[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 16 21:10:40 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
67a2bcc0 by security tracker role at 2019-10-16T20:10:26Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessage in t ...)
+ TODO: check
+CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a c ...)
+ TODO: check
+CVE-2019-17661
+ RESERVED
+CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in admin/translate/translat ...)
+ TODO: check
+CVE-2019-17659
+ RESERVED
+CVE-2019-17658
+ RESERVED
+CVE-2019-17657
+ RESERVED
+CVE-2019-17656
+ RESERVED
+CVE-2019-17655
+ RESERVED
+CVE-2019-17654
+ RESERVED
+CVE-2019-17653
+ RESERVED
+CVE-2019-17652
+ RESERVED
+CVE-2019-17651
+ RESERVED
+CVE-2019-17650
+ RESERVED
+CVE-2019-17649
+ RESERVED
+CVE-2019-17648
+ RESERVED
+CVE-2019-17647
+ RESERVED
+CVE-2019-17646
+ RESERVED
+CVE-2019-17645
+ RESERVED
+CVE-2019-17644
+ RESERVED
+CVE-2019-17643
+ RESERVED
+CVE-2019-17642
+ RESERVED
+CVE-2019-17641
+ RESERVED
+CVE-2019-17640
+ RESERVED
+CVE-2019-17639
+ RESERVED
+CVE-2019-17638
+ RESERVED
+CVE-2019-17637
+ RESERVED
+CVE-2019-17636
+ RESERVED
+CVE-2019-17635
+ RESERVED
+CVE-2019-17634
+ RESERVED
+CVE-2019-17633
+ RESERVED
+CVE-2019-17632
+ RESERVED
+CVE-2019-17631
+ RESERVED
+CVE-2019-17630 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...)
+ TODO: check
+CVE-2019-17629 (CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a cra ...)
+ TODO: check
+CVE-2019-17628
+ RESERVED
+CVE-2019-17627 (The Yale Bluetooth Key application for mobile devices allows unauthori ...)
+ TODO: check
+CVE-2019-17626 (ReportLab through 3.5.26 allows remote code execution because of toCol ...)
+ TODO: check
+CVE-2019-17625 (There is a stored XSS in Rambox 0.6.9 that can lead to code execution. ...)
+ TODO: check
+CVE-2019-17624 (In X.Org X Server 1.20.4, there is a stack-based buffer overflow in th ...)
+ TODO: check
+CVE-2019-17623
+ RESERVED
+CVE-2019-17622
+ RESERVED
CVE-2019-XXXX [WordPress 5.2.4 Security Release]
- wordpress <unfixed> (bug #942459)
NOTE: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
@@ -104,12 +188,12 @@ CVE-2019-17580 (tonyy dormsystem through 1.3 allows SQL Injection in admin.php.
NOT-FOR-US: tonyy dormsystem
CVE-2019-17579 (SonarSource SonarQube before 7.8 has XSS in project links on account/p ...)
NOT-FOR-US: SonarSource SonarQube
-CVE-2019-17578
- RESERVED
-CVE-2019-17577
- RESERVED
-CVE-2019-17576
- RESERVED
+CVE-2019-17578 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoi ...)
+ TODO: check
+CVE-2019-17577 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoi ...)
+ TODO: check
+CVE-2019-17576 (An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoi ...)
+ TODO: check
CVE-2019-17575 (A file-rename filter bypass exists in admin/media/rename.php in WBCE C ...)
NOT-FOR-US: WBCE CMS
CVE-2019-17574 (An issue was discovered in the Popup Maker plugin before 1.8.13 for Wo ...)
@@ -352,8 +436,8 @@ CVE-2019-17514 (library/glob.html in the Python 2 and 3 documentation before 201
NOT-FOR-US: Non-actionable CVE assignment for Python docs
CVE-2019-17513
RESERVED
-CVE-2019-17512
- RESERVED
+CVE-2019-17512 (There are some web interfaces without authentication requirements on D ...)
+ TODO: check
CVE-2019-17511 (There are some web interfaces without authentication requirements on D ...)
NOT-FOR-US: D-Link
CVE-2019-17510 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to ...)
@@ -532,7 +616,7 @@ CVE-2019-17450 (find_abstract_instance in dwarf2.c in the Binary File Descriptor
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25078
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=063c511bd79281f33fd33f0964541a73511b9e2b
NOTE: binutils not covered by security support
-CVE-2019-17449 (Avira Software Updater before 2.0.6.21094 allows a DLL side-loading at ...)
+CVE-2019-17449 (** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL ...)
NOT-FOR-US: Avira Software Updater
CVE-2019-17448
RESERVED
@@ -558,10 +642,10 @@ CVE-2019-17438
RESERVED
CVE-2019-17437
RESERVED
-CVE-2019-17436
- RESERVED
-CVE-2019-17435
- RESERVED
+CVE-2019-17436 (A Local Privilege Escalation vulnerability exists in GlobalProtect Age ...)
+ TODO: check
+CVE-2019-17435 (A Local Privilege Escalation vulnerability exists in the GlobalProtect ...)
+ TODO: check
CVE-2019-17434 (LavaLite through 5.7 has XSS via a crafted account name that is mishan ...)
NOT-FOR-US: LavaLite
CVE-2019-17433 (z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles s ...)
@@ -2330,12 +2414,12 @@ CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbit
NOT-FOR-US: Integard Pro
CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...)
NOT-FOR-US: pfSense
-CVE-2019-16700
- RESERVED
-CVE-2019-16699
- RESERVED
-CVE-2019-16698
- RESERVED
+CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension through 3.0.2 ...)
+ TODO: check
+CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5 ...)
+ TODO: check
+CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 ha ...)
+ TODO: check
CVE-2019-16697
RESERVED
CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...)
@@ -2366,8 +2450,8 @@ CVE-2019-16684 (An issue was discovered in the image-manager in Xoops 2.5.10. Wh
NOT-FOR-US: Xoops
CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. When the ...)
NOT-FOR-US: Xoops
-CVE-2019-16682
- RESERVED
+CVE-2019-16682 (The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 ...)
+ TODO: check
CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...)
NOT-FOR-US: Mastodon
CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...)
@@ -2784,17 +2868,13 @@ CVE-2019-16525 (An XSS issue was discovered in the checklist plugin before 1.1.9
NOT-FOR-US: checklist plugin for WordPress
CVE-2019-16524 (The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBo ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16523
- RESERVED
+CVE-2019-16523 (The events-manager plugin through 5.9.5 for WordPress (aka Events Mana ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16522
- RESERVED
+CVE-2019-16522 (The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie La ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16521
- RESERVED
+CVE-2019-16521 (The broken-link-checker plugin through 1.11.8 for WordPress (aka Broke ...)
NOT-FOR-US: Wordpress plugin
-CVE-2019-16520
- RESERVED
+CVE-2019-16520 (The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to exe ...)
NOT-FOR-US: ESET Cyber Security
@@ -3692,22 +3772,29 @@ CVE-2019-16224 (An issue was discovered in py-lmdb 0.97. For certain values of m
NOTE: No real security issue in py-lmdb and disputed (MITRE contacted). If at all
NOTE: then issues in underlying library but cf. https://github.com/jnwatson/py-lmdb/issues/210#issuecomment-531015023
CVE-2019-16223 (WordPress before 5.2.3 allows XSS in post previews by authenticated us ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16222 (WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_b ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45997
NOTE: https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
CVE-2019-16221 (WordPress before 5.2.3 allows reflected XSS in the dashboard. ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16220 (In WordPress before 5.2.3, validation and sanitization of a URL in wp_ ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45971
NOTE: https://github.com/WordPress/WordPress/commit/c86ee39ff4c1a79b93c967eb88522f5c09614a28
CVE-2019-16219 (WordPress before 5.2.3 allows XSS in shortcode previews. ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16218 (WordPress before 5.2.3 allows XSS in stored comments. ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
CVE-2019-16217 (WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upl ...)
+ {DLA-1960-1}
- wordpress 5.2.3+dfsg1-1 (bug #939543)
NOTE: https://core.trac.wordpress.org/changeset/45936
CVE-2019-16216 (Zulip server before 2.0.5 incompletely validated the MIME types of upl ...)
@@ -4326,8 +4413,8 @@ CVE-2019-15964
RESERVED
CVE-2019-15963
RESERVED
-CVE-2019-15962
- RESERVED
+CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
+ TODO: check
CVE-2019-15961
RESERVED
CVE-2019-15960
@@ -4543,8 +4630,8 @@ CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 f
NOT-FOR-US: "Search Exclude" plugin for WordPress
CVE-2019-15894 (An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, ...)
NOT-FOR-US: Espressif
-CVE-2019-15893
- RESERVED
+CVE-2019-15893 (Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Cod ...)
+ TODO: check
CVE-2019-15891 (An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3. ...)
NOT-FOR-US: CKFinder
CVE-2019-15890 (libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reas ...)
@@ -6229,58 +6316,58 @@ CVE-2019-15284
RESERVED
CVE-2019-15283
RESERVED
-CVE-2019-15282
- RESERVED
-CVE-2019-15281
- RESERVED
-CVE-2019-15280
- RESERVED
+CVE-2019-15282 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2019-15281 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2019-15280 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ TODO: check
CVE-2019-15279
RESERVED
CVE-2019-15278
RESERVED
-CVE-2019-15277
- RESERVED
+CVE-2019-15277 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
+ TODO: check
CVE-2019-15276
RESERVED
-CVE-2019-15275
- RESERVED
-CVE-2019-15274
- RESERVED
-CVE-2019-15273
- RESERVED
+CVE-2019-15275 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
+ TODO: check
+CVE-2019-15274 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
+ TODO: check
+CVE-2019-15273 (Multiple vulnerabilities in the CLI of Cisco TelePresence Collaboratio ...)
+ TODO: check
CVE-2019-15272 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
NOT-FOR-US: Cisco
CVE-2019-15271
RESERVED
-CVE-2019-15270
- RESERVED
-CVE-2019-15269
- RESERVED
-CVE-2019-15268
- RESERVED
+CVE-2019-15270 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ TODO: check
+CVE-2019-15269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2019-15268 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2019-15267
RESERVED
-CVE-2019-15266
- RESERVED
-CVE-2019-15265
- RESERVED
-CVE-2019-15264
- RESERVED
+CVE-2019-15266 (A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Soft ...)
+ TODO: check
+CVE-2019-15265 (A vulnerability in the bridge protocol data unit (BPDU) forwarding fun ...)
+ TODO: check
+CVE-2019-15264 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
+ TODO: check
CVE-2019-15263
RESERVED
-CVE-2019-15262
- RESERVED
-CVE-2019-15261
- RESERVED
-CVE-2019-15260
- RESERVED
+CVE-2019-15262 (A vulnerability in the Secure Shell (SSH) session management for Cisco ...)
+ TODO: check
+CVE-2019-15261 (A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN pa ...)
+ TODO: check
+CVE-2019-15260 (A vulnerability in Cisco Aironet Access Points (APs) Software could al ...)
+ TODO: check
CVE-2019-15259 (A vulnerability in Cisco Unified Contact Center Express (UCCX) Softwar ...)
NOT-FOR-US: Cisco
-CVE-2019-15258
- RESERVED
-CVE-2019-15257
- RESERVED
+CVE-2019-15258 (A vulnerability in the web-based management interface of Cisco SPA100 ...)
+ TODO: check
+CVE-2019-15257 (A vulnerability in the web-based management interface of Cisco SPA100 ...)
+ TODO: check
CVE-2019-15256 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...)
NOT-FOR-US: Cisco
CVE-2019-15255
@@ -6289,32 +6376,32 @@ CVE-2019-15254
RESERVED
CVE-2019-15253
RESERVED
-CVE-2019-15252
- RESERVED
-CVE-2019-15251
- RESERVED
-CVE-2019-15250
- RESERVED
-CVE-2019-15249
- RESERVED
-CVE-2019-15248
- RESERVED
-CVE-2019-15247
- RESERVED
-CVE-2019-15246
- RESERVED
-CVE-2019-15245
- RESERVED
-CVE-2019-15244
- RESERVED
-CVE-2019-15243
- RESERVED
-CVE-2019-15242
- RESERVED
-CVE-2019-15241
- RESERVED
-CVE-2019-15240
- RESERVED
+CVE-2019-15252 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15251 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15250 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15249 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15248 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15247 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15246 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15245 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15244 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15243 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15242 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15241 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
+CVE-2019-15240 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
+ TODO: check
CVE-2019-15292 (An issue was discovered in the Linux kernel before 5.0.9. There is a u ...)
{DLA-1930-1 DLA-1919-1}
- linux 4.19.37-1
@@ -13867,8 +13954,8 @@ CVE-2019-13117 (In numbers.c in libxslt 1.1.33, an xsl:number with certain forma
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14471
NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
NOTE: https://oss-fuzz.com/testcase-detail/5631739747106816
-CVE-2019-13116
- RESERVED
+CVE-2019-13116 (The MuleSoft Mule runtime engine before 3.8 allows remote attackers to ...)
+ TODO: check
CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha2 ...)
{DLA-1730-3}
- libssh2 <unfixed> (bug #932329)
@@ -15011,8 +15098,8 @@ CVE-2019-12720
RESERVED
CVE-2019-12719
RESERVED
-CVE-2019-12718
- RESERVED
+CVE-2019-12718 (A vulnerability in the web-based interface of Cisco Small Business Sma ...)
+ TODO: check
CVE-2019-12717 (A vulnerability in a CLI command related to the virtualization manager ...)
NOT-FOR-US: Cisco
CVE-2019-12716 (A vulnerability in the web-based interface of Cisco Unified Communicat ...)
@@ -15031,20 +15118,20 @@ CVE-2019-12710 (A vulnerability in the web-based interface of Cisco Unified Comm
NOT-FOR-US: Cisco
CVE-2019-12709 (A vulnerability in a CLI command related to the virtualization manager ...)
NOT-FOR-US: Cisco
-CVE-2019-12708
- RESERVED
+CVE-2019-12708 (A vulnerability in the web-based management interface of Cisco SPA100 ...)
+ TODO: check
CVE-2019-12707 (A vulnerability in the web-based interface of multiple Cisco Unified C ...)
NOT-FOR-US: Cisco
CVE-2019-12706 (A vulnerability in the Sender Policy Framework (SPF) functionality of ...)
NOT-FOR-US: Cisco
-CVE-2019-12705
- RESERVED
-CVE-2019-12704
- RESERVED
-CVE-2019-12703
- RESERVED
-CVE-2019-12702
- RESERVED
+CVE-2019-12705 (A vulnerability in the web-based management interface of Cisco Express ...)
+ TODO: check
+CVE-2019-12704 (A vulnerability in the web-based management interface of Cisco SPA100 ...)
+ TODO: check
+CVE-2019-12703 (A vulnerability in the web-based management interface of Cisco SPA122 ...)
+ TODO: check
+CVE-2019-12702 (A vulnerability in the web-based management interface of Cisco SPA100 ...)
+ TODO: check
CVE-2019-12701 (A vulnerability in the file and malware inspection feature of Cisco Fi ...)
NOT-FOR-US: Cisco
CVE-2019-12700 (A vulnerability in the configuration of the Pluggable Authentication M ...)
@@ -15171,12 +15258,12 @@ CVE-2019-12640
RESERVED
CVE-2019-12639
RESERVED
-CVE-2019-12638
- RESERVED
-CVE-2019-12637
- RESERVED
-CVE-2019-12636
- RESERVED
+CVE-2019-12638 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ TODO: check
+CVE-2019-12637 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
+CVE-2019-12636 (A vulnerability in the web-based management interface of Cisco Small B ...)
+ TODO: check
CVE-2019-12635 (A vulnerability in the authorization module of Cisco Content Security ...)
NOT-FOR-US: Cisco
CVE-2019-12634 (A vulnerability in the web-based management interface of Cisco Integra ...)
@@ -18895,8 +18982,8 @@ CVE-2019-11283
RESERVED
CVE-2019-11282
RESERVED
-CVE-2019-11281
- RESERVED
+CVE-2019-11281 (Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, ver ...)
+ TODO: check
CVE-2019-11280 (Pivotal Apps Manager, included in Pivotal Application Service versions ...)
NOT-FOR-US: Pivotal
CVE-2019-11279 (CF UAA versions prior to 74.1.0 can request scopes for a client that s ...)
@@ -21027,74 +21114,51 @@ CVE-2019-10460
RESERVED
CVE-2019-10459
RESERVED
-CVE-2019-10458
- RESERVED
+CVE-2019-10458 (Jenkins Puppet Enterprise Pipeline 1.3.1 and earlier specifies unsafe ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10457
- RESERVED
+CVE-2019-10457 (A missing permission check in Jenkins Oracle Cloud Infrastructure Comp ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10456
- RESERVED
+CVE-2019-10456 (A cross-site request forgery vulnerability in Jenkins Oracle Cloud Inf ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10455
- RESERVED
+CVE-2019-10455 (A missing permission check in Jenkins Rundeck Plugin allows attackers ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10454
- RESERVED
+CVE-2019-10454 (A cross-site request forgery vulnerability in Jenkins Rundeck Plugin a ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10453
- RESERVED
+CVE-2019-10453 (Jenkins Delphix Plugin stores credentials unencrypted in its global co ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10452
- RESERVED
+CVE-2019-10452 (Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10451
- RESERVED
+CVE-2019-10451 (Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10450
- RESERVED
+CVE-2019-10450 (Jenkins ElasticBox CI Plugin stores credentials unencrypted in the glo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10449
- RESERVED
+CVE-2019-10449 (Jenkins Fortify on Demand Plugin stores credentials unencrypted in job ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10448
- RESERVED
+CVE-2019-10448 (Jenkins Extensive Testing Plugin stores credentials unencrypted in job ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10447
- RESERVED
+CVE-2019-10447 (Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xm ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10446
- RESERVED
+CVE-2019-10446 (Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10445
- RESERVED
+CVE-2019-10445 (A missing permission check in Jenkins Google Kubernetes Engine Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10444
- RESERVED
+CVE-2019-10444 (Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disa ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10443
- RESERVED
+CVE-2019-10443 (Jenkins iceScrum Plugin 1.1.4 and earlier stored credentials unencrypt ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10442
- RESERVED
+CVE-2019-10442 (A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlie ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10441
- RESERVED
+CVE-2019-10441 (A cross-site request forgery vulnerability in Jenkins iceScrum Plugin ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10440
- RESERVED
+CVE-2019-10440 (Jenkins NeoLoad Plugin 2.2.5 and earlier stored credentials unencrypte ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10439
- RESERVED
+CVE-2019-10439 (A missing permission check in Jenkins CRX Content Package Deployer Plu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10438
- RESERVED
+CVE-2019-10438 (A missing permission check in Jenkins CRX Content Package Deployer Plu ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10437
- RESERVED
+CVE-2019-10437 (A cross-site request forgery vulnerability in Jenkins CRX Content Pack ...)
NOT-FOR-US: Jenkins plugin
-CVE-2019-10436
- RESERVED
+CVE-2019-10436 (An arbitrary file read vulnerability in Jenkins Google OAuth Credentia ...)
NOT-FOR-US: Jenkins plugin
CVE-2019-10435 (Jenkins SourceGear Vault Plugin transmits configured credentials in pl ...)
NOT-FOR-US: Jenkins plugin
@@ -32466,18 +32530,15 @@ CVE-2019-6475 [DNSSEC validation bypass for mirror zones]
RESERVED
- bind9 <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/docs/cve-2019-6475
-CVE-2019-6474 [An oversight when validating incoming client requests can lead to a situation where the Kea server will exit when trying to restart]
- RESERVED
+CVE-2019-6474 (A missing check on incoming client requests can be exploited to cause ...)
- isc-kea <unfixed> (bug #936040)
[stretch] - isc-kea <no-dsa> (Minor issue)
NOTE: https://kb.isc.org/docs/cve-2019-6474
-CVE-2019-6473 [An invalid hostname option can cause the kea-dhcp4 server to terminate]
- RESERVED
+CVE-2019-6473 (An invalid hostname option can trigger an assertion failure in the Kea ...)
- isc-kea <unfixed> (bug #936040)
[stretch] - isc-kea <no-dsa> (Minor issue)
NOTE: https://kb.isc.org/docs/cve-2019-6473
-CVE-2019-6472 [A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate]
- RESERVED
+CVE-2019-6472 (A packet containing a malformed DUID can cause the Kea DHCPv6 server p ...)
- isc-kea <unfixed> (bug #936040)
[stretch] - isc-kea <no-dsa> (Minor issue)
NOTE: https://kb.isc.org/docs/cve-2019-6472
@@ -32864,8 +32925,8 @@ CVE-2019-6336
RESERVED
CVE-2019-6335 (A potential security vulnerability has been identified with Samsung La ...)
NOT-FOR-US: Samsung Laser Printers
-CVE-2019-6334
- RESERVED
+CVE-2019-6334 (HP LaserJet, PageWide, OfficeJet Enterprise, and LaserJet Managed Prin ...)
+ TODO: check
CVE-2019-6333 (A potential security vulnerability has been identified with certain ve ...)
NOT-FOR-US: HP Touchpoint Analytics
CVE-2019-6332
@@ -38231,8 +38292,8 @@ CVE-2019-4033 (IBM Content Navigator 2.0.3 and 3.0CD is vulnerable to cross-site
NOT-FOR-US: IBM
CVE-2019-4032 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
NOT-FOR-US: IBM
-CVE-2019-4031
- RESERVED
+CVE-2019-4031 (IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a v ...)
+ TODO: check
CVE-2019-4030 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...)
NOT-FOR-US: IBM
CVE-2019-4029 (IBM Sterling B2B Integrator 5.2.0.1 through 6.0.0.0 is vulnerable to c ...)
@@ -42259,332 +42320,278 @@ CVE-2019-3033
RESERVED
CVE-2019-3032
RESERVED
-CVE-2019-3031
- RESERVED
+CVE-2019-3031 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3030
RESERVED
CVE-2019-3029
RESERVED
-CVE-2019-3028
- RESERVED
+CVE-2019-3028 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3027
- RESERVED
-CVE-2019-3026
- RESERVED
+CVE-2019-3027 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ TODO: check
+CVE-2019-3026 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3025
- RESERVED
-CVE-2019-3024
- RESERVED
-CVE-2019-3023
- RESERVED
-CVE-2019-3022
- RESERVED
-CVE-2019-3021
- RESERVED
+CVE-2019-3025 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle F ...)
+ TODO: check
+CVE-2019-3024 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ TODO: check
+CVE-2019-3023 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2019-3022 (Vulnerability in the Oracle Content Manager product of Oracle E-Busine ...)
+ TODO: check
+CVE-2019-3021 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3020
- RESERVED
-CVE-2019-3019
- RESERVED
-CVE-2019-3018
- RESERVED
+CVE-2019-3020 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2019-3019 (Vulnerability in the Oracle Banking Digital Experience product of Orac ...)
+ TODO: check
+CVE-2019-3018 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3017
- RESERVED
+CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2019-3016
RESERVED
-CVE-2019-3015
- RESERVED
-CVE-2019-3014
- RESERVED
+CVE-2019-3015 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2019-3014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
CVE-2019-3013
RESERVED
-CVE-2019-3012
- RESERVED
-CVE-2019-3011
- RESERVED
+CVE-2019-3012 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2019-3011 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3010
- RESERVED
-CVE-2019-3009
- RESERVED
+CVE-2019-3010 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2019-3009 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3008
- RESERVED
+CVE-2019-3008 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
CVE-2019-3007
RESERVED
CVE-2019-3006
RESERVED
-CVE-2019-3005
- RESERVED
+CVE-2019-3005 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3004
- RESERVED
+CVE-2019-3004 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3003
- RESERVED
+CVE-2019-3003 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-3002
- RESERVED
+CVE-2019-3002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-3001
- RESERVED
-CVE-2019-3000
- RESERVED
-CVE-2019-2999
- RESERVED
+CVE-2019-3001 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement product of ...)
+ TODO: check
+CVE-2019-3000 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2019-2999 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2998
- RESERVED
+CVE-2019-2998 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2997
- RESERVED
+CVE-2019-2997 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2996
- RESERVED
+CVE-2019-2996 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2019-2995
- RESERVED
-CVE-2019-2994
- RESERVED
-CVE-2019-2993
- RESERVED
+CVE-2019-2995 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2019-2994 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2019-2993 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2992
- RESERVED
+CVE-2019-2992 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2991
- RESERVED
+CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2990
- RESERVED
-CVE-2019-2989
- RESERVED
+CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ TODO: check
+CVE-2019-2989 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2988
- RESERVED
+CVE-2019-2988 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2987
- RESERVED
+CVE-2019-2987 (Vulnerability in the Java SE product of Oracle Java SE (component: 2D) ...)
- openjdk-11 11.0.5+10-1
-CVE-2019-2986
- RESERVED
-CVE-2019-2985
- RESERVED
-CVE-2019-2984
- RESERVED
+CVE-2019-2986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
+ TODO: check
+CVE-2019-2985 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2019-2984 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2983
- RESERVED
+CVE-2019-2983 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2982
- RESERVED
+CVE-2019-2982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2981
- RESERVED
+CVE-2019-2981 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2980
- RESERVED
-CVE-2019-2979
- RESERVED
-CVE-2019-2978
- RESERVED
+CVE-2019-2980 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
+ TODO: check
+CVE-2019-2979 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
+ TODO: check
+CVE-2019-2978 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2977
- RESERVED
+CVE-2019-2977 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...)
- openjdk-11 11.0.5+10-1
-CVE-2019-2976
- RESERVED
-CVE-2019-2975
- RESERVED
+CVE-2019-2976 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2019-2975 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
-CVE-2019-2974
- RESERVED
+CVE-2019-2974 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2973
- RESERVED
+CVE-2019-2973 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2972
- RESERVED
-CVE-2019-2971
- RESERVED
-CVE-2019-2970
- RESERVED
-CVE-2019-2969
- RESERVED
+CVE-2019-2972 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2019-2971 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2019-2970 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2019-2969 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2968
- RESERVED
+CVE-2019-2968 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2967
- RESERVED
+CVE-2019-2967 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2966
- RESERVED
+CVE-2019-2966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2965
- RESERVED
-CVE-2019-2964
- RESERVED
+CVE-2019-2965 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...)
+ TODO: check
+CVE-2019-2964 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2963
- RESERVED
+CVE-2019-2963 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2962
- RESERVED
+CVE-2019-2962 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2961
- RESERVED
-CVE-2019-2960
- RESERVED
+CVE-2019-2961 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2019-2960 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2959
- RESERVED
-CVE-2019-2958
- RESERVED
+CVE-2019-2959 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...)
+ TODO: check
+CVE-2019-2958 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2957
- RESERVED
+CVE-2019-2957 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2956
- RESERVED
-CVE-2019-2955
- RESERVED
-CVE-2019-2954
- RESERVED
-CVE-2019-2953
- RESERVED
-CVE-2019-2952
- RESERVED
-CVE-2019-2951
- RESERVED
-CVE-2019-2950
- RESERVED
+CVE-2019-2956 (Vulnerability in the Core RDBMS (jackson-databind) component of Oracle ...)
+ TODO: check
+CVE-2019-2955 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ TODO: check
+CVE-2019-2954 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ TODO: check
+CVE-2019-2953 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...)
+ TODO: check
+CVE-2019-2952 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
+ TODO: check
+CVE-2019-2951 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
+ TODO: check
+CVE-2019-2950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2019-2949
- RESERVED
+CVE-2019-2949 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2948
- RESERVED
+CVE-2019-2948 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2947
- RESERVED
-CVE-2019-2946
- RESERVED
+CVE-2019-2947 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
+ TODO: check
+CVE-2019-2946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2945
- RESERVED
+CVE-2019-2945 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2944
- RESERVED
+CVE-2019-2944 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2943
- RESERVED
-CVE-2019-2942
- RESERVED
-CVE-2019-2941
- RESERVED
-CVE-2019-2940
- RESERVED
-CVE-2019-2939
- RESERVED
-CVE-2019-2938
- RESERVED
+CVE-2019-2943 (Vulnerability in the Oracle Data Integrator product of Oracle Fusion M ...)
+ TODO: check
+CVE-2019-2942 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
+ TODO: check
+CVE-2019-2941 (Vulnerability in the Hyperion Enterprise Performance Management Archit ...)
+ TODO: check
+CVE-2019-2940 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ TODO: check
+CVE-2019-2939 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ TODO: check
+CVE-2019-2938 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2937
- RESERVED
-CVE-2019-2936
- RESERVED
-CVE-2019-2935
- RESERVED
-CVE-2019-2934
- RESERVED
-CVE-2019-2933
- RESERVED
+CVE-2019-2937 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
+ TODO: check
+CVE-2019-2936 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
+ TODO: check
+CVE-2019-2935 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...)
+ TODO: check
+CVE-2019-2934 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
+ TODO: check
+CVE-2019-2933 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
-CVE-2019-2932
- RESERVED
-CVE-2019-2931
- RESERVED
-CVE-2019-2930
- RESERVED
-CVE-2019-2929
- RESERVED
+CVE-2019-2932 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2019-2931 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2019-2930 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...)
+ TODO: check
+CVE-2019-2929 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
CVE-2019-2928
RESERVED
-CVE-2019-2927
- RESERVED
-CVE-2019-2926
- RESERVED
+CVE-2019-2927 (Vulnerability in the Hyperion Data Relationship Management product of ...)
+ TODO: check
+CVE-2019-2926 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <unfixed>
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2925
- RESERVED
-CVE-2019-2924
- RESERVED
+CVE-2019-2925 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
+ TODO: check
+CVE-2019-2924 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2923
- RESERVED
+CVE-2019-2923 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2922
- RESERVED
+CVE-2019-2922 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2921
RESERVED
-CVE-2019-2920
- RESERVED
+CVE-2019-2920 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
CVE-2019-2919
@@ -42595,56 +42602,52 @@ CVE-2019-2917
RESERVED
CVE-2019-2916
RESERVED
-CVE-2019-2915
- RESERVED
-CVE-2019-2914
- RESERVED
+CVE-2019-2915 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2019-2914 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2913
- RESERVED
+CVE-2019-2913 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ TODO: check
CVE-2019-2912
RESERVED
-CVE-2019-2911
- RESERVED
+CVE-2019-2911 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2910
- RESERVED
+CVE-2019-2910 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <unfixed> (bug #942443)
NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL
-CVE-2019-2909
- RESERVED
+CVE-2019-2909 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ TODO: check
CVE-2019-2908
RESERVED
-CVE-2019-2907
- RESERVED
-CVE-2019-2906
- RESERVED
-CVE-2019-2905
- RESERVED
-CVE-2019-2904
- RESERVED
-CVE-2019-2903
- RESERVED
-CVE-2019-2902
- RESERVED
-CVE-2019-2901
- RESERVED
-CVE-2019-2900
- RESERVED
-CVE-2019-2899
- RESERVED
-CVE-2019-2898
- RESERVED
-CVE-2019-2897
- RESERVED
-CVE-2019-2896
- RESERVED
-CVE-2019-2895
- RESERVED
-CVE-2019-2894
- RESERVED
+CVE-2019-2907 (Vulnerability in the Oracle Web Services product of Oracle Fusion Midd ...)
+ TODO: check
+CVE-2019-2906 (Vulnerability in the BI Publisher (formerly XML Publisher) product of ...)
+ TODO: check
+CVE-2019-2905 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2019-2904 (Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusio ...)
+ TODO: check
+CVE-2019-2903 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2019-2902 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2019-2901 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...)
+ TODO: check
+CVE-2019-2900 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2019-2899 (Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusio ...)
+ TODO: check
+CVE-2019-2898 (Vulnerability in the BI Publisher (formerly XML Publisher) product of ...)
+ TODO: check
+CVE-2019-2897 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2019-2896 (Vulnerability in the MICROS Relate CRM Software product of Oracle Reta ...)
+ TODO: check
+CVE-2019-2895 (Vulnerability in the Enterprise Manager for Exadata product of Oracle ...)
+ TODO: check
+CVE-2019-2894 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-11 11.0.5+10-1
- openjdk-8 <unfixed>
- openjdk-7 <removed>
@@ -42652,24 +42655,24 @@ CVE-2019-2893
RESERVED
CVE-2019-2892
RESERVED
-CVE-2019-2891
- RESERVED
-CVE-2019-2890
- RESERVED
-CVE-2019-2889
- RESERVED
-CVE-2019-2888
- RESERVED
-CVE-2019-2887
- RESERVED
-CVE-2019-2886
- RESERVED
+CVE-2019-2891 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2019-2890 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2019-2889 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2019-2888 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2019-2887 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2019-2886 (Vulnerability in the Oracle Forms product of Oracle Fusion Middleware ...)
+ TODO: check
CVE-2019-2885
RESERVED
-CVE-2019-2884
- RESERVED
-CVE-2019-2883
- RESERVED
+CVE-2019-2884 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
+ TODO: check
+CVE-2019-2883 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
+ TODO: check
CVE-2019-2882
RESERVED
CVE-2019-2881
@@ -42695,8 +42698,8 @@ CVE-2019-2874 (Vulnerability in the Oracle VM VirtualBox component of Oracle Vir
CVE-2019-2873 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
- virtualbox 6.0.10-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
-CVE-2019-2872
- RESERVED
+CVE-2019-2872 (Vulnerability in the Oracle Retail Xstore Point of Service product of ...)
+ TODO: check
CVE-2019-2871 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...)
NOT-FOR-US: Oracle
CVE-2019-2870 (Vulnerability in the Data Store component of Oracle Berkeley DB. Suppo ...)
@@ -42947,8 +42950,8 @@ CVE-2019-2766 (Vulnerability in the Java SE, Java SE Embedded component of Oracl
- openjdk-11 <not-affected> (Windows-specific)
- openjdk-8 <not-affected> (Windows-specific)
- openjdk-7 <not-affected> (Windows-specific)
-CVE-2019-2765
- RESERVED
+CVE-2019-2765 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
CVE-2019-2764 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
NOT-FOR-US: Oracle
CVE-2019-2763 (Vulnerability in the Oracle Hospitality Gift and Loyalty component of ...)
@@ -43041,8 +43044,8 @@ CVE-2019-2736 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component
NOT-FOR-US: Oracle
CVE-2019-2735 (Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyp ...)
NOT-FOR-US: Oracle
-CVE-2019-2734
- RESERVED
+CVE-2019-2734 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ TODO: check
CVE-2019-2733 (Vulnerability in the Oracle Demantra Demand Management component of Or ...)
NOT-FOR-US: Oracle
CVE-2019-2732 (Vulnerability in the Oracle Demantra Demand Management component of Or ...)
@@ -95472,8 +95475,8 @@ CVE-2018-3302 (Vulnerability in the Oracle Outside In Technology component of Or
NOT-FOR-US: Oracle
CVE-2018-3301 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
NOT-FOR-US: Oracle
-CVE-2018-3300
- RESERVED
+CVE-2018-3300 (Vulnerability in the Oracle Retail Xstore Office product of Oracle Ret ...)
+ TODO: check
CVE-2018-3299 (Vulnerability in the Oracle Text component of Oracle Database Server. ...)
NOT-FOR-US: Oracle
CVE-2018-3298 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
@@ -96496,8 +96499,8 @@ CVE-2018-2877 (Vulnerability in the MySQL Cluster component of Oracle MySQL (sub
- mysql-cluster <itp> (bug #833356)
CVE-2018-2876 (Vulnerability in the Oracle Retail Integration Bus component of Oracle ...)
NOT-FOR-US: Oracle
-CVE-2018-2875
- RESERVED
+CVE-2018-2875 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ TODO: check
CVE-2018-2874 (Vulnerability in the Oracle Application Object Library component of Or ...)
NOT-FOR-US: Oracle
CVE-2018-2873 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67a2bcc0fce1e981e0dfd147f4c9ed4049df59ef
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/67a2bcc0fce1e981e0dfd147f4c9ed4049df59ef
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191016/b9806178/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list