Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
67a2bcc0 by security tracker role at 2019-10-16T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS via
HtmlResponseMessage in t ...)
+ TODO: check
+CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which
leads to a c ...)
+ TODO: check
+CVE-2019-17661
+ RESERVED
+CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in
admin/translate/translat ...)
+ TODO: check
+CVE-2019-17659
+ RESERVED
+CVE-2019-17658
+ RESERVED
+CVE-2019-17657
+ RESERVED
+CVE-2019-17656
+ RESERVED
+CVE-2019-17655
+ RESERVED
+CVE-2019-17654
+ RESERVED
+CVE-2019-17653
+ RESERVED
+CVE-2019-17652
+ RESERVED
+CVE-2019-17651
+ RESERVED
+CVE-2019-17650
+ RESERVED
+CVE-2019-17649
+ RESERVED
+CVE-2019-17648
+ RESERVED
+CVE-2019-17647
+ RESERVED
+CVE-2019-17646
+ RESERVED
+CVE-2019-17645
+ RESERVED
+CVE-2019-17644
+ RESERVED
+CVE-2019-17643
+ RESERVED
+CVE-2019-17642
+ RESERVED
+CVE-2019-17641
+ RESERVED
+CVE-2019-17640
+ RESERVED
+CVE-2019-17639
+ RESERVED
+CVE-2019-17638
+ RESERVED
+CVE-2019-17637
+ RESERVED
+CVE-2019-17636
+ RESERVED
+CVE-2019-17635
+ RESERVED
+CVE-2019-17634
+ RESERVED
+CVE-2019-17633
+ RESERVED
+CVE-2019-17632
+ RESERVED
+CVE-2019-17631
+ RESERVED
+CVE-2019-17630 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin
via a cra ...)
+ TODO: check
+CVE-2019-17629 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin
via a cra ...)
+ TODO: check
+CVE-2019-17628
+ RESERVED
+CVE-2019-17627 (The Yale Bluetooth Key application for mobile devices allows
unauthori ...)
+ TODO: check
+CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because
of toCol ...)
+ TODO: check
+CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code
execution. ...)
+ TODO: check
+CVE-2019-17624 (In X.Org X Server 1.20.4, there is a stack-based buffer
overflow in th ...)
+ TODO: check
+CVE-2019-17623
+ RESERVED
+CVE-2019-17622
+ RESERVED
CVE-2019-XXXX [WordPress 5.2.4 Security Release]
- wordpress <unfixed> (bug #942459)
NOTE:
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
@@ -104,12 +188,12 @@ CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL
Injection in admin.php.
NOT-FOR-US: tonyy dormsystem
CVE-2019-17579 (SonarSource SonarQube before 7.8 has XSS in project links on
account/p ...)
NOT-FOR-US: SonarSource SonarQube
-CVE-2019-17578
- RESERVED
-CVE-2019-17577
- RESERVED
-CVE-2019-17576
- RESERVED
+CVE-2019-17578 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the
"outgoi ...)
+ TODO: check
+CVE-2019-17577 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the
"outgoi ...)
+ TODO: check
+CVE-2019-17576 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the
"outgoi ...)
+ TODO: check
CVE-2019-17575 (A file-rename filter bypass exists in admin/media/rename.php
in WBCE C ...)
NOT-FOR-US: WBCE CMS
CVE-2019-17574 (An issue was discovered in the Popup Maker plugin before
1.8.13 for Wo ...)
@@ -352,8 +436,8 @@ CVE-2019-17514 (library/glob.html in the Python 2 and 3
documentation before 201
NOT-FOR-US: Non-actionable CVE assignment for Python docs
CVE-2019-17513
RESERVED
-CVE-2019-17512
- RESERVED
+CVE-2019-17512 (There are some web interfaces without authentication
requirements on D ...)
+ TODO: check
CVE-2019-17511 (There are some web interfaces without authentication
requirements on D ...)
NOT-FOR-US: D-Link
CVE-2019-17510 (D-Link DIR-846 devices with firmware 100A35 allow remote
attackers to ...)
@@ -532,7 +616,7 @@ CVE-2019-17450 (find_abstract_instance in dwarf2.c in the
Binary File Descriptor
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25078
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79281f33fd33f0964541a73511b9e2b
NOTE: binutils not covered by security support
-CVE-2019-17449 (Avira Software Updater before 2.0.6.21094 allows a DLL
side-loading at ...)
+CVE-2019-17449 (** DISPUTED ** Avira Software Updater before 2.0.6.21094
allows a DLL ...)
NOT-FOR-US: Avira Software Updater
CVE-2019-17448
RESERVED
@@ -558,10 +642,10 @@ CVE-2019-17438
RESERVED
CVE-2019-17437
RESERVED
-CVE-2019-17436
- RESERVED
-CVE-2019-17435
- RESERVED
+CVE-2019-17436 (A Local Privilege Escalation vulnerability exists in
GlobalProtect Age ...)
+ TODO: check
+CVE-2019-17435 (A Local Privilege Escalation vulnerability exists in the
GlobalProtect ...)
+ TODO: check
CVE-2019-17434 (LavaLite through 5.7 has XSS via a crafted account name that
is mishan ...)
NOT-FOR-US: LavaLite
CVE-2019-17433 (z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the
Roles s ...)
@@ -2330,12 +2414,12 @@ CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote
attackers to execute arbit
NOT-FOR-US: Integard Pro
CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code
Injection vi ...)
NOT-FOR-US: pfSense
-CVE-2019-16700
- RESERVED
-CVE-2019-16699
- RESERVED
-CVE-2019-16698
- RESERVED
+CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension
through 3.0.2 ...)
+ TODO: check
+CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below
and 2.5 ...)
+ TODO: check
+CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for
TYPO3 ha ...)
+ TODO: check
CVE-2019-16697
RESERVED
CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the
app/admin/custom-fields/edit. ...)
@@ -2366,8 +2450,8 @@ CVE-2019-16684 (An issue was discovered in the
image-manager in Xoops 2.5.10. Wh
NOT-FOR-US: Xoops
CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10.
When the ...)
NOT-FOR-US: Xoops
-CVE-2019-16682
- RESERVED
+CVE-2019-16682 (The url_redirect (aka URL redirect) extension through 1.2.1
for TYPO3 ...)
+ TODO: check
CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely
established ...)
NOT-FOR-US: Mastodon
CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports
com.traveloka.and ...)
@@ -2784,17 +2868,13 @@ CVE-2019-16525 (An XSS issue was discovered in the
checklist plugin before 1.1.9
NOT-FOR-US: checklist plugin for WordPress
CVE-2019-16524 (The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy
FancyBo ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16523
- RESERVED
+CVE-2019-16523 (The events-manager plugin through 5.9.5 for WordPress (aka
Events Mana ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16522
- RESERVED
+CVE-2019-16522 (The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU
Cookie La ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16521
- RESERVED
+CVE-2019-16521 (The broken-link-checker plugin through 1.11.8 for WordPress
(aka Broke ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16520
- RESERVED
+CVE-2019-16520 (The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka
All in ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local
attacker to exe ...)
NOT-FOR-US: ESET Cyber Security
@@ -3692,22 +3772,29 @@ CVE-2019-16224 (An issue was discovered in py-lmdb
0.97. For certain values of m
NOTE: No real security issue in py-lmdb and disputed (MITRE contacted).
If at all
NOTE: then issues in underlying library but cf.
https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by
authenticated us ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16222 (WordPress before 5.2.3 has an issue with URL sanitization in
wp_kses_b ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45997
NOTE:
https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
CVE-2019-16221 (WordPress before 5.2.3 allows reflected XSS in the dashboard.
...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16220 (In WordPress before 5.2.3, validation and sanitization of a
URL in wp_ ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45971
NOTE:
https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28
CVE-2019-16219 (WordPress before 5.2.3 allows XSS in shortcode previews. ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16218 (WordPress before 5.2.3 allows XSS in stored comments. ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because
wp_ajax_upl ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45936
CVE-2019-16216 (Zulip server before 2.0.5 incompletely validated the MIME
types of upl ...)
@@ -4326,8 +4413,8 @@ CVE-2019-15964
RESERVED
CVE-2019-15963
RESERVED
-CVE-2019-15962
- RESERVED
+CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
+ TODO: check
CVE-2019-15961
RESERVED
CVE-2019-15960
@@ -4543,8 +4630,8 @@ CVE-2019-15895 (search-exclude.php in the "Search
Exclude" plugin before 1.2.4 f
NOT-FOR-US: "Search Exclude" plugin for WordPress
CVE-2019-15894 (An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x
through 3.0.9, ...)
NOT-FOR-US: Espressif
-CVE-2019-15893
- RESERVED
+CVE-2019-15893 (Sonatype Nexus Repository Manager 2.x before 2.14.15 allows
Remote Cod ...)
+ TODO: check
CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x
through 3. ...)
NOT-FOR-US: CKFinder
CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in
ip_reas ...)
@@ -6229,58 +6316,58 @@ CVE-2019-15284
RESERVED
CVE-2019-15283
RESERVED
-CVE-2019-15282
- RESERVED
-CVE-2019-15281
- RESERVED
-CVE-2019-15280
- RESERVED
+CVE-2019-15282 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2019-15281 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2019-15280 (A vulnerability in the web-based management interface of Cisco
Firepow ...)
+ TODO: check
CVE-2019-15279
RESERVED
CVE-2019-15278
RESERVED
-CVE-2019-15277
- RESERVED
+CVE-2019-15277 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
+ TODO: check
CVE-2019-15276
RESERVED
-CVE-2019-15275
- RESERVED
-CVE-2019-15274
- RESERVED
-CVE-2019-15273
- RESERVED
+CVE-2019-15275 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
+ TODO: check
+CVE-2019-15274 (A vulnerability in the CLI of Cisco TelePresence Collaboration
Endpoin ...)
+ TODO: check
+CVE-2019-15273 (Multiple vulnerabilities in the CLI of Cisco TelePresence
Collaboratio ...)
+ TODO: check
CVE-2019-15272 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
NOT-FOR-US: Cisco
CVE-2019-15271
RESERVED
-CVE-2019-15270
- RESERVED
-CVE-2019-15269
- RESERVED
-CVE-2019-15268
- RESERVED
+CVE-2019-15270 (A vulnerability in the web-based management interface of Cisco
Firepow ...)
+ TODO: check
+CVE-2019-15269 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
+CVE-2019-15268 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
CVE-2019-15267
RESERVED
-CVE-2019-15266
- RESERVED
-CVE-2019-15265
- RESERVED
-CVE-2019-15264
- RESERVED
+CVE-2019-15266 (A vulnerability in the CLI of Cisco Wireless LAN Controller
(WLC) Soft ...)
+ TODO: check
+CVE-2019-15265 (A vulnerability in the bridge protocol data unit (BPDU)
forwarding fun ...)
+ TODO: check
+CVE-2019-15264 (A vulnerability in the Control and Provisioning of Wireless
Access Poi ...)
+ TODO: check
CVE-2019-15263
RESERVED
-CVE-2019-15262
- RESERVED
-CVE-2019-15261
- RESERVED
-CVE-2019-15260
- RESERVED
+CVE-2019-15262 (A vulnerability in the Secure Shell (SSH) session management
for Cisco ...)
+ TODO: check
+CVE-2019-15261 (A vulnerability in the Point-to-Point Tunneling Protocol
(PPTP) VPN pa ...)
+ TODO: check
+CVE-2019-15260 (A vulnerability in Cisco Aironet Access Points (APs) Software
could al ...)
+ TODO: check
CVE-2019-15259 (A vulnerability in Cisco Unified Contact Center Express (UCCX)
Softwar ...)
NOT-FOR-US: Cisco
-CVE-2019-15258
- RESERVED
-CVE-2019-15257
- RESERVED
+CVE-2019-15258 (A vulnerability in the web-based management interface of Cisco
SPA100 ...)
+ TODO: check
+CVE-2019-15257 (A vulnerability in the web-based management interface of Cisco
SPA100 ...)
+ TODO: check
CVE-2019-15256 (A vulnerability in the Internet Key Exchange version 1 (IKEv1)
feature ...)
NOT-FOR-US: Cisco
CVE-2019-15255
@@ -6289,32 +6376,32 @@ CVE-2019-15254
RESERVED
CVE-2019-15253
RESERVED
-CVE-2019-15252
- RESERVED
-CVE-2019-15251
- RESERVED
-CVE-2019-15250
- RESERVED
-CVE-2019-15249
- RESERVED
-CVE-2019-15248
- RESERVED
-CVE-2019-15247
- RESERVED
-CVE-2019-15246
- RESERVED
-CVE-2019-15245
- RESERVED
-CVE-2019-15244
- RESERVED
-CVE-2019-15243
- RESERVED
-CVE-2019-15242
- RESERVED
-CVE-2019-15241
- RESERVED
-CVE-2019-15240
- RESERVED
+CVE-2019-15252 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15251 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15250 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15249 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15248 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15247 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15246 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15245 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15244 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15243 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15242 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15241 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
+CVE-2019-15240 (Multiple vulnerabilities in Cisco SPA100 Series Analog
Telephone Adapt ...)
+ TODO: check
CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9.
There is a u ...)
{DLA-1930-1 DLA-1919-1}
- linux 4.19.37-1
@@ -13867,8 +13954,8 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an
xsl:number with certain forma
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
NOTE:
https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
-CVE-2019-13116
- RESERVED
+CVE-2019-13116 (The MuleSoft Mule runtime engine before 3.8 allows remote
attackers to ...)
+ TODO: check
CVE-2019-13115 (In libssh2 before 1.9.0,
kex_method_diffie_hellman_group_exchange_sha2 ...)
{DLA-1730-3}
- libssh2 <unfixed> (bug #932329)
@@ -15011,8 +15098,8 @@ CVE-2019-12720
RESERVED
CVE-2019-12719
RESERVED
-CVE-2019-12718
- RESERVED
+CVE-2019-12718 (A vulnerability in the web-based interface of Cisco Small
Business Sma ...)
+ TODO: check
CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization
manager ...)
NOT-FOR-US: Cisco
CVE-2019-12716 (A vulnerability in the web-based interface of Cisco Unified
Communicat ...)
@@ -15031,20 +15118,20 @@ CVE-2019-12710 (A vulnerability in the web-based
interface of Cisco Unified Comm
NOT-FOR-US: Cisco
CVE-2019-12709 (A vulnerability in a CLI command related to the virtualization
manager ...)
NOT-FOR-US: Cisco
-CVE-2019-12708
- RESERVED
+CVE-2019-12708 (A vulnerability in the web-based management interface of Cisco
SPA100 ...)
+ TODO: check
CVE-2019-12707 (A vulnerability in the web-based interface of multiple Cisco
Unified C ...)
NOT-FOR-US: Cisco
CVE-2019-12706 (A vulnerability in the Sender Policy Framework (SPF)
functionality of ...)
NOT-FOR-US: Cisco
-CVE-2019-12705
- RESERVED
-CVE-2019-12704
- RESERVED
-CVE-2019-12703
- RESERVED
-CVE-2019-12702
- RESERVED
+CVE-2019-12705 (A vulnerability in the web-based management interface of Cisco
Express ...)
+ TODO: check
+CVE-2019-12704 (A vulnerability in the web-based management interface of Cisco
SPA100 ...)
+ TODO: check
+CVE-2019-12703 (A vulnerability in the web-based management interface of Cisco
SPA122 ...)
+ TODO: check
+CVE-2019-12702 (A vulnerability in the web-based management interface of Cisco
SPA100 ...)
+ TODO: check
CVE-2019-12701 (A vulnerability in the file and malware inspection feature of
Cisco Fi ...)
NOT-FOR-US: Cisco
CVE-2019-12700 (A vulnerability in the configuration of the Pluggable
Authentication M ...)
@@ -15171,12 +15258,12 @@ CVE-2019-12640
RESERVED
CVE-2019-12639
RESERVED
-CVE-2019-12638
- RESERVED
-CVE-2019-12637
- RESERVED
-CVE-2019-12636
- RESERVED
+CVE-2019-12638 (A vulnerability in the web-based management interface of Cisco
Identit ...)
+ TODO: check
+CVE-2019-12637 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
+ TODO: check
+CVE-2019-12636 (A vulnerability in the web-based management interface of Cisco
Small B ...)
+ TODO: check
CVE-2019-12635 (A vulnerability in the authorization module of Cisco Content
Security ...)
NOT-FOR-US: Cisco
CVE-2019-12634 (A vulnerability in the web-based management interface of Cisco
Integra ...)
@@ -18895,8 +18982,8 @@ CVE-2019-11283
RESERVED
CVE-2019-11282
RESERVED
-CVE-2019-11281
- RESERVED
+CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for
PCF, ver ...)
+ TODO: check
CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service
versions ...)
NOT-FOR-US: Pivotal
CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a
client that s ...)
@@ -21027,74 +21114,51 @@ CVE-2019-10460
RESERVED
CVE-2019-10459
RESERVED
-CVE-2019-10458
- RESERVED
+CVE-2019-10458 (Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies
unsafe ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10457
- RESERVED
+CVE-2019-10457 (A missing permission check in Jenkins Oracle Cloud
Infrastructure Comp ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10456
- RESERVED
+CVE-2019-10456 (A cross-site request forgery vulnerability in Jenkins Oracle
Cloud Inf ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10455
- RESERVED
+CVE-2019-10455 (A missing permission check in Jenkins Rundeck Plugin allows
attackers ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10454
- RESERVED
+CVE-2019-10454 (A cross-site request forgery vulnerability in Jenkins Rundeck
Plugin a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10453
- RESERVED
+CVE-2019-10453 (Jenkins Delphix Plugin stores credentials unencrypted in its
global co ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10452
- RESERVED
+CVE-2019-10452 (Jenkins View26 Test-Reporting Plugin stores credentials
unencrypted in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10451
- RESERVED
+CVE-2019-10451 (Jenkins SOASTA CloudTest Plugin stores credentials unencrypted
in its ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10450
- RESERVED
+CVE-2019-10450 (Jenkins ElasticBox CI Plugin stores credentials unencrypted in
the glo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10449
- RESERVED
+CVE-2019-10449 (Jenkins Fortify on Demand Plugin stores credentials
unencrypted in job ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10448
- RESERVED
+CVE-2019-10448 (Jenkins Extensive Testing Plugin stores credentials
unencrypted in job ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10447
- RESERVED
+CVE-2019-10447 (Jenkins Sofy.AI Plugin stores credentials unencrypted in job
config.xm ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10446
- RESERVED
+CVE-2019-10446 (Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled
SSL/TLS and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10445
- RESERVED
+CVE-2019-10445 (A missing permission check in Jenkins Google Kubernetes Engine
Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10444
- RESERVED
+CVE-2019-10444 (Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier
unconditionally disa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10443
- RESERVED
+CVE-2019-10443 (Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials
unencrypt ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10442
- RESERVED
+CVE-2019-10442 (A missing permission check in Jenkins iceScrum Plugin 1.1.5
and earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10441
- RESERVED
+CVE-2019-10441 (A cross-site request forgery vulnerability in Jenkins iceScrum
Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10440
- RESERVED
+CVE-2019-10440 (Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials
unencrypte ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10439
- RESERVED
+CVE-2019-10439 (A missing permission check in Jenkins CRX Content Package
Deployer Plu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10438
- RESERVED
+CVE-2019-10438 (A missing permission check in Jenkins CRX Content Package
Deployer Plu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10437
- RESERVED
+CVE-2019-10437 (A cross-site request forgery vulnerability in Jenkins CRX
Content Pack ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10436
- RESERVED
+CVE-2019-10436 (An arbitrary file read vulnerability in Jenkins Google OAuth
Credentia ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10435 (Jenkins SourceGear Vault Plugin transmits configured
credentials in pl ...)
NOT-FOR-US: Jenkins plugin
@@ -32466,18 +32530,15 @@ CVE-2019-6475 [DNSSEC validation bypass for mirror
zones]
RESERVED
- bind9 <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2019-6475
-CVE-2019-6474 [An oversight when validating incoming client requests can lead
to a situation where the Kea server will exit when trying to restart]
- RESERVED
+CVE-2019-6474 (A missing check on incoming client requests can be exploited to
cause ...)
- isc-kea <unfixed> (bug #936040)
[stretch] - isc-kea <no-dsa> (Minor issue)
NOTE: https://kb.isc.org/docs/cve-2019-6474
-CVE-2019-6473 [An invalid hostname option can cause the kea-dhcp4 server to
terminate]
- RESERVED
+CVE-2019-6473 (An invalid hostname option can trigger an assertion failure in
the Kea ...)
- isc-kea <unfixed> (bug #936040)
[stretch] - isc-kea <no-dsa> (Minor issue)
NOTE: https://kb.isc.org/docs/cve-2019-6473
-CVE-2019-6472 [A packet containing a malformed DUID can cause the kea-dhcp6
server to terminate]
- RESERVED
+CVE-2019-6472 (A packet containing a malformed DUID can cause the Kea DHCPv6
server p ...)
- isc-kea <unfixed> (bug #936040)
[stretch] - isc-kea <no-dsa> (Minor issue)
NOTE: https://kb.isc.org/docs/cve-2019-6472
@@ -32864,8 +32925,8 @@ CVE-2019-6336
RESERVED
CVE-2019-6335 (A potential security vulnerability has been identified with
Samsung La ...)
NOT-FOR-US: Samsung Laser Printers
-CVE-2019-6334
- RESERVED
+CVE-2019-6334 (HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet
Managed Prin ...)
+ TODO: check
CVE-2019-6333 (A potential security vulnerability has been identified with
certain ve ...)
NOT-FOR-US: HP Touchpoint Analytics
CVE-2019-6332
@@ -38231,8 +38292,8 @@ CVE-2019-4033 (IBM Content Navigator 2.0.3 and 3.0CD is
vulnerable to cross-site
NOT-FOR-US: IBM
CVE-2019-4032 (IBM Financial Transaction Manager for Digital Payments for
Multi-Platf ...)
NOT-FOR-US: IBM
-CVE-2019-4031
- RESERVED
+CVE-2019-4031 (IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5
contains a v ...)
+ TODO: check
CVE-2019-4030 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to
cross-si ...)
NOT-FOR-US: IBM
CVE-2019-4029 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is
vulnerable to c ...)
@@ -42259,332 +42320,278 @@ CVE-2019-3033
RESERVED
CVE-2019-3032
RESERVED
-CVE-2019-3031
- RESERVED
+CVE-2019-3031 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3030
RESERVED
CVE-2019-3029
RESERVED
-CVE-2019-3028
- RESERVED
+CVE-2019-3028 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3027
- RESERVED
-CVE-2019-3026
- RESERVED
+CVE-2019-3027 (Vulnerability in the Oracle Application Object Library product
of Orac ...)
+ TODO: check
+CVE-2019-3026 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3025
- RESERVED
-CVE-2019-3024
- RESERVED
-CVE-2019-3023
- RESERVED
-CVE-2019-3022
- RESERVED
-CVE-2019-3021
- RESERVED
+CVE-2019-3025 (Vulnerability in the Oracle Hospitality RES 3700 component of
Oracle F ...)
+ TODO: check
+CVE-2019-3024 (Vulnerability in the Oracle Installed Base product of Oracle
E-Busines ...)
+ TODO: check
+CVE-2019-3023 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2019-3022 (Vulnerability in the Oracle Content Manager product of Oracle
E-Busine ...)
+ TODO: check
+CVE-2019-3021 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3020
- RESERVED
-CVE-2019-3019
- RESERVED
-CVE-2019-3018
- RESERVED
+CVE-2019-3020 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
Managem ...)
+ TODO: check
+CVE-2019-3019 (Vulnerability in the Oracle Banking Digital Experience product
of Orac ...)
+ TODO: check
+CVE-2019-3018 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3017
- RESERVED
+CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3016
RESERVED
-CVE-2019-3015
- RESERVED
-CVE-2019-3014
- RESERVED
+CVE-2019-3015 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2019-3014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
CVE-2019-3013
RESERVED
-CVE-2019-3012
- RESERVED
-CVE-2019-3011
- RESERVED
+CVE-2019-3012 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2019-3011 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3010
- RESERVED
-CVE-2019-3009
- RESERVED
+CVE-2019-3010 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2019-3009 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3008
- RESERVED
+CVE-2019-3008 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
CVE-2019-3007
RESERVED
CVE-2019-3006
RESERVED
-CVE-2019-3005
- RESERVED
+CVE-2019-3005 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3004
- RESERVED
+CVE-2019-3004 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3003
- RESERVED
+CVE-2019-3003 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3002
- RESERVED
+CVE-2019-3002 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3001
- RESERVED
-CVE-2019-3000
- RESERVED
-CVE-2019-2999
- RESERVED
+CVE-2019-3001 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement
product of ...)
+ TODO: check
+CVE-2019-3000 (Vulnerability in the Oracle Marketing product of Oracle
E-Business Sui ...)
+ TODO: check
+CVE-2019-2999 (Vulnerability in the Java SE product of Oracle Java SE
(component: Jav ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2998
- RESERVED
+CVE-2019-2998 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2997
- RESERVED
+CVE-2019-2997 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2996
- RESERVED
+CVE-2019-2996 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
-CVE-2019-2995
- RESERVED
-CVE-2019-2994
- RESERVED
-CVE-2019-2993
- RESERVED
+CVE-2019-2995 (Vulnerability in the Oracle Marketing product of Oracle
E-Business Sui ...)
+ TODO: check
+CVE-2019-2994 (Vulnerability in the Oracle Marketing product of Oracle
E-Business Sui ...)
+ TODO: check
+CVE-2019-2993 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2992
- RESERVED
+CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2991
- RESERVED
+CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2990
- RESERVED
-CVE-2019-2989
- RESERVED
+CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business
Suite ...)
+ TODO: check
+CVE-2019-2989 (Vulnerability in the Oracle GraalVM Enterprise Edition product
of Orac ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2988
- RESERVED
+CVE-2019-2988 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2987
- RESERVED
+CVE-2019-2987 (Vulnerability in the Java SE product of Oracle Java SE
(component: 2D) ...)
- openjdk-11 11.0.5+10-1
-CVE-2019-2986
- RESERVED
-CVE-2019-2985
- RESERVED
-CVE-2019-2984
- RESERVED
+CVE-2019-2986 (Vulnerability in the Oracle GraalVM Enterprise Edition product
of Orac ...)
+ TODO: check
+CVE-2019-2985 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2019-2984 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2983
- RESERVED
+CVE-2019-2983 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2982
- RESERVED
+CVE-2019-2982 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2981
- RESERVED
+CVE-2019-2981 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2980
- RESERVED
-CVE-2019-2979
- RESERVED
-CVE-2019-2978
- RESERVED
+CVE-2019-2980 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of
Oracle ...)
+ TODO: check
+CVE-2019-2979 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of
Oracle ...)
+ TODO: check
+CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2977
- RESERVED
+CVE-2019-2977 (Vulnerability in the Java SE product of Oracle Java SE
(component: Hot ...)
- openjdk-11 11.0.5+10-1
-CVE-2019-2976
- RESERVED
-CVE-2019-2975
- RESERVED
+CVE-2019-2976 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
Managem ...)
+ TODO: check
+CVE-2019-2975 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
-CVE-2019-2974
- RESERVED
+CVE-2019-2974 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2973
- RESERVED
+CVE-2019-2973 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2972
- RESERVED
-CVE-2019-2971
- RESERVED
-CVE-2019-2970
- RESERVED
-CVE-2019-2969
- RESERVED
+CVE-2019-2972 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2019-2971 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2019-2970 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2019-2969 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2968
- RESERVED
+CVE-2019-2968 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2967
- RESERVED
+CVE-2019-2967 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2966
- RESERVED
+CVE-2019-2966 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2965
- RESERVED
-CVE-2019-2964
- RESERVED
+CVE-2019-2965 (Vulnerability in the Siebel Core - DB Deployment and
Configuration pro ...)
+ TODO: check
+CVE-2019-2964 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2963
- RESERVED
+CVE-2019-2963 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2962
- RESERVED
+CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2961
- RESERVED
-CVE-2019-2960
- RESERVED
+CVE-2019-2961 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
+CVE-2019-2960 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2959
- RESERVED
-CVE-2019-2958
- RESERVED
+CVE-2019-2959 (Vulnerability in the Hyperion Financial Reporting product of
Oracle Hy ...)
+ TODO: check
+CVE-2019-2958 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2957
- RESERVED
+CVE-2019-2957 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2956
- RESERVED
-CVE-2019-2955
- RESERVED
-CVE-2019-2954
- RESERVED
-CVE-2019-2953
- RESERVED
-CVE-2019-2952
- RESERVED
-CVE-2019-2951
- RESERVED
-CVE-2019-2950
- RESERVED
+CVE-2019-2956 (Vulnerability in the Core RDBMS (jackson-databind) component of
Oracle ...)
+ TODO: check
+CVE-2019-2955 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
+ TODO: check
+CVE-2019-2954 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
+ TODO: check
+CVE-2019-2953 (Vulnerability in the Oracle Hospitality Cruise Dining Room
Management ...)
+ TODO: check
+CVE-2019-2952 (Vulnerability in the Oracle Hospitality Reporting and Analytics
compon ...)
+ TODO: check
+CVE-2019-2951 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources
product ...)
+ TODO: check
+CVE-2019-2950 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2949
- RESERVED
+CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2948
- RESERVED
+CVE-2019-2948 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2947
- RESERVED
-CVE-2019-2946
- RESERVED
+CVE-2019-2947 (Vulnerability in the Oracle Hospitality Reporting and Analytics
compon ...)
+ TODO: check
+CVE-2019-2946 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2945
- RESERVED
+CVE-2019-2945 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2944
- RESERVED
+CVE-2019-2944 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2943
- RESERVED
-CVE-2019-2942
- RESERVED
-CVE-2019-2941
- RESERVED
-CVE-2019-2940
- RESERVED
-CVE-2019-2939
- RESERVED
-CVE-2019-2938
- RESERVED
+CVE-2019-2943 (Vulnerability in the Oracle Data Integrator product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2019-2942 (Vulnerability in the Oracle Advanced Outbound Telephony product
of Ora ...)
+ TODO: check
+CVE-2019-2941 (Vulnerability in the Hyperion Enterprise Performance Management
Archit ...)
+ TODO: check
+CVE-2019-2940 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
+ TODO: check
+CVE-2019-2939 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
+ TODO: check
+CVE-2019-2938 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2937
- RESERVED
-CVE-2019-2936
- RESERVED
-CVE-2019-2935
- RESERVED
-CVE-2019-2934
- RESERVED
-CVE-2019-2933
- RESERVED
+CVE-2019-2937 (Vulnerability in the Oracle Hospitality Reporting and Analytics
compon ...)
+ TODO: check
+CVE-2019-2936 (Vulnerability in the Oracle Hospitality Reporting and Analytics
compon ...)
+ TODO: check
+CVE-2019-2935 (Vulnerability in the Siebel UI Framework product of Oracle
Siebel CRM ...)
+ TODO: check
+CVE-2019-2934 (Vulnerability in the Oracle Hospitality Reporting and Analytics
compon ...)
+ TODO: check
+CVE-2019-2933 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2932
- RESERVED
-CVE-2019-2931
- RESERVED
-CVE-2019-2930
- RESERVED
-CVE-2019-2929
- RESERVED
+CVE-2019-2932 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2019-2931 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2019-2930 (Vulnerability in the Oracle Field Service product of Oracle
E-Business ...)
+ TODO: check
+CVE-2019-2929 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
CVE-2019-2928
RESERVED
-CVE-2019-2927
- RESERVED
-CVE-2019-2926
- RESERVED
+CVE-2019-2927 (Vulnerability in the Hyperion Data Relationship Management
product of ...)
+ TODO: check
+CVE-2019-2926 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2925
- RESERVED
-CVE-2019-2924
- RESERVED
+CVE-2019-2925 (Vulnerability in the Oracle Workflow product of Oracle
E-Business Suit ...)
+ TODO: check
+CVE-2019-2924 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2923
- RESERVED
+CVE-2019-2923 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2922
- RESERVED
+CVE-2019-2922 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2921
RESERVED
-CVE-2019-2920
- RESERVED
+CVE-2019-2920 (Vulnerability in the MySQL Connectors product of Oracle MySQL
(compone ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2919
@@ -42595,56 +42602,52 @@ CVE-2019-2917
RESERVED
CVE-2019-2916
RESERVED
-CVE-2019-2915
- RESERVED
-CVE-2019-2914
- RESERVED
+CVE-2019-2915 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
+ TODO: check
+CVE-2019-2914 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2913
- RESERVED
+CVE-2019-2913 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
+ TODO: check
CVE-2019-2912
RESERVED
-CVE-2019-2911
- RESERVED
+CVE-2019-2911 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2910
- RESERVED
+CVE-2019-2910 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE:
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2909
- RESERVED
+CVE-2019-2909 (Vulnerability in the Java VM component of Oracle Database
Server. Supp ...)
+ TODO: check
CVE-2019-2908
RESERVED
-CVE-2019-2907
- RESERVED
-CVE-2019-2906
- RESERVED
-CVE-2019-2905
- RESERVED
-CVE-2019-2904
- RESERVED
-CVE-2019-2903
- RESERVED
-CVE-2019-2902
- RESERVED
-CVE-2019-2901
- RESERVED
-CVE-2019-2900
- RESERVED
-CVE-2019-2899
- RESERVED
-CVE-2019-2898
- RESERVED
-CVE-2019-2897
- RESERVED
-CVE-2019-2896
- RESERVED
-CVE-2019-2895
- RESERVED
-CVE-2019-2894
- RESERVED
+CVE-2019-2907 (Vulnerability in the Oracle Web Services product of Oracle
Fusion Midd ...)
+ TODO: check
+CVE-2019-2906 (Vulnerability in the BI Publisher (formerly XML Publisher)
product of ...)
+ TODO: check
+CVE-2019-2905 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2019-2904 (Vulnerability in the Oracle JDeveloper and ADF product of
Oracle Fusio ...)
+ TODO: check
+CVE-2019-2903 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2019-2902 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2019-2901 (Vulnerability in the Oracle Outside In Technology product of
Oracle Fu ...)
+ TODO: check
+CVE-2019-2900 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2019-2899 (Vulnerability in the Oracle JDeveloper and ADF product of
Oracle Fusio ...)
+ TODO: check
+CVE-2019-2898 (Vulnerability in the BI Publisher (formerly XML Publisher)
product of ...)
+ TODO: check
+CVE-2019-2897 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
+ TODO: check
+CVE-2019-2896 (Vulnerability in the MICROS Relate CRM Software product of
Oracle Reta ...)
+ TODO: check
+CVE-2019-2895 (Vulnerability in the Enterprise Manager for Exadata product of
Oracle ...)
+ TODO: check
+CVE-2019-2894 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
@@ -42652,24 +42655,24 @@ CVE-2019-2893
RESERVED
CVE-2019-2892
RESERVED
-CVE-2019-2891
- RESERVED
-CVE-2019-2890
- RESERVED
-CVE-2019-2889
- RESERVED
-CVE-2019-2888
- RESERVED
-CVE-2019-2887
- RESERVED
-CVE-2019-2886
- RESERVED
+CVE-2019-2891 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2019-2890 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2019-2889 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2019-2888 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2019-2887 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
+ TODO: check
+CVE-2019-2886 (Vulnerability in the Oracle Forms product of Oracle Fusion
Middleware ...)
+ TODO: check
CVE-2019-2885
RESERVED
-CVE-2019-2884
- RESERVED
-CVE-2019-2883
- RESERVED
+CVE-2019-2884 (Vulnerability in the Oracle Retail Customer Management and
Segmentatio ...)
+ TODO: check
+CVE-2019-2883 (Vulnerability in the Oracle Retail Customer Management and
Segmentatio ...)
+ TODO: check
CVE-2019-2882
RESERVED
CVE-2019-2881
@@ -42695,8 +42698,8 @@ CVE-2019-2874 (Vulnerability in the Oracle VM
VirtualBox component of Oracle Vir
CVE-2019-2873 (Vulnerability in the Oracle VM VirtualBox component of Oracle
Virtuali ...)
- virtualbox 6.0.10-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2872
- RESERVED
+CVE-2019-2872 (Vulnerability in the Oracle Retail Xstore Point of Service
product of ...)
+ TODO: check
CVE-2019-2871 (Vulnerability in the Data Store component of Oracle Berkeley
DB. Suppo ...)
NOT-FOR-US: Oracle
CVE-2019-2870 (Vulnerability in the Data Store component of Oracle Berkeley
DB. Suppo ...)
@@ -42947,8 +42950,8 @@ CVE-2019-2766 (Vulnerability in the Java SE, Java SE
Embedded component of Oracl
- openjdk-11 <not-affected> (Windows-specific)
- openjdk-8 <not-affected> (Windows-specific)
- openjdk-7 <not-affected> (Windows-specific)
-CVE-2019-2765
- RESERVED
+CVE-2019-2765 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
+ TODO: check
CVE-2019-2764 (Vulnerability in the Oracle Outside In Technology component of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2019-2763 (Vulnerability in the Oracle Hospitality Gift and Loyalty
component of ...)
@@ -43041,8 +43044,8 @@ CVE-2019-2736 (Vulnerability in the Oracle FLEXCUBE
Investor Servicing component
NOT-FOR-US: Oracle
CVE-2019-2735 (Vulnerability in the Oracle Hyperion Workspace component of
Oracle Hyp ...)
NOT-FOR-US: Oracle
-CVE-2019-2734
- RESERVED
+CVE-2019-2734 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
+ TODO: check
CVE-2019-2733 (Vulnerability in the Oracle Demantra Demand Management
component of Or ...)
NOT-FOR-US: Oracle
CVE-2019-2732 (Vulnerability in the Oracle Demantra Demand Management
component of Or ...)
@@ -95472,8 +95475,8 @@ CVE-2018-3302 (Vulnerability in the Oracle Outside In
Technology component of Or
NOT-FOR-US: Oracle
CVE-2018-3301 (Vulnerability in the PeopleSoft Enterprise PeopleTools
component of Or ...)
NOT-FOR-US: Oracle
-CVE-2018-3300
- RESERVED
+CVE-2018-3300 (Vulnerability in the Oracle Retail Xstore Office product of
Oracle Ret ...)
+ TODO: check
CVE-2018-3299 (Vulnerability in the Oracle Text component of Oracle Database
Server. ...)
NOT-FOR-US: Oracle
CVE-2018-3298 (Vulnerability in the Oracle VM VirtualBox component of Oracle
Virtuali ...)
@@ -96496,8 +96499,8 @@ CVE-2018-2877 (Vulnerability in the MySQL Cluster
component of Oracle MySQL (sub
- mysql-cluster <itp> (bug #833356)
CVE-2018-2876 (Vulnerability in the Oracle Retail Integration Bus component of
Oracle ...)
NOT-FOR-US: Oracle
-CVE-2018-2875
- RESERVED
+CVE-2018-2875 (Vulnerability in the Core RDBMS component of Oracle Database
Server. S ...)
+ TODO: check
CVE-2018-2874 (Vulnerability in the Oracle Application Object Library
component of Or ...)
NOT-FOR-US: Oracle
CVE-2018-2873 (Vulnerability in the Oracle General Ledger component of Oracle
E-Busin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/67a2bcc0fce1e981e0dfd147f4c9ed4049df59ef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/67a2bcc0fce1e981e0dfd147f4c9ed4049df59ef
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
