 RESERVED CVE-2019-3077 RESERVED CVE-2019-3076 RESERVED CVE-2019-3075 RESERVED CVE-2019-3074 RESERVED CVE-2019-3073 RESERVED CVE-2019-3072 RESERVED CVE-2019-3071 RESERVED CVE-2019-3070 RESERVED CVE-2019-3069 RESERVED CVE-2019-3068 RESERVED CVE-2019-3067 RESERVED CVE-2019-3066 RESERVED CVE-2019-3065 RESERVED CVE-2019-3064 RESERVED CVE-2019-3063 RESERVED CVE-2019-3062 RESERVED CVE-2019-3061 RESERVED CVE-2019-3060 RESERVED CVE-2019-3059 RESERVED CVE-2019-3058 RESERVED CVE-2019-3057 RESERVED CVE-2019-3056 RESERVED CVE-2019-3055 RESERVED CVE-2019-3054 RESERVED CVE-2019-3053 RESERVED CVE-2019-3052 RESERVED CVE-2019-3051 RESERVED CVE-2019-3050 RESERVED CVE-2019-3049 RESERVED CVE-2019-3048 RESERVED CVE-2019-3047 RESERVED CVE-2019-3046 RESERVED CVE-2019-3045 RESERVED CVE-2019-3044 RESERVED CVE-2019-3043 RESERVED CVE-2019-3042 RESERVED CVE-2019-3041 RESERVED CVE-2019-3040 RESERVED CVE-2019-3039 RESERVED CVE-2019-3038 RESERVED CVE-2019-3037 RESERVED CVE-2019-3036 RESERVED CVE-2019-3035 RESERVED CVE-2019-3034 RESERVED CVE-2019-3033 RESERVED CVE-2019-3032 RESERVED CVE-2019-3031 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-3030 RESERVED CVE-2019-3029 RESERVED CVE-2019-3028 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-3027 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2019-3026 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-3025 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle F ...) NOT-FOR-US: Oracle CVE-2019-3024 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2019-3023 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2019-3022 (Vulnerability in the Oracle Content Manager product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2019-3021 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-3020 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2019-3019 (Vulnerability in the Oracle Banking Digital Experience product of Orac ...) NOT-FOR-US: Oracle CVE-2019-3018 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-3016 (In a Linux KVM guest that has PV TLB enabled, a process in the guest k ...) {DSA-4699-1} - linux 5.4.19-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) CVE-2019-3015 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2019-3014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2019-3013 RESERVED CVE-2019-3012 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2019-3011 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-3010 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2019-3009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-3008 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2019-3007 RESERVED CVE-2019-3006 RESERVED CVE-2019-3005 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-3004 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-3003 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-3002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-3001 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of ...) NOT-FOR-US: Oracle CVE-2019-3000 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2019-2999 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2998 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2997 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2996 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2019-2995 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2019-2994 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2019-2993 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2019-2989 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2988 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2987 (Vulnerability in the Java SE product of Oracle Java SE (component: 2D) ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 CVE-2019-2986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2019-2985 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2019-2984 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2983 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2981 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2980 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2979 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2977 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...) {DSA-4546-1} - openjdk-11 11.0.5+10-1 CVE-2019-2976 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2019-2975 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 CVE-2019-2974 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.3 1:10.3.19-1 [buster] - mariadb-10.3 1:10.3.22-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.44-0+deb9u1 - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL NOTE: MySQL: https://github.com/mysql/mysql-server/commit/52d9daf06478851548251ec2103cdc22178c48c4 NOTE: MariaDB: https://github.com/MariaDB/server/commit/719ac0ad4af0dd1e20dbc94eff8f8c9f786b3393 NOTE: Fixed in MariaDB: 10.3.19, 10.1.42 CVE-2019-2973 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2972 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2019-2971 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2019-2970 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2019-2969 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2968 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2967 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2965 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...) NOT-FOR-US: Oracle CVE-2019-2964 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2963 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2961 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2019-2960 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2959 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...) NOT-FOR-US: Oracle CVE-2019-2958 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DLA-2023-1} - openjdk-11 (Apparently specific to Oracle Java) - openjdk-7 (Apparently specific to Oracle Java) - openjdk-8 (Apparently specific to Oracle Java) CVE-2019-2957 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2956 (Vulnerability in the Core RDBMS (jackson-databind) component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2955 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2954 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2953 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...) NOT-FOR-US: Oracle CVE-2019-2952 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2019-2951 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) NOT-FOR-US: Oracle CVE-2019-2950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2948 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2947 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2019-2946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2945 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2944 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2943 (Vulnerability in the Oracle Data Integrator product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2019-2942 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2019-2941 (Vulnerability in the Hyperion Profitability and Cost Management produc ...) NOT-FOR-US: Oracle CVE-2019-2940 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2939 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2938 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) - mariadb-10.3 1:10.3.19-1 [buster] - mariadb-10.3 1:10.3.22-0+deb10u1 NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2937 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2019-2936 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2019-2935 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2019-2934 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2019-2933 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DLA-2023-1} - openjdk-11 (Apparently specific to Oracle Java) - openjdk-7 (Apparently specific to Oracle Java) - openjdk-8 (Apparently specific to Oracle Java) CVE-2019-2932 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2019-2931 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2019-2930 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2019-2929 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2019-2928 RESERVED CVE-2019-2927 (Vulnerability in the Hyperion Data Relationship Management product of ...) NOT-FOR-US: Oracle CVE-2019-2926 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2925 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2019-2924 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2923 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2922 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2921 RESERVED CVE-2019-2920 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2919 RESERVED CVE-2019-2918 RESERVED CVE-2019-2917 RESERVED CVE-2019-2916 RESERVED CVE-2019-2915 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2019-2914 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2913 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2912 RESERVED CVE-2019-2911 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2910 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #942443) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL CVE-2019-2909 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2019-2908 RESERVED CVE-2019-2907 (Vulnerability in the Oracle Web Services product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2019-2906 (Vulnerability in the BI Publisher (formerly XML Publisher) product of ...) NOT-FOR-US: Oracle CVE-2019-2905 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2019-2904 (Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusio ...) NOT-FOR-US: Oracle CVE-2019-2903 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2019-2902 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2019-2901 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2019-2900 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2019-2899 (Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusio ...) NOT-FOR-US: Oracle CVE-2019-2898 (Vulnerability in the BI Publisher (formerly XML Publisher) product of ...) NOT-FOR-US: Oracle CVE-2019-2897 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2019-2896 (Vulnerability in the MICROS Relate CRM Software product of Oracle Reta ...) NOT-FOR-US: Oracle CVE-2019-2895 (Vulnerability in the Enterprise Manager for Exadata product of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2894 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 - openjdk-7 CVE-2019-2893 RESERVED CVE-2019-2892 RESERVED CVE-2019-2891 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2019-2890 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2019-2889 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2019-2888 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2019-2887 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2019-2886 (Vulnerability in the Oracle Forms product of Oracle Fusion Middleware ...) NOT-FOR-US: Oracle CVE-2019-2885 RESERVED CVE-2019-2884 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2019-2883 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2019-2882 RESERVED CVE-2019-2881 RESERVED CVE-2019-2880 (Vulnerability in the Oracle Retail Store Inventory Management product ...) NOT-FOR-US: Oracle CVE-2019-2879 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2878 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Oracle CVE-2019-2877 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2876 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2875 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2874 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2873 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2872 (Vulnerability in the Oracle Retail Xstore Point of Service product of ...) NOT-FOR-US: Oracle CVE-2019-2871 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...) NOT-FOR-US: Oracle CVE-2019-2870 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...) NOT-FOR-US: Oracle CVE-2019-2869 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...) NOT-FOR-US: Oracle CVE-2019-2868 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...) NOT-FOR-US: Oracle CVE-2019-2867 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2866 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2865 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2864 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2863 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2862 (Vulnerability in the Oracle GraalVM Enterprise Edition component of Or ...) NOT-FOR-US: Oracle CVE-2019-2861 (Vulnerability in the Oracle Hyperion Planning component of Oracle Hype ...) NOT-FOR-US: Oracle CVE-2019-2860 (Vulnerability in the Oracle Clusterware component of Oracle Support To ...) NOT-FOR-US: Oracle CVE-2019-2859 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2858 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...) NOT-FOR-US: Oracle CVE-2019-2857 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) NOT-FOR-US: Oracle CVE-2019-2856 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2855 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2854 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2853 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2852 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2851 RESERVED CVE-2019-2850 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2849 RESERVED CVE-2019-2848 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.10-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2847 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2019-2846 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2019-2845 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2019-2844 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2843 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2019-2842 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-4485-1} - openjdk-8 8u222-b10-1 CVE-2019-2841 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2019-2840 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2019-2839 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2019-2838 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2837 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2836 (Vulnerability in the Oracle Hospitality Simphony component of Oracle F ...) NOT-FOR-US: Oracle CVE-2019-2835 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2834 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2833 (Vulnerability in the Oracle Hospitality Simphony component of Oracle F ...) NOT-FOR-US: Oracle CVE-2019-2832 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2831 (Vulnerability in the PeopleSoft Enterprise FIN Project Costing compone ...) NOT-FOR-US: Oracle CVE-2019-2830 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2829 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2019-2828 (Vulnerability in the Oracle Field Service component of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2019-2827 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2826 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2825 (Vulnerability in the Oracle Applications Manager component of Oracle E ...) NOT-FOR-US: Oracle CVE-2019-2824 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2823 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2019-2822 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2821 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-4486-1} - openjdk-12 12.0.2+9-1 - openjdk-11 11.0.4+11-1 CVE-2019-2820 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2819 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (bug #932340) NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2818 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-4486-1} - openjdk-12 12.0.2+9-1 - openjdk-11 11.0.4+11-1 CVE-2019-2817 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) NOT-FOR-US: Oracle CVE-2019-2816 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4486-1 DSA-4485-1 DLA-1886-1} - openjdk-12 12.0.2+9-1 - openjdk-11 11.0.4+11-1 - openjdk-8 8u222-b10-1 - openjdk-7 CVE-2019-2815 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2814 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2813 (Vulnerability in the Oracle GraalVM Enterprise Edition component of Or ...) NOT-FOR-US: Oracle CVE-2019-2812 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2811 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2810 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2809 (Vulnerability in the Oracle iRecruitment component of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2019-2808 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2807 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2806 RESERVED CVE-2019-2805 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.3 1:10.3.17-1 [buster] - mariadb-10.3 1:10.3.17-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.41-0+deb9u1 - mysql-5.7 (bug #932340) NOTE: Fixed in MariaDB: 10.3.17, 10.1.41 NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2804 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2803 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2802 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2801 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2800 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2799 (Vulnerability in the Oracle ODBC Driver component of Oracle Database S ...) NOT-FOR-US: Oracle CVE-2019-2798 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2797 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (bug #932340) NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2796 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2795 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2794 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2019-2793 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2019-2792 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2791 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (bug #932340) NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2790 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2019-2789 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2788 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) NOT-FOR-US: Oracle CVE-2019-2787 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2786 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4486-1 DSA-4485-1} - openjdk-12 12.0.2+9-1 - openjdk-11 11.0.4+11-1 - openjdk-8 8u222-b10-1 CVE-2019-2785 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2784 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2783 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2019-2782 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2019-2781 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) NOT-FOR-US: Oracle CVE-2019-2780 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2779 (Vulnerability in the Siebel Core - Common Components component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2778 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (bug #932340) NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2777 (Vulnerability in the Siebel Core - Server Framework component of Oracl ...) NOT-FOR-US: Oracle CVE-2019-2776 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2775 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2019-2774 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (bug #932340) NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2773 (Vulnerability in the Oracle Payments component of Oracle E-Business Su ...) NOT-FOR-US: Oracle CVE-2019-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2771 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...) NOT-FOR-US: Oracle CVE-2019-2770 (Vulnerability in the Oracle Hyperion Planning component of Oracle Hype ...) NOT-FOR-US: Oracle CVE-2019-2769 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4486-1 DSA-4485-1 DLA-1886-1} - openjdk-12 12.0.2+9-1 - openjdk-11 11.0.4+11-1 - openjdk-8 8u222-b10-1 - openjdk-7 CVE-2019-2768 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...) NOT-FOR-US: Oracle CVE-2019-2767 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...) NOT-FOR-US: Oracle CVE-2019-2766 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) - openjdk-12 (Windows-specific) - openjdk-11 (Windows-specific) - openjdk-8 (Windows-specific) - openjdk-7 (Windows-specific) CVE-2019-2765 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2019-2764 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2763 (Vulnerability in the Oracle Hospitality Gift and Loyalty component of ...) NOT-FOR-US: Oracle CVE-2019-2762 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4486-1 DSA-4485-1 DLA-1886-1} - openjdk-12 12.0.2+9-1 - openjdk-11 11.0.4+11-1 - openjdk-8 8u222-b10-1 - openjdk-7 CVE-2019-2761 (Vulnerability in the Oracle Application Object Library component of Or ...) NOT-FOR-US: Oracle CVE-2019-2760 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...) NOT-FOR-US: Oracle CVE-2019-2759 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2758 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.3 1:10.3.17-1 [buster] - mariadb-10.3 1:10.3.17-0+deb10u1 - mysql-5.7 (bug #932340) NOTE: Fixed in MariaDB: 10.3.17 NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2757 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (bug #932340) NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2756 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2755 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.26-1 CVE-2019-2754 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2019-2753 (Vulnerability in the Oracle Text component of Oracle Database Server. ...) NOT-FOR-US: Oracle CVE-2019-2752 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2751 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion Mid ...) NOT-FOR-US: Oracle CVE-2019-2750 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...) NOT-FOR-US: Oracle CVE-2019-2749 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2019-2748 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2019-2747 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2746 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2745 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-4486-1 DSA-4485-1 DLA-1886-1} - openjdk-11 11.0.4+11-1 - openjdk-8 8u222-b10-1 - openjdk-7 CVE-2019-2744 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) NOT-FOR-US: Oracle CVE-2019-2743 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2742 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2019-2741 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (bug #932340) NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2740 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.3 1:10.3.17-1 [buster] - mariadb-10.3 1:10.3.17-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.41-0+deb9u1 - mysql-5.7 (bug #932340) NOTE: Fixed in MariaDB: 10.3.17, 10.1.41 NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2739 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.3 1:10.3.17-1 [buster] - mariadb-10.3 1:10.3.17-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.41-0+deb9u1 - mysql-5.7 (bug #932340) NOTE: Fixed in MariaDB: 10.3.17, 10.1.41 NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2738 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (bug #932340) NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2737 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.3 1:10.3.17-1 [buster] - mariadb-10.3 1:10.3.17-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.41-0+deb9u1 - mysql-5.7 (bug #932340) NOTE: Fixed in MariaDB: 10.3.17, 10.1.41 NOTE: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixMSQL CVE-2019-2736 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) NOT-FOR-US: Oracle CVE-2019-2735 (Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyp ...) NOT-FOR-US: Oracle CVE-2019-2734 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2733 (Vulnerability in the Oracle Demantra Demand Management component of Or ...) NOT-FOR-US: Oracle CVE-2019-2732 (Vulnerability in the Oracle Demantra Demand Management component of Or ...) NOT-FOR-US: Oracle CVE-2019-2731 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.24-1 CVE-2019-2730 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.20-1 CVE-2019-2729 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2728 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2727 (Vulnerability in the Oracle Application Testing Suite component of Ora ...) NOT-FOR-US: Oracle CVE-2019-2726 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2725 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2724 RESERVED CVE-2019-2723 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2722 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2721 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2720 (Vulnerability in the Oracle Data Integrator component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2719 (Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM ( ...) NOT-FOR-US: Oracle CVE-2019-2718 RESERVED CVE-2019-2717 RESERVED CVE-2019-2716 RESERVED CVE-2019-2715 RESERVED CVE-2019-2714 RESERVED CVE-2019-2713 (Vulnerability in the Oracle Commerce Merchandising component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2712 (Vulnerability in the Oracle Commerce Platform component of Oracle Comm ...) NOT-FOR-US: Oracle CVE-2019-2711 RESERVED CVE-2019-2710 RESERVED CVE-2019-2709 (Vulnerability in the Oracle Transportation Management component of Ora ...) NOT-FOR-US: Oracle CVE-2019-2708 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...) NOT-FOR-US: Oracle CVE-2019-2707 (Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Man ...) NOT-FOR-US: Oracle CVE-2019-2706 (Vulnerability in the Oracle Business Process Management Suite componen ...) NOT-FOR-US: Oracle CVE-2019-2705 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2704 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2703 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2702 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...) NOT-FOR-US: Oracle CVE-2019-2701 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2019-2700 (Vulnerability in the PeopleSoft Enterprise ELM component of Oracle Peo ...) NOT-FOR-US: Oracle CVE-2019-2699 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-8 (Windows-specific) CVE-2019-2698 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-4453-1 DLA-1782-1} - openjdk-7 (low) - openjdk-8 8u212-b03-1 (low) - openjdk-11 11.0.3+7-1 (low) CVE-2019-2697 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-7 (proprietary 2D component only present in Oracle Java) - openjdk-8 (proprietary 2D component only present in Oracle Java) CVE-2019-2696 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2695 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2694 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2693 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2692 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) - mysql-connector-java (Only affects 8.x) NOTE: It's not clear whether older versions are affected, but Oracle doesn't provide NOTE: further information, so there's not really anything we can do about this anyway CVE-2019-2691 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2690 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2689 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2688 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2687 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2686 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2685 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2684 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4453-1 DLA-1782-1} - openjdk-7 - openjdk-8 8u212-b03-1 - openjdk-11 11.0.3+7-1 CVE-2019-2683 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.26-1 (bug #927308) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL CVE-2019-2682 (Vulnerability in the Oracle Applications Framework component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2681 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2680 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2679 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2678 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2677 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2019-2676 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2675 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2674 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2673 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2019-2672 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2671 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2670 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2019-2669 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2668 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2667 RESERVED CVE-2019-2666 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2665 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) NOT-FOR-US: Oracle CVE-2019-2664 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2019-2663 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) NOT-FOR-US: Oracle CVE-2019-2662 (Vulnerability in the Oracle Territory Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2019-2661 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2019-2660 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) NOT-FOR-US: Oracle CVE-2019-2659 (Vulnerability in the Oracle Commerce Platform component of Oracle Comm ...) NOT-FOR-US: Oracle CVE-2019-2658 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2657 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2656 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2655 (Vulnerability in the Oracle Interaction Center Intelligence component ...) NOT-FOR-US: Oracle CVE-2019-2654 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2653 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2652 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2019-2651 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2019-2650 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2649 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2648 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2647 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2646 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2645 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2644 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2643 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2019-2642 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2019-2641 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2019-2640 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2019-2639 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2638 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2019-2637 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2636 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2635 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2634 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2633 (Vulnerability in the Oracle Work in Process component of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2019-2632 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.26-1 (bug #927308) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL CVE-2019-2631 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2630 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2629 (Vulnerability in the Oracle Health Sciences Data Management Workbench ...) NOT-FOR-US: Oracle CVE-2019-2628 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.3 1:10.3.15-1 (bug #928393) - mysql-5.7 5.7.26-1 (bug #927308) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL NOTE: Fixed in MariaDB: 10.3.15 CVE-2019-2627 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.3 1:10.3.15-1 (bug #928393) - mariadb-10.1 [stretch] - mariadb-10.1 10.1.41-0+deb9u1 - mariadb-10.0 [jessie] - mariadb-10.0 (Minor issue) - mysql-5.7 5.7.26-1 (bug #927308) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL NOTE: Fixed in MariaDB: 10.3.15, 10.1.39 CVE-2019-2626 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2625 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2624 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2623 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2622 (Vulnerability in the Oracle Service Contracts component of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2019-2621 (Vulnerability in the Oracle Application Object Library component of Or ...) NOT-FOR-US: Oracle CVE-2019-2620 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2619 (Vulnerability in the Portable Clusterware component of Oracle Database ...) NOT-FOR-US: Oracle CVE-2019-2618 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2617 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2616 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...) NOT-FOR-US: Oracle CVE-2019-2615 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2614 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mariadb-10.3 1:10.3.15-1 (bug #928393) - mariadb-10.1 [stretch] - mariadb-10.1 10.1.41-0+deb9u1 - mariadb-10.0 [jessie] - mariadb-10.0 (Minor issue) - mysql-5.7 5.7.26-1 (bug #927308) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL NOTE: Fixed in MariaDB 10.3.15, 10.1.39 CVE-2019-2613 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2612 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2611 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2610 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2609 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2608 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2607 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2606 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2605 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...) NOT-FOR-US: Oracle CVE-2019-2604 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2019-2603 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) {DSA-4453-1 DLA-1782-1} - openjdk-7 - openjdk-8 8u212-b03-1 - openjdk-11 11.0.3+7-1 CVE-2019-2601 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...) NOT-FOR-US: Oracle CVE-2019-2600 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2019-2599 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2019-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2597 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2596 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2595 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...) NOT-FOR-US: Oracle CVE-2019-2594 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2019-2593 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2592 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.26-1 (bug #927308) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL CVE-2019-2591 (Vulnerability in the PeopleSoft Enterprise HRMS component of Oracle Pe ...) NOT-FOR-US: Oracle CVE-2019-2590 (Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Mana ...) NOT-FOR-US: Oracle CVE-2019-2589 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2588 (Vulnerability in the BI Publisher (formerly XML Publisher) component o ...) NOT-FOR-US: Oracle CVE-2019-2587 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2586 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) NOT-FOR-US: Oracle CVE-2019-2585 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2584 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2583 (Vulnerability in the Oracle iSupplier Portal component of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2019-2582 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2581 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.26-1 (bug #927308) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL CVE-2019-2580 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Only affects MySQL 8) CVE-2019-2579 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2578 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2577 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2576 (Vulnerability in the Oracle Service Bus component of Oracle Fusion Mid ...) NOT-FOR-US: Oracle CVE-2019-2575 (Vulnerability in the Oracle AutoVue 3D Professional Advanced component ...) NOT-FOR-US: Oracle CVE-2019-2574 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 6.0.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2573 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2572 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2019-2571 (Vulnerability in the RDBMS DataPump component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2019-2570 (Vulnerability in the Siebel Core - Server BizLogic Script component of ...) NOT-FOR-US: Oracle CVE-2019-2569 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2568 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2567 (Vulnerability in the Oracle Configurator component of Oracle Supply Ch ...) NOT-FOR-US: Oracle CVE-2019-2566 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.26-1 (bug #927308) NOTE: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixMSQL CVE-2019-2565 (Vulnerability in the JD Edwards World Technical Foundation component o ...) NOT-FOR-US: Oracle CVE-2019-2564 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...) NOT-FOR-US: Oracle CVE-2019-2563 RESERVED CVE-2019-2562 RESERVED CVE-2019-2561 (Vulnerability in the Oracle Retail Xstore Office component of Oracle R ...) NOT-FOR-US: Oracle CVE-2019-2560 RESERVED CVE-2019-2559 RESERVED CVE-2019-2558 (Vulnerability in the Oracle Retail Point-of-Service component of Oracl ...) NOT-FOR-US: Oracle CVE-2019-2557 (Vulnerability in the Oracle Application Testing Suite component of Ora ...) NOT-FOR-US: Oracle CVE-2019-2556 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2555 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2554 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2553 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2552 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2551 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2550 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) NOT-FOR-US: Oracle CVE-2019-2549 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) NOT-FOR-US: Oracle CVE-2019-2548 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2547 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2019-2546 (Vulnerability in the Oracle Applications Manager component of Oracle E ...) NOT-FOR-US: Oracle CVE-2019-2545 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2544 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2543 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2542 RESERVED CVE-2019-2541 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2540 (Vulnerability in the Java Advanced Management Console component of Ora ...) NOT-FOR-US: Java Advanced Management Console CVE-2019-2539 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8.x) CVE-2019-2538 (Vulnerability in the Oracle Managed File Transfer component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2537 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DLA-1655-1} - mysql-5.7 5.7.25-1 (bug #919817) - mariadb-10.3 1:10.3.13-1 (bug #920933) - mariadb-10.1 [stretch] - mariadb-10.1 10.1.38-0+deb9u1 - mariadb-10.0 NOTE: Fixed in MariaDB: 10.3.13, 10.1.38, 10.0.38 CVE-2019-2536 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8) CVE-2019-2535 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8) CVE-2019-2534 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2533 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8.x) CVE-2019-2532 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2531 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2530 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8) CVE-2019-2529 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DLA-1655-1} - mysql-5.7 5.7.25-1 (bug #919817) - mariadb-10.1 [stretch] - mariadb-10.1 10.1.38-0+deb9u1 - mariadb-10.0 NOTE: Fixed in MariaDB: 10.1.38, 10.0.38 CVE-2019-2528 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2527 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2526 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2525 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2524 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2523 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2522 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2521 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2520 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2519 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component ...) NOT-FOR-US: Oracle CVE-2019-2518 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2019-2517 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2516 (Vulnerability in the Portable Clusterware component of Oracle Database ...) NOT-FOR-US: Oracle CVE-2019-2515 RESERVED CVE-2019-2514 RESERVED CVE-2019-2513 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8) CVE-2019-2512 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2019-2511 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2510 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) - mariadb-10.3 1:10.3.13-1 (bug #920933) NOTE: Fixed in MariaDB: 10.3.13 CVE-2019-2509 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2508 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2507 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2506 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2505 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2504 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2503 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) {DSA-4341-1 DLA-1570-1} - mysql-5.7 5.7.25-1 (bug #919817) - mariadb-10.0 NOTE: Fixed in MariaDB: 10.0.37 CVE-2019-2502 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8) CVE-2019-2501 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2500 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2499 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2498 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2019-2497 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2496 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2495 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8) CVE-2019-2494 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8) CVE-2019-2493 (Vulnerability in the PeopleSoft Enterprise CS Campus Community compone ...) NOT-FOR-US: Oracle CVE-2019-2492 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2019-2491 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2019-2490 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2489 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2488 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2487 (Vulnerability in the Oracle Transportation Management component of Ora ...) NOT-FOR-US: Oracle CVE-2019-2486 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2485 (Vulnerability in the Oracle Mobile Field Service component of Oracle E ...) NOT-FOR-US: Oracle CVE-2019-2484 (Vulnerability in the Application Express component of Oracle Database ...) NOT-FOR-US: Oracle CVE-2019-2483 RESERVED CVE-2019-2482 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2481 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2480 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2479 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2478 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2477 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2476 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2475 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2474 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2473 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2472 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2471 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2470 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2019-2469 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2468 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2467 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2466 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2465 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2464 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2463 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2462 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2461 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2460 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2459 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2458 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2457 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2456 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2455 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2454 RESERVED CVE-2019-2453 (Vulnerability in the Oracle Performance Management component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2452 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2451 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2450 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2449 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2019-2448 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2447 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2019-2446 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) - virtualbox 5.2.24-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2019-2445 (Vulnerability in the Oracle Content Manager component of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2019-2444 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2443 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2442 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2441 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2440 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) NOT-FOR-US: Oracle CVE-2019-2439 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2438 (Vulnerability in the Oracle Web Cache component of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2019-2437 (Vulnerability in the Oracle Solaris component of Oracle Sun Systems Pr ...) NOT-FOR-US: Oracle CVE-2019-2436 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 (Specific to 8) CVE-2019-2435 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) - mysql-connector-python 8.0.14-1 (bug #919820) [stretch] - mysql-connector-python (No security details disclosed, no 2.1.x release by Oracle) [jessie] - mysql-connector-python (No security details disclosed, no 1.2.x release by Oracle) NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#CVE-2019-2435 CVE-2019-2434 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2433 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2432 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...) NOT-FOR-US: Oracle CVE-2019-2431 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...) NOT-FOR-US: Oracle CVE-2019-2430 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...) NOT-FOR-US: Oracle CVE-2019-2429 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) NOT-FOR-US: Oracle CVE-2019-2428 RESERVED CVE-2019-2427 (Vulnerability in the Oracle WebCenter Portal component of Oracle Fusio ...) NOT-FOR-US: Oracle CVE-2019-2426 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) - openjdk-7 (Specific to Java on Windows) - openjdk-8 (Specific to Java on Windows) - openjdk-11 (Specific to Java on Windows) CVE-2019-2425 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2019-2424 (Vulnerability in the Oracle Retail Convenience Store Back Office compo ...) NOT-FOR-US: Oracle CVE-2019-2423 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2422 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) {DSA-4410-1 DLA-1732-1} [experimental] - openjdk-7 7u211-2.6.17-1 - openjdk-7 - openjdk-8 8u202-b26-1 - openjdk-11 11.0.2+9-1 CVE-2019-2421 (Vulnerability in the PeopleSoft Enterprise HCM eProfile Manager Deskto ...) NOT-FOR-US: Oracle CVE-2019-2420 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) - mysql-5.7 5.7.25-1 (bug #919817) CVE-2019-2419 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) NOT-FOR-US: Oracle CVE-2019-2418 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2417 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2416 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2415 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcom ...) NOT-FOR-US: Oracle CVE-2019-2414 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion Mid ...) NOT-FOR-US: Oracle CVE-2019-2413 (Vulnerability in the Oracle Reports Developer component of Oracle Fusi ...) NOT-FOR-US: Oracle CVE-2019-2412 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) NOT-FOR-US: Oracle CVE-2019-2411 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...) NOT-FOR-US: Oracle CVE-2019-2410 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...) NOT-FOR-US: Oracle CVE-2019-2409 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...) NOT-FOR-US: Oracle CVE-2019-2408 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2407 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2019-2406 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2019-2405 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2404 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) NOT-FOR-US: Oracle CVE-2019-2403 (Vulnerability in the Oracle Hospitality Simphony component of Oracle F ...) NOT-FOR-US: Oracle CVE-2019-2402 (Vulnerability in the Oracle Hospitality Simphony component of Oracle F ...) NOT-FOR-US: Oracle CVE-2019-2401 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2019-2400 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2019-2399 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...) NOT-FOR-US: Oracle CVE-2019-2398 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2397 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2019-2396 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) NOT-FOR-US: Oracle CVE-2019-2395 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2019-2394 RESERVED CVE-2019-2393 (A user authorized to perform database queries may trigger denial of se ...) - mongodb [stretch] - mongodb (Minor issue, authenticated DoS) NOTE: https://jira.mongodb.org/browse/SERVER-43350 NOTE: https://github.com/mongodb/mongo/commit/785b41740a216429573a89a5df82f96064965559 (v3.6.15, SSPL) CVE-2019-2392 (A user authorized to perform database queries may trigger denial of se ...) - mongodb [stretch] - mongodb (Minor issue, authenticated DoS) NOTE: https://jira.mongodb.org/browse/SERVER-43699 NOTE: https://github.com/mongodb/mongo/commit/b5ff43f92c0e562121477e8253a56b2d83825571 (v3.4.24, AGPL) CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson not corr ...) [experimental] - node-mongodb 3.5.5+~cs11.12.19-1 - node-mongodb 3.5.6+~cs11.12.19-1 [buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1 NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19 CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create ...) NOT-FOR-US: Microsoft CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...) - mongodb (low) [stretch] - mongodb (Minor issue) [jessie] - mongodb (Minor issue) CVE-2019-2388 (In affected Ops Manager versions there is an exposed http route was th ...) NOT-FOR-US: MongoDB Ops Manager CVE-2019-2387 RESERVED CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...) - mongodb (low; bug #934783) [stretch] - mongodb (Minor issue) [jessie] - mongodb (Trivial workaround available) NOTE: https://jira.mongodb.org/browse/SERVER-38984 NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0829 CVE-2019-2385 RESERVED CVE-2019-2384 RESERVED CVE-2019-2383 RESERVED CVE-2019-2382 RESERVED CVE-2019-2381 RESERVED CVE-2019-2380 RESERVED CVE-2019-2379 RESERVED CVE-2019-2378 RESERVED CVE-2019-2377 RESERVED CVE-2019-2376 RESERVED CVE-2019-2375 RESERVED CVE-2019-2374 RESERVED CVE-2019-2373 RESERVED CVE-2019-2372 RESERVED CVE-2019-2371 RESERVED CVE-2019-2370 RESERVED CVE-2019-2369 RESERVED CVE-2019-2368 RESERVED CVE-2019-2367 RESERVED CVE-2019-2366 RESERVED CVE-2019-2365 RESERVED CVE-2019-2364 RESERVED CVE-2019-2363 RESERVED CVE-2019-2362 RESERVED CVE-2019-2361 RESERVED CVE-2019-2360 RESERVED CVE-2019-2359 RESERVED CVE-2019-2358 RESERVED CVE-2019-2357 RESERVED CVE-2019-2356 RESERVED CVE-2019-2355 RESERVED CVE-2019-2354 RESERVED CVE-2019-2353 RESERVED CVE-2019-2352 RESERVED CVE-2019-2351 RESERVED CVE-2019-2350 RESERVED CVE-2019-2349 RESERVED CVE-2019-2348 RESERVED CVE-2019-2347 RESERVED CVE-2019-2346 (Firmware is getting into loop of overwriting memory when scan command ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2345 (Race condition while accessing DMA buffer in jpeg driver in Snapdragon ...) NOT-FOR-US: Snapdragon CVE-2019-2344 RESERVED CVE-2019-2343 (Out of bound read and information disclosure in firmware due to insuff ...) NOT-FOR-US: Snapdragon CVE-2019-2342 RESERVED CVE-2019-2341 (Buffer overflow when the audio buffer size provided by user is larger ...) NOT-FOR-US: Snapdragon CVE-2019-2340 RESERVED CVE-2019-2339 (Out of bound access due to lack of check of whiltelist array size whil ...) NOT-FOR-US: Snapdragon CVE-2019-2338 (Crafted image that has a valid signature from a non-QC entity can be l ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2337 (While Skipping unknown IES, EMM is reading the buffer even if the no o ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2336 (Subsequent use of the CBO listener may result in further memory corrup ...) NOT-FOR-US: Snapdragon CVE-2019-2335 (While processing Attach Reject message, Valid exit condition is not me ...) NOT-FOR-US: Snapdragon CVE-2019-2334 (Null pointer dereferencing can happen when playing the clip with wrong ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2333 (Buffer overflow due to improper validation of buffer size while IPA dr ...) NOT-FOR-US: Snapdragon CVE-2019-2332 (Memory corruption while accessing the memory as payload size is not va ...) NOT-FOR-US: Snapdragon CVE-2019-2331 (Possible Integer overflow because of subtracting two integers without ...) NOT-FOR-US: Snapdragon CVE-2019-2330 (improper input validation in allocation request for secure allocations ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2329 (Use after free issue in cleanup routine due to missing pointer sanitiz ...) NOT-FOR-US: Snapdragon CVE-2019-2328 (Possible buffer overflow when number of channels passed is more than s ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2327 (Possible buffer overflow can occur when playing clip with incorrect el ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2326 (Data token is received from ADSP and is used without validation as an ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2325 (Out of boundary access due to token received from ADSP and is used wit ...) NOT-FOR-US: Snapdragon CVE-2019-2324 (When ADSP is compromised, the audio port index that`s returned from AD ...) NOT-FOR-US: Snapdragon CVE-2019-2323 (Lack of check to ensure crypto engine data passed by user is initializ ...) NOT-FOR-US: Snapdragon CVE-2019-2322 (Buffer overflow can occur when playing specific clip which is non-stan ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2321 (Incorrect length used while validating the qsee log buffer sent from H ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2320 (Possible out of bounds write in a MT SMS/SS scenario due to improper v ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2319 (HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdra ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2318 (Non Secure Kernel can cause Trustzone to do an arbitrary memory read w ...) NOT-FOR-US: Snapdragon CVE-2019-2317 (The secret key used to make the Initial Sequence Number in the TCP SYN ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2316 (When computing the digest a local variable is used after going out of ...) NOT-FOR-US: Snapdragon CVE-2019-2315 (While invoking the API to copy from fd or local buffer to the secure b ...) NOT-FOR-US: Snapdragon CVE-2019-2314 (Possible race condition that will cause a use-after-free when writing ...) NOT-FOR-US: Snapdragon CVE-2019-2313 RESERVED CVE-2019-2312 (When handling the vendor command there exists a potential buffer overf ...) NOT-FOR-US: Snapdragon CVE-2019-2311 (Possible buffer overflow in WLAN handler due to lack of validation of ...) NOT-FOR-US: Snapdragon CVE-2019-2310 (Out of bound read would occur while trying to read action category and ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2309 (While storing calibrated data from firmware in cache, An integer overf ...) NOT-FOR-US: Snapdragon CVE-2019-2308 (User application could potentially make RPC call to the fastrpc driver ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2307 (Possible integer underflow due to lack of validation before calculatio ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2306 (Improper casting of structure while handling the buffer leads to out o ...) NOT-FOR-US: Snapdragon CVE-2019-2305 (Out of bound access when reason code is extracted from frame data with ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2304 (Integer overflow to buffer overflow due to lack of validation of event ...) NOT-FOR-US: Snapdragon CVE-2019-2303 (SNDCP module may access array out side its boundary when it receives m ...) NOT-FOR-US: Snapdragon CVE-2019-2302 (While processing vendor command which contains corrupted channel count ...) NOT-FOR-US: Snapdragon CVE-2019-2301 (Possibility of out-of-bound read if id received from SPI is not in ran ...) NOT-FOR-US: Snapdragon CVE-2019-2300 (Possible buffer overflow in WLAN handler due to lack of validation of ...) NOT-FOR-US: Snapdragon CVE-2019-2299 (An out-of-bound write can be triggered by a specially-crafted command ...) NOT-FOR-US: Snapdragon CVE-2019-2298 (Protection is missing while accessing md sessions info via macro which ...) NOT-FOR-US: Snapdragon CVE-2019-2297 (Buffer overflow can occur while processing non-standard NAN message fr ...) NOT-FOR-US: Snapdragon CVE-2019-2296 RESERVED CVE-2019-2295 (Information disclosure due to lack of address range check done on the ...) NOT-FOR-US: Snapdragon CVE-2019-2294 (Usage of hard-coded magic number for calculating heap guard bytes can ...) NOT-FOR-US: Snapdragon CVE-2019-2293 (Pointer dereference while freeing IFE resources due to lack of length ...) NOT-FOR-US: Snapdragon CVE-2019-2292 (Out of bound access can occur due to buffer copy without checking size ...) NOT-FOR-US: Snapdragon CVE-2019-2291 RESERVED CVE-2019-2290 (Multiple open and close from multiple threads will lead camera driver ...) NOT-FOR-US: Snapdragon CVE-2019-2289 (Lack of integrity check allows MODEM to accept any NAS messages which ...) NOT-FOR-US: Snapdragon CVE-2019-2288 (Out of bound write in TZ while copying the secure dump structure on HL ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2287 (Improper validation for inputs received from firmware can lead to an o ...) NOT-FOR-US: Snapdragon CVE-2019-2286 RESERVED CVE-2019-2285 (Out of bound write issue is observed while giving information about pr ...) NOT-FOR-US: Snapdragon CVE-2019-2284 (Possible use-after-free issue due to a race condition while calling ca ...) NOT-FOR-US: Snapdragon CVE-2019-2283 (Improper validation of read and write index of tx and rx fifo`s before ...) NOT-FOR-US: Snapdragon CVE-2019-2282 RESERVED CVE-2019-2281 (An unauthenticated bitmap image can be loaded in to memory and subsequ ...) NOT-FOR-US: Snapdragon CVE-2019-2280 RESERVED CVE-2019-2279 (Shared memory gets updated with invalid data and may lead to access be ...) NOT-FOR-US: Snapdragon CVE-2019-2278 (User keystore signature is ignored in boot and can lead to bypass boot ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2277 (Out of bound read can happen due to lack of NULL termination on user c ...) NOT-FOR-US: Snapdragon CVE-2019-2276 (Possible out of bound read occurs while processing beaconing request d ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2275 (While deserializing any key blob during key operations, buffer overflo ...) NOT-FOR-US: Snapdragon CVE-2019-2274 (Improper Access Control for RPU write access from secure processor in ...) NOT-FOR-US: Snapdragon CVE-2019-2273 (IOMMU page fault while playing h265 video file leads to denial of serv ...) NOT-FOR-US: Snapdragon CVE-2019-2272 (Buffer overflow can occur in display function due to lack of validatio ...) NOT-FOR-US: Snapdragon CVE-2019-2271 (Buffer over read can happen while parsing downlink session management ...) NOT-FOR-US: Snapdragon CVE-2019-2270 RESERVED CVE-2019-2269 (Possible buffer overflow while processing the high level lim process a ...) NOT-FOR-US: Snapdragon CVE-2019-2268 (Possible OOB read issue in P2P action frames while handling WLAN manag ...) NOT-FOR-US: Snapdragon CVE-2019-2267 (Locked regions may be modified through other interfaces in secure boot ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2266 (Possible double free issue in kernel while handling the camera sensor ...) NOT-FOR-US: Snapdragon CVE-2019-2265 RESERVED CVE-2019-2264 (Null pointer dereference occurs for channel context while opening glin ...) NOT-FOR-US: Snapdragon CVE-2019-2263 (Access to freed memory can happen while reading from diag driver due t ...) NOT-FOR-US: Snapdragon CVE-2019-2262 RESERVED CVE-2019-2261 (Unauthorized access from GPU subsystem to HLOS or other non secure sub ...) NOT-FOR-US: Snapdragon CVE-2019-2260 (A race condition occurs while processing perf-event which can lead to ...) NOT-FOR-US: Snapdragon CVE-2019-2259 (Resource allocation error while playing the video whose dimensions are ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2258 (Improper validation of array index causes OOB write and then leads to ...) NOT-FOR-US: Snapdragon CVE-2019-2257 (Wrong permissions in configuration file can lead to unauthorized permi ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2256 (An unprivileged user can craft a bitstream such that the payload encod ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2255 (An unprivileged user can craft a bitstream such that the payload encod ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2254 (Position determination accuracy may be degraded due to wrongly decoded ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2253 (Buffer over-read can occur while parsing an ogg file with a corrupted ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2252 (Classic buffer overflow vulnerability while playing the specific video ...) NOT-FOR-US: Snapdragon CVE-2019-2251 (If a bitmap file is loaded from any un-authenticated source, there is ...) NOT-FOR-US: Snapdragon CVE-2019-2250 (Kernel can write to arbitrary memory address passed by user while free ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2249 (Kernel can do a memory read from arbitrary address passed by user duri ...) NOT-FOR-US: Snapdragon CVE-2019-2248 (Buffer overflow can occur if invalid header tries to overwrite the exi ...) NOT-FOR-US: Snapdragon CVE-2019-2247 (Possibility of double free issue while running multiple instances of s ...) NOT-FOR-US: Snapdragon CVE-2019-2246 (Thread start can cause invalid memory writes to arbitrary memory locat ...) NOT-FOR-US: Snapdragon CVE-2019-2245 (Possible integer underflow can happen when calculating length of eleme ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2244 (Possible integer underflow can happen when calculating length of eleme ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2243 (Possible buffer overflow at the end of iterating loop while getting th ...) NOT-FOR-US: Snapdragon CVE-2019-2242 (Device memory may get corrupted because of buffer overflow/underflow. ...) NOT-FOR-US: Snapdragon CVE-2019-2241 (While rendering the layout background, Error status check is not caugh ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2240 (While sending the rendered surface content to the screen, Error handli ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2239 (Sanity checks are missing in layout which can lead to SUI Corruption o ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2238 (Lack of check of data type can lead to subsequent loop-expression pote ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2237 (Failure in taking appropriate action to handle the error case If keypa ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2236 (Null pointer dereference during secure application termination using s ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2235 (Buffer overflow occurs when emulated RPMB is used due to sector size a ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2234 RESERVED CVE-2019-2233 (In getUserCount and getCount of UserSwitcherController.java, there is ...) NOT-FOR-US: Android CVE-2019-2232 (In handleRun of TextLine.java, there is a possible application crash d ...) NOT-FOR-US: Android CVE-2019-2231 (In Blob::Blob of blob.cpp, there is a possible unencrypted master key ...) NOT-FOR-US: Android CVE-2019-2230 (In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.c ...) NOT-FOR-US: Android CVE-2019-2229 (In updateWidget of BaseWidgetProvider.java, there is a possible leak o ...) NOT-FOR-US: Android CVE-2019-2228 (In array_find of array.c, there is a possible out-of-bounds read due t ...) {DLA-2047-1} - cups 2.3.1-1 (bug #946782) [buster] - cups 2.2.10-6+deb10u2 [stretch] - cups 2.2.1-8+deb9u5 NOTE: https://github.com/apple/cups/commit/b018978c278d42c7abf78941251b887c95dfdb07 (master, v2.3.1) NOTE: https://github.com/apple/cups/commit/8c9b3606cca99e5dfc51784a9de1634345db7579 (v2.2.13) CVE-2019-2227 (In DeepCopy of btif_av.cc, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2019-2226 (In device_class_to_int of device_class.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2019-2225 (When pairing with a Bluetooth device, it may be possible to pair a mal ...) NOT-FOR-US: Android CVE-2019-2224 REJECTED CVE-2019-2223 (In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bo ...) NOT-FOR-US: Android Media Framework CVE-2019-2222 (n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible ...) NOT-FOR-US: Android Media Framework CVE-2019-2221 (In hasActivityInVisibleTask of WindowProcessController.java there̵ ...) NOT-FOR-US: Android CVE-2019-2220 (In checkOperation of AppOpsService.java, there is a possible bypass of ...) NOT-FOR-US: Android CVE-2019-2219 (In several functions of NotificationManagerService.java and related fi ...) NOT-FOR-US: Android CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there is a p ...) NOT-FOR-US: Android CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corrupt ...) NOT-FOR-US: Android CVE-2019-2216 (In overlay notifications, there is a possible hidden notification due ...) NOT-FOR-US: Android CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an ...) {DLA-2114-1 DLA-2068-1} - linux 4.15.4-1 [stretch] - linux 4.9.210-1 NOTE: Fixed by: https://git.kernel.org/linus/f5cb779ba16334b45ba8946d6bfa6d9834d1527f CVE-2019-2214 (In binder_transaction of binder.c, there is a possible out of bounds w ...) - linux 5.2.6-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://lore.kernel.org/driverdev-devel/20190709110923.220736-1-maco@android.com/ NOTE: https://git.kernel.org/linus/a56587065094fd96eb4c2b5ad65571daad32156d CVE-2019-2213 (In binder_free_transaction of binder.c, there is a possible use-after- ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [jessie] - linux (Android drivers not supported) NOTE: https://lore.kernel.org/patchwork/patch/1087916/ CVE-2019-2212 (In poisson_distribution of random, there is an out of bounds read. Thi ...) - libc++ [stretch] - libc++ (Minor issue) [jessie] - libc++ (Minor issue, Jessie versions of software that uses poisson distribution have low popcon) - llvm-toolchain-6.0 [buster] - llvm-toolchain-6.0 (Minor issue) [jessie] - llvm-toolchain-6.0 (Minor issue, Jessie versions of software that uses poisson distribution have low popcon) - llvm-toolchain-8 NOTE: https://android.googlesource.com/platform/external/libcxx/+/4cebe6f1f01a34546b3b843b5267619a61bd7d39 NOTE: https://android.googlesource.com/platform/external/libcxx/+/8260b5d56f6880a29b57f73b7f4866e47e9e4818 NOTE: https://android.googlesource.com/platform/external/libcxx/+/a16cd9df50f22ccf65cf27eddc0403791116c75a NOTE: template is affected, so dependencies need a rebuild CVE-2019-2211 (In createProjectionMapForQuery of TvProvider.java, there is possible S ...) NOT-FOR-US: Android CVE-2019-2210 (In load_logging_config of qmi_vs_service.cc, there is a possible out o ...) NOT-FOR-US: Android CVE-2019-2209 (In BTA_DmPinReply of bta_dm_api.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2019-2208 (In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise. ...) NOT-FOR-US: Android CVE-2019-2207 (In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2019-2206 (In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2019-2205 (In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a p ...) NOT-FOR-US: Android CVE-2019-2204 (In FindSharedFunctionInfo of objects.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2019-2203 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2019-2202 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is ...) - libjpeg-turbo 1:2.0.5-1 (low) [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 [stretch] - libjpeg-turbo (Minor issue) [jessie] - libjpeg-turbo (No package in Debian jessie uses the TurboJPEG API) NOTE: https://source.android.com/security/bulletin/2019-11-01 NOTE: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884 NOTE: The description text is wrong, this CVE is about gigapixel images not ARM NEON SIMD code. NOTE: See https://bugs.gentoo.org/show_bug.cgi?id=699830#c12 NOTE: Followup fix for tjbench: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad CVE-2019-2200 (In updatePermissions of PermissionManagerService.java, it may be possi ...) NOT-FOR-US: Android CVE-2019-2199 (In createSessionInternal of PackageInstallerService.java, there is a p ...) NOT-FOR-US: Android CVE-2019-2198 (In Download Provider, there is a possible SQL injection vulnerability. ...) NOT-FOR-US: Android CVE-2019-2197 (In processPhonebookAccess of CachedBluetoothDevice.java, there is a po ...) NOT-FOR-US: Android CVE-2019-2196 (In Download Provider, there is possible SQL injection. This could lead ...) NOT-FOR-US: Android CVE-2019-2195 (In tokenize of sqlite3_android.cpp, there is a possible attacker contr ...) NOT-FOR-US: Android CVE-2019-2194 (In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possi ...) NOT-FOR-US: Android CVE-2019-2193 (In WelcomeActivity.java and related files, there is a possible permiss ...) NOT-FOR-US: Android CVE-2019-2192 (In call of SliceProvider.java, there is a possible permissions bypass ...) NOT-FOR-US: Android CVE-2019-2191 (In LG's LAF component, there is a possible leak of information in a pr ...) NOT-FOR-US: LG components for Android CVE-2019-2190 (In LG's LAF component, there is a possible leak of information in a pr ...) NOT-FOR-US: LG components for Android CVE-2019-2189 (In the Easel driver, there is possible memory corruption due to race c ...) NOT-FOR-US: Android CVE-2019-2188 (In the Easel driver, there is possible memory corruption due to race c ...) NOT-FOR-US: Android CVE-2019-2187 (In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out o ...) NOT-FOR-US: Android CVE-2019-2186 (In GetMBheader of combined_decode.cpp, there is a possible out of boun ...) NOT-FOR-US: Android Media Framework CVE-2019-2185 (In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible ...) NOT-FOR-US: Android Media Framework CVE-2019-2184 (In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a poss ...) NOT-FOR-US: Android Media Framework CVE-2019-2183 (In generateServicesMap of RegisteredServicesCache.java, there is a pos ...) NOT-FOR-US: Android CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a possible execu ...) {DSA-4698-1 DLA-2242-1} - linux 4.16.5-1 [jessie] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/15122ee2c515a253b0c66a3e618bc7ebe35105eb CVE-2019-2181 (In binder_transaction of binder.c in the Android kernel, there is a po ...) - linux 5.2.6-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/0b0509508beff65c1d50541861bc0d4973487dc5 CVE-2019-2180 (In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possi ...) {DLA-1893-1} - cups 2.2.12-1 (bug #934957) [buster] - cups 2.2.10-6+deb10u1 [stretch] - cups 2.2.1-8+deb9u4 NOTE: Covers the "Fixed IPP buffer overflow (rdar://50035411)" angle of NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109 CVE-2019-2179 (In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 an ...) NOT-FOR-US: Android CVE-2019-2178 (In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and ...) NOT-FOR-US: Android CVE-2019-2177 (In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 an ...) NOT-FOR-US: Android CVE-2019-2176 (In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Andr ...) NOT-FOR-US: Android media framework CVE-2019-2175 (In checkAccess of SliceManagerService.java in Android 9, there is a po ...) NOT-FOR-US: Android CVE-2019-2174 (In SensorManager::assertStateLocked of SensorManager.cpp in Android 7. ...) NOT-FOR-US: Android CVE-2019-2173 (In startActivityMayWait of ActivityStarter.java, there is a possible i ...) NOT-FOR-US: Android CVE-2019-2172 (In libxaac there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-2171 (In libxaac there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-2170 (In libxaac there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-2169 (In libxaac there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-2168 (In libxaac there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-2167 (In libxaac there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-2166 (In libxaac there is a possible information disclosure due to uninitial ...) NOT-FOR-US: Android CVE-2019-2165 (In libxaac there is a possible out of bounds read due to a missing bou ...) NOT-FOR-US: Android CVE-2019-2164 (In libxaac there is a possible out of bounds read due to a missing bou ...) NOT-FOR-US: Android CVE-2019-2163 (In libxaac there is a possible out of bounds read due to a missing bou ...) NOT-FOR-US: Android CVE-2019-2162 (In libxaac there is a possible out of bounds read due to a missing bou ...) NOT-FOR-US: Android CVE-2019-2161 (In libxaac there is a possible out of bounds read due to a missing bou ...) NOT-FOR-US: Android CVE-2019-2160 (In libxaac there is a possible out of bounds read due to a missing bou ...) NOT-FOR-US: Android CVE-2019-2159 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2158 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2157 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2156 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2155 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2154 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2153 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2152 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2151 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2150 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2149 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2148 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2147 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2146 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2145 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2144 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2143 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2142 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2141 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2140 (In libxaac, there is a possible information disclosure due to uninitia ...) NOT-FOR-US: Android CVE-2019-2139 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2138 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2137 (In the endCall() function of TelecomManager.java, there is a possible ...) NOT-FOR-US: Android CVE-2019-2136 (In Status::readFromParcel of Status.cpp, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2019-2135 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2019-2134 (In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a po ...) NOT-FOR-US: Android CVE-2019-2133 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2019-2132 (It is possible to overlay the VPN dialog by a malicious application. T ...) NOT-FOR-US: Android CVE-2019-2131 (An application with overlay permission can display overlays on top of ...) NOT-FOR-US: Android CVE-2019-2130 (In CompilationJob::FinalizeJob of compiler.cc, there is a possible rem ...) NOT-FOR-US: Android CVE-2019-2129 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...) NOT-FOR-US: Android media framework CVE-2019-2128 (In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write ...) NOT-FOR-US: Android media framework CVE-2019-2127 (In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, ...) NOT-FOR-US: Android media framework CVE-2019-2126 (In ParseContentEncodingEntry of mkvparser.cc, there is a possible doub ...) NOT-FOR-US: Android media framework CVE-2019-2125 (In ChangeDefaultDialerDialog.java, there is a possible escalation of p ...) NOT-FOR-US: Android CVE-2019-2124 (In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java i ...) NOT-FOR-US: Android CVE-2019-2123 (In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and ...) NOT-FOR-US: Android CVE-2019-2122 (In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.j ...) NOT-FOR-US: Android CVE-2019-2121 (In ActivityManagerService.attachApplication of ActivityManagerService, ...) NOT-FOR-US: Android CVE-2019-2120 (In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there i ...) NOT-FOR-US: Android CVE-2019-2119 (In multiple functions of key_store_service.cpp, there is a possible In ...) NOT-FOR-US: Android CVE-2019-2118 (In various functions of Parcel.cpp, there are uninitialized or partial ...) NOT-FOR-US: Android CVE-2019-2117 (In checkQueryPermission of TelephonyProvider.java, there is a possible ...) NOT-FOR-US: Android CVE-2019-2116 (In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound ...) NOT-FOR-US: Android CVE-2019-2115 (In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2 ...) NOT-FOR-US: Android CVE-2019-2114 (In the default privileges of NFC, there is a possible local bypass of ...) NOT-FOR-US: Android CVE-2019-2113 (In setup wizard there is a bypass of some checks when wifi connection ...) NOT-FOR-US: Android CVE-2019-2112 (In several functions of alarm.cc, there is possible memory corruption ...) NOT-FOR-US: Android CVE-2019-2111 (In loop of DnsTlsSocket.cpp, there is a possible heap memory corruptio ...) NOT-FOR-US: Android CVE-2019-2110 (In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a ...) NOT-FOR-US: Android CVE-2019-2109 (In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a pos ...) NOT-FOR-US: Android media framework CVE-2019-2108 (In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a poss ...) NOT-FOR-US: Qualcomm components for Android CVE-2019-2107 (In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2019-2106 (In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bo ...) NOT-FOR-US: Android media framework CVE-2019-2105 (In FileInputStream::Read of file_input_stream.cc, there is a possible ...) NOT-FOR-US: Android CVE-2019-2104 (In HIDL, safe_union, and other C++ structs/unions being sent to applic ...) NOT-FOR-US: Android CVE-2019-2103 (In Google Assistant in Android 9, there is a possible permissions bypa ...) NOT-FOR-US: Android CVE-2019-2102 (In the Bluetooth Low Energy (BLE) specification, there is a provided e ...) NOT-FOR-US: Android CVE-2019-2101 (In uvc_parse_standard_control of uvc_driver.c, there is a possible out ...) {DLA-1862-1} - linux 4.19.37-1 [stretch] - linux 4.9.168-1 NOTE: https://git.kernel.org/linus/47bb117911b051bbc90764a8bff96543cbd2005f CVE-2019-2100 RESERVED CVE-2019-2099 (In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out- ...) NOT-FOR-US: Android CVE-2019-2098 (In areNotificationsEnabledForPackage of NotificationManagerService.jav ...) NOT-FOR-US: Android CVE-2019-2097 (In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possibl ...) NOT-FOR-US: Android CVE-2019-2096 (In EffectRelease of EffectBundle.cpp, there is a possible memory corru ...) NOT-FOR-US: Android CVE-2019-2095 (In callGenIDChangeListeners and related functions of SkPixelRef.cpp, t ...) NOT-FOR-US: Android CVE-2019-2094 (In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out o ...) NOT-FOR-US: Android CVE-2019-2093 (In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write ...) NOT-FOR-US: Android CVE-2019-2092 (In isSeparateProfileChallengeAllowed of DevicePolicyManagerService.jav ...) NOT-FOR-US: Android CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManagerServ ...) NOT-FOR-US: Android CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there ...) NOT-FOR-US: Android CVE-2019-2089 (In app uninstallation, there is a possible set of permissions that may ...) NOT-FOR-US: Android CVE-2019-2088 (In StatsService, there is a possible out of bounds read. This could le ...) NOT-FOR-US: Android CVE-2019-2087 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2086 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2085 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2084 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2083 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2082 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2081 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2080 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2079 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2078 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2077 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2076 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2075 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2074 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2073 (In libxaac there is a possible out of bounds write to missing bounds c ...) NOT-FOR-US: Android CVE-2019-2072 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2071 (In libxaac there is a possible out of bounds write due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2070 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2069 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2068 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2067 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2066 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2065 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2064 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2063 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2062 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2061 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2060 (In libxaac, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android CVE-2019-2059 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2058 (In libAACdec, there is a possible out of bounds read. This could lead ...) NOT-FOR-US: Android CVE-2019-2057 RESERVED CVE-2019-2056 (There is a possible disclosure of RAM using a shared crypto key due to ...) NOT-FOR-US: Android CVE-2019-2055 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2054 (In the seccomp implementation prior to kernel version 4.8, there is a ...) - linux 4.8.5-1 [jessie] - linux (Documented limitation) NOTE: https://git.kernel.org/linus/0f3912fd934cdfd03d93f2dc6f064099795bf638 CVE-2019-2053 (In wnm_parse_neighbor_report_elem of wnm_sta.c, there is a possible ou ...) NOT-FOR-US: Android CVE-2019-2052 (In VisitPointers of heap.cc, there is a possible out-of-bounds read du ...) NOT-FOR-US: Android CVE-2019-2051 (In heap of spaces.h, there is a possible out of bounds read due to imp ...) NOT-FOR-US: Android CVE-2019-2050 (In tearDownClientInterface of WificondControl.java, there is a possibl ...) NOT-FOR-US: Android CVE-2019-2049 (In SendMediaUpdate and SendFolderUpdate of avrcp_service.cc, there is ...) NOT-FOR-US: Android CVE-2019-2048 RESERVED CVE-2019-2047 (In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write ...) NOT-FOR-US: Android CVE-2019-2046 (In CalculateInstanceSizeForDerivedClass of objects.cc, there is possib ...) NOT-FOR-US: Android CVE-2019-2045 (In JSCallTyper of typer.cc, there is an out of bounds write due to an ...) NOT-FOR-US: Android CVE-2019-2044 (In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a ...) NOT-FOR-US: Android Media Framework CVE-2019-2043 (In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possi ...) NOT-FOR-US: Android CVE-2019-2042 RESERVED CVE-2019-2041 (In the configuration of NFC modules on certain devices, there is a pos ...) NOT-FOR-US: Android CVE-2019-2040 (In rw_i93_process_ext_sys_info of rw_i93.cc, there is a possible out-o ...) NOT-FOR-US: Android CVE-2019-2039 (In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-boun ...) NOT-FOR-US: Android CVE-2019-2038 (In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bo ...) NOT-FOR-US: Android CVE-2019-2037 (In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out- ...) NOT-FOR-US: Android CVE-2019-2036 (In okToConnect of HidHostService.java, there is a possible permission ...) NOT-FOR-US: Android CVE-2019-2035 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible out-of-boun ...) NOT-FOR-US: Android CVE-2019-2034 (In rw_i93_sm_read_ndef of rw_i93.cc, there is a possible out-of-bounds ...) NOT-FOR-US: Android CVE-2019-2033 (In create_hdr of dnssd_clientstub.c, there is a possible use after fre ...) NOT-FOR-US: Android CVE-2019-2032 (In SetScanResponseData of ble_advertiser_hci_interface.cc, there is a ...) NOT-FOR-US: Android CVE-2019-2031 (In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible ...) NOT-FOR-US: Android CVE-2019-2030 (In removeInterfaceAddress of NetworkController.cpp, there is a possibl ...) NOT-FOR-US: Android CVE-2019-2029 (In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corrupt ...) NOT-FOR-US: Android CVE-2019-2028 (In numerous hand-crafted functions in libmpeg2, NEON registers are not ...) NOT-FOR-US: Android Media Framework CVE-2019-2027 (In floor0_inverse1 of floor0.c, there is a possible out of bounds writ ...) NOT-FOR-US: Android Media Framework CVE-2019-2026 (In updateAssistMenuItems of Editor.java, there is a possible escape fr ...) NOT-FOR-US: Android CVE-2019-2025 (In binder_thread_read of binder.c, there is a possible use-after-free ...) - linux 4.19.9-1 [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: Fixed by: https://git.kernel.org/linus/7bada55ab50697861eee6bb7d60b41e68a961a9c (4.20-rc5) CVE-2019-2024 (In em28xx_unregister_dvb of em28xx-dvb.c, there is a possible use afte ...) {DLA-1799-1} - linux 4.16.5-1 [stretch] - linux 4.9.144-1 NOTE: Fixed by: https://git.kernel.org/linus/910b0797fa9e8af09c44a3fa36cb310ba7a7218d (4.16-rc1) CVE-2019-2023 (In ServiceManager::add function in the hardware service manager, there ...) NOT-FOR-US: Android CVE-2019-2022 (In rw_t3t_act_handle_fmt_rsp and rw_t3t_act_handle_sro_rsp of rw_t3t.c ...) NOT-FOR-US: Android CVE-2019-2021 (In rw_t3t_act_handle_ndef_detect_rsp of rw_t3t.cc, there is a possible ...) NOT-FOR-US: Android CVE-2019-2020 (In llcp_dlc_proc_rr_rnr_pdu of llcp_dlc.cc, there is a possible out-of ...) NOT-FOR-US: Android CVE-2019-2019 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out-of-bound re ...) NOT-FOR-US: Android CVE-2019-2018 (In resetPasswordInternal of DevicePolicyManagerService.java, there is ...) NOT-FOR-US: Android CVE-2019-2017 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...) NOT-FOR-US: Android CVE-2019-2016 (In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound ...) NOT-FOR-US: Android CVE-2019-2015 (In rw_t3t_act_handle_check_rsp of rw_t3t.cc, there is a possible out-o ...) NOT-FOR-US: Android CVE-2019-2014 (In rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2019-2013 (In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of- ...) NOT-FOR-US: Android CVE-2019-2012 (In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of- ...) NOT-FOR-US: Android CVE-2019-2011 (In readNullableNativeHandleNoDup of Parcel.cpp, there is a possible ou ...) NOT-FOR-US: Android CVE-2019-2010 (In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possi ...) NOT-FOR-US: Android CVE-2019-2009 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds w ...) NOT-FOR-US: Android CVE-2019-2008 (In createEffect of AudioFlinger.cpp, there is a possible memory corrup ...) NOT-FOR-US: Android Media Framework CVE-2019-2007 (In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is ...) NOT-FOR-US: Android Media Framework CVE-2019-2006 (In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory ...) NOT-FOR-US: Android Media Framework CVE-2019-2005 (In onPermissionGrantResult of GrantPermissionsActivity.java, there is ...) NOT-FOR-US: Android CVE-2019-2004 (In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal ...) NOT-FOR-US: Android CVE-2019-2003 (In addLinks of Linkify.java, there is a possible phishing vector due t ...) NOT-FOR-US: Android CVE-2019-2002 RESERVED CVE-2019-2001 (The permissions on /proc/iomem were world-readable. This could lead to ...) NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) CVE-2019-2000 (In several functions of binder.c, there is possible memory corruption ...) NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) CVE-2019-1999 (In binder_alloc_free_page of binder_alloc.c, there is a possible doubl ...) {DSA-4495-1} - linux 5.2.6-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/5cec2d2e5839f9c0fec319c523a911e0a7fd299f CVE-2019-1998 (In event_handler of keymaster_app.c, there is possible resource exhaus ...) NOT-FOR-US: Android CVE-2019-1997 (In random_get_bytes of random.c, there is a possible degradation of ra ...) NOT-FOR-US: Android CVE-2019-1996 (In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2019-1995 (In ComposeActivityEmail of ComposeActivityEmail.java, there is a possi ...) NOT-FOR-US: Android CVE-2019-1994 (In refresh of DevelopmentTiles.java, there is the possibility of leavi ...) NOT-FOR-US: Android CVE-2019-1993 (In register_app of btif_hd.cc, there is a possible memory corruption d ...) NOT-FOR-US: Android CVE-2019-1992 (In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use ...) NOT-FOR-US: Android CVE-2019-1991 (In btif_dm_data_copy of btif_core.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2019-1990 (In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a poss ...) NOT-FOR-US: Android Media Framework CVE-2019-1989 (In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a p ...) NOT-FOR-US: Android Media Framework CVE-2019-1988 (In sample6 of SkSwizzler.cpp, there is a possible out of bounds write ...) NOT-FOR-US: Android CVE-2019-1987 (In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds w ...) NOT-FOR-US: Android CVE-2019-1986 (In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out ...) NOT-FOR-US: Android CVE-2019-1985 (In findAvailSpellCheckerLocked of TextServicesManagerService.java, the ...) NOT-FOR-US: Android CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions Virtualization I ...) NOT-FOR-US: Cisco CVE-2019-1983 (A vulnerability in the email message filtering feature of Cisco AsyncO ...) NOT-FOR-US: Cisco CVE-2019-1982 (A vulnerability in the HTTP traffic filtering component of Cisco Firep ...) NOT-FOR-US: Cisco CVE-2019-1981 (A vulnerability in the normalization functionality of Cisco Firepower ...) NOT-FOR-US: Cisco CVE-2019-1980 (A vulnerability in the protocol detection component of Cisco Firepower ...) NOT-FOR-US: Cisco CVE-2019-1979 RESERVED CVE-2019-1978 (A vulnerability in the stream reassembly component of Cisco Firepower ...) NOT-FOR-US: Cisco CVE-2019-1977 (A vulnerability within the Endpoint Learning feature of Cisco Nexus 90 ...) NOT-FOR-US: Cisco CVE-2019-1976 (A vulnerability in the &ldquo;plug-and-play&rdquo; services co ...) NOT-FOR-US: Cisco CVE-2019-1975 (A vulnerability in the web-based interface of Cisco HyperFlex Software ...) NOT-FOR-US: Cisco CVE-2019-1974 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1973 (A vulnerability in the web portal framework of Cisco Enterprise NFV In ...) NOT-FOR-US: Cisco CVE-2019-1972 (A vulnerability the Cisco Enterprise NFV Infrastructure Software (NFVI ...) NOT-FOR-US: Cisco CVE-2019-1971 (A vulnerability in the web portal of Cisco Enterprise NFV Infrastructu ...) NOT-FOR-US: Cisco CVE-2019-1970 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...) NOT-FOR-US: Cisco CVE-2019-1969 (A vulnerability in the implementation of the Simple Network Management ...) NOT-FOR-US: Cisco CVE-2019-1968 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2019-1967 (A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX ...) NOT-FOR-US: Cisco CVE-2019-1966 (A vulnerability in a specific CLI command within the local management ...) NOT-FOR-US: Cisco CVE-2019-1965 (A vulnerability in the Virtual Shell (VSH) session management for Cisc ...) NOT-FOR-US: Cisco CVE-2019-1964 (A vulnerability in the IPv6 traffic processing of Cisco NX-OS Software ...) NOT-FOR-US: Cisco CVE-2019-1963 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...) NOT-FOR-US: Cisco CVE-2019-1962 (A vulnerability in the Cisco Fabric Services component of Cisco NX-OS ...) NOT-FOR-US: Cisco CVE-2019-1961 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...) NOT-FOR-US: Cisco CVE-2019-1960 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...) NOT-FOR-US: Cisco CVE-2019-1959 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...) NOT-FOR-US: Cisco CVE-2019-1958 (A vulnerability in the web-based management interface of Cisco HyperFl ...) NOT-FOR-US: Cisco CVE-2019-1957 (A vulnerability in the web interface of Cisco IoT Field Network Direct ...) NOT-FOR-US: Cisco CVE-2019-1956 (A vulnerability in the web-based interface of the Cisco SPA112 2-Port ...) NOT-FOR-US: Cisco CVE-2019-1955 (A vulnerability in the Sender Policy Framework (SPF) functionality of ...) NOT-FOR-US: Cisco CVE-2019-1954 (A vulnerability in the web-based management interface of Cisco Webex M ...) NOT-FOR-US: Cisco CVE-2019-1953 (A vulnerability in the web portal of Cisco Enterprise NFV Infrastructu ...) NOT-FOR-US: Cisco CVE-2019-1952 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...) NOT-FOR-US: Cisco CVE-2019-1951 (A vulnerability in the packet filtering features of Cisco SD-WAN Solut ...) NOT-FOR-US: Cisco CVE-2019-1950 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...) NOT-FOR-US: Cisco CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2019-1948 (A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an un ...) NOT-FOR-US: Cisco CVE-2019-1947 (A vulnerability in the email message filtering feature of Cisco AsyncO ...) NOT-FOR-US: Cisco CVE-2019-1946 (A vulnerability in the web-based management interface of Cisco Enterpr ...) NOT-FOR-US: Cisco CVE-2019-1945 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...) NOT-FOR-US: Cisco CVE-2019-1944 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...) NOT-FOR-US: Cisco CVE-2019-1943 (A vulnerability in the web interface of Cisco Small Business 200, 300, ...) NOT-FOR-US: Cisco CVE-2019-1942 (A vulnerability in the sponsor portal web interface for Cisco Identity ...) NOT-FOR-US: Cisco CVE-2019-1941 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2019-1940 (A vulnerability in the Web Services Management Agent (WSMA) feature of ...) NOT-FOR-US: Cisco CVE-2019-1939 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...) NOT-FOR-US: Cisco CVE-2019-1938 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) NOT-FOR-US: Cisco CVE-2019-1937 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1936 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1935 (A vulnerability in Cisco Integrated Management Controller (IMC) Superv ...) NOT-FOR-US: Cisco CVE-2019-1934 (A vulnerability in the web-based management interface of Cisco Adaptiv ...) NOT-FOR-US: Cisco CVE-2019-1933 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...) NOT-FOR-US: Cisco CVE-2019-1932 (A vulnerability in Cisco Advanced Malware Protection (AMP) for Endpoin ...) NOT-FOR-US: Cisco CVE-2019-1931 (Multiple vulnerabilities in the RSS dashboard in the web-based managem ...) NOT-FOR-US: Cisco CVE-2019-1930 (Multiple vulnerabilities in the RSS dashboard in the web-based managem ...) NOT-FOR-US: Cisco CVE-2019-1929 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-1928 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-1927 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-1926 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-1925 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-1924 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2019-1923 (A vulnerability in Cisco Small Business SPA500 Series IP Phones could ...) NOT-FOR-US: Cisco CVE-2019-1922 (A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 ...) NOT-FOR-US: Cisco CVE-2019-1921 (A vulnerability in the attachment scanning of Cisco AsyncOS Software f ...) NOT-FOR-US: Cisco CVE-2019-1920 (A vulnerability in the 802.11r Fast Transition (FT) implementation for ...) NOT-FOR-US: Cisco CVE-2019-1919 (A vulnerability in the Cisco FindIT Network Management Software virtua ...) NOT-FOR-US: Cisco CVE-2019-1918 (A vulnerability in the implementation of Intermediate System&ndash ...) NOT-FOR-US: Cisco CVE-2019-1917 (A vulnerability in the REST API interface of Cisco Vision Dynamic Sign ...) NOT-FOR-US: Cisco CVE-2019-1916 RESERVED CVE-2019-1915 (A vulnerability in the web-based interface of Cisco Unified Communicat ...) NOT-FOR-US: Cisco CVE-2019-1914 (A vulnerability in the web management interface of Cisco Small Busines ...) NOT-FOR-US: Cisco CVE-2019-1913 (Multiple vulnerabilities in the web management interface of Cisco Smal ...) NOT-FOR-US: Cisco CVE-2019-1912 (A vulnerability in the web management interface of Cisco Small Busines ...) NOT-FOR-US: Cisco CVE-2019-1911 (A vulnerability in the CLI of Cisco Unified Communications Domain Mana ...) NOT-FOR-US: Cisco CVE-2019-1910 (A vulnerability in the implementation of the Intermediate System&n ...) NOT-FOR-US: Cisco CVE-2019-1909 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...) NOT-FOR-US: Cisco CVE-2019-1908 (A vulnerability in the Intelligent Platform Management Interface (IPMI ...) NOT-FOR-US: Cisco CVE-2019-1907 (A vulnerability in the web server of Cisco Integrated Management Contr ...) NOT-FOR-US: Cisco CVE-2019-1906 (A vulnerability in the Virtual Domain system of Cisco Prime Infrastruc ...) NOT-FOR-US: Cisco CVE-2019-1905 (A vulnerability in the GZIP decompression engine of Cisco AsyncOS Soft ...) NOT-FOR-US: Cisco CVE-2019-1904 (A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software ...) NOT-FOR-US: Cisco CVE-2019-1903 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...) NOT-FOR-US: Cisco CVE-2019-1902 RESERVED CVE-2019-1901 (A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem ...) NOT-FOR-US: Cisco CVE-2019-1900 (A vulnerability in the web server of Cisco Integrated Management Contr ...) NOT-FOR-US: Cisco CVE-2019-1899 (A vulnerability in the web interface of Cisco RV110W, RV130W, and RV21 ...) NOT-FOR-US: Cisco CVE-2019-1898 (A vulnerability in the web-based management interface of Cisco RV110W, ...) NOT-FOR-US: Cisco CVE-2019-1897 (A vulnerability in the web-based management interface of Cisco RV110W, ...) NOT-FOR-US: Cisco CVE-2019-1896 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1895 (A vulnerability in the Virtual Network Computing (VNC) console impleme ...) NOT-FOR-US: Cisco CVE-2019-1894 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...) NOT-FOR-US: Cisco CVE-2019-1893 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...) NOT-FOR-US: Cisco CVE-2019-1892 (A vulnerability in the Secure Sockets Layer (SSL) input packet process ...) NOT-FOR-US: Cisco CVE-2019-1891 (A vulnerability in the web interface of Cisco Small Business 200, 300, ...) NOT-FOR-US: Cisco CVE-2019-1890 (A vulnerability in the fabric infrastructure VLAN connection establish ...) NOT-FOR-US: Cisco CVE-2019-1889 (A vulnerability in the REST API for software device management in Cisc ...) NOT-FOR-US: Cisco CVE-2019-1888 (A vulnerability in the Administration Web Interface of Cisco Unified C ...) NOT-FOR-US: Cisco CVE-2019-1887 (A vulnerability in the Session Initiation Protocol (SIP) protocol impl ...) NOT-FOR-US: Cisco CVE-2019-1886 (A vulnerability in the HTTPS decryption feature of Cisco Web Security ...) NOT-FOR-US: Cisco CVE-2019-1885 (A vulnerability in the Redfish protocol of Cisco Integrated Management ...) NOT-FOR-US: Cisco CVE-2019-1884 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...) NOT-FOR-US: Cisco CVE-2019-1883 (A vulnerability in the command-line interface of Cisco Integrated Mana ...) NOT-FOR-US: Cisco CVE-2019-1882 (A vulnerability in Cisco Industrial Network Director could allow an au ...) NOT-FOR-US: Cisco CVE-2019-1881 (A vulnerability in the web-based management interface of Cisco Industr ...) NOT-FOR-US: Cisco CVE-2019-1880 (A vulnerability in the BIOS upgrade utility of Cisco Unified Computing ...) NOT-FOR-US: Cisco CVE-2019-1879 (A vulnerability in the CLI of Cisco Integrated Management Controller ( ...) NOT-FOR-US: Cisco CVE-2019-1878 (A vulnerability in the Cisco Discovery Protocol (CDP) implementation f ...) NOT-FOR-US: Cisco CVE-2019-1877 (A vulnerability in the HTTP API of Cisco Enterprise Chat and Email cou ...) NOT-FOR-US: Cisco CVE-2019-1876 (A vulnerability in the HTTPS proxy feature of Cisco Wide Area Applicat ...) NOT-FOR-US: Cisco CVE-2019-1875 (A vulnerability in the web-based management interface of Cisco Prime S ...) NOT-FOR-US: Cisco CVE-2019-1874 (A vulnerability in the web-based management interface of Cisco Prime S ...) NOT-FOR-US: Cisco CVE-2019-1873 (A vulnerability in the cryptographic driver for Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2019-1872 (A vulnerability in Cisco TelePresence Video Communication Server (VCS) ...) NOT-FOR-US: Cisco CVE-2019-1871 (A vulnerability in the Import Cisco IMC configuration utility of Cisco ...) NOT-FOR-US: Cisco CVE-2019-1870 (A vulnerability in the web-based management interface of Cisco Enterpr ...) NOT-FOR-US: Cisco CVE-2019-1869 (A vulnerability in the internal packet-processing functionality of the ...) NOT-FOR-US: Cisco CVE-2019-1868 (A vulnerability in the web-based management interface of Cisco Webex M ...) NOT-FOR-US: Cisco CVE-2019-1867 (A vulnerability in the REST API of Cisco Elastic Services Controller ( ...) NOT-FOR-US: Cisco CVE-2019-1866 (Cisco Webex Business Suite before 39.1.0 contains a vulnerability that ...) NOT-FOR-US: Cisco CVE-2019-1865 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1864 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1863 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1862 (A vulnerability in the web-based user interface (Web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2019-1861 (A vulnerability in the software update feature of Cisco Industrial Net ...) NOT-FOR-US: Cisco CVE-2019-1860 (A vulnerability in the dashboard gadget rendering of Cisco Unified Int ...) NOT-FOR-US: Cisco CVE-2019-1859 (A vulnerability in the Secure Shell (SSH) authentication process of Ci ...) NOT-FOR-US: Cisco CVE-2019-1858 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...) NOT-FOR-US: Cisco CVE-2019-1857 (A vulnerability in the web-based management interface of Cisco HyperFl ...) NOT-FOR-US: Cisco CVE-2019-1856 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2019-1855 (A vulnerability in the loading mechanism of specific dynamic link libr ...) NOT-FOR-US: Cisco CVE-2019-1854 (A vulnerability in the management web interface of Cisco Expressway Se ...) NOT-FOR-US: Cisco CVE-2019-1853 (A vulnerability in the HostScan component of Cisco AnyConnect Secure M ...) NOT-FOR-US: Cisco CVE-2019-1852 (A vulnerability in the web-based management interface of Cisco Prime N ...) NOT-FOR-US: Cisco CVE-2019-1851 (A vulnerability in the External RESTful Services (ERS) API of the Cisc ...) NOT-FOR-US: Cisco CVE-2019-1850 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1849 (A vulnerability in the Border Gateway Patrol (BGP) Multiprotocol Label ...) NOT-FOR-US: Cisco CVE-2019-1848 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...) NOT-FOR-US: Cisco CVE-2019-1847 RESERVED CVE-2019-1846 (A vulnerability in the Multiprotocol Label Switching (MPLS) Operations ...) NOT-FOR-US: Cisco CVE-2019-1845 (A vulnerability in the authentication service of the Cisco Unified Com ...) NOT-FOR-US: Cisco CVE-2019-1844 (A vulnerability in certain attachment detection mechanisms of the Cisc ...) NOT-FOR-US: Cisco CVE-2019-1843 (A vulnerability in the web-based management interface of the Cisco RV1 ...) NOT-FOR-US: Cisco CVE-2019-1842 (A vulnerability in the Secure Shell (SSH) authentication function of C ...) NOT-FOR-US: Cisco CVE-2019-1841 (A vulnerability in the Software Image Management feature of Cisco DNA ...) NOT-FOR-US: Cisco CVE-2019-1840 (A vulnerability in the DHCPv6 input packet processor of Cisco Prime Ne ...) NOT-FOR-US: Cisco CVE-2019-1839 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2019-1838 (A vulnerability in the web-based management interface of Cisco Applica ...) NOT-FOR-US: Cisco CVE-2019-1837 (A vulnerability in the User Data Services (UDS) API of Cisco Unified C ...) NOT-FOR-US: Cisco CVE-2019-1836 (A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric ...) NOT-FOR-US: Cisco CVE-2019-1835 (A vulnerability in the CLI of Cisco Aironet Access Points (APs) could ...) NOT-FOR-US: Cisco CVE-2019-1834 (A vulnerability in the internal packet processing of Cisco Aironet Ser ...) NOT-FOR-US: Cisco CVE-2019-1833 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...) NOT-FOR-US: Cisco CVE-2019-1832 (A vulnerability in the detection engine of Cisco Firepower Threat Defe ...) NOT-FOR-US: Cisco CVE-2019-1831 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...) NOT-FOR-US: Cisco CVE-2019-1830 (A vulnerability in Locally Significant Certificate (LSC) management fo ...) NOT-FOR-US: Cisco CVE-2019-1829 (A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) ...) NOT-FOR-US: Cisco CVE-2019-1828 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2019-1827 (A vulnerability in the Online Help web service of Cisco Small Business ...) NOT-FOR-US: Cisco CVE-2019-1826 (A vulnerability in the quality of service (QoS) feature of Cisco Airon ...) NOT-FOR-US: Cisco CVE-2019-1825 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-1824 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-1823 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-1822 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-1821 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-1820 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-1819 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-1818 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-1817 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...) NOT-FOR-US: Cisco CVE-2019-1816 (A vulnerability in the log subscription subsystem of the Cisco Web Sec ...) NOT-FOR-US: Cisco CVE-2019-1815 RESERVED CVE-2019-1814 (A vulnerability in the interactions between the DHCP and TFTP features ...) NOT-FOR-US: Cisco CVE-2019-1813 (A vulnerability in the Image Signature Verification feature of Cisco N ...) NOT-FOR-US: Cisco CVE-2019-1812 (A vulnerability in the Image Signature Verification feature of Cisco N ...) NOT-FOR-US: Cisco CVE-2019-1811 (A vulnerability in the Image Signature Verification feature of Cisco N ...) NOT-FOR-US: Cisco CVE-2019-1810 (A vulnerability in the Image Signature Verification feature used in an ...) NOT-FOR-US: Cisco CVE-2019-1809 (A vulnerability in the Image Signature Verification feature of Cisco N ...) NOT-FOR-US: Cisco CVE-2019-1808 (A vulnerability in the Image Signature Verification feature of Cisco N ...) NOT-FOR-US: Cisco CVE-2019-1807 (A vulnerability in the session management functionality of the web UI ...) NOT-FOR-US: Cisco CVE-2019-1806 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...) NOT-FOR-US: Cisco CVE-2019-1805 (A vulnerability in certain access control mechanisms for the Secure Sh ...) NOT-FOR-US: Cisco CVE-2019-1804 (A vulnerability in the SSH key management for the Cisco Nexus 9000 Ser ...) NOT-FOR-US: Cisco CVE-2019-1803 (A vulnerability in the filesystem management for the Cisco Nexus 9000 ...) NOT-FOR-US: Cisco CVE-2019-1802 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2019-1801 RESERVED CVE-2019-1800 (A vulnerability in the handling of Inter-Access Point Protocol (IAPP) ...) NOT-FOR-US: Cisco CVE-2019-1799 (A vulnerability in the handling of Inter-Access Point Protocol (IAPP) ...) NOT-FOR-US: Cisco CVE-2019-1798 (A vulnerability in the Portable Executable (PE) file scanning function ...) - libclamunrar 0.101.2-1 [stretch] - libclamunrar (Vulnerable code only present in 0.101.1 and 0.101.0) [jessie] - libclamunrar (Vulnerable code only present in 0.101.1 and 0.101.0) - clamav 0.101.2+dfsg-1 [stretch] - clamav (Vulnerable code only present in 0.101.1 and 0.101.0) [jessie] - clamav (Vulnerable code introduced later) NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html CVE-2019-1797 (A vulnerability in the web-based management interface of Cisco Wireles ...) NOT-FOR-US: Cisco CVE-2019-1796 (A vulnerability in the handling of Inter-Access Point Protocol (IAPP) ...) NOT-FOR-US: Cisco CVE-2019-1795 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...) NOT-FOR-US: Cisco CVE-2019-1794 (A vulnerability in the search path processing of Cisco Directory Conne ...) NOT-FOR-US: Cisco CVE-2019-1793 RESERVED CVE-2019-1792 (A vulnerability in the URL block page of Cisco Umbrella could allow an ...) NOT-FOR-US: Cisco CVE-2019-1791 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1790 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1789 (ClamAV versions prior to 0.101.2 are susceptible to a denial of servic ...) {DLA-1759-1} - clamav 0.101.2+dfsg-1 [stretch] - clamav 0.100.3+dfsg-0+deb9u1 NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html CVE-2019-1788 (A vulnerability in the Object Linking & Embedding (OLE2) file scan ...) {DLA-1759-1} - clamav 0.101.2+dfsg-1 [stretch] - clamav 0.100.3+dfsg-0+deb9u1 NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html CVE-2019-1787 (A vulnerability in the Portable Document Format (PDF) scanning functio ...) {DLA-1759-1} - clamav 0.101.2+dfsg-1 [stretch] - clamav 0.100.3+dfsg-0+deb9u1 NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html CVE-2019-1786 (A vulnerability in the Portable Document Format (PDF) scanning functio ...) - clamav 0.101.2+dfsg-1 [stretch] - clamav (Vulnerable code only present in 0.101.1 and 0.101.0) [jessie] - clamav (Vulnerable code introduced later) NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html CVE-2019-1785 (A vulnerability in the RAR file scanning functionality of Clam AntiVir ...) - libclamunrar 0.101.2-1 [stretch] - libclamunrar (Vulnerable code only present in 0.101.1 and 0.101.0) [jessie] - libclamunrar (Vulnerable code introduced later) - clamav 0.101.2+dfsg-1 [stretch] - clamav (Vulnerable code only present in 0.101.1 and 0.101.0) [jessie] - clamav (Vulnerable code introduced later) NOTE: https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html CVE-2019-1784 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1783 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1782 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...) NOT-FOR-US: Cisco CVE-2019-1781 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...) NOT-FOR-US: Cisco CVE-2019-1780 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...) NOT-FOR-US: Cisco CVE-2019-1779 (A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Soft ...) NOT-FOR-US: Cisco CVE-2019-1778 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1777 (A vulnerability in the web-based interface of the Cisco Registered Env ...) NOT-FOR-US: Cisco CVE-2019-1776 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1775 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1774 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1773 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...) NOT-FOR-US: Cisco CVE-2019-1772 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...) NOT-FOR-US: Cisco CVE-2019-1771 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...) NOT-FOR-US: Cisco CVE-2019-1770 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1769 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1768 (A vulnerability in the implementation of a specific CLI command for Ci ...) NOT-FOR-US: Cisco CVE-2019-1767 (A vulnerability in the implementation of a specific CLI command for Ci ...) NOT-FOR-US: Cisco CVE-2019-1766 (A vulnerability in the web-based management interface of Session Initi ...) NOT-FOR-US: Cisco CVE-2019-1765 (A vulnerability in the web-based management interface of Session Initi ...) NOT-FOR-US: Cisco CVE-2019-1764 (A vulnerability in the web-based management interface of Session Initi ...) NOT-FOR-US: Cisco CVE-2019-1763 (A vulnerability in the web-based management interface of Session Initi ...) NOT-FOR-US: Cisco CVE-2019-1762 (A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE ...) NOT-FOR-US: Cisco CVE-2019-1761 (A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of ...) NOT-FOR-US: Cisco CVE-2019-1760 (A vulnerability in Performance Routing Version 3 (PfRv3) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2019-1759 (A vulnerability in access control list (ACL) functionality of the Giga ...) NOT-FOR-US: Cisco CVE-2019-1758 (A vulnerability in 802.1x function of Cisco IOS Software on the Cataly ...) NOT-FOR-US: Cisco CVE-2019-1757 (A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and ...) NOT-FOR-US: Cisco CVE-2019-1756 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2019-1755 (A vulnerability in the Web Services Management Agent (WSMA) function o ...) NOT-FOR-US: Cisco CVE-2019-1754 (A vulnerability in the authorization subsystem of Cisco IOS XE Softwar ...) NOT-FOR-US: Cisco CVE-2019-1753 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2019-1752 (A vulnerability in the ISDN functions of Cisco IOS Software and Cisco ...) NOT-FOR-US: Cisco CVE-2019-1751 (A vulnerability in the Network Address Translation 64 (NAT64) function ...) NOT-FOR-US: Cisco CVE-2019-1750 (A vulnerability in the Easy Virtual Switching System (VSS) of Cisco IO ...) NOT-FOR-US: Cisco CVE-2019-1749 (A vulnerability in the ingress traffic validation of Cisco IOS XE Soft ...) NOT-FOR-US: Cisco CVE-2019-1748 (A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisc ...) NOT-FOR-US: Cisco CVE-2019-1747 (A vulnerability in the implementation of the Short Message Service (SM ...) NOT-FOR-US: Cisco CVE-2019-1746 (A vulnerability in the Cluster Management Protocol (CMP) processing co ...) NOT-FOR-US: Cisco CVE-2019-1745 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2019-1744 RESERVED CVE-2019-1743 (A vulnerability in the web UI framework of Cisco IOS XE Software could ...) NOT-FOR-US: Cisco CVE-2019-1742 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2019-1741 (A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature ...) NOT-FOR-US: Cisco CVE-2019-1740 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...) NOT-FOR-US: Cisco CVE-2019-1739 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...) NOT-FOR-US: Cisco CVE-2019-1738 (A vulnerability in the Network-Based Application Recognition (NBAR) fe ...) NOT-FOR-US: Cisco CVE-2019-1737 (A vulnerability in the processing of IP Service Level Agreement (SLA) ...) NOT-FOR-US: Cisco CVE-2019-1736 (A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers ...) NOT-FOR-US: Cisco CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1734 (A vulnerability in the implementation of a CLI diagnostic command in C ...) NOT-FOR-US: Cisco CVE-2019-1733 (A vulnerability in the NX API (NX-API) Sandbox interface for Cisco NX- ...) NOT-FOR-US: Cisco CVE-2019-1732 (A vulnerability in the Remote Package Manager (RPM) subsystem of Cisco ...) NOT-FOR-US: Cisco CVE-2019-1731 (A vulnerability in the SSH CLI key management functionality of Cisco N ...) NOT-FOR-US: Cisco CVE-2019-1730 (A vulnerability in the Bash shell implementation for Cisco NX-OS Softw ...) NOT-FOR-US: Cisco CVE-2019-1729 (A vulnerability in the CLI implementation of a specific command used f ...) NOT-FOR-US: Cisco CVE-2019-1728 (A vulnerability in the Secure Configuration Validation functionality o ...) NOT-FOR-US: Cisco CVE-2019-1727 (A vulnerability in the Python scripting subsystem of Cisco NX-OS Softw ...) NOT-FOR-US: Cisco CVE-2019-1726 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1725 (A vulnerability in the local management CLI implementation for specifi ...) NOT-FOR-US: Cisco CVE-2019-1724 (A vulnerability in the session management functionality of the web-bas ...) NOT-FOR-US: Cisco CVE-2019-1723 (A vulnerability in the Cisco Common Services Platform Collector (CSPC) ...) NOT-FOR-US: Cisco CVE-2019-1722 (A vulnerability in the FindMe feature of Cisco Expressway Series and C ...) NOT-FOR-US: Cisco CVE-2019-1721 (A vulnerability in the phone book feature of Cisco Expressway Series a ...) NOT-FOR-US: Cisco CVE-2019-1720 (A vulnerability in the XML API of Cisco Expressway Series and Cisco Te ...) NOT-FOR-US: Cisco CVE-2019-1719 (A vulnerability in the web-based guest portal of Cisco Identity Servic ...) NOT-FOR-US: Cisco CVE-2019-1718 (A vulnerability in the web interface of Cisco Identity Services Engine ...) NOT-FOR-US: Cisco CVE-2019-1717 (A vulnerability in the web-based management interface of Cisco Video S ...) NOT-FOR-US: Cisco CVE-2019-1716 (A vulnerability in the web-based management interface of Session Initi ...) NOT-FOR-US: Cisco CVE-2019-1715 (A vulnerability in the Deterministic Random Bit Generator (DRBG), also ...) NOT-FOR-US: Cisco CVE-2019-1714 (A vulnerability in the implementation of Security Assertion Markup Lan ...) NOT-FOR-US: Cisco CVE-2019-1713 (A vulnerability in the web-based management interface of Cisco Adaptiv ...) NOT-FOR-US: Cisco CVE-2019-1712 (A vulnerability in the Protocol Independent Multicast (PIM) feature of ...) NOT-FOR-US: Cisco CVE-2019-1711 (A vulnerability in the Event Management Service daemon (emsd) of Cisco ...) NOT-FOR-US: Cisco CVE-2019-1710 (A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 ...) NOT-FOR-US: Cisco CVE-2019-1709 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) NOT-FOR-US: Cisco CVE-2019-1708 (A vulnerability in the Internet Key Exchange Version 2 Mobility and Mu ...) NOT-FOR-US: Cisco CVE-2019-1707 (A vulnerability in the web-based management interface of Cisco DNA Cen ...) NOT-FOR-US: Cisco CVE-2019-1706 (A vulnerability in the software cryptography module of the Cisco Adapt ...) NOT-FOR-US: Cisco CVE-2019-1705 (A vulnerability in the remote access VPN session manager of Cisco Adap ...) NOT-FOR-US: Cisco CVE-2019-1704 (Multiple vulnerabilities in the Server Message Block (SMB) Protocol pr ...) NOT-FOR-US: Cisco CVE-2019-1703 (A vulnerability in the internal packet-processing functionality of Cis ...) NOT-FOR-US: Cisco CVE-2019-1702 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2019-1701 (Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Secur ...) NOT-FOR-US: Cisco CVE-2019-1700 (A vulnerability in field-programmable gate array (FPGA) ingress buffer ...) NOT-FOR-US: Cisco CVE-2019-1699 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) NOT-FOR-US: Cisco CVE-2019-1698 (A vulnerability in the web-based user interface of Cisco Internet of T ...) NOT-FOR-US: Cisco CVE-2019-1697 (A vulnerability in the implementation of the Lightweight Directory Acc ...) NOT-FOR-US: Cisco CVE-2019-1696 (Multiple vulnerabilities in the Server Message Block (SMB) Protocol pr ...) NOT-FOR-US: Cisco CVE-2019-1695 (A vulnerability in the detection engine of Cisco Adaptive Security App ...) NOT-FOR-US: Cisco CVE-2019-1694 (A vulnerability in the TCP processing engine of Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2019-1693 (A vulnerability in the WebVPN service of Cisco Adaptive Security Appli ...) NOT-FOR-US: Cisco CVE-2019-1692 (A vulnerability in the web-based management interface of Cisco Applica ...) NOT-FOR-US: Cisco CVE-2019-1691 (A vulnerability in the detection engine of Cisco Firepower Threat Defe ...) NOT-FOR-US: Cisco CVE-2019-1690 (A vulnerability in the management interface of Cisco Application Polic ...) NOT-FOR-US: Cisco CVE-2019-1689 (A vulnerability in the client application for iOS of Cisco Webex Teams ...) NOT-FOR-US: Cisco CVE-2019-1688 (A vulnerability in the management web interface of Cisco Network Assur ...) NOT-FOR-US: Cisco CVE-2019-1687 (A vulnerability in the TCP proxy functionality for Cisco Adaptive Secu ...) NOT-FOR-US: Cisco CVE-2019-1686 (A vulnerability in the TCP flags inspection feature for access control ...) NOT-FOR-US: Cisco CVE-2019-1685 (A vulnerability in the Security Assertion Markup Language (SAML) singl ...) NOT-FOR-US: Cisco CVE-2019-1684 (A vulnerability in the Cisco Discovery Protocol or Link Layer Discover ...) NOT-FOR-US: Cisco CVE-2019-1683 (A vulnerability in the certificate handling component of the Cisco SPA ...) NOT-FOR-US: Cisco CVE-2019-1682 (A vulnerability in the FUSE filesystem functionality for Cisco Applica ...) NOT-FOR-US: Cisco CVE-2019-1681 (A vulnerability in the TFTP service of Cisco Network Convergence Syste ...) NOT-FOR-US: Cisco CVE-2019-1680 (A vulnerability in Cisco Webex Business Suite could allow an unauthent ...) NOT-FOR-US: Cisco CVE-2019-1679 (A vulnerability in the web interface of Cisco TelePresence Conductor, ...) NOT-FOR-US: Cisco CVE-2019-1678 (A vulnerability in Cisco Meeting Server could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2019-1677 (A vulnerability in Cisco Webex Meetings for Android could allow an una ...) NOT-FOR-US: Cisco CVE-2019-1676 (A vulnerability in the Session Initiation Protocol (SIP) call processi ...) NOT-FOR-US: Cisco CVE-2019-1675 (A vulnerability in the default configuration of the Cisco Aironet Acti ...) NOT-FOR-US: Cisco CVE-2019-1674 (A vulnerability in the update service of Cisco Webex Meetings Desktop ...) NOT-FOR-US: Cisco CVE-2019-1673 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2019-1672 (A vulnerability in the Decryption Policy Default Action functionality ...) NOT-FOR-US: Cisco CVE-2019-1671 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2019-1670 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2019-1669 (A vulnerability in the data acquisition (DAQ) component of Cisco Firep ...) NOT-FOR-US: Cisco CVE-2019-1668 (A vulnerability in the chat feed feature of Cisco SocialMiner could al ...) NOT-FOR-US: Cisco CVE-2019-1667 (A vulnerability in the Graphite interface of Cisco HyperFlex software ...) NOT-FOR-US: Cisco CVE-2019-1666 (A vulnerability in the Graphite service of Cisco HyperFlex software co ...) NOT-FOR-US: Cisco CVE-2019-1665 (A vulnerability in the web-based management interface of Cisco HyperFl ...) NOT-FOR-US: Cisco CVE-2019-1664 (A vulnerability in the hxterm service of Cisco HyperFlex Software coul ...) NOT-FOR-US: Cisco CVE-2019-1663 (A vulnerability in the web-based management interface of the Cisco RV1 ...) NOT-FOR-US: Cisco CVE-2019-1662 (A vulnerability in the Quality of Voice Reporting (QOVR) service of Ci ...) NOT-FOR-US: Cisco CVE-2019-1661 (A vulnerability in the web-based management interface of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2019-1660 (A vulnerability in the Simple Object Access Protocol (SOAP) of Cisco T ...) NOT-FOR-US: Cisco CVE-2019-1659 (A vulnerability in the Identity Services Engine (ISE) integration feat ...) NOT-FOR-US: Cisco CVE-2019-1658 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2019-1657 (A vulnerability in Cisco AMP Threat Grid could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2019-1656 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...) NOT-FOR-US: Cisco CVE-2019-1655 (A vulnerability in the web-based management interface of Cisco Webex M ...) NOT-FOR-US: Cisco CVE-2019-1654 (A vulnerability in the development shell (devshell) authentication for ...) NOT-FOR-US: Cisco CVE-2019-1653 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2019-1652 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2019-1651 (A vulnerability in the vContainer of the Cisco SD-WAN Solution could a ...) NOT-FOR-US: Cisco CVE-2019-1650 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...) NOT-FOR-US: Cisco CVE-2019-1649 (A vulnerability in the logic that handles access control to one of the ...) NOT-FOR-US: Cisco CVE-2019-1648 (A vulnerability in the user group configuration of the Cisco SD-WAN So ...) NOT-FOR-US: Cisco CVE-2019-1647 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...) NOT-FOR-US: Cisco CVE-2019-1646 (A vulnerability in the local CLI of the Cisco SD-WAN Solution could al ...) NOT-FOR-US: Cisco CVE-2019-1645 (A vulnerability in the Cisco Connected Mobile Experiences (CMX) softwa ...) NOT-FOR-US: Cisco CVE-2019-1644 (A vulnerability in the UDP protocol implementation for Cisco IoT Field ...) NOT-FOR-US: Cisco CVE-2019-1643 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2019-1642 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2019-1641 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...) NOT-FOR-US: Cisco CVE-2019-1640 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...) NOT-FOR-US: Cisco CVE-2019-1639 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...) NOT-FOR-US: Cisco CVE-2019-1638 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...) NOT-FOR-US: Cisco CVE-2019-1637 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...) NOT-FOR-US: Cisco CVE-2019-1636 (A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, ...) NOT-FOR-US: Cisco CVE-2019-1635 (A vulnerability in the call-handling functionality of Session Initiati ...) NOT-FOR-US: Cisco CVE-2019-1634 (A vulnerability in the Intelligent Platform Management Interface (IPMI ...) NOT-FOR-US: Cisco CVE-2019-1633 RESERVED CVE-2019-1632 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1631 (A vulnerability in the web-based management interface of Cisco Integra ...) NOT-FOR-US: Cisco CVE-2019-1630 (A vulnerability in the firmware signature checking program of Cisco In ...) NOT-FOR-US: Cisco CVE-2019-1629 (A vulnerability in the configuration import utility of Cisco Integrate ...) NOT-FOR-US: Cisco CVE-2019-1628 (A vulnerability in the web server of Cisco Integrated Management Contr ...) NOT-FOR-US: Cisco CVE-2019-1627 (A vulnerability in the Server Utilities of Cisco Integrated Management ...) NOT-FOR-US: Cisco CVE-2019-1626 (A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-W ...) NOT-FOR-US: Cisco CVE-2019-1625 (A vulnerability in the CLI of Cisco SD-WAN Solution could allow an aut ...) NOT-FOR-US: Cisco CVE-2019-1624 (A vulnerability in the vManage web-based UI (Web UI) in the Cisco SD-W ...) NOT-FOR-US: Cisco CVE-2019-1623 (A vulnerability in the CLI configuration shell of Cisco Meeting Server ...) NOT-FOR-US: Cisco CVE-2019-1622 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2019-1621 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2019-1620 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2019-1619 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2019-1618 (A vulnerability in the Tetration Analytics agent for Cisco Nexus 9000 ...) NOT-FOR-US: Cisco CVE-2019-1617 (A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtu ...) NOT-FOR-US: Cisco CVE-2019-1616 (A vulnerability in the Cisco Fabric Services component of Cisco NX-OS ...) NOT-FOR-US: Cisco CVE-2019-1615 (A vulnerability in the Image Signature Verification feature of Cisco N ...) NOT-FOR-US: Cisco CVE-2019-1614 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2019-1613 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1612 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1611 (A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Soft ...) NOT-FOR-US: Cisco CVE-2019-1610 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1609 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1608 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1607 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1606 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1605 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2019-1604 (A vulnerability in the user account management interface of Cisco NX-O ...) NOT-FOR-US: Cisco CVE-2019-1603 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) NOT-FOR-US: Cisco CVE-2019-1602 (A vulnerability in the filesystem permissions of Cisco NX-OS Software ...) NOT-FOR-US: Cisco CVE-2019-1601 (A vulnerability in the filesystem permissions of Cisco NX-OS Software ...) NOT-FOR-US: Cisco CVE-2019-1600 (A vulnerability in the file system permissions of Cisco FXOS Software ...) NOT-FOR-US: Cisco CVE-2019-1599 (A vulnerability in the network stack of Cisco NX-OS Software could all ...) NOT-FOR-US: Cisco CVE-2019-1598 (Multiple vulnerabilities in the implementation of the Lightweight Dire ...) NOT-FOR-US: Cisco CVE-2019-1597 (Multiple vulnerabilities in the implementation of the Lightweight Dire ...) NOT-FOR-US: Cisco CVE-2019-1596 (A vulnerability in the Bash shell implementation for Cisco NX-OS Softw ...) NOT-FOR-US: Cisco CVE-2019-1595 (A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol imp ...) NOT-FOR-US: Cisco CVE-2019-1594 (A vulnerability in the 802.1X implementation for Cisco NX-OS Software ...) NOT-FOR-US: Cisco CVE-2019-1593 (A vulnerability in the Bash shell implementation for Cisco NX-OS Softw ...) NOT-FOR-US: Cisco CVE-2019-1592 (A vulnerability in the background operations functionality of Cisco Ne ...) NOT-FOR-US: Cisco CVE-2019-1591 (A vulnerability in a specific CLI command implementation of Cisco Nexu ...) NOT-FOR-US: Cisco CVE-2019-1590 (A vulnerability in the Transport Layer Security (TLS) certificate vali ...) NOT-FOR-US: Cisco CVE-2019-1589 (A vulnerability in the Trusted Platform Module (TPM) functionality of ...) NOT-FOR-US: Cisco CVE-2019-1588 (A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running ...) NOT-FOR-US: Cisco CVE-2019-1587 (A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Applicat ...) NOT-FOR-US: Cisco CVE-2019-1586 (A vulnerability in Cisco Application Policy Infrastructure Controller ...) NOT-FOR-US: Cisco CVE-2019-1585 (A vulnerability in the controller authorization functionality of Cisco ...) NOT-FOR-US: Cisco CVE-2019-1584 (A security vulnerability exists in Zingbox Inspector version 1.293 and ...) NOT-FOR-US: Zingbox Inspector CVE-2019-1583 (Escalation of privilege vulnerability in the Palo Alto Networks Twistl ...) NOT-FOR-US: Palo Alto Networks CVE-2019-1582 (Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and ea ...) NOT-FOR-US: PAN-OS CVE-2019-1581 (A remote code execution vulnerability in the PAN-OS SSH device managem ...) NOT-FOR-US: PAN-OS CVE-2019-1580 (Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earl ...) NOT-FOR-US: PAN-OS CVE-2019-1579 (Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 a ...) NOT-FOR-US: PAN-OS CVE-2019-1578 (Cross-site scripting vulnerability in Palo Alto Networks MineMeld vers ...) NOT-FOR-US: Palo Alto Networks MineMeld CVE-2019-1577 (Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and ear ...) NOT-FOR-US: Palo Alto Networks Traps CVE-2019-1576 (Command injection in PAN-0S 9.0.2 and earlier may allow an authenticat ...) NOT-FOR-US: PAN-0S CVE-2019-1575 (Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and ...) NOT-FOR-US: PAN-0S CVE-2019-1574 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedit ...) NOT-FOR-US: Palo Alto Networks Expedition Migration tool CVE-2019-1573 (GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 a ...) NOT-FOR-US: GlobalProtect CVE-2019-1572 (PAN-OS 9.0.0 may allow an unauthenticated remote user to access php fi ...) NOT-FOR-US: PAN-OS CVE-2019-1571 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...) NOT-FOR-US: Expedition Migration tool CVE-2019-1570 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...) NOT-FOR-US: Expedition Migration tool CVE-2019-1569 (The Expedition Migration tool 1.1.8 and earlier may allow an authentic ...) NOT-FOR-US: Expedition Migration tool CVE-2019-1568 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto ...) NOT-FOR-US: Palo Alto Networks Demisto CVE-2019-1567 (The Expedition Migration tool 1.1.6 and earlier may allow an authentic ...) NOT-FOR-US: Expedition Migration tool CVE-2019-1566 (The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN- ...) NOT-FOR-US: PAN-OS CVE-2019-1565 (The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-O ...) NOT-FOR-US: PAN-OS CVE-2019-1564 REJECTED CVE-2019-1563 (In situations where an attacker receives automated notification of the ...) {DSA-4540-1 DSA-4539-1 DLA-1932-1} - openssl 1.1.1d-1 - openssl1.0 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 (OpenSSL_1_1_1d) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97 (OpenSSL_1_1_0l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f (OpenSSL_1_0_2t) NOTE: https://www.openssl.org/news/secadv/20190910.txt CVE-2019-1562 REJECTED CVE-2019-1561 REJECTED CVE-2019-1560 REJECTED CVE-2019-1559 (If an application encounters a fatal protocol error and then calls SSL ...) {DSA-4400-1 DLA-1701-1} - openssl1.0 - openssl 1.1.0b-2 NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=48c8bcf5bca0ce7751f49599381e143de1b61786 NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=5741d5bb74797e4532acc9f42e54c44a2726c179 (only hardening) NOTE: 1.1.0 is not impacted by CVE-2019-1559. The CVE is a result of applications NOTE: calling SSL_shutdown after a fatal alert has occurred. 1.1.0 is not vulnerable NOTE: to this issue, marking first 1.1 upload of src:openssl as fixed NOTE: https://www.openssl.org/news/secadv/20190226.txt CVE-2019-1558 REJECTED CVE-2019-1557 REJECTED CVE-2019-1556 REJECTED CVE-2019-1555 REJECTED CVE-2019-1554 REJECTED CVE-2019-1553 REJECTED CVE-2019-1552 (OpenSSL has internal defaults for a directory tree where it can find a ...) - openssl (Windows-specific) - openssl1.0 (Windows-specific) NOTE: https://www.openssl.org/news/secadv/20190730.txt CVE-2019-1551 (There is an overflow bug in the x64_64 Montgomery squaring procedure u ...) {DSA-4855-1 DSA-4594-1} - openssl 1.1.1e-1 (low; bug #947949) [stretch] - openssl (Wait until next upstream security release) [jessie] - openssl (Affected modules are not present in Jessie) - openssl1.0 (low) NOTE: https://www.openssl.org/news/secadv/20191206.txt NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98 CVE-2019-1550 REJECTED CVE-2019-1549 (OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). Th ...) - openssl 1.1.1d-1 [buster] - openssl 1.1.1d-0+deb10u1 [stretch] - openssl (Only affects OpenSSL 1.1.1 to 1.1.1c) [jessie] - openssl (Only affects OpenSSL 1.1.1 to 1.1.1c) - openssl1.0 (Only affects OpenSSL 1.1.1 to 1.1.1c) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be NOTE: https://www.openssl.org/news/secadv/20190910.txt CVE-2019-1548 REJECTED CVE-2019-1547 (Normally in OpenSSL EC groups always have a co-factor present and this ...) {DSA-4540-1 DSA-4539-1 DLA-1932-1} - openssl 1.1.1d-1 - openssl1.0 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46 (OpenSSL_1_0_2t) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a (OpenSSL_1_1_0l) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8 (OpenSSL_1_1_1d) NOTE: https://www.openssl.org/news/secadv/20190910.txt CVE-2019-1546 REJECTED CVE-2019-1545 REJECTED CVE-2019-1544 REJECTED CVE-2019-1543 (ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input ...) {DSA-4475-1} - openssl 1.1.1c-1 (low) [jessie] - openssl (Vulnerability does not impact 1.0.1 series) - openssl1.0 (Vulnerability does not impact 1.0.2 series) NOTE: https://www.openssl.org/news/secadv/20190306.txt NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=f426625b6ae9a7831010750490a5f0ad689c5ba3 (OpenSSL_1_1_1c) NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ee22257b1418438ebaf54df98af4e24f494d1809 (OpenSSL_1_1_0k) CVE-2019-1542 REJECTED CVE-2019-1541 REJECTED CVE-2019-1540 REJECTED CVE-2019-1539 REJECTED CVE-2019-1538 REJECTED CVE-2019-1537 REJECTED CVE-2019-1536 REJECTED CVE-2019-1535 REJECTED CVE-2019-1534 REJECTED CVE-2019-1533 REJECTED CVE-2019-1532 REJECTED CVE-2019-1531 REJECTED CVE-2019-1530 REJECTED CVE-2019-1529 REJECTED CVE-2019-1528 REJECTED CVE-2019-1527 REJECTED CVE-2019-1526 REJECTED CVE-2019-1525 REJECTED CVE-2019-1524 REJECTED CVE-2019-1523 REJECTED CVE-2019-1522 REJECTED CVE-2019-1521 REJECTED CVE-2019-1520 REJECTED CVE-2019-1519 REJECTED CVE-2019-1518 REJECTED CVE-2019-1517 REJECTED CVE-2019-1516 REJECTED CVE-2019-1515 REJECTED CVE-2019-1514 REJECTED CVE-2019-1513 REJECTED CVE-2019-1512 REJECTED CVE-2019-1511 REJECTED CVE-2019-1510 REJECTED CVE-2019-1509 REJECTED CVE-2019-1508 REJECTED CVE-2019-1507 REJECTED CVE-2019-1506 REJECTED CVE-2019-1505 REJECTED CVE-2019-1504 REJECTED CVE-2019-1503 REJECTED CVE-2019-1502 REJECTED CVE-2019-1501 REJECTED CVE-2019-1500 REJECTED CVE-2019-1499 REJECTED CVE-2019-1498 REJECTED CVE-2019-1497 REJECTED CVE-2019-1496 REJECTED CVE-2019-1495 REJECTED CVE-2019-1494 REJECTED CVE-2019-1493 REJECTED CVE-2019-1492 REJECTED CVE-2019-1491 RESERVED CVE-2019-1490 (A spoofing vulnerability exists when a Skype for Business Server does ...) NOT-FOR-US: Skype CVE-2019-1489 (An information disclosure vulnerability exists when the Windows Remote ...) NOT-FOR-US: Microsoft CVE-2019-1488 (A security feature bypass vulnerability exists when Microsoft Defender ...) NOT-FOR-US: Microsoft CVE-2019-1487 (An information disclosure vulnerability in Android Apps using Microsof ...) NOT-FOR-US: Microsoft CVE-2019-1486 (A spoofing vulnerability exists in Visual Studio Live Share when a gue ...) NOT-FOR-US: Microsoft CVE-2019-1485 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-1484 (A remote code execution vulnerability exists when Microsoft Windows OL ...) NOT-FOR-US: Microsoft CVE-2019-1483 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2019-1482 REJECTED CVE-2019-1481 (An information disclosure vulnerability exists in Windows Media Player ...) NOT-FOR-US: Microsoft CVE-2019-1480 (An information disclosure vulnerability exists in Windows Media Player ...) NOT-FOR-US: Microsoft CVE-2019-1479 REJECTED CVE-2019-1478 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-1477 (An elevation of privilege vulnerability exists when the Windows Printe ...) NOT-FOR-US: Microsoft CVE-2019-1476 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...) NOT-FOR-US: Microsoft CVE-2019-1475 REJECTED CVE-2019-1474 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1473 REJECTED CVE-2019-1472 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1471 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-1470 (An information disclosure vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2019-1469 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2019-1468 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2019-1467 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1466 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1465 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1464 (An information disclosure vulnerability exists when Microsoft Excel im ...) NOT-FOR-US: Microsoft CVE-2019-1463 (An information disclosure vulnerability exists in Microsoft Access sof ...) NOT-FOR-US: Microsoft CVE-2019-1462 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...) NOT-FOR-US: Microsoft CVE-2019-1461 (A denial of service vulnerability exists in Microsoft Word software wh ...) NOT-FOR-US: Microsoft CVE-2019-1460 (A spoofing vulnerability exists in the way Microsoft Outlook for Andro ...) NOT-FOR-US: Microsoft Outlook for Android software CVE-2019-1459 REJECTED CVE-2019-1458 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1457 (A security feature bypass vulnerability exists in Microsoft Office sof ...) NOT-FOR-US: Microsoft CVE-2019-1456 (A remote code execution vulnerability exists in Microsoft Windows when ...) NOT-FOR-US: Microsoft CVE-2019-1455 REJECTED CVE-2019-1454 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2019-1453 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) NOT-FOR-US: Microsoft CVE-2019-1452 REJECTED CVE-2019-1451 REJECTED CVE-2019-1450 REJECTED CVE-2019-1449 (A security feature bypass vulnerability exists in the way that Office ...) NOT-FOR-US: Microsoft CVE-2019-1448 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2019-1447 (A spoofing vulnerability exists when Office Online does not validate o ...) NOT-FOR-US: Microsoft CVE-2019-1446 (An information disclosure vulnerability exists when Microsoft Excel im ...) NOT-FOR-US: Microsoft CVE-2019-1445 (A spoofing vulnerability exists when Office Online does not validate o ...) NOT-FOR-US: Microsoft CVE-2019-1444 REJECTED CVE-2019-1443 (An information disclosure vulnerability exists in Microsoft SharePoint ...) NOT-FOR-US: Microsoft CVE-2019-1442 (A security feature bypass vulnerability exists when Microsoft Office d ...) NOT-FOR-US: Microsoft CVE-2019-1441 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2019-1440 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2019-1439 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1438 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2019-1437 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2019-1436 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2019-1435 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2019-1434 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1433 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2019-1432 (An information disclosure vulnerability exists when DirectWrite improp ...) NOT-FOR-US: Microsoft CVE-2019-1431 REJECTED CVE-2019-1430 (A remote code execution vulnerability exists when Windows Media Founda ...) NOT-FOR-US: Microsoft CVE-2019-1429 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1428 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1427 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1426 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1425 (An elevation of privilege vulnerability exists when Visual Studio fail ...) NOT-FOR-US: Microsoft CVE-2019-1424 (A security feature bypass vulnerability exists when Windows Netlogon i ...) NOT-FOR-US: Microsoft CVE-2019-1423 (An elevation of privilege vulnerability exists in the way that the Sta ...) NOT-FOR-US: Microsoft CVE-2019-1422 (An elevation of privilege vulnerability exists in the way that the iph ...) NOT-FOR-US: Microsoft CVE-2019-1421 REJECTED CVE-2019-1420 (An elevation of privilege vulnerability exists in the way that the dss ...) NOT-FOR-US: Microsoft CVE-2019-1419 (A remote code execution vulnerability exists in Microsoft Windows when ...) NOT-FOR-US: Microsoft CVE-2019-1418 (An information vulnerability exists when Windows Modules Installer Ser ...) NOT-FOR-US: Microsoft CVE-2019-1417 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2019-1416 (An elevation of privilege vulnerability exists due to a race condition ...) NOT-FOR-US: Microsoft CVE-2019-1415 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2019-1414 (An elevation of privilege vulnerability exists in Visual Studio Code w ...) NOT-FOR-US: Microsoft CVE-2019-1413 (A security feature bypass vulnerability exists when Microsoft Edge imp ...) NOT-FOR-US: Microsoft CVE-2019-1412 (An information disclosure vulnerability exists in Windows Adobe Type M ...) NOT-FOR-US: Microsoft CVE-2019-1411 (An information disclosure vulnerability exists when DirectWrite improp ...) NOT-FOR-US: Microsoft CVE-2019-1410 REJECTED CVE-2019-1409 (An information disclosure vulnerability exists when the Windows Remote ...) NOT-FOR-US: Microsoft CVE-2019-1408 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1407 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2019-1406 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1405 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2019-1404 REJECTED CVE-2019-1403 REJECTED CVE-2019-1402 (An information disclosure vulnerability exists in Microsoft Office sof ...) NOT-FOR-US: Microsoft CVE-2019-1401 REJECTED CVE-2019-1400 (An information disclosure vulnerability exists in Microsoft Access sof ...) NOT-FOR-US: Microsoft CVE-2019-1399 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-1398 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-1397 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-1396 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1395 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1394 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1393 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1392 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1391 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2019-1390 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-1389 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-1388 (An elevation of privilege vulnerability exists in the Windows Certific ...) NOT-FOR-US: Microsoft CVE-2019-1387 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...) {DSA-4581-1 DLA-2059-1} - git 1:2.24.0-2 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a8dee3ca610f5a1d403634492136c887f83b59d2 NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 CVE-2019-1386 REJECTED CVE-2019-1385 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2019-1384 (A security feature bypass vulnerability exists where a NETLOGON messag ...) NOT-FOR-US: Microsoft CVE-2019-1383 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2019-1382 (An elevation of privilege vulnerability exists when ActiveX Installer ...) NOT-FOR-US: Microsoft CVE-2019-1381 (An information disclosure vulnerability exists when the Windows Servic ...) NOT-FOR-US: Microsoft CVE-2019-1380 (A local elevation of privilege vulnerability exists in how splwow64.ex ...) NOT-FOR-US: Microsoft CVE-2019-1379 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2019-1378 (An elevation of privilege vulnerability exists in Windows 10 Update As ...) NOT-FOR-US: Microsoft CVE-2019-1377 REJECTED CVE-2019-1376 (An information disclosure vulnerability exists in Microsoft SQL Server ...) NOT-FOR-US: Microsoft CVE-2019-1375 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2019-1374 (An information disclosure vulnerability exists in the way Windows Erro ...) NOT-FOR-US: Microsoft CVE-2019-1373 (A remote code execution vulnerability exists in Microsoft Exchange thr ...) NOT-FOR-US: Microsoft CVE-2019-1372 (An remote code execution vulnerability exists when Azure App Service/ ...) NOT-FOR-US: Microsoft CVE-2019-1371 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2019-1370 (An information disclosure vulnerability exists when affected Open Encl ...) NOT-FOR-US: Microsoft CVE-2019-1369 (An information disclosure vulnerability exists when affected Open Encl ...) NOT-FOR-US: Microsoft CVE-2019-1368 (A security feature bypass exists when Windows Secure Boot improperly r ...) NOT-FOR-US: Microsoft CVE-2019-1367 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1366 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1365 (An elevation of privilege vulnerability exists when Microsoft IIS Serv ...) NOT-FOR-US: Microsoft CVE-2019-1364 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1363 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2019-1362 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1361 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2019-1360 REJECTED CVE-2019-1359 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1358 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1357 (A spoofing vulnerability exists when Microsoft Browsers improperly han ...) NOT-FOR-US: Microsoft CVE-2019-1356 (An information disclosure vulnerability exists when Microsoft Edge bas ...) NOT-FOR-US: Microsoft CVE-2019-1355 REJECTED CVE-2019-1354 (A remote code execution vulnerability exists when Git for Visual Studi ...) - git 1:2.24.0-2 (unimportant) [buster] - git 1:2.20.1-2+deb10u1 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e1d911dd4c7b76a5a8cec0f5c8de15981e34da83 NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 CVE-2019-1353 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...) {DSA-4581-1 DLA-2059-1} - git 1:2.24.0-2 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=9102f958ee5254b10c0be72672aa3305bf4f4704 NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 CVE-2019-1352 (A remote code execution vulnerability exists when Git for Visual Studi ...) {DSA-4581-1 DLA-2059-1} - git 1:2.24.0-2 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=7c3745fc6185495d5765628b4dfe1bd2c25a2981 NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 NOTE: Additional hardening for .gitmodules (but not part of the CVE): NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=91bd46588e6959e6903e275f78b10bd07830d547 CVE-2019-1351 (A tampering vulnerability exists when Git for Visual Studio improperly ...) - git 1:2.24.0-2 (unimportant) [buster] - git 1:2.20.1-2+deb10u1 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=f82a97eb9197c1e3768e72648f37ce0ca3233734 NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 CVE-2019-1350 (A remote code execution vulnerability exists when Git for Visual Studi ...) - git 1:2.24.0-2 (unimportant) [buster] - git 1:2.20.1-2+deb10u1 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=6d8684161ee9c03bed5cb69ae76dfdddb85a0003 NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 CVE-2019-1349 (A remote code execution vulnerability exists when Git for Visual Studi ...) {DSA-4581-1 DLA-2059-1} - git 1:2.24.0-2 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=0060fd1511b94c918928fa3708f69a3f33895a4a NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 CVE-2019-1348 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...) {DSA-4581-1 DLA-2059-1} - git 1:2.24.0-2 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=68061e3470210703cb15594194718d35094afdc0 NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 CVE-2019-1347 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2019-1346 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2019-1345 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1344 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2019-1343 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2019-1342 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2019-1341 (An elevation of privilege vulnerability exists when umpo.dll of the Po ...) NOT-FOR-US: Microsoft CVE-2019-1340 (An elevation of privilege vulnerability exists in Windows AppX Deploym ...) NOT-FOR-US: Microsoft CVE-2019-1339 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2019-1338 (A security feature bypass vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2019-1337 (An information disclosure vulnerability exists when Windows Update Cli ...) NOT-FOR-US: Microsoft CVE-2019-1336 (An elevation of privilege vulnerability exists in the Microsoft Window ...) NOT-FOR-US: Microsoft CVE-2019-1335 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1334 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1333 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2019-1332 (A cross-site scripting (XSS) vulnerability exists when Microsoft SQL S ...) NOT-FOR-US: Microsoft CVE-2019-1331 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2019-1330 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...) NOT-FOR-US: Microsoft CVE-2019-1329 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2019-1328 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2019-1327 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2019-1326 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) NOT-FOR-US: Microsoft CVE-2019-1325 (An elevation of privilege vulnerability exists in the Windows redirect ...) NOT-FOR-US: Microsoft CVE-2019-1324 (An information disclosure vulnerability exists when the Windows TCP/IP ...) NOT-FOR-US: Microsoft CVE-2019-1323 (An elevation of privilege vulnerability exists in the Microsoft Window ...) NOT-FOR-US: Microsoft CVE-2019-1322 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-1321 (An elevation of privilege vulnerability exists when Windows CloudStore ...) NOT-FOR-US: Microsoft CVE-2019-1320 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-1319 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2019-1318 (A spoofing vulnerability exists when Transport Layer Security (TLS) ac ...) NOT-FOR-US: Microsoft CVE-2019-1317 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2019-1316 (An elevation of privilege vulnerability exists in Microsoft Windows Se ...) NOT-FOR-US: Microsoft CVE-2019-1315 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2019-1314 (A security feature bypass vulnerability exists in Windows 10 Mobile wh ...) NOT-FOR-US: Microsoft CVE-2019-1313 (An information disclosure vulnerability exists in Microsoft SQL Server ...) NOT-FOR-US: Microsoft CVE-2019-1312 REJECTED CVE-2019-1311 (A remote code execution vulnerability exists when the Windows Imaging ...) NOT-FOR-US: Microsoft CVE-2019-1310 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-1309 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-1308 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1307 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1306 (A remote code execution vulnerability exists when Azure DevOps Server ...) NOT-FOR-US: Microsoft CVE-2019-1305 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...) NOT-FOR-US: Microsoft CVE-2019-1304 REJECTED CVE-2019-1303 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2019-1302 (An elevation of privilege vulnerability exists when a ASP.NET Core web ...) NOT-FOR-US: Microsoft CVE-2019-1301 (A denial of service vulnerability exists when .NET Core improperly han ...) NOT-FOR-US: Microsoft CVE-2019-1300 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1299 (An information disclosure vulnerability exists when Microsoft Edge bas ...) NOT-FOR-US: Microsoft CVE-2019-1298 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1297 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2019-1296 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2019-1295 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2019-1294 (A security feature bypass exists when Windows Secure Boot improperly r ...) NOT-FOR-US: Microsoft CVE-2019-1293 (An information disclosure vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1292 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2019-1291 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2019-1290 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2019-1289 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2019-1288 REJECTED CVE-2019-1287 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2019-1286 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1285 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1284 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2019-1283 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2019-1282 (An information disclosure exists in the Windows Common Log File System ...) NOT-FOR-US: Microsoft CVE-2019-1281 REJECTED CVE-2019-1280 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2019-1279 REJECTED CVE-2019-1278 (An elevation of privilege vulnerability exists in the way that the uni ...) NOT-FOR-US: Microsoft CVE-2019-1277 (An elevation of privilege vulnerability exists in Windows Audio Servic ...) NOT-FOR-US: Microsoft CVE-2019-1276 REJECTED CVE-2019-1275 REJECTED CVE-2019-1274 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1273 (A cross-site-scripting (XSS) vulnerability exists when Active Director ...) NOT-FOR-US: Microsoft CVE-2019-1272 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-1271 (An elevation of privilege exists in hdAudio.sys which may lead to an o ...) NOT-FOR-US: Microsoft CVE-2019-1270 (An elevation of privilege vulnerability exists in Windows store instal ...) NOT-FOR-US: Microsoft CVE-2019-1269 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-1268 (An elevation of privilege exists when Winlogon does not properly handl ...) NOT-FOR-US: Microsoft CVE-2019-1267 (An elevation of privilege vulnerability exists in Microsoft Compatibil ...) NOT-FOR-US: Microsoft CVE-2019-1266 (A spoofing vulnerability exists in Microsoft Exchange Server when Outl ...) NOT-FOR-US: Microsoft CVE-2019-1265 (A security feature bypass vulnerability exists when Microsoft Yammer A ...) NOT-FOR-US: Microsoft CVE-2019-1264 (A security feature bypass vulnerability exists when Microsoft Office i ...) NOT-FOR-US: Microsoft CVE-2019-1263 (An information disclosure vulnerability exists when Microsoft Excel im ...) NOT-FOR-US: Microsoft CVE-2019-1262 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-1261 (A spoofing vulnerability exists in Microsoft SharePoint when it improp ...) NOT-FOR-US: Microsoft CVE-2019-1260 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...) NOT-FOR-US: Microsoft CVE-2019-1259 (A spoofing vulnerability exists in Microsoft SharePoint when it improp ...) NOT-FOR-US: Microsoft CVE-2019-1258 (An elevation of privilege vulnerability exists in Azure Active Directo ...) NOT-FOR-US: Microsoft CVE-2019-1257 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2019-1256 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1255 (A denial of service vulnerability exists when Microsoft Defender impro ...) NOT-FOR-US: Microsoft CVE-2019-1254 (An information disclosure vulnerability exists when Windows Hyper-V wr ...) NOT-FOR-US: Microsoft CVE-2019-1253 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2019-1252 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1251 (An information disclosure vulnerability exists when DirectWrite improp ...) NOT-FOR-US: Microsoft CVE-2019-1250 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1249 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1248 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1247 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1246 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1245 (An information disclosure vulnerability exists when DirectWrite improp ...) NOT-FOR-US: Microsoft CVE-2019-1244 (An information disclosure vulnerability exists when DirectWrite improp ...) NOT-FOR-US: Microsoft CVE-2019-1243 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1242 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1241 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1240 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1239 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-1238 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-1237 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1236 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-1235 (An elevation of privilege vulnerability exists in Windows Text Service ...) NOT-FOR-US: Microsoft CVE-2019-1234 (A spoofing vulnerability exists when Azure Stack fails to validate cer ...) NOT-FOR-US: Microsoft CVE-2019-1233 (A denial of service vulnerability exists in Microsoft Exchange Server ...) NOT-FOR-US: Microsoft CVE-2019-1232 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2019-1231 (An information disclosure vulnerability exists in the way Rome SDK han ...) NOT-FOR-US: Microsoft CVE-2019-1230 (An information disclosure vulnerability exists when the Windows Hyper- ...) NOT-FOR-US: Microsoft CVE-2019-1229 (An elevation of privilege vulnerability exists in Dynamics On-Premise ...) NOT-FOR-US: Microsoft CVE-2019-1228 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1227 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1226 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2019-1225 (An information disclosure vulnerability exists when the Windows RDP se ...) NOT-FOR-US: Microsoft CVE-2019-1224 (An information disclosure vulnerability exists when the Windows RDP se ...) NOT-FOR-US: Microsoft CVE-2019-1223 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) NOT-FOR-US: Microsoft CVE-2019-1222 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2019-1221 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1220 (A security feature bypass vulnerability exists when Microsoft Browsers ...) NOT-FOR-US: Microsoft CVE-2019-1219 (An information disclosure vulnerability exists when the Windows Transa ...) NOT-FOR-US: Microsoft CVE-2019-1218 (A spoofing vulnerability exists in the way Microsoft Outlook iOS softw ...) NOT-FOR-US: Microsoft CVE-2019-1217 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1216 (An information disclosure vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2019-1215 (An elevation of privilege vulnerability exists in the way that ws2ifsl ...) NOT-FOR-US: Microsoft CVE-2019-1214 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2019-1213 (A memory corruption vulnerability exists in the Windows Server DHCP se ...) NOT-FOR-US: Microsoft CVE-2019-1212 (A memory corruption vulnerability exists in the Windows Server DHCP se ...) NOT-FOR-US: Microsoft CVE-2019-1211 (An elevation of privilege vulnerability exists in Git for Visual Studi ...) NOT-FOR-US: Microsoft CVE-2019-1210 REJECTED CVE-2019-1209 (An information disclosure vulnerability exists in Lync 2013, aka 'Lync ...) NOT-FOR-US: Microsoft CVE-2019-1208 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-1207 REJECTED CVE-2019-1206 (A memory corruption vulnerability exists in the Windows Server DHCP se ...) NOT-FOR-US: Microsoft CVE-2019-1205 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2019-1204 (An elevation of privilege vulnerability exists when Microsoft Outlook ...) NOT-FOR-US: Microsoft CVE-2019-1203 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-1202 (An information disclosure vulnerability exists in the way Microsoft Sh ...) NOT-FOR-US: Microsoft CVE-2019-1201 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2019-1200 (A remote code execution vulnerability exists in Microsoft Outlook soft ...) NOT-FOR-US: Microsoft CVE-2019-1199 (A remote code execution vulnerability exists in Microsoft Outlook when ...) NOT-FOR-US: Microsoft CVE-2019-1198 (An elevation of privilege exists in SyncController.dll, aka 'Microsoft ...) NOT-FOR-US: Microsoft CVE-2019-1197 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1196 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1195 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1194 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1193 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2019-1192 (A security feature bypass vulnerability exists when Microsoft browsers ...) NOT-FOR-US: Microsoft CVE-2019-1191 REJECTED CVE-2019-1190 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2019-1189 REJECTED CVE-2019-1188 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2019-1187 (A denial of service vulnerability exists when the XmlLite runtime (Xml ...) NOT-FOR-US: Microsoft CVE-2019-1186 (An elevation of privilege vulnerability exists in the way that the wcm ...) NOT-FOR-US: Microsoft CVE-2019-1185 (An elevation of privilege vulnerability exists due to a stack corrupti ...) NOT-FOR-US: Microsoft CVE-2019-1184 (An elevation of privilege vulnerability exists when Windows Core Shell ...) NOT-FOR-US: Microsoft CVE-2019-1183 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-1182 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2019-1181 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2019-1180 (An elevation of privilege vulnerability exists in the way that the wcm ...) NOT-FOR-US: Microsoft CVE-2019-1179 (An elevation of privilege vulnerability exists in the way that the uni ...) NOT-FOR-US: Microsoft CVE-2019-1178 (An elevation of privilege vulnerability exists in the way that the ssd ...) NOT-FOR-US: Microsoft CVE-2019-1177 (An elevation of privilege vulnerability exists in the way that the rpc ...) NOT-FOR-US: Microsoft CVE-2019-1176 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2019-1175 (An elevation of privilege vulnerability exists in the way that the psm ...) NOT-FOR-US: Microsoft CVE-2019-1174 (An elevation of privilege vulnerability exists in the way that the Psm ...) NOT-FOR-US: Microsoft CVE-2019-1173 (An elevation of privilege vulnerability exists in the way that the Psm ...) NOT-FOR-US: Microsoft CVE-2019-1172 (An information disclosure vulnerability exists in Azure Active Directo ...) NOT-FOR-US: Microsoft CVE-2019-1171 (An information disclosure vulnerability exists in SymCrypt during the ...) NOT-FOR-US: Microsoft CVE-2019-1170 (An elevation of privilege vulnerability exists when reparse points are ...) NOT-FOR-US: Microsoft CVE-2019-1169 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1168 (An elevation of privilege exists in the p2pimsvc service where an atta ...) NOT-FOR-US: Microsoft CVE-2019-1167 (A security feature bypass vulnerability exists in Windows Defender App ...) NOT-FOR-US: Microsoft CVE-2019-1166 (A tampering vulnerability exists in Microsoft Windows when a man-in-th ...) NOT-FOR-US: Microsoft CVE-2019-1165 REJECTED CVE-2019-1164 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1163 (A security feature bypass exists when Windows incorrectly validates CA ...) NOT-FOR-US: Microsoft CVE-2019-1162 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-1161 (An elevation of privilege vulnerability exists when the MpSigStub.exe ...) NOT-FOR-US: Microsoft CVE-2019-1160 REJECTED CVE-2019-1159 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1158 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1157 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1156 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1155 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1154 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1153 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2019-1152 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2019-1151 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2019-1150 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2019-1149 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2019-1148 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2019-1147 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1146 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-1145 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2019-1144 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2019-1143 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1142 (An elevation of privilege vulnerability exists when the .NET Framework ...) NOT-FOR-US: Microsoft CVE-2019-1141 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1140 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1139 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1138 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1137 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...) NOT-FOR-US: Microsoft CVE-2019-1136 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...) NOT-FOR-US: Microsoft CVE-2019-1135 REJECTED CVE-2019-1134 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-1133 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1132 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1131 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1130 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...) NOT-FOR-US: Microsoft CVE-2019-1129 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...) NOT-FOR-US: Microsoft CVE-2019-1128 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1127 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1126 (A security feature bypass vulnerability exists in Active Directory Fed ...) NOT-FOR-US: Microsoft CVE-2019-1125 (An information disclosure vulnerability exists when certain central pr ...) {DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1} - linux 5.2.7-1 NOTE: https://access.redhat.com/articles/4329821 CVE-2019-1124 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1123 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1122 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1121 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1120 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1119 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1118 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1117 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2019-1116 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1115 REJECTED CVE-2019-1114 REJECTED CVE-2019-1113 (A remote code execution vulnerability exists in .NET software when the ...) NOT-FOR-US: Microsoft .NET CVE-2019-1112 (An information disclosure vulnerability exists when Microsoft Excel im ...) NOT-FOR-US: Microsoft CVE-2019-1111 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2019-1110 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2019-1109 (A spoofing vulnerability exists when Microsoft Office Javascript does ...) NOT-FOR-US: Microsoft CVE-2019-1108 (An information disclosure vulnerability exists when the Windows RDP cl ...) NOT-FOR-US: Microsoft CVE-2019-1107 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1106 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1105 (A spoofing vulnerability exists in the way Microsoft Outlook for Andro ...) NOT-FOR-US: Microsoft CVE-2019-1104 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2019-1103 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1102 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2019-1101 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1100 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1099 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1098 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1097 (An information disclosure vulnerability exists when DirectWrite improp ...) NOT-FOR-US: Microsoft CVE-2019-1096 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2019-1095 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1094 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1093 (An information disclosure vulnerability exists when DirectWrite improp ...) NOT-FOR-US: Microsoft CVE-2019-1092 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1091 (An information disclosure vulnerability exists when Unistore.dll fails ...) NOT-FOR-US: Microsoft CVE-2019-1090 (An elevation of privilege vulnerability exists in the way that the dns ...) NOT-FOR-US: Microsoft CVE-2019-1089 (An elevation of privilege vulnerability exists in rpcss.dll when the R ...) NOT-FOR-US: Microsoft CVE-2019-1088 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...) NOT-FOR-US: Microsoft CVE-2019-1087 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...) NOT-FOR-US: Microsoft CVE-2019-1086 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...) NOT-FOR-US: Microsoft CVE-2019-1085 (An elevation of privilege vulnerability exists in the way that the wla ...) NOT-FOR-US: Microsoft CVE-2019-1084 (An information disclosure vulnerability exists when Exchange allows cr ...) NOT-FOR-US: Microsoft CVE-2019-1083 (A denial of service vulnerability exists when Microsoft Common Object ...) NOT-FOR-US: Microsoft CVE-2019-1082 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2019-1081 (An information disclosure vulnerability exists when affected Microsoft ...) NOT-FOR-US: Microsoft CVE-2019-1080 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2019-1079 (An information disclosure vulnerability exists when Visual Studio impr ...) NOT-FOR-US: Microsoft CVE-2019-1078 (An information disclosure vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2019-1077 (An elevation of privilege vulnerability exists when the Visual Studio ...) NOT-FOR-US: Microsoft CVE-2019-1076 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...) NOT-FOR-US: Microsoft CVE-2019-1075 (A spoofing vulnerability exists in ASP.NET Core that could lead to an ...) NOT-FOR-US: Microsoft CVE-2019-1074 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2019-1073 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1072 (A remote code execution vulnerability exists when Azure DevOps Server ...) NOT-FOR-US: Microsoft CVE-2019-1071 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1070 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-1069 (An elevation of privilege vulnerability exists in the way the Task Sch ...) NOT-FOR-US: Microsoft CVE-2019-1068 (A remote code execution vulnerability exists in Microsoft SQL Server w ...) NOT-FOR-US: Microsoft CVE-2019-1067 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1066 REJECTED CVE-2019-1065 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1064 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...) NOT-FOR-US: Microsoft CVE-2019-1063 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2019-1062 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1061 REJECTED CVE-2019-1060 (A remote code execution vulnerability exists when the Microsoft XML Co ...) NOT-FOR-US: Microsoft CVE-2019-1059 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1058 REJECTED CVE-2019-1057 (A remote code execution vulnerability exists when the Microsoft XML Co ...) NOT-FOR-US: Microsoft CVE-2019-1056 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1055 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2019-1054 (A security feature bypass vulnerability exists in Edge that allows for ...) NOT-FOR-US: Microsoft CVE-2019-1053 (An elevation of privilege vulnerability exists when the Windows Shell ...) NOT-FOR-US: Microsoft CVE-2019-1052 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1051 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1050 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1049 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1048 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1047 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1046 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1045 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2019-1044 (A security feature bypass vulnerability exists when Windows Secure Ker ...) NOT-FOR-US: Microsoft CVE-2019-1043 (A remote code execution vulnerability exists in the way that comctl32. ...) NOT-FOR-US: Microsoft CVE-2019-1042 REJECTED CVE-2019-1041 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1040 (A tampering vulnerability exists in Microsoft Windows when a man-in-th ...) NOT-FOR-US: Microsoft CVE-2019-1039 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-1038 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2019-1037 (An elevation of privilege vulnerability exists in the way Windows Erro ...) NOT-FOR-US: Microsoft CVE-2019-1036 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-1035 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2019-1034 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2019-1033 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-1032 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-1031 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-1030 (An information disclosure vulnerability exists when Microsoft Edge imp ...) NOT-FOR-US: Microsoft CVE-2019-1029 (A denial of service vulnerability exists in Skype for Business, aka 'S ...) NOT-FOR-US: Skype CVE-2019-1028 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...) NOT-FOR-US: Microsoft CVE-2019-1027 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...) NOT-FOR-US: Microsoft CVE-2019-1026 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...) NOT-FOR-US: Microsoft CVE-2019-1025 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2019-1024 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1023 (An information disclosure vulnerability exists when the scripting engi ...) NOT-FOR-US: Microsoft CVE-2019-1022 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...) NOT-FOR-US: Microsoft CVE-2019-1021 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...) NOT-FOR-US: Microsoft CVE-2019-1020 REJECTED CVE-2019-1019 (A security feature bypass vulnerability exists where a NETLOGON messag ...) NOT-FOR-US: Microsoft CVE-2019-1018 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2019-1017 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1016 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1015 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1014 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-1013 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1012 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1011 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1010 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1009 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-1008 (A security feature bypass vulnerability exists in Dynamics On Premise, ...) NOT-FOR-US: Microsoft Dynamics On-Premise CVE-2019-1007 (An elevation of privilege exists in Windows Audio Service, aka 'Window ...) NOT-FOR-US: Microsoft CVE-2019-1006 (An authentication bypass vulnerability exists in Windows Communication ...) NOT-FOR-US: Microsoft CVE-2019-1005 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2019-1004 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-1003 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1002 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-1001 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2019-1000 (An elevation of privilege vulnerability exists in Microsoft Azure Acti ...) NOT-FOR-US: Microsoft CVE-2019-0999 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2019-0998 (An elevation of privilege vulnerability exists when the Storage Servic ...) NOT-FOR-US: Microsoft CVE-2019-0997 REJECTED CVE-2019-0996 (A spoofing vulnerability exists in Azure DevOps Server when it imprope ...) NOT-FOR-US: Azure DevOps Server / Microsoft CVE-2019-0995 (A security feature bypass vulnerability exists when urlmon.dll imprope ...) NOT-FOR-US: Microsoft CVE-2019-0994 REJECTED CVE-2019-0993 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0992 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0991 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0990 (An information disclosure vulnerability exists when the scripting engi ...) NOT-FOR-US: Microsoft CVE-2019-0989 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0988 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0987 REJECTED CVE-2019-0986 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2019-0985 (A remote code execution vulnerability exists when the Microsoft Speech ...) NOT-FOR-US: Microsoft CVE-2019-0984 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2019-0983 (An elevation of privilege vulnerability exists when the Storage Servic ...) NOT-FOR-US: Microsoft CVE-2019-0982 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft CVE-2019-0981 (A denial of service vulnerability exists when .NET Framework or .NET C ...) NOT-FOR-US: Microsoft .NET Core CVE-2019-0980 (A denial of service vulnerability exists when .NET Framework or .NET C ...) NOT-FOR-US: Microsoft .NET Core CVE-2019-0979 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2019-0978 REJECTED CVE-2019-0977 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0976 (A tampering vulnerability exists in the NuGet Package Manager for Linu ...) - nuget (Vulnerable code introduced in 5.0.0) NOTE: Fixed in NuGet.Client 5.0.2. NOTE: https://github.com/NuGet/Home/issues/7908 NOTE: https://github.com/NuGet/NuGet.Client/commit/e32a2ea7096debd3e513188f6779bb1041593326 (5.0.2.5988) CVE-2019-0975 (A security feature bypass vulnerability exists when Active Directory F ...) NOT-FOR-US: Microsoft CVE-2019-0974 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0973 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2019-0972 (This security update corrects a denial of service in the Local Securit ...) NOT-FOR-US: Microsoft CVE-2019-0971 (An information disclosure vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2019-0970 REJECTED CVE-2019-0969 REJECTED CVE-2019-0968 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0967 REJECTED CVE-2019-0966 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-0965 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-0964 REJECTED CVE-2019-0963 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-0962 (An elevation of privilege vulnerability exists in Azure Automation "Ru ...) NOT-FOR-US: Microsoft CVE-2019-0961 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0960 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-0959 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2019-0958 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2019-0957 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2019-0956 (An information disclosure vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2019-0955 REJECTED CVE-2019-0954 REJECTED CVE-2019-0953 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2019-0952 (A remote code execution vulnerability exists in Microsoft SharePoint S ...) NOT-FOR-US: Microsoft CVE-2019-0951 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2019-0950 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2019-0949 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2019-0948 (An information disclosure vulnerability exists in the Windows Event Vi ...) NOT-FOR-US: Microsoft CVE-2019-0947 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0946 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0945 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0944 REJECTED CVE-2019-0943 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-0942 (An elevation of privilege vulnerability exists in the Unified Write Fi ...) NOT-FOR-US: Microsoft CVE-2019-0941 (A denial of service exists in Microsoft IIS Server when the optional r ...) NOT-FOR-US: Microsoft CVE-2019-0940 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2019-0939 REJECTED CVE-2019-0938 (An elevation of privilege vulnerability exists in Microsoft Edge that ...) NOT-FOR-US: Microsoft CVE-2019-0937 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0936 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2019-0935 REJECTED CVE-2019-0934 REJECTED CVE-2019-0933 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0932 (An information disclosure vulnerability exists in Skype for Android, a ...) NOT-FOR-US: Skype CVE-2019-0931 (An elevation of privilege vulnerability exists when the Storage Servic ...) NOT-FOR-US: Microsoft CVE-2019-0930 (An information disclosure vulnerability exists when Internet Explorer ...) NOT-FOR-US: Microsoft CVE-2019-0929 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2019-0928 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-0927 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0926 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2019-0925 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0924 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0923 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0922 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0921 (An spoofing vulnerability exists when Internet Explorer improperly han ...) NOT-FOR-US: Microsoft CVE-2019-0920 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2019-0919 REJECTED CVE-2019-0918 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2019-0917 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0916 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0915 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0914 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0913 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0912 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0911 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2019-0910 REJECTED CVE-2019-0909 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0908 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0907 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0906 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0905 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0904 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0903 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2019-0902 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0901 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0900 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0899 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0898 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0897 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0896 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0895 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0894 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0893 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0892 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-0891 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0890 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0889 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0888 (A remote code execution vulnerability exists in the way that ActiveX D ...) NOT-FOR-US: Microsoft CVE-2019-0887 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2019-0886 (An information disclosure vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2019-0885 (A remote code execution vulnerability exists when Microsoft Windows OL ...) NOT-FOR-US: Microsoft CVE-2019-0884 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2019-0883 REJECTED CVE-2019-0882 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0881 (An elevation of privilege vulnerability exists when the Windows Kernel ...) NOT-FOR-US: Microsoft CVE-2019-0880 (A local elevation of privilege vulnerability exists in how splwow64.ex ...) NOT-FOR-US: Microsoft CVE-2019-0879 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0878 REJECTED CVE-2019-0877 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0876 (An information disclosure vulnerability exists when affected Open Encl ...) NOT-FOR-US: Microsoft CVE-2019-0875 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2019-0874 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2019-0873 REJECTED CVE-2019-0872 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2019-0871 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2019-0870 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2019-0869 (A spoofing vulnerability exists in Microsoft Azure DevOps Server when ...) NOT-FOR-US: Microsoft CVE-2019-0868 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2019-0867 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2019-0866 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2019-0865 (A denial of service vulnerability exists when SymCrypt improperly hand ...) NOT-FOR-US: Microsoft CVE-2019-0864 (A denial of service vulnerability exists when .NET Framework improperl ...) NOT-FOR-US: .NET Framework CVE-2019-0863 (An elevation of privilege vulnerability exists in the way Windows Erro ...) NOT-FOR-US: Microsoft CVE-2019-0862 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0861 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0860 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0859 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-0858 (A spoofing vulnerability exists in Microsoft Exchange Server when Outl ...) NOT-FOR-US: Microsoft CVE-2019-0857 (A spoofing vulnerability that could allow a security feature bypass ex ...) NOT-FOR-US: Microsoft CVE-2019-0856 (A remote code execution vulnerability exists when Windows improperly h ...) NOT-FOR-US: Microsoft Windows CVE-2019-0855 REJECTED CVE-2019-0854 REJECTED CVE-2019-0853 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2019-0852 REJECTED CVE-2019-0851 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0850 REJECTED CVE-2019-0849 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0848 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2019-0847 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0846 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0845 (A remote code execution vulnerability exists when the IOleCvt interfac ...) NOT-FOR-US: Microsoft CVE-2019-0844 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft Windows CVE-2019-0843 REJECTED CVE-2019-0842 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-0841 (An elevation of privilege vulnerability exists when Windows AppX Deplo ...) NOT-FOR-US: Microsoft CVE-2019-0840 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft Windows CVE-2019-0839 (An information disclosure vulnerability exists when the Terminal Servi ...) NOT-FOR-US: Microsoft CVE-2019-0838 (An information disclosure vulnerability exists when Windows Task Sched ...) NOT-FOR-US: Microsoft CVE-2019-0837 (An information disclosure vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2019-0836 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-0835 (An information disclosure vulnerability exists when the scripting engi ...) NOT-FOR-US: Microsoft CVE-2019-0834 REJECTED CVE-2019-0833 (An information disclosure vulnerability exists when Microsoft Edge imp ...) NOT-FOR-US: Microsoft CVE-2019-0832 REJECTED CVE-2019-0831 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-0830 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-0829 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0828 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2019-0827 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0826 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0825 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0824 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0823 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0822 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2019-0821 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Windows SMB Server CVE-2019-0820 (A denial of service vulnerability exists when .NET Framework and .NET ...) NOT-FOR-US: Microsoft .NET Core CVE-2019-0819 (An information disclosure vulnerability exists in Microsoft SQL Server ...) NOT-FOR-US: Microsoft CVE-2019-0818 REJECTED CVE-2019-0817 (A spoofing vulnerability exists in Microsoft Exchange Server when Outl ...) NOT-FOR-US: Microsoft CVE-2019-0816 (A security feature bypass exists in Azure SSH Keypairs, due to a chang ...) - cloud-init 18.3-6 (low; bug #926043) [stretch] - cloud-init (Doesn't affect default provisioning for Azure, only limited use cases) [jessie] - cloud-init (version uses a different mechanism to set public keys.) NOTE: https://code.launchpad.net/~jasonzio/cloud-init/+git/cloud-init/+merge/363445 NOTE: https://support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm CVE-2019-0815 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft CVE-2019-0814 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2019-0813 (An elevation of privilege vulnerability exists when Windows Admin Cent ...) NOT-FOR-US: Microsoft CVE-2019-0812 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0811 (A denial of service vulnerability exists in Windows DNS Server when it ...) NOT-FOR-US: Microsoft CVE-2019-0810 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0809 (A remote code execution vulnerability exists when the Visual Studio C+ ...) NOT-FOR-US: Microsoft CVE-2019-0808 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft Windows CVE-2019-0807 REJECTED CVE-2019-0806 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0805 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-0804 (An information disclosure vulnerability exists in the way Azure WaLinu ...) {DSA-4406-1 DLA-1709-1} - waagent 2.2.34-3 CVE-2019-0803 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-0802 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0801 (A remote code execution vulnerability exists when Microsoft Office fai ...) NOT-FOR-US: Microsoft CVE-2019-0800 REJECTED CVE-2019-0799 REJECTED CVE-2019-0798 (A spoofing vulnerability exists when a Lync Server or Skype for Busine ...) NOT-FOR-US: Microsoft CVE-2019-0797 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft Windows CVE-2019-0796 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-0795 (A remote code execution vulnerability exists when the Microsoft XML Co ...) NOT-FOR-US: Microsoft CVE-2019-0794 (A remote code execution vulnerability exists when OLE automation impro ...) NOT-FOR-US: Microsoft CVE-2019-0793 (A remote code execution vulnerability exists when the Microsoft XML Co ...) NOT-FOR-US: Microsoft CVE-2019-0792 (A remote code execution vulnerability exists when the Microsoft XML Co ...) NOT-FOR-US: Microsoft CVE-2019-0791 (A remote code execution vulnerability exists when the Microsoft XML Co ...) NOT-FOR-US: Microsoft CVE-2019-0790 (A remote code execution vulnerability exists when the Microsoft XML Co ...) NOT-FOR-US: Microsoft CVE-2019-0789 REJECTED CVE-2019-0788 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2019-0787 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2019-0786 (An elevation of privilege vulnerability exists in the Microsoft Server ...) NOT-FOR-US: Microsoft CVE-2019-0785 (A memory corruption vulnerability exists in the Windows Server DHCP se ...) NOT-FOR-US: Microsoft CVE-2019-0784 (A remote code execution vulnerability exists in the way that the Activ ...) NOT-FOR-US: Microsoft CVE-2019-0783 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0782 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft Windows CVE-2019-0781 REJECTED CVE-2019-0780 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2019-0779 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2019-0778 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-0777 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...) NOT-FOR-US: Microsoft CVE-2019-0776 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2019-0775 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft Windows CVE-2019-0774 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft Windows CVE-2019-0773 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0772 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-0771 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0770 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0769 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0768 (A security feature bypass vulnerability exists when Internet Explorer ...) NOT-FOR-US: Microsoft CVE-2019-0767 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft Windows CVE-2019-0766 (An elevation of privilege vulnerability exists in Windows AppX Deploym ...) NOT-FOR-US: Microsoft CVE-2019-0765 (A remote code execution vulnerability exists in the way that comctl32. ...) NOT-FOR-US: Microsoft CVE-2019-0764 (A tampering vulnerability exists when Microsoft browsers do not proper ...) NOT-FOR-US: Microsoft CVE-2019-0763 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2019-0762 (A security feature bypass vulnerability exists when Microsoft browsers ...) NOT-FOR-US: Microsoft CVE-2019-0761 (A security feature bypass vulnerability exists when Internet Explorer ...) NOT-FOR-US: Microsoft CVE-2019-0760 REJECTED CVE-2019-0759 (An information disclosure vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2019-0758 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0757 (A tampering vulnerability exists in the NuGet Package Manager for Linu ...) - nuget (NuGet older than 4.3 is not affected, bug #926122) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1685475 NOTE: https://github.com/NuGet/Home/issues/7673 NOTE: https://github.com/NuGet/NuGet.Client/commit/d62db666c710bf95121fe8f5c6a6cbe01985456f?w=1 NOTE: https://github.com/NuGet/Home/issues/7673#issuecomment-478738369 CVE-2019-0756 (A remote code execution vulnerability exists when the Microsoft XML Co ...) NOT-FOR-US: Microsoft CVE-2019-0755 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft Windows CVE-2019-0754 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft Windows CVE-2019-0753 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0752 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0751 REJECTED CVE-2019-0750 REJECTED CVE-2019-0749 REJECTED CVE-2019-0748 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0747 REJECTED CVE-2019-0746 (An information disclosure vulnerability exists when the scripting engi ...) NOT-FOR-US: Microsoft CVE-2019-0745 REJECTED CVE-2019-0744 REJECTED CVE-2019-0743 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...) NOT-FOR-US: Microsoft Team Foundation Server CVE-2019-0742 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...) NOT-FOR-US: Microsoft Team Foundation Server CVE-2019-0741 (An information disclosure vulnerability exists in the way Azure IoT Ja ...) NOT-FOR-US: Microsoft CVE-2019-0740 REJECTED CVE-2019-0739 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0738 REJECTED CVE-2019-0737 REJECTED CVE-2019-0736 (A memory corruption vulnerability exists in the Windows DHCP client wh ...) NOT-FOR-US: Microsoft CVE-2019-0735 (An elevation of privilege vulnerability exists when the Windows Client ...) NOT-FOR-US: Microsoft CVE-2019-0734 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2019-0733 (A security feature bypass vulnerability exists in Windows Defender App ...) NOT-FOR-US: Microsoft CVE-2019-0732 (A security feature bypass vulnerability exists in Windows which could ...) NOT-FOR-US: Microsoft CVE-2019-0731 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-0730 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-0729 (An Elevation of Privilege vulnerability exists in the way Azure IoT Ja ...) NOT-FOR-US: Microsoft CVE-2019-0728 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2019-0727 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2019-0726 (A memory corruption vulnerability exists in the Windows DHCP client wh ...) NOT-FOR-US: Microsoft CVE-2019-0725 (A memory corruption vulnerability exists in the Windows Server DHCP se ...) NOT-FOR-US: Microsoft CVE-2019-0724 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...) NOT-FOR-US: Microsoft CVE-2019-0723 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-0722 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-0721 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...) NOT-FOR-US: Microsoft CVE-2019-0720 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...) NOT-FOR-US: Microsoft CVE-2019-0719 (A remote code execution vulnerability exists when Windows Hyper-V Netw ...) NOT-FOR-US: Microsoft CVE-2019-0718 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-0717 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-0716 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2019-0715 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-0714 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-0713 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-0712 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-0711 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-0710 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-0709 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-0708 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2019-0707 (An elevation of privilege vulnerability exists in the Network Driver I ...) NOT-FOR-US: Microsoft CVE-2019-0706 REJECTED CVE-2019-0705 REJECTED CVE-2019-0704 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Windows SMB Server CVE-2019-0703 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Windows SMB Server CVE-2019-0702 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft Windows CVE-2019-0701 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-0700 REJECTED CVE-2019-0699 REJECTED CVE-2019-0698 (A memory corruption vulnerability exists in the Windows DHCP client wh ...) NOT-FOR-US: Microsoft CVE-2019-0697 (A memory corruption vulnerability exists in the Windows DHCP client wh ...) NOT-FOR-US: Microsoft CVE-2019-0696 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft Windows CVE-2019-0695 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2019-0694 (An elevation of privilege vulnerability exists due to an integer overf ...) NOT-FOR-US: Microsoft Windows Subsystem for Linux CVE-2019-0693 (An elevation of privilege vulnerability exists due to an integer overf ...) NOT-FOR-US: Microsoft Windows Subsystem for Linux CVE-2019-0692 (An elevation of privilege vulnerability exists due to an integer overf ...) NOT-FOR-US: Microsoft Windows Subsystem for Linux CVE-2019-0691 REJECTED CVE-2019-0690 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...) NOT-FOR-US: Microsoft CVE-2019-0689 (An elevation of privilege vulnerability exists due to an integer overf ...) NOT-FOR-US: Microsoft Windows Subsystem for Linux CVE-2019-0688 (An information disclosure vulnerability exists when the Windows TCP/IP ...) NOT-FOR-US: Microsoft Windows CVE-2019-0687 REJECTED CVE-2019-0686 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...) NOT-FOR-US: Microsoft CVE-2019-0685 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft Windows CVE-2019-0684 REJECTED CVE-2019-0683 (An elevation of privilege vulnerability exists in Active Directory For ...) NOT-FOR-US: Microsoft CVE-2019-0682 (An elevation of privilege vulnerability exists due to an integer overf ...) NOT-FOR-US: Microsoft Windows Subsystem for Linux CVE-2019-0681 REJECTED CVE-2019-0680 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0679 REJECTED CVE-2019-0678 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...) NOT-FOR-US: Microsoft CVE-2019-0677 REJECTED CVE-2019-0676 (An information disclosure vulnerability exists when Internet Explorer ...) NOT-FOR-US: Microsoft CVE-2019-0675 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0674 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0673 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0672 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0671 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2019-0670 (A spoofing vulnerability exists in Microsoft SharePoint when the appli ...) NOT-FOR-US: Microsoft CVE-2019-0669 (An information disclosure vulnerability exists when Microsoft Excel im ...) NOT-FOR-US: Microsoft CVE-2019-0668 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2019-0667 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-0666 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-0665 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2019-0664 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0663 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-0662 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2019-0661 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-0660 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0659 (An elevation of privilege vulnerability exists when the Storage Servic ...) NOT-FOR-US: Microsoft CVE-2019-0658 (An information disclosure vulnerability exists when the scripting engi ...) NOT-FOR-US: Microsoft CVE-2019-0657 (A vulnerability exists in certain .Net Framework API's and Visual Stud ...) NOT-FOR-US: .NET core CVE-2019-0656 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-0655 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0654 (A spoofing vulnerability exists when Microsoft browsers improperly han ...) NOT-FOR-US: Microsoft CVE-2019-0653 REJECTED CVE-2019-0652 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0651 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0650 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2019-0649 (A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting ...) NOT-FOR-US: Microsoft CVE-2019-0648 (An information disclosure vulnerability exists when Chakra improperly ...) NOT-FOR-US: Microsoft CVE-2019-0647 (An information disclosure vulnerability exists when Team Foundation Se ...) NOT-FOR-US: Microsoft CVE-2019-0646 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...) NOT-FOR-US: Microsoft CVE-2019-0645 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2019-0644 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0643 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2019-0642 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0641 (A security feature bypass vulnerability exists in Microsoft Edge handl ...) NOT-FOR-US: Microsoft CVE-2019-0640 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0639 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0638 REJECTED CVE-2019-0637 (A security feature bypass vulnerability exists when Windows Defender F ...) NOT-FOR-US: Microsoft CVE-2019-0636 (An information vulnerability exists when Windows improperly discloses ...) NOT-FOR-US: Microsoft CVE-2019-0635 (An information disclosure vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2019-0634 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2019-0633 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2019-0632 (A security feature bypass vulnerability exists in Windows which could ...) NOT-FOR-US: Microsoft CVE-2019-0631 (A security feature bypass vulnerability exists in Windows which could ...) NOT-FOR-US: Microsoft CVE-2019-0630 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2019-0629 REJECTED CVE-2019-0628 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2019-0627 (A security feature bypass vulnerability exists in Windows which could ...) NOT-FOR-US: Microsoft CVE-2019-0626 (A memory corruption vulnerability exists in the Windows Server DHCP se ...) NOT-FOR-US: Microsoft CVE-2019-0625 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0624 (A spoofing vulnerability exists when a Skype for Business 2015 server ...) NOT-FOR-US: Microsoft CVE-2019-0623 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2019-0622 (An elevation of privilege vulnerability exists when Skype for Andriod ...) NOT-FOR-US: Skype for Android CVE-2019-0621 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-0620 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-0619 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0618 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2019-0617 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0616 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0615 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0614 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0613 (A remote code execution vulnerability exists in .NET Framework and Vis ...) NOT-FOR-US: Microsoft CVE-2019-0612 (A security feature bypass vulnerability exists when Click2Play protect ...) NOT-FOR-US: Microsoft CVE-2019-0611 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0610 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0609 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2019-0608 (A spoofing vulnerability exists when Microsoft Browsers does not prope ...) NOT-FOR-US: Microsoft CVE-2019-0607 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0606 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2019-0605 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0604 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2019-0603 (A remote code execution vulnerability exists in the way that Windows D ...) NOT-FOR-US: Microsoft CVE-2019-0602 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2019-0601 (An information disclosure vulnerability exists when the Human Interfac ...) NOT-FOR-US: Microsoft CVE-2019-0600 (An information disclosure vulnerability exists when the Human Interfac ...) NOT-FOR-US: Microsoft CVE-2019-0599 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0598 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0597 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0596 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0595 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0594 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2019-0593 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0592 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0591 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0590 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2019-0589 REJECTED CVE-2019-0588 (An information disclosure vulnerability exists when the Microsoft Exch ...) NOT-FOR-US: Microsoft CVE-2019-0587 REJECTED CVE-2019-0586 (A remote code execution vulnerability exists in Microsoft Exchange sof ...) NOT-FOR-US: Microsoft CVE-2019-0585 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2019-0584 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0583 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0582 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0581 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0580 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0579 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0578 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0577 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0576 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0575 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0574 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2019-0573 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2019-0572 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2019-0571 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2019-0570 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2019-0569 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-0568 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0567 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0566 (An elevation of privilege vulnerability exists in Microsoft Edge Brows ...) NOT-FOR-US: Microsoft CVE-2019-0565 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2019-0564 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: .NET core CVE-2019-0563 REJECTED CVE-2019-0562 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2019-0561 (An information disclosure vulnerability exists when Microsoft Word mac ...) NOT-FOR-US: Microsoft CVE-2019-0560 (An information disclosure vulnerability exists when Microsoft Office i ...) NOT-FOR-US: Microsoft CVE-2019-0559 (An information disclosure vulnerability exists when Microsoft Outlook ...) NOT-FOR-US: Microsoft CVE-2019-0558 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-0557 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-0556 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2019-0555 (An elevation of privilege vulnerability exists in the Microsoft XmlDoc ...) NOT-FOR-US: Microsoft CVE-2019-0554 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-0553 (An information disclosure vulnerability exists when Windows Subsystem ...) NOT-FOR-US: Microsoft CVE-2019-0552 (An elevation of privilege exists in Windows COM Desktop Broker, aka "W ...) NOT-FOR-US: Microsoft CVE-2019-0551 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-0550 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2019-0549 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-0548 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: .NET core CVE-2019-0547 (A memory corruption vulnerability exists in the Windows DHCP client wh ...) NOT-FOR-US: Microsoft CVE-2019-0546 (A remote code execution vulnerability exists in Visual Studio when the ...) NOT-FOR-US: Microsoft CVE-2019-0545 (An information disclosure vulnerability exists in .NET Framework and . ...) NOT-FOR-US: .NET core CVE-2019-0544 REJECTED CVE-2019-0543 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2019-0542 (A remote code execution vulnerability exists in Xterm.js when the comp ...) - node-xterm 3.8.1-1 (unimportant; bug #926670) NOTE: nodejs not covered by security support CVE-2019-0541 (A remote code execution vulnerability exists in the way that the MSHTM ...) NOT-FOR-US: Microsoft CVE-2019-0540 (A security feature bypass vulnerability exists when Microsoft Office d ...) NOT-FOR-US: Microsoft CVE-2019-0539 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2019-0538 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2019-0537 (An information disclosure vulnerability exists when Visual Studio impr ...) NOT-FOR-US: Microsoft CVE-2019-0536 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2019-0535 RESERVED CVE-2019-0534 RESERVED CVE-2019-0533 RESERVED CVE-2019-0532 RESERVED CVE-2019-0531 RESERVED CVE-2019-0530 RESERVED CVE-2019-0529 RESERVED CVE-2019-0528 RESERVED CVE-2019-0527 RESERVED CVE-2019-0526 RESERVED CVE-2019-0525 RESERVED CVE-2019-0524 RESERVED CVE-2019-0523 RESERVED CVE-2019-0522 RESERVED CVE-2019-0521 RESERVED CVE-2019-0520 RESERVED CVE-2019-0519 RESERVED CVE-2019-0518 RESERVED CVE-2019-0517 RESERVED CVE-2019-0516 RESERVED CVE-2019-0515 RESERVED CVE-2019-0514 RESERVED CVE-2019-0513 RESERVED CVE-2019-0512 RESERVED CVE-2019-0511 RESERVED CVE-2019-0510 RESERVED CVE-2019-0509 RESERVED CVE-2019-0508 RESERVED CVE-2019-0507 RESERVED CVE-2019-0506 RESERVED CVE-2019-0505 RESERVED CVE-2019-0504 RESERVED CVE-2019-0503 RESERVED CVE-2019-0502 RESERVED CVE-2019-0501 RESERVED CVE-2019-0500 RESERVED CVE-2019-0499 RESERVED CVE-2019-0498 RESERVED CVE-2019-0497 RESERVED CVE-2019-0496 RESERVED CVE-2019-0495 RESERVED CVE-2019-0494 RESERVED CVE-2019-0493 RESERVED CVE-2019-0492 RESERVED CVE-2019-0491 RESERVED CVE-2019-0490 RESERVED CVE-2019-0489 RESERVED CVE-2019-0488 RESERVED CVE-2019-0487 RESERVED CVE-2019-0486 RESERVED CVE-2019-0485 RESERVED CVE-2019-0484 RESERVED CVE-2019-0483 RESERVED CVE-2019-0482 RESERVED CVE-2019-0481 RESERVED CVE-2019-0480 RESERVED CVE-2019-0479 RESERVED CVE-2019-0478 RESERVED CVE-2019-0477 RESERVED CVE-2019-0476 RESERVED CVE-2019-0475 RESERVED CVE-2019-0474 RESERVED CVE-2019-0473 RESERVED CVE-2019-0472 RESERVED CVE-2019-0471 RESERVED CVE-2019-0470 RESERVED CVE-2019-0469 RESERVED CVE-2019-0468 RESERVED CVE-2019-0467 RESERVED CVE-2019-0466 RESERVED CVE-2019-0465 RESERVED CVE-2019-0464 RESERVED CVE-2019-0463 RESERVED CVE-2019-0462 RESERVED CVE-2019-0461 RESERVED CVE-2019-0460 RESERVED CVE-2019-0459 RESERVED CVE-2019-0458 RESERVED CVE-2019-0457 RESERVED CVE-2019-0456 RESERVED CVE-2019-0455 RESERVED CVE-2019-0454 RESERVED CVE-2019-0453 RESERVED CVE-2019-0452 RESERVED CVE-2019-0451 RESERVED CVE-2019-0450 RESERVED CVE-2019-0449 RESERVED CVE-2019-0448 RESERVED CVE-2019-0447 RESERVED CVE-2019-0446 RESERVED CVE-2019-0445 RESERVED CVE-2019-0444 RESERVED CVE-2019-0443 RESERVED CVE-2019-0442 RESERVED CVE-2019-0441 RESERVED CVE-2019-0440 RESERVED CVE-2019-0439 RESERVED CVE-2019-0438 RESERVED CVE-2019-0437 RESERVED CVE-2019-0436 RESERVED CVE-2019-0435 RESERVED CVE-2019-0434 RESERVED CVE-2019-0433 RESERVED CVE-2019-0432 RESERVED CVE-2019-0431 RESERVED CVE-2019-0430 RESERVED CVE-2019-0429 RESERVED CVE-2019-0428 RESERVED CVE-2019-0427 RESERVED CVE-2019-0426 RESERVED CVE-2019-0425 RESERVED CVE-2019-0424 RESERVED CVE-2019-0423 RESERVED CVE-2019-0422 RESERVED CVE-2019-0421 RESERVED CVE-2019-0420 RESERVED CVE-2019-0419 RESERVED CVE-2019-0418 RESERVED CVE-2019-0417 RESERVED CVE-2019-0416 RESERVED CVE-2019-0415 RESERVED CVE-2019-0414 RESERVED CVE-2019-0413 RESERVED CVE-2019-0412 RESERVED CVE-2019-0411 RESERVED CVE-2019-0410 RESERVED CVE-2019-0409 RESERVED CVE-2019-0408 RESERVED CVE-2019-0407 RESERVED CVE-2019-0406 RESERVED CVE-2019-0405 (SAP Enable Now, before version 1911, leaks information about the exist ...) NOT-FOR-US: SAP CVE-2019-0404 (SAP Enable Now, before version 1911, leaks information about network c ...) NOT-FOR-US: SAP CVE-2019-0403 (SAP Enable Now, before version 1911, allows an attacker to input comma ...) NOT-FOR-US: SAP CVE-2019-0402 (SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under c ...) NOT-FOR-US: SAP CVE-2019-0401 RESERVED CVE-2019-0400 RESERVED CVE-2019-0399 (SAP Portfolio and Project Management, before versions S4CORE 102, 103, ...) NOT-FOR-US: SAP CVE-2019-0398 (Due to insufficient CSRF protection, SAP BusinessObjects Business Inte ...) NOT-FOR-US: SAP CVE-2019-0397 RESERVED CVE-2019-0396 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) NOT-FOR-US: SAP CVE-2019-0395 (SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad ...) NOT-FOR-US: SAP CVE-2019-0394 RESERVED CVE-2019-0393 (An SQL Injection vulnerability in SAP Quality Management (corrected in ...) NOT-FOR-US: SAP CVE-2019-0392 RESERVED CVE-2019-0391 (Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.2 ...) NOT-FOR-US: SAP CVE-2019-0390 (Under certain conditions SAP Data Hub (corrected in DH_Foundation vers ...) NOT-FOR-US: SAP CVE-2019-0389 (An administrator of SAP NetWeaver Application Server Java (J2EE-Framew ...) NOT-FOR-US: SAP CVE-2019-0388 (SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7. ...) NOT-FOR-US: SAP CVE-2019-0387 RESERVED CVE-2019-0386 (Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6. ...) NOT-FOR-US: SAP CVE-2019-0385 (SAP Enable Now, before version 1908, does not sufficiently encode user ...) NOT-FOR-US: SAP CVE-2019-0384 (Transaction Management in SAP Treasury and Risk Management (corrected ...) NOT-FOR-US: SAP CVE-2019-0383 (Transaction Management in SAP Treasury and Risk Management (corrected ...) NOT-FOR-US: SAP CVE-2019-0382 (A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Bus ...) NOT-FOR-US: SAP CVE-2019-0381 (A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, be ...) NOT-FOR-US: SAP CVE-2019-0380 (Under certain conditions, SAP Landscape Management enterprise edition, ...) NOT-FOR-US: SAP CVE-2019-0379 (SAP Process Integration, business-to-business add-on, versions 1.0, 2. ...) NOT-FOR-US: SAP CVE-2019-0378 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) NOT-FOR-US: SAP CVE-2019-0377 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) NOT-FOR-US: SAP CVE-2019-0376 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) NOT-FOR-US: SAP CVE-2019-0375 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) NOT-FOR-US: SAP CVE-2019-0374 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) NOT-FOR-US: SAP CVE-2019-0373 RESERVED CVE-2019-0372 RESERVED CVE-2019-0371 RESERVED CVE-2019-0370 (Due to missing input validation, SAP Financial Consolidation, before v ...) NOT-FOR-US: SAP CVE-2019-0369 (SAP Financial Consolidation, before versions 10.0 and 10.1, does not s ...) NOT-FOR-US: SAP CVE-2019-0368 (SAP Customer Relationship Management (Email Management), versions: S4C ...) NOT-FOR-US: SAP CVE-2019-0367 (SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 a ...) NOT-FOR-US: SAP CVE-2019-0366 RESERVED CVE-2019-0365 (SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7. ...) NOT-FOR-US: SAP CVE-2019-0364 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Applic ...) NOT-FOR-US: SAP CVE-2019-0363 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Applic ...) NOT-FOR-US: SAP CVE-2019-0362 RESERVED CVE-2019-0361 (SAP Supplier Relationship Management (Master Data Management Catalog - ...) NOT-FOR-US: SAP CVE-2019-0360 RESERVED CVE-2019-0359 RESERVED CVE-2019-0358 RESERVED CVE-2019-0357 (The administrator of SAP HANA database, before versions 1.0 and 2.0, c ...) NOT-FOR-US: SAP CVE-2019-0356 (Under certain conditions SAP NetWeaver Process Integration Runtime Wor ...) NOT-FOR-US: SAP CVE-2019-0355 (SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before ...) NOT-FOR-US: SAP CVE-2019-0354 RESERVED CVE-2019-0353 (Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO ...) NOT-FOR-US: SAP CVE-2019-0352 (In SAP Business Objects Business Intelligence Platform, before version ...) NOT-FOR-US: SAP CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...) NOT-FOR-US: SAP CVE-2019-0350 (SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker ...) NOT-FOR-US: SAP CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...) NOT-FOR-US: SAP CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...) NOT-FOR-US: SAP CVE-2019-0347 RESERVED CVE-2019-0346 (Unencrypted communication error in SAP Business Objects Business Intel ...) NOT-FOR-US: SAP CVE-2019-0345 (A remote unauthenticated attacker can abuse a web service in SAP NetWe ...) NOT-FOR-US: SAP CVE-2019-0344 (Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc ...) NOT-FOR-US: SAP CVE-2019-0343 (SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6 ...) NOT-FOR-US: SAP CVE-2019-0342 RESERVED CVE-2019-0341 (The session cookie used by SAP Enable Now, version 1902, does not have ...) NOT-FOR-US: SAP CVE-2019-0340 (The XML parser, which is being used by SAP Enable Now, before version ...) NOT-FOR-US: SAP CVE-2019-0339 RESERVED CVE-2019-0338 (During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, ...) NOT-FOR-US: SAP CVE-2019-0337 (Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10 ...) NOT-FOR-US: SAP CVE-2019-0336 RESERVED CVE-2019-0335 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...) NOT-FOR-US: SAP CVE-2019-0334 (When creating a module in SAP BusinessObjects Business Intelligence Pl ...) NOT-FOR-US: SAP CVE-2019-0333 (In some situations, when a client cancels a query in SAP BusinessObjec ...) NOT-FOR-US: SAP CVE-2019-0332 (SAP BusinessObjects Business Intelligence Platform (Info View), versio ...) NOT-FOR-US: SAP CVE-2019-0331 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...) NOT-FOR-US: SAP CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand C ...) NOT-FOR-US: SAP CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently encode use ...) NOT-FOR-US: SAP CVE-2019-0328 (ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) ...) NOT-FOR-US: SAP CVE-2019-0327 (SAP NetWeaver for Java Application Server - Web Container, (engineapi, ...) NOT-FOR-US: SAP CVE-2019-0326 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Ent ...) NOT-FOR-US: SAP CVE-2019-0325 (SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary author ...) NOT-FOR-US: SAP CVE-2019-0324 RESERVED CVE-2019-0323 RESERVED CVE-2019-0322 (SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, ...) NOT-FOR-US: SAP CVE-2019-0321 (ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, d ...) NOT-FOR-US: SAP CVE-2019-0320 RESERVED CVE-2019-0319 (The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker ...) NOT-FOR-US: SAP CVE-2019-0318 (Under certain conditions SAP NetWeaver Application Server for Java (St ...) NOT-FOR-US: SAP CVE-2019-0317 RESERVED CVE-2019-0316 (SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITO ...) NOT-FOR-US: SAP NetWeaver Process Integration CVE-2019-0315 (Under certain conditions the PI Integration Builder Web UI of SAP NetW ...) NOT-FOR-US: SAP CVE-2019-0314 (SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, v ...) NOT-FOR-US: SAP Work Manager CVE-2019-0313 RESERVED CVE-2019-0312 (Several web pages provided SAP NetWeaver Process Integration (versions ...) NOT-FOR-US: SAP CVE-2019-0311 (Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: ...) NOT-FOR-US: SAP CVE-2019-0310 RESERVED CVE-2019-0309 RESERVED CVE-2019-0308 (An authenticated attacker in SAP E-Commerce (Business-to-Consumer appl ...) NOT-FOR-US: SAP CVE-2019-0307 (Diagnostics Agent in Solution Manager, version 7.2, stores several cre ...) NOT-FOR-US: SAP / Solution Manager CVE-2019-0306 (SAP HANA Extended Application Services (advanced model), version 1, al ...) NOT-FOR-US: SAP HANA Extended Application Services CVE-2019-0305 (Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integra ...) NOT-FOR-US: SAP NetWeaver Process Integration CVE-2019-0304 (FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7. ...) NOT-FOR-US: SAP NetWeaver AS ABAP Platform CVE-2019-0303 (SAP BusinessObjects Business Intelligence Platform (Administration Con ...) NOT-FOR-US: SAP BusinessObjects Business Intelligence Platform CVE-2019-0302 RESERVED CVE-2019-0301 (Under certain conditions, it is possible to request the modification o ...) NOT-FOR-US: SAP CVE-2019-0300 RESERVED CVE-2019-0299 RESERVED CVE-2019-0298 (SAP E-Commerce (Business-to-Consumer) application does not sufficientl ...) NOT-FOR-US: SAP CVE-2019-0297 RESERVED CVE-2019-0296 RESERVED CVE-2019-0295 RESERVED CVE-2019-0294 RESERVED CVE-2019-0293 (Read of RFC destination does not always perform necessary authorizatio ...) NOT-FOR-US: SAP CVE-2019-0292 RESERVED CVE-2019-0291 (Under certain conditions Solution Manager, version 7.2, allows an atta ...) NOT-FOR-US: SAP CVE-2019-0290 RESERVED CVE-2019-0289 (Under certain conditions SAP BusinessObjects Business Intelligence pla ...) NOT-FOR-US: SAP CVE-2019-0288 RESERVED CVE-2019-0287 (Under certain conditions SAP BusinessObjects Business Intelligence pla ...) NOT-FOR-US: SAP CVE-2019-0286 RESERVED CVE-2019-0285 (The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio ( ...) NOT-FOR-US: SAP CVE-2019-0284 (SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not suf ...) NOT-FOR-US: SAP CVE-2019-0283 (SAP NetWeaver Process Integration (Adapter Engine), fixed in versions ...) NOT-FOR-US: SAP CVE-2019-0282 (Several web pages in SAP NetWeaver Process Integration (Runtime Workbe ...) NOT-FOR-US: SAP CVE-2019-0281 (SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 ...) NOT-FOR-US: SAP CVE-2019-0280 (SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6. ...) NOT-FOR-US: SAP CVE-2019-0279 (ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP ...) NOT-FOR-US: SAP CVE-2019-0278 (Under certain conditions the Monitoring Servlet of the SAP NetWeaver P ...) NOT-FOR-US: SAP CVE-2019-0277 (SAP HANA extended application services, version 1, advanced does not s ...) NOT-FOR-US: SAP CVE-2019-0276 (Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Finan ...) NOT-FOR-US: SAP CVE-2019-0275 (SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server ...) NOT-FOR-US: SAP CVE-2019-0274 (SAP Mobile Platform SDK allows an attacker to prevent legitimate users ...) NOT-FOR-US: SAP CVE-2019-0273 RESERVED CVE-2019-0272 RESERVED CVE-2019-0271 (ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does n ...) NOT-FOR-US: SAP CVE-2019-0270 (ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessa ...) NOT-FOR-US: SAP CVE-2019-0269 (SAP BusinessObjects Business Intelligence Platform (BI Workspace), ver ...) NOT-FOR-US: SAP CVE-2019-0268 (SAP BusinessObjects Business Intelligence Platform (CMC Module), versi ...) NOT-FOR-US: SAP CVE-2019-0267 (SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 an ...) NOT-FOR-US: SAP CVE-2019-0266 (Under certain conditions SAP HANA Extended Application Services, versi ...) NOT-FOR-US: SAP CVE-2019-0265 (SLD Registration of ABAP Platform allows an attacker to prevent legiti ...) NOT-FOR-US: ABAP Platform CVE-2019-0264 RESERVED CVE-2019-0263 RESERVED CVE-2019-0262 (SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not suffici ...) NOT-FOR-US: SAP CVE-2019-0261 (Under certain circumstances, SAP HANA Extended Application Services, a ...) NOT-FOR-US: SAP CVE-2019-0260 RESERVED CVE-2019-0259 (SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows ...) NOT-FOR-US: SAP CVE-2019-0258 (SAP Disclosure Management, version 10.01, does not perform necessary a ...) NOT-FOR-US: SAP CVE-2019-0257 (Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in ...) NOT-FOR-US: SAP CVE-2019-0256 (Under certain conditions SAP Business One Mobile Android App, version ...) NOT-FOR-US: SAP CVE-2019-0255 (SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, K ...) NOT-FOR-US: SAP CVE-2019-0254 (SAP Disclosure Management (before version 10.1 Stack 1301) does not su ...) NOT-FOR-US: SAP CVE-2019-0253 RESERVED CVE-2019-0252 RESERVED CVE-2019-0251 (The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4. ...) NOT-FOR-US: SAP CVE-2019-0250 RESERVED CVE-2019-0249 (Under certain conditions SAP Landscape Management (VCM 3.0) allows an ...) NOT-FOR-US: SAP CVE-2019-0248 (Under certain conditions SAP Gateway of ABAP Application Server (fixed ...) NOT-FOR-US: SAP CVE-2019-0247 (SAP Cloud Connector, before version 2.11.3, allows an attacker to inje ...) NOT-FOR-US: SAP CVE-2019-0246 (SAP Cloud Connector, before version 2.11.3, does not perform any authe ...) NOT-FOR-US: SAP CVE-2019-0245 (SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31 ...) NOT-FOR-US: SAP CVE-2019-0244 (SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31 ...) NOT-FOR-US: SAP CVE-2019-0243 (Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixe ...) NOT-FOR-US: SAP CVE-2019-0242 RESERVED CVE-2019-0241 (SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows ...) NOT-FOR-US: SAP CVE-2019-0240 (SAP Business Objects Mobile for Android (before 6.3.5) application all ...) NOT-FOR-US: SAP CVE-2019-0239 RESERVED CVE-2019-0238 (SAP Commerce (previously known as SAP Hybris Commerce), before version ...) NOT-FOR-US: SAP CVE-2019-0237 RESERVED CVE-2019-0236 RESERVED CVE-2019-0235 (Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks. ...) NOT-FOR-US: Apache OFBiz CVE-2019-0234 (A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache ...) NOT-FOR-US: Apache Roller CVE-2019-0233 (An access permission override in Apache Struts 2.0.0 to 2.5.20 may cau ...) - libstruts1.2-java CVE-2019-0232 (When running on Windows with enableCmdLineArguments enabled, the CGI S ...) - tomcat9 (Windows-specific) - tomcat8 (Windows-specific) NOTE: https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html CVE-2019-0231 (Handling of the close_notify SSL/TLS message does not lead to a connec ...) NOT-FOR-US: Apache MINA CVE-2019-0230 (Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when eval ...) - libstruts1.2-java CVE-2019-0229 (A number of HTTP endpoints in the Airflow webserver (both RBAC and cla ...) - airflow (bug #819700) CVE-2019-0228 (Apache PDFBox 2.0.14 does not properly initialize the XML parser, whic ...) - libpdfbox2-java (Vulnerable code introduced in 2.0.14) - libpdfbox-java (Vulnerable code introduced in 2.0.14) NOTE: https://www.openwall.com/lists/oss-security/2019/04/12/1 NOTE: https://issues.apache.org/jira/browse/PDFBOX-4505 NOTE: Fixed by: https://svn.apache.org/r1856952 (2.0.15) CVE-2019-0227 (A Server Side Request Forgery (SSRF) vulnerability affected the Apache ...) - axis (bug #929266; unimportant) NOTE: https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/ NOTE: https://github.com/apache/axis1-java/commit/7043f1ab0397d1ae35f879f2bcc99be1e9b55644 NOTE: StockQuoteService.jws not present in Debian binary packages NOTE: disclosure mentions "03/12/2019 - Apache applied SSRF patch": NOTE: https://github.com/RhinoSecurityLabs/CVEs/issues/1 NOTE: https://github.com/apache/axis1-java/commit/35511b872a6460129cfc0cd35baaccbd820977b5 CVE-2019-0226 (Apache Karaf Config service provides a install method (via service or ...) - apache-karaf (bug #881297) CVE-2019-0225 (A specially crafted url could be used to access files under the ROOT d ...) - jspwiki CVE-2019-0224 (In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could ex ...) - jspwiki CVE-2019-0223 (While investigating bug PROTON-2014, we discovered that under some cir ...) - qpid-proton 0.22.0-1 [stretch] - qpid-proton (Minor issue) [jessie] - qpid-proton (Minor issue) NOTE: https://issues.apache.org/jira/browse/PROTON-2014 NOTE: https://qpid.apache.org/cves/CVE-2019-0223.html NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=97c7733 NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=159fac1 NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=4aea0fd NOTE: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=2d3ba8a NOTE: Source-wise only fixed in 0.27.1 upstream, but 0.22.0-1 upload in NOTE: unstable switched to build against OpenSSL 1.1 adressing the issue. NOTE: The description tells that the vulnerability was introduced in 0.9 but the NOTE: version in jessie (0.7) seems to be vulnerable too even though one file is NOTE: not present in the jessie version. That part do not seem to be essential for NOTE: the package to be vulnerable. CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...) {DLA-2583-1 DLA-2582-1} - activemq 5.15.9-1 (bug #925964; unimportant) [jessie] - activemq (MQTT support not enabled) - mqtt-client 1.16-1 (bug #988109) [buster] - mqtt-client 1.14-1+deb10u1 NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt NOTE: activemq disabled MQTT transport in 5.6.0+dfsg-1 (d/patches/exclude_mqtt.diff) NOTE: but enabled activemq-mqtt in 5.13.2+dfsg-2 using the external mqtt-client. NOTE: https://github.com/fusesource/mqtt-client/commit/2898f10be758decdc85ba6c523cb5be6b9092855 (mqtt-client-project-1.15) CVE-2019-0221 (The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 ...) {DSA-4596-1 DLA-1883-1 DLA-1810-1} - tomcat9 9.0.16-4 (bug #929895) - tomcat8 - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: affects debug channel, unlikely to be present in production websites: NOTE: https://mail-archives.apache.org/mod_mbox/www-announce/201905.mbox/%3Cb1905aa6-f340-8d0b-58c4-8ac3ebcbfa54@apache.org%3E NOTE: https://github.com/apache/tomcat/commit/15fcd16 (9.0.19) NOTE: https://github.com/apache/tomcat/commit/4fcdf70 (8.5.39) NOTE: https://github.com/apache/tomcat/commit/44ec74c (7.0.93) CVE-2019-0220 (A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When ...) {DSA-4422-1 DLA-1748-1} - apache2 2.4.38-3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220 NOTE: https://svn.apache.org/r1855737 NOTE: https://svn.apache.org/r1855751 CVE-2019-0219 (A website running in the InAppBrowser webview on Android could execute ...) NOT-FOR-US: Apache Cordova CVE-2019-0218 (A vulnerability was discovered wherein a specially crafted URL could e ...) NOT-FOR-US: Apache Pony Mail CVE-2019-0217 (In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition i ...) {DSA-4422-1 DLA-1748-1} - apache2 2.4.38-3 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217 NOTE: https://svn.apache.org/r1855298 CVE-2019-0216 (A malicious admin user could edit the state of objects in the Airflow ...) - airflow (bug #819700) CVE-2019-0215 (In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl ...) - apache2 2.4.38-3 [stretch] - apache2 (Vulnerable code introduced later) [jessie] - apache2 (Vulnerable code introduced later) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0215 CVE-2019-0214 (In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the ...) NOT-FOR-US: Apache Archiva CVE-2019-0213 (In Apache Archiva before 2.2.4, it may be possible to store malicious ...) NOT-FOR-US: Apache Archiva CVE-2019-0212 (In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1 ...) NOT-FOR-US: Apache HBase CVE-2019-0211 (In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, w ...) {DSA-4422-1} - apache2 2.4.38-3 [jessie] - apache2 (Vulnerable code introduced later) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211 NOTE: https://svn.apache.org/r1855378 CVE-2019-0210 (In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJS ...) [experimental] - thrift 0.13.0-1 - thrift 0.13.0-2 [buster] - thrift (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/2 NOTE: https://github.com/apache/thrift/commit/264a3f318ed3e9e51573f67f963c8509786bcec2 CVE-2019-0209 REJECTED CVE-2019-0208 REJECTED CVE-2019-0207 (Tapestry processes assets `/assets/ctx` using classes chain `StaticFil ...) NOT-FOR-US: Apache Tapestry CVE-2019-0206 REJECTED CVE-2019-0205 (In Apache Thrift all versions up to and including 0.12.0, a server or ...) [experimental] - thrift 0.13.0-1 - thrift 0.13.0-2 [buster] - thrift (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2019/10/17/1 CVE-2019-0204 (A specifically crafted Docker image running under the root user can ov ...) - apache-mesos (bug #760315) CVE-2019-0203 (In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12 ...) {DSA-4490-1 DLA-1903-1} - subversion 1.10.6-1 NOTE: https://subversion.apache.org/security/CVE-2019-0203-advisory.txt CVE-2019-0202 (The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to ...) NOT-FOR-US: Apache Storm CVE-2019-0201 (An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alph ...) {DSA-4461-1 DLA-1801-1} - zookeeper 3.4.13-2 (bug #929283) NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1392 NOTE: Patch (3.4 branch): https://gitbox.apache.org/repos/asf?p=zookeeper.git;a=commit;h=5ff19e3672987bdde2843a3f031e2bf0010e35f1 CVE-2019-0200 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ve ...) - qpid-java (bug #840131) CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5. ...) {DSA-4596-1} - tomcat9 9.0.16-1 - tomcat8 8.5.38-1 [jessie] - tomcat8 (HTTP/2 support not implemented) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693325 NOTE: When fixing this issue make sure to fix it completely to not open CVE-2019-10072. CVE-2019-0198 REJECTED CVE-2019-0197 (A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When ...) - apache2 2.4.38-3 [stretch] - apache2 (Vulnerable code introduced later) [jessie] - apache2 (Vulnerable code introduced later) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0197 CVE-2019-0196 (A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Usin ...) {DSA-4422-1} - apache2 2.4.38-3 [jessie] - apache2 (Vulnerable code introduced later) NOTE: HTTP/2 support introduced in 2.4.17 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0196 NOTE: https://svn.apache.org/r1852989 CVE-2019-0195 (Manipulating classpath asset file URLs, an attacker could guess the pa ...) NOT-FOR-US: Apache Tapestry CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 ...) NOT-FOR-US: Apache Camel CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module ...) {DLA-2327-1 DLA-1954-1} - lucene-solr 3.6.2+dfsg-22 (low) [buster] - lucene-solr 3.6.2+dfsg-20+deb10u2 NOTE: https://issues.apache.org/jira/browse/SOLR-13669 NOTE: upstream recommends everybody upgrade or rework their configuration NOTE: consider backporting enable.dih.dataConfigParam instead: NOTE: https://github.com/apache/lucene-solr/commit/325824cd391c8e71f36f17d687f52344e50e9715 CVE-2019-0192 (In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config ...) - lucene-solr (vulnerable code is not present) NOTE: https://issues.apache.org/jira/browse/SOLR-13301 CVE-2019-0191 (Apache Karaf kar deployer reads .kar archives and extracts the paths f ...) - apache-karaf (bug #881297) CVE-2019-0190 (A bug exists in the way mod_ssl handled client renegotiations. A remot ...) - apache2 2.4.38-1 (bug #920220) [stretch] - apache2 (Only affects 2.4.37) [jessie] - apache2 (Only affects 2.4.37) NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/4 CVE-2019-0189 (The java.io.ObjectInputStream is known to cause Java serialisation iss ...) NOT-FOR-US: Apache OFBiz CVE-2019-0188 (Apache Camel prior to 2.24.0 contains an XML external entity injection ...) NOT-FOR-US: Apache Camel CVE-2019-0187 (Unauthenticated RCE is possible when JMeter is used in distributed mod ...) - jakarta-jmeter [bullseye] - jakarta-jmeter (Minor issue) [buster] - jakarta-jmeter (Minor issue) [stretch] - jakarta-jmeter (Minor issue) [jessie] - jakarta-jmeter (Minor issue) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62743 CVE-2019-0186 (The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 an ...) NOT-FOR-US: Apache Pluto "Chat Room" demo portlet CVE-2019-0185 (Insufficient access control in protected memory subsystem for SMM for ...) NOT-FOR-US: Intel CVE-2019-0184 (Insufficient access control in protected memory subsystem for Intel(R) ...) NOT-FOR-US: Intel CVE-2019-0183 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-0182 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-0181 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-0180 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-0179 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-0178 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-0177 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-0176 RESERVED CVE-2019-0175 (Insufficient password protection in the attestation database for Open ...) NOT-FOR-US: Open CIT CVE-2019-0174 (Logic condition in specific microprocessors may allow an authenticated ...) NOT-FOR-US: RamBleed hardware vulnerability NOTE: https://rambleed.com/ CVE-2019-0173 (Authentication bypass in the web console for Intel(R) Raid Web Console ...) NOT-FOR-US: Intel CVE-2019-0172 (A logic issue in Intel Unite(R) Client for Android prior to version 4. ...) NOT-FOR-US: Intel Unite(R) Client for Android CVE-2019-0171 (Improper directory permissions in the installer for Intel(R) Quartus(R ...) NOT-FOR-US: Intel CVE-2019-0170 (Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 ma ...) NOT-FOR-US: Intel(R) DAL CVE-2019-0169 (Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 1 ...) NOT-FOR-US: Intel CVE-2019-0168 (Insufficient input validation in the subsystem for Intel(R) CSME befor ...) NOT-FOR-US: Intel CVE-2019-0167 RESERVED CVE-2019-0166 (Insufficient input validation in the subsystem for Intel(R) AMT before ...) NOT-FOR-US: Intel CVE-2019-0165 (Insufficient Input validation in the subsystem for Intel(R) CSME befor ...) NOT-FOR-US: Intel CVE-2019-0164 (Improper permissions in the installer for Intel(R) Turbo Boost Max Tec ...) NOT-FOR-US: installer for Intel(R) Turbo Boost Max Technology driver CVE-2019-0163 (Insufficient input validation in system firmware for Intel(R) Broadwel ...) NOT-FOR-US: Intel CVE-2019-0162 (Memory access in virtual memory mapping for some microprocessors may a ...) NOT-FOR-US: F5 CVE-2019-0161 (Stack overflow in XHCI for EDK II may allow an unauthenticated user to ...) {DLA-2645-1} - edk2 0~20180803.dd4cae4d-1 (low) [jessie] - edk2 (non-free) NOTE: https://github.com/tianocore/edk2/commit/acebdf14c985c5c9f50b37ece0b15ada87767359 NOTE: https://github.com/tianocore/edk2/commit/72750e3bf9174f15c17e78f0f117b5e7311bb49f CVE-2019-0160 (Buffer overflow in system firmware for EDK II may allow unauthenticate ...) - edk2 0~20181115.85588389-1 (low) [stretch] - edk2 (vulnerable code is not present) [jessie] - edk2 (non-free) NOTE: https://github.com/tianocore/edk2/commit/4df8f5bfa28b8b881e506437e8f08d92c1a00370 NOTE: https://github.com/tianocore/edk2/commit/b9ae1705adfdd43668027a25a2b03c2e81960219 NOTE: https://github.com/tianocore/edk2/commit/5c0748f43f4e1cc15fdd0be64a764eacd7df92f6 NOTE: https://github.com/tianocore/edk2/commit/89f75aa04a97293a8ed9db2a90851a5053730cf5 NOTE: https://github.com/tianocore/edk2/commit/3b30351b75d70ea65701ac999875fbb81a89a5ca CVE-2019-0159 (Insufficient memory protection in the Linux Administrative Tools for I ...) NOT-FOR-US: Linux Administrative Tools for Intel Network Adapters CVE-2019-0158 (Insufficient path checking in the installation package for Intel(R) Gr ...) NOT-FOR-US: Intel CVE-2019-0157 (Insufficient input validation in the Intel(R) SGX driver for Linux may ...) NOT-FOR-US: Intel CVE-2019-0156 RESERVED CVE-2019-0155 (Insufficient access control in a subsystem for Intel (R) processor gra ...) {DSA-4564-1 DLA-1990-1} - linux 5.3.9-2 [jessie] - linux (Driver doesn't support this hardware) CVE-2019-0154 (Insufficient access control in subsystem for Intel (R) processor graph ...) {DSA-4564-1 DLA-1990-1 DLA-1989-1} - linux 5.3.9-2 CVE-2019-0153 (Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 m ...) NOT-FOR-US: Intel(R) CSME CVE-2019-0152 (Insufficient memory protection in System Management Mode (SMM) and Int ...) NOT-FOR-US: Intel CVE-2019-0151 (Insufficient memory protection in Intel(R) TXT for certain Intel(R) Co ...) NOT-FOR-US: Intel CVE-2019-0150 (Insufficient access control in firmware Intel(R) Ethernet 700 Series C ...) NOT-FOR-US: Intel firmware for Ethernet 700 Series CVE-2019-0149 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...) - linux 5.2.6-1 [buster] - linux 4.19.146-1 NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html CVE-2019-0148 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...) - linux 5.2.6-1 [buster] - linux 4.19.146-1 NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html CVE-2019-0147 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...) - linux 5.2.6-1 [buster] - linux 4.19.146-1 NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html CVE-2019-0146 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...) - linux 5.2.6-1 [buster] - linux 4.19.146-1 NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html CVE-2019-0145 (Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Contro ...) - linux 5.2.6-1 [buster] - linux 4.19.146-1 NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html CVE-2019-0144 (Unhandled exception in firmware for Intel(R) Ethernet 700 Series Contr ...) NOT-FOR-US: Intel firmware for Ethernet 700 Series CVE-2019-0143 (Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 S ...) NOT-FOR-US: Windows driver for Intel Ethernet 700 Series CVE-2019-0142 (Insufficient access control in ilp60x64.sys driver for Intel(R) Ethern ...) NOT-FOR-US: ilp60x64.sys driver for Intel CVE-2019-0141 REJECTED CVE-2019-0140 (Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controlle ...) NOT-FOR-US: Intel firmware for Ethernet 700 Series CVE-2019-0139 (Insufficient access control in firmware for Intel(R) Ethernet 700 Seri ...) NOT-FOR-US: Intel firmware for Ethernet 700 Series CVE-2019-0138 (Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.1 ...) NOT-FOR-US: Intel(R) ACU Wizard CVE-2019-0137 RESERVED CVE-2019-0136 (Insufficient access control in the Intel(R) PROSet/Wireless WiFi Softw ...) {DLA-2114-1 DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/79c92ca42b5a3e0ea172ea2ce8df8e125af237da NOTE: https://git.kernel.org/linus/588f7d39b3592a36fb7702ae3b8bdd9be4621e2f CVE-2019-0135 (Improper permissions in the installer for Intel(R) Accelerated Storage ...) NOT-FOR-US: Intel CVE-2019-0134 (Improper permissions in the Intel(R) Dynamic Platform and Thermal Fram ...) NOT-FOR-US: Intel CVE-2019-0133 RESERVED CVE-2019-0132 (Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may ...) NOT-FOR-US: Intel Unite(R) Client CVE-2019-0131 (Insufficient input validation in subsystem in Intel(R) AMT before vers ...) NOT-FOR-US: Intel CVE-2019-0130 (Reflected XSS in web interface for Intel(R) Accelerated Storage Manage ...) NOT-FOR-US: Intel CVE-2019-0129 (Improper permissions for Intel(R) USB 3.0 Creator Utility all versions ...) NOT-FOR-US: Intel CVE-2019-0128 (Improper permissions in the installer for Intel(R) Chipset Device Soft ...) NOT-FOR-US: Intel CVE-2019-0127 (Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and bef ...) NOT-FOR-US: Intel CVE-2019-0126 (Insufficient access control in silicon reference firmware for Intel(R) ...) NOT-FOR-US: Intel CVE-2019-0125 RESERVED CVE-2019-0124 (Insufficient memory protection in Intel(R) 6th Generation Core Process ...) NOT-FOR-US: Intel CVE-2019-0123 (Insufficient memory protection in Intel(R) 6th Generation Core Process ...) NOT-FOR-US: Intel CVE-2019-0122 (Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel ...) NOT-FOR-US: Intel CVE-2019-0121 (Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and ...) NOT-FOR-US: Intel CVE-2019-0120 (Insufficient key protection vulnerability in silicon reference firmwar ...) NOT-FOR-US: Intel CVE-2019-0119 (Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) ...) NOT-FOR-US: Intel CVE-2019-0118 RESERVED CVE-2019-0117 (Insufficient access control in protected memory subsystem for Intel(R) ...) NOT-FOR-US: Intel SGX vulnerabilities NOTE: Fixes included in intel-microcode/3.20191112.1 CVE-2019-0116 (An out of bound read in KMD module for Intel(R) Graphics Driver before ...) NOT-FOR-US: Intel CVE-2019-0115 (Insufficient input validation in KMD module for Intel(R) Graphics Driv ...) NOT-FOR-US: Intel CVE-2019-0114 (A race condition in Intel(R) Graphics Drivers before version 10.18.14. ...) NOT-FOR-US: Intel CVE-2019-0113 (Insufficient bounds checking in Intel(R) Graphics Drivers before versi ...) NOT-FOR-US: Intel CVE-2019-0112 (Improper flow control in crypto routines for Intel(R) Data Center Mana ...) NOT-FOR-US: Intel CVE-2019-0111 (Improper file permissions for Intel(R) Data Center Manager SDK before ...) NOT-FOR-US: Intel CVE-2019-0110 (Insufficient key management for Intel(R) Data Center Manager SDK befor ...) NOT-FOR-US: Intel CVE-2019-0109 (Improper folder permissions in Intel(R) Data Center Manager SDK before ...) NOT-FOR-US: Intel CVE-2019-0108 (Improper file permissions for Intel(R) Data Center Manager SDK before ...) NOT-FOR-US: Intel CVE-2019-0107 (Insufficient user prompt in install routine for Intel(R) Data Center M ...) NOT-FOR-US: Intel CVE-2019-0106 (Insufficient run protection in install routine for Intel(R) Data Cente ...) NOT-FOR-US: Intel CVE-2019-0105 (Insufficient file permissions checking in install routine for Intel(R) ...) NOT-FOR-US: Intel CVE-2019-0104 (Insufficient file protection in uninstall routine for Intel(R) Data Ce ...) NOT-FOR-US: Intel CVE-2019-0103 (Insufficient file protection in install routine for Intel(R) Data Cent ...) NOT-FOR-US: Intel CVE-2019-0102 (Insufficient session authentication in web server for Intel(R) Data Ce ...) NOT-FOR-US: Intel CVE-2019-0101 (Authentication bypass in the Intel Unite(R) solution versions 3.2 thro ...) NOT-FOR-US: Intel CVE-2019-0100 RESERVED CVE-2019-0099 (Insufficient access control vulnerability in subsystem in Intel(R) SPS ...) NOT-FOR-US: Intel CVE-2019-0098 (Logic bug vulnerability in subsystem for Intel(R) CSME before version ...) NOT-FOR-US: Intel CVE-2019-0097 (Insufficient input validation vulnerability in subsystem for Intel(R) ...) NOT-FOR-US: Intel CVE-2019-0096 (Out of bound write vulnerability in subsystem for Intel(R) AMT before ...) NOT-FOR-US: Intel CVE-2019-0095 RESERVED CVE-2019-0094 (Insufficient input validation vulnerability in subsystem for Intel(R) ...) NOT-FOR-US: Intel CVE-2019-0093 (Insufficient data sanitization vulnerability in HECI subsystem for Int ...) NOT-FOR-US: Intel CVE-2019-0092 (Insufficient input validation vulnerability in subsystem for Intel(R) ...) NOT-FOR-US: Intel CVE-2019-0091 (Code injection vulnerability in installer for Intel(R) CSME before ver ...) NOT-FOR-US: Intel CVE-2019-0090 (Insufficient access control vulnerability in subsystem for Intel(R) CS ...) NOT-FOR-US: Intel CVE-2019-0089 (Improper data sanitization vulnerability in subsystem in Intel(R) SPS ...) NOT-FOR-US: Intel CVE-2019-0088 (Insufficient path checking in Intel(R) System Support Utility for Wind ...) NOT-FOR-US: Intel CVE-2019-0087 RESERVED CVE-2019-0086 (Insufficient access control vulnerability in Dynamic Application Loade ...) NOT-FOR-US: Intel CVE-2019-0085 RESERVED CVE-2019-0084 RESERVED CVE-2019-0083 RESERVED CVE-2019-0082 RESERVED CVE-2019-0081 RESERVED CVE-2019-0080 RESERVED CVE-2019-0079 RESERVED CVE-2019-0078 RESERVED CVE-2019-0077 RESERVED CVE-2019-0076 RESERVED CVE-2019-0075 (A vulnerability in the srxpfe process on Protocol Independent Multicas ...) NOT-FOR-US: Juniper CVE-2019-0074 (A path traversal vulnerability in NFX150 Series and QFX10K Series, EX9 ...) NOT-FOR-US: Juniper CVE-2019-0073 (The PKI keys exported using the command "run request security pki key- ...) NOT-FOR-US: Juniper CVE-2019-0072 (An Unprotected Storage of Credentials vulnerability in the identity an ...) NOT-FOR-US: Juniper CVE-2019-0071 (Veriexec is a kernel-based file integrity subsystem in Junos OS that e ...) NOT-FOR-US: Juniper CVE-2019-0070 (An Improper Input Validation weakness allows a malicious local attacke ...) NOT-FOR-US: Juniper CVE-2019-0069 (On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 ...) NOT-FOR-US: Juniper CVE-2019-0068 (The SRX flowd process, responsible for packet forwarding, may crash an ...) NOT-FOR-US: Juniper CVE-2019-0067 (Receipt of a specific link-local IPv6 packet destined to the RE may ca ...) NOT-FOR-US: Juniper CVE-2019-0066 (An unexpected status return value weakness in the Next-Generation Mult ...) NOT-FOR-US: Juniper CVE-2019-0065 (On MX Series, when the SIP ALG is enabled, receipt of a certain malfor ...) NOT-FOR-US: Juniper CVE-2019-0064 (On SRX5000 Series devices, if 'set security zones security-zone <zo ...) NOT-FOR-US: Juniper CVE-2019-0063 (When an MX Series Broadband Remote Access Server (BRAS) is configured ...) NOT-FOR-US: Juniper CVE-2019-0062 (A session fixation vulnerability in J-Web on Junos OS may allow an att ...) NOT-FOR-US: Juniper CVE-2019-0061 (The management daemon (MGD) is responsible for all configuration and m ...) NOT-FOR-US: Juniper CVE-2019-0060 (The flowd process, responsible for forwarding traffic in SRX Series se ...) NOT-FOR-US: Juniper CVE-2019-0059 (A memory leak vulnerability in the of Juniper Networks Junos OS allows ...) NOT-FOR-US: Juniper CVE-2019-0058 (A vulnerability in the Veriexec subsystem of Juniper Networks Junos OS ...) NOT-FOR-US: Juniper CVE-2019-0057 (An improper authorization weakness in Juniper Networks Junos OS allows ...) NOT-FOR-US: Juniper CVE-2019-0056 (This issue only affects devices with three (3) or more MPC10's install ...) NOT-FOR-US: Juniper CVE-2019-0055 (A vulnerability in the SIP ALG packet processing service of Juniper Ne ...) NOT-FOR-US: Juniper CVE-2019-0054 (An Improper Certificate Validation weakness in the SRX Series Applicat ...) NOT-FOR-US: Juniper CVE-2019-0053 (Insufficient validation of environment variables in the telnet client ...) - socks4-server (low) [buster] - socks4-server (Minor issue) [stretch] - socks4-server (Minor issue) - inetutils 2:1.9.4-11 (low; bug #945861) [buster] - inetutils (Minor issue) [stretch] - inetutils (Minor issue) [jessie] - inetutils (Minor issue) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc NOTE: https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt NOTE: https://www.openwall.com/lists/oss-security/2018/12/14/8 NOTE: Additional patch to fix infinite loop causing stack exhaustion (but not NOTE: directly covered by this CVE applied in inetutils/2:2.2-2): NOTE: https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/diff/?id=0d246b17e51060daac8a26848a8d9e5722fcca24 CVE-2019-0052 (The srxpfe process may crash on SRX Series services gateways when the ...) NOT-FOR-US: Juniper CVE-2019-0051 (SSL-Proxy feature on SRX devices fails to handle a hardware resource l ...) NOT-FOR-US: Juniper CVE-2019-0050 (Under certain heavy traffic conditions srxpfe process can crash and re ...) NOT-FOR-US: Juniper CVE-2019-0049 (On Junos devices with the BGP graceful restart helper mode enabled or ...) NOT-FOR-US: Juniper CVE-2019-0048 (On EX4300 Series switches with TCAM optimization enabled, incoming mul ...) NOT-FOR-US: Juniper CVE-2019-0047 (A persistent Cross-Site Scripting (XSS) vulnerability in Junos OS J-We ...) NOT-FOR-US: Juniper CVE-2019-0046 (A vulnerability in the pfe-chassisd Chassis Manager (CMLC) daemon of J ...) NOT-FOR-US: Juniper CVE-2019-0045 RESERVED CVE-2019-0044 (Receipt of a specific packet on the out-of-band management interface f ...) NOT-FOR-US: Juniper CVE-2019-0043 (In MPLS environments, receipt of a specific SNMP packet may cause the ...) NOT-FOR-US: Juniper CVE-2019-0042 (Juniper Identity Management Service (JIMS) for Windows versions prior ...) NOT-FOR-US: Juniper CVE-2019-0041 (On EX4300-MP Series devices with any lo0 filters applied, transit netw ...) NOT-FOR-US: Juniper CVE-2019-0040 (On Junos OS, rpcbind should only be listening to port 111 on the inter ...) NOT-FOR-US: Juniper CVE-2019-0039 (If REST API is enabled, the Junos OS login credentials are vulnerable ...) NOT-FOR-US: Juniper CVE-2019-0038 (Crafted packets destined to the management interface (fxp0) of an SRX3 ...) NOT-FOR-US: Juniper CVE-2019-0037 (In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environmen ...) NOT-FOR-US: Juniper CVE-2019-0036 (When configuring a stateless firewall filter in Junos OS, terms named ...) NOT-FOR-US: Juniper CVE-2019-0035 (When "set system ports console insecure" is enabled, root login is dis ...) NOT-FOR-US: Juniper CVE-2019-0034 REJECTED CVE-2019-0033 (A firewall bypass vulnerability in the proxy ARP service of Juniper Ne ...) NOT-FOR-US: Juniper CVE-2019-0032 (A password management issue exists where the Organization authenticati ...) NOT-FOR-US: Juniper CVE-2019-0031 (Specific IPv6 DHCP packets received by the jdhcpd daemon will cause a ...) NOT-FOR-US: Juniper CVE-2019-0030 (Juniper ATP uses DES and a hardcoded salt for password hashing, allowi ...) NOT-FOR-US: Juniper CVE-2019-0029 (Juniper ATP Series Splunk credentials are logged in a file readable by ...) NOT-FOR-US: Juniper CVE-2019-0028 (On Junos devices with the BGP graceful restart helper mode enabled or ...) NOT-FOR-US: Juniper CVE-2019-0027 (A persistent cross-site scripting (XSS) vulnerability in the Snort Rul ...) NOT-FOR-US: Juniper CVE-2019-0026 (A persistent cross-site scripting (XSS) vulnerability in the Zone conf ...) NOT-FOR-US: Juniper CVE-2019-0025 (A persistent cross-site scripting (XSS) vulnerability in RADIUS config ...) NOT-FOR-US: Juniper CVE-2019-0024 (A persistent cross-site scripting (XSS) vulnerability in the Email Col ...) NOT-FOR-US: Juniper CVE-2019-0023 (A persistent cross-site scripting (XSS) vulnerability in the Golden VM ...) NOT-FOR-US: Juniper CVE-2019-0022 (Juniper ATP ships with hard coded credentials in the Cyphort Core inst ...) NOT-FOR-US: Juniper CVE-2019-0021 (On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are l ...) NOT-FOR-US: Juniper CVE-2019-0020 (Juniper ATP ships with hard coded credentials in the Web Collector ins ...) NOT-FOR-US: Juniper CVE-2019-0019 (When BGP tracing is enabled an incoming BGP message may cause the Juno ...) NOT-FOR-US: Juniper CVE-2019-0018 (A persistent cross-site scripting (XSS) vulnerability in the file uplo ...) NOT-FOR-US: Juniper CVE-2019-0017 (The Junos Space application, which allows Device Image files to be upl ...) NOT-FOR-US: Juniper CVE-2019-0016 (A malicious authenticated user may be able to delete a device from the ...) NOT-FOR-US: Juniper CVE-2019-0015 (A vulnerability in the SRX Series Service Gateway allows deleted dynam ...) NOT-FOR-US: Juniper CVE-2019-0014 (On QFX and PTX Series, receipt of a malformed packet for J-Flow sampli ...) NOT-FOR-US: Juniper CVE-2019-0013 (The routing protocol daemon (RPD) process will crash and restart when ...) NOT-FOR-US: Juniper CVE-2019-0012 (A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Jun ...) NOT-FOR-US: Juniper CVE-2019-0011 (The Junos OS kernel crashes after processing a specific incoming packe ...) NOT-FOR-US: Juniper CVE-2019-0010 (An SRX Series Service Gateway configured for Unified Threat Management ...) NOT-FOR-US: Juniper CVE-2019-0009 (On EX2300 and EX3400 series, high disk I/O operations may disrupt the ...) NOT-FOR-US: Juniper CVE-2019-0008 (A certain sequence of valid BGP or IPv6 BFD packets may trigger a stac ...) NOT-FOR-US: Juniper CVE-2019-0007 (The vMX Series software uses a predictable IP ID Sequence Number. This ...) NOT-FOR-US: Juniper CVE-2019-0006 (A certain crafted HTTP packet can trigger an uninitialized function po ...) NOT-FOR-US: Juniper CVE-2019-0005 (On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter con ...) NOT-FOR-US: Juniper CVE-2019-0004 (On Juniper ATP, the API key and the device key are logged in a file re ...) NOT-FOR-US: Juniper CVE-2019-0003 (When a specific BGP flowspec configuration is enabled and upon receipt ...) NOT-FOR-US: Juniper CVE-2019-0002 (On EX2300 and EX3400 series, stateless firewall filter configuration t ...) NOT-FOR-US: Juniper CVE-2019-0001 (Receipt of a malformed packet on MX Series devices with dynamic vlan c ...) NOT-FOR-US: Juniper CVE-2019-19920 (sa-exim 4.2.1 allows attackers to execute arbitrary code if they can w ...) {DLA-2062-1} - sa-exim 4.2.1-19 (bug #947198) [buster] - sa-exim (Minor issue; can be fixed via point release) [stretch] - sa-exim (Minor issue; can be fixed via point release) NOTE: https://bugs.debian.org/946829#24 NOTE: https://marc.info/?l=spamassassin-users&m=157668107325768&w=2 NOTE: https://marc.info/?l=spamassassin-users&m=157668305026635&w=2 NOTE: The issue is "effectively" mitigating due to the CVE-2018-11805 fix in NOTE: spamassassin, making the Greylisting.pm non-functional (and so a functional NOTE: regression as well as tracked in #946829). The security implications are NOTE: as well documented in /usr/share/doc/sa-exim/README.greylisting.gz