CVE-2018-25006
	RESERVED
CVE-2018-25005
	RESERVED
CVE-2018-25004 (A user authorized to performing a specific type of query may trigger a ...)
	- mongodb <removed>
	[stretch] - mongodb <end-of-life> (https://lists.debian.org/debian-lts/2020/11/msg00058.html)
	NOTE: https://jira.mongodb.org/browse/SERVER-38275
CVE-2018-25003
	RESERVED
CVE-2018-25002 (uploader.php in the KCFinder integration project through 2018-06-01 fo ...)
	NOT-FOR-US: KCFinder integration project for Drupal
CVE-2018-25001 (An issue was discovered in the libpulse-binding crate before 2.5.0 for ...)
	NOT-FOR-US: libpulse-binding rust crate
CVE-2018-21270 (Versions less than 0.0.6 of the Node.js stringstream module are vulner ...)
	- node-stringstream 0.0.6-1
	NOTE: https://github.com/mhart/StringStream/issues/7
	NOTE: https://hackerone.com/reports/321670
CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...)
	- openrc <unfixed> (bug #973245)
	[buster] - openrc <no-dsa> (Minor issue)
	[stretch] - openrc <no-dsa> (Minor issue)
	NOTE: https://github.com/OpenRC/openrc/issues/201
	NOTE: http://michael.orlitzky.com/cves/cve-2018-21269.xhtml
	NOTE: https://github.com/OpenRC/openrc/commit/b6fef599bf8493480664b766040fa9b0d4b1e335
CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...)
	NOT-FOR-US: Node traceroute
CVE-2018-21267
	REJECTED
CVE-2018-21266
	REJECTED
CVE-2018-21265 (An issue was discovered in Mattermost Desktop App before 4.0.0. It mis ...)
	NOT-FOR-US: Mattermost
CVE-2018-21264 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21263 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21262 (An issue was discovered in Mattermost Server before 4.7.3. It allows a ...)
	NOT-FOR-US: Mattermost
CVE-2018-21261 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21260 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21259 (An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and ...)
	NOT-FOR-US: Mattermost
CVE-2018-21258 (An issue was discovered in Mattermost Server before 5.1. It allows att ...)
	NOT-FOR-US: Mattermost
CVE-2018-21257 (An issue was discovered in Mattermost Server before 5.1. It allows att ...)
	NOT-FOR-US: Mattermost
CVE-2018-21256 (An issue was discovered in Mattermost Server before 5.1. It allows att ...)
	NOT-FOR-US: Mattermost
CVE-2018-21255 (An issue was discovered in Mattermost Server before 5.1. Non-members o ...)
	NOT-FOR-US: Mattermost
CVE-2018-21254 (An issue was discovered in Mattermost Server before 5.1. An attacker c ...)
	NOT-FOR-US: Mattermost
CVE-2018-21253 (An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4. ...)
	NOT-FOR-US: Mattermost
CVE-2018-21252 (An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, ...)
	NOT-FOR-US: Mattermost
CVE-2018-21251 (An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Aut ...)
	NOT-FOR-US: Mattermost
CVE-2018-21250 (An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and  ...)
	NOT-FOR-US: Mattermost
CVE-2018-21249 (An issue was discovered in Mattermost Server before 5.3.0. It mishandl ...)
	NOT-FOR-US: Mattermost
CVE-2018-21248 (An issue was discovered in Mattermost Server before 5.4.0. It mishandl ...)
	NOT-FOR-US: Mattermost
CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...)
	{DSA-4383-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2
	NOTE: https://github.com/LibVNC/libvncserver/issues/253
	NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...)
	- caddy <itp> (bug #810890)
CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related issue to CVE ...)
	- pound 2.8-2
	[stretch] - pound 2.7-1.3+deb9u1
	[jessie] - pound 2.6-6+deb8u2
	NOTE: https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html
	NOTE: The exact scope of CVE-2018-21245 (a related issue to CVE-2016-10711) was
	NOTE: as well fixed with the same changes as done upstream for 2.8. The backport
	NOTE: for 2.7 was a backport of all security relevant changes between 2.7 and 2.8.
	NOTE: The same corrections were made in 2.6 version for jessie so fixed in that too.
CVE-2018-21244 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows ar ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21243 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM o ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21242 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Re ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21241 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an un ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21240 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-21239 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-21238 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows me ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21237 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NT ...)
	NOT-FOR-US: Foxit PhantomPDF
CVE-2018-21236 (An issue was discovered in Foxit Reader before 2.4.4. It has a NULL po ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system before Sept ...)
	NOT-FOR-US: Foxit E-mail advertising system
CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...)
	- jodd <unfixed> (bug #961298)
	[buster] - jodd <ignored> (Minor issue; upstream fix needs changes in rdeps and none present in Buster)
	NOTE: https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16
	NOTE: https://github.com/oblac/jodd/issues/628
CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an out-of- ...)
	- tensorflow <itp> (bug #804612)
CVE-2018-21232 (re2c before 2.0 has uncontrolled recursion that causes stack consumpti ...)
	- re2c <unfixed>
	[buster] - re2c <no-dsa> (Minor issue)
	[stretch] - re2c <no-dsa> (Minor issue)
	[jessie] - re2c <no-dsa> (Minor issue)
	NOTE: https://github.com/skvadrik/re2c/issues/219
	NOTE: https://www.openwall.com/lists/oss-security/2020/04/27/2
CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21230 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21229 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21228 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21227 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21226 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2018-21225 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21224 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21223 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21222 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21221 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21220 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21219 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21218 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21217 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21216 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21215 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21214 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21213 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21212 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21211 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21210 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21209 (Certain NETGEAR devices are affected by reflected XSS. This affects JN ...)
	NOT-FOR-US: Netgear
CVE-2018-21208 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21207 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21206 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21205 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21204 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21203 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21202 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21201 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21200 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21199 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21198 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21197 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21196 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21195 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21194 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21193 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21192 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21191 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21190 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21189 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21188 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21187 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21186 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21185 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21184 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21183 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21182 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21181 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21180 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21179 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21178 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21177 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21176 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21175 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21174 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21173 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21172 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21171 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21170 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21169 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21168 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2018-21167 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...)
	NOT-FOR-US: Netgear
CVE-2018-21166 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21165 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21164 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21163 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21162 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21161 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21160 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. ...)
	NOT-FOR-US: Netgear
CVE-2018-21159 (NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect config ...)
	NOT-FOR-US: Netgear
CVE-2018-21158 (NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect config ...)
	NOT-FOR-US: Netgear
CVE-2018-21157 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21156 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21155 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
	NOT-FOR-US: Netgear
CVE-2018-21154 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21153 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21152 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21151 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21150 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21149 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21148 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21147 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21146 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21145 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21144 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21143 (NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of  ...)
	NOT-FOR-US: Netgear
CVE-2018-21142 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21141 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21140 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21139 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2018-21138 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21137 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...)
	NOT-FOR-US: Netgear
CVE-2018-21136 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2018-21135 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21134 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21133 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21132 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2018-21131 (Certain NETGEAR devices are affected by unauthenticated firmware downg ...)
	NOT-FOR-US: Netgear
CVE-2018-21130 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21129 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
	NOT-FOR-US: Netgear
CVE-2018-21128 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2018-21127 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21126 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21125 (NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication  ...)
	NOT-FOR-US: Netgear
CVE-2018-21124 (NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escal ...)
	NOT-FOR-US: Netgear
CVE-2018-21123 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21122 (Certain NETGEAR devices are affected by denial of service. This affect ...)
	NOT-FOR-US: Netgear
CVE-2018-21121 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
	NOT-FOR-US: Netgear
CVE-2018-21120 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...)
	NOT-FOR-US: Netgear
CVE-2018-21119 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21118 (NETGEAR XR500 devices before 2.3.2.32 are affected by authentication b ...)
	NOT-FOR-US: Netgear
CVE-2018-21117 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...)
	NOT-FOR-US: Netgear
CVE-2018-21116 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...)
	NOT-FOR-US: Netgear
CVE-2018-21115 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...)
	NOT-FOR-US: Netgear
CVE-2018-21114 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21113 (Certain NETGEAR devices are affected by command injection by an unauth ...)
	NOT-FOR-US: Netgear
CVE-2018-21112 (Certain NETGEAR devices are affected by command injection by an authen ...)
	NOT-FOR-US: Netgear
CVE-2018-21111 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21110 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21109 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21108 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21107 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21106 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21105 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21104 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21103 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21102 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. ...)
	NOT-FOR-US: Netgear
CVE-2018-21101 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21100 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21099 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21098 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...)
	NOT-FOR-US: Netgear
CVE-2018-21097 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21096 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...)
	NOT-FOR-US: Netgear
CVE-2018-21095 (Certain NETGEAR devices are affected by stored XSS. This affects SRR60 ...)
	NOT-FOR-US: Netgear
CVE-2018-21094 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
	NOT-FOR-US: Netgear
CVE-2018-21093 (Certain NETGEAR devices are affected by a stack-based buffer overflow  ...)
	NOT-FOR-US: Netgear
CVE-2018-21092 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21091 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21090 (An issue was discovered on Samsung mobile devices with software throug ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21089 (An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/ ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21088 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21087 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21086 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21085 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21084 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21083 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21082 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21081 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21080 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21079 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21078 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21077 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21076 (An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8 ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21075 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21074 (An issue was discovered on Samsung mobile devices with M(6.x) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21073 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21072 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21071 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21070 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0)  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21069 (An issue was discovered on Samsung mobile devices with N(7.x) (MediaTe ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21068 (An issue was discovered on Samsung mobile devices with O(8.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21067 (An issue was discovered on Samsung mobile devices with M(6.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21066 (An issue was discovered on Samsung mobile devices with M(6.0) (Exynos  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21065 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21064 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21063 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21062 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21061 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21060 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21059 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21058 (An issue was discovered on Samsung mobile devices with N(7.0), O(8.0)  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21057 (An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, a ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21056 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21055 (An issue was discovered on Samsung mobile devices with N(7.0) (Qualcom ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21054 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x)  ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21053 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21052 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21051 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21050 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21049 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21048 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21047 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21046 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21045 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21044 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21043 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21042 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21041 (An issue was discovered on Samsung mobile devices with O(8.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21040 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21039 (An issue was discovered on Samsung mobile devices with N(7.0) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21038 (An issue was discovered on Samsung mobile devices with N(7.x) software ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial of servic ...)
	NOT-FOR-US: Sails.js
CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...)
	- qtwebsockets-opensource-src 5.15.1-2 (low; bug #953049)
	[buster] - qtwebsockets-opensource-src <ignored> (Minor issue, fix adds new API only)
	[stretch] - qtwebsockets-opensource-src <ignored> (Minor issue)
	[jessie] - qtwebsockets-opensource-src <no-dsa> (Minor issue)
	NOTE: https://bugreports.qt.io/browse/QTBUG-70693
	NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735
	NOTE: https://github.com/qt/qtwebsockets/commit/ed93680f34e92ad0383aa4e610bb65689118ca93
CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...)
	NOT-FOR-US: Argo
CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...)
	NOT-FOR-US: Hitachi
CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi ...)
	NOT-FOR-US: Hitachi
CVE-2018-21031 (Tautulli versions 2.1.38 and below allows remote attackers to bypass i ...)
	NOT-FOR-US: Plex Media Server
CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...)
	{DLA-2432-1}
	- jupyter-notebook 5.7.4-1
	NOTE: https://github.com/jupyter/notebook/pull/3341
CVE-2018-21029 (** DISPUTED ** systemd 239 through 245 accepts any certificate signed  ...)
	- systemd 244-1 (low)
	[buster] - systemd <not-affected> (Only affected v243)
	[stretch] - systemd <not-affected> (Only affected v243)
	[jessie] - systemd <not-affected> (Only affected v243)
	NOTE: https://github.com/systemd/systemd/issues/9397
CVE-2018-21028 (Boa through 0.94.14rc21 allows remote attackers to trigger a memory le ...)
	- boa <removed>
CVE-2018-21027 (Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-m ...)
	- boa <removed>
CVE-2018-21026 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 a ...)
	NOT-FOR-US: Hitachi
CVE-2018-21025 (In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21024 (licenseUpload.php in Centreon Web before 2.8.27 allows attackers to up ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21023 (getStats.php in Centreon Web before 2.8.28 allows authenticated attack ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21022 (makeXML_ListServices.php in Centreon Web before 2.8.28 allows attacker ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21021 (img_gantt.php in Centreon Web before 2.8.27 allows attackers to perfor ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21020 (In very rare cases, a PHP type juggling vulnerability in centreonAuth. ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-21019 (Home Assistant before 0.67.0 was vulnerable to an information disclosu ...)
	NOT-FOR-US: Home Assistant
CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established  ...)
	NOT-FOR-US: Mastodon
CVE-2018-21017 (GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c. ...)
	[experimental] - gpac <unfixed> (bug #940855)
	- gpac <not-affected> (Vulnerable code introduced in 0.6.0)
	NOTE: https://github.com/gpac/gpac/issues/1183
	NOTE: Introduced in https://github.com/gpac/gpac/commit/6cfd65819add78426d9635e3f8358f8bc149b645 (v0.6.0)
	NOTE: Fixed by: https://github.com/gpac/gpac/commit/d2371b4b204f0a3c0af51ad4e9b491144dd1225c (v0.8.)
CVE-2018-21016 (audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1  ...)
	{DLA-2072-1}
	- gpac 1.0.1+dfsg1-2 (bug #940882)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1180
	NOTE: https://github.com/gpac/gpac/commit/ea13945f3c2dc2c21e30e2731bf2782384307a13
CVE-2018-21015 (AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remot ...)
	{DLA-2072-1}
	- gpac 1.0.1+dfsg1-2 (bug #940882)
	[buster] - gpac <no-dsa> (Minor issue)
	[stretch] - gpac <no-dsa> (Minor issue)
	NOTE: https://github.com/gpac/gpac/issues/1179
	NOTE: https://github.com/gpac/gpac/commit/0545bb0a01bfac6764c43bd5074e9c2d1eae495f
CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-21013 (The Swape theme before 1.2.1 for WordPress has incorrect access contro ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-21012 (The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-21011 (The charitable plugin before 1.5.14 for WordPress has unauthorized acc ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-21010 (OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_pr ...)
	{DLA-1950-1}
	- openjpeg2 2.3.1-1 (bug #939553)
	[buster] - openjpeg2 2.3.0-2+deb10u1
	[stretch] - openjpeg2 2.1.2-1.1+deb9u4
	NOTE: https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea
CVE-2018-21009 (Poppler before 0.66.0 has an integer overflow in Parser::makeStream in ...)
	{DLA-2287-1 DLA-1939-1}
	- poppler 0.69.0-2
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
CVE-2018-21008 (An issue was discovered in the Linux kernel before 4.16.7. A use-after ...)
	{DLA-2114-1 DLA-1930-1}
	- linux 4.18.6-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/abd39c6ded9db53aa44c2540092bdd5fb6590fa8
CVE-2018-21007 (The woo-confirmation-email plugin before 3.2.0 for WordPress has no bl ...)
	NOT-FOR-US: woo-confirmation-email plugin for WordPress
CVE-2018-21006 (The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. ...)
	NOT-FOR-US: bbp-move-topics plugin for WordPress
CVE-2018-21005 (The bbp-move-topics plugin before 1.1.6 for WordPress has code injecti ...)
	NOT-FOR-US: bbp-move-topics plugin for WordPress
CVE-2018-21004 (The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. ...)
	NOT-FOR-US: rsvpmaker plugin for WordPress
CVE-2018-21003 (The buddyforms plugin before 2.2.8 for WordPress has SQL injection. ...)
	NOT-FOR-US: buddyforms plugin for WordPress
CVE-2018-21002 (The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. ...)
	NOT-FOR-US: js-support-ticket plugin for WordPress
CVE-2018-21001 (The anycomment plugin before 0.0.33 for WordPress has XSS. ...)
	NOT-FOR-US: anycomment plugin for WordPress
CVE-2018-21000 (An issue was discovered in the safe-transmute crate before 0.10.1 for  ...)
	- rust-safe-transmute <not-affected> (Fixed with initial upload to archive)
	NOTE: https://github.com/nabijaczleweli/safe-transmute-rs/pull/36
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0013.html
CVE-2018-20999 (An issue was discovered in the orion crate before 0.11.2 for Rust. res ...)
	NOT-FOR-US: Rust crate orion
CVE-2018-20998 (An issue was discovered in the arrayfire crate before 3.6.0 for Rust.  ...)
	NOT-FOR-US: Rust crate arrayfire
CVE-2018-20997 (An issue was discovered in the openssl crate before 0.10.9 for Rust. A ...)
	- rust-openssl <not-affected> (Only affected 0.10.8, which was never in the archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0010.html
CVE-2018-20996 (An issue was discovered in the crossbeam crate before 0.4.1 for Rust.  ...)
	- rust-crossbeam-epoch <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0009.html
CVE-2018-20995 (An issue was discovered in the slice-deque crate before 0.1.16 for Rus ...)
	NOT-FOR-US: Rust crate slice-deque
CVE-2018-20994 (An issue was discovered in the trust-dns-proto crate before 0.5.0-alph ...)
	NOT-FOR-US: Rust crate trust-dns-proto
CVE-2018-20993 (An issue was discovered in the yaml-rust crate before 0.4.1 for Rust.  ...)
	- rust-yaml-rust <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0006.html
CVE-2018-20992 (An issue was discovered in the claxon crate before 0.4.1 for Rust. Uni ...)
	NOT-FOR-US: Rust crate claxon
CVE-2018-20991 (An issue was discovered in the smallvec crate before 0.6.3 for Rust. T ...)
	- rust-smallvec <not-affected> (Fixed before initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0003.html
CVE-2018-20990 (An issue was discovered in the tar crate before 0.4.16 for Rust. Arbit ...)
	- rust-tar <not-affected> (Fixed with initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0002.html
CVE-2018-20989 (An issue was discovered in the untrusted crate before 0.6.2 for Rust.  ...)
	- rust-untrusted <not-affected> (Fixed with initial upload to archive)
	NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0001.html
CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval injection in the ...)
	NOT-FOR-US: wpgform plugin for WordPress
CVE-2018-20987 (The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP objec ...)
	NOT-FOR-US: newsletters-lite plugin for WordPress
CVE-2018-20986 (The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields)  ...)
	NOT-FOR-US: advanced-custom-fields plugin for WordPress
CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local file inc ...)
	NOT-FOR-US: wp-payeezy-pay plugin for WordPress
CVE-2018-20984 (The patreon-connect plugin before 1.2.2 for WordPress has Object Injec ...)
	NOT-FOR-US: patreon-connect plugin for WordPress
CVE-2018-20983 (The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. ...)
	NOT-FOR-US: wp-retina-2x plugin for WordPress
CVE-2018-20982 (The media-library-assistant plugin before 2.74 for WordPress has XSS v ...)
	NOT-FOR-US: media-library-assistant plugin for WordPress
CVE-2018-20981 (The ninja-forms plugin before 3.3.9 for WordPress has insufficient res ...)
	NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20980 (The ninja-forms plugin before 3.2.15 for WordPress has parameter tampe ...)
	NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20979 (The contact-form-7 plugin before 5.0.4 for WordPress has privilege esc ...)
	NOT-FOR-US: contact-form-7 plugin for WordPress
CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-20977 (The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPre ...)
	NOT-FOR-US: all-in-one-schemaorg-rich-snippets plugin for WordPress
CVE-2018-20976 (An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel befo ...)
	{DLA-2114-1 DLA-1930-1}
	- linux 4.18.6-1
	[stretch] - linux 4.9.210-1
	NOTE: https://git.kernel.org/linus/c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82
CVE-2018-20975 (Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/t ...)
	NOT-FOR-US: Fat Free CRM
CVE-2018-20974 (The js-jobs plugin before 1.0.7 for WordPress has CSRF. ...)
	NOT-FOR-US: js-jobs plugin for WordPress
CVE-2018-20973 (The companion-auto-update plugin before 3.2.1 for WordPress has local  ...)
	NOT-FOR-US: companion-auto-update plugin for WordPress
CVE-2018-20972 (The companion-auto-update plugin before 3.2.1 for WordPress has CSRF. ...)
	NOT-FOR-US: companion-auto-update plugin for WordPress
CVE-2018-20971 (The church-admin plugin before 1.2550 for WordPress has CSRF affecting ...)
	NOT-FOR-US: church-admin plugin for WordPress
CVE-2018-20970 (The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issue ...)
	NOT-FOR-US: pdf-print plugin for WordPress
CVE-2018-20969 (do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ...)
	{DSA-4489-1 DLA-1864-1}
	- patch 2.7.6-5
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...)
	NOT-FOR-US: wp-ultimate-exporter plugin for WordPress
CVE-2018-20967 (The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSR ...)
	NOT-FOR-US: wp-ultimate-csv-importer plugin for WordPress
CVE-2018-20966 (The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in t ...)
	NOT-FOR-US: woocommerce-jetpack plugin for WordPress
CVE-2018-20965 (The ultimate-member plugin before 2.0.4 for WordPress has XSS. ...)
	NOT-FOR-US: ultimate-member plugin for WordPress
CVE-2018-20964 (The contact-form-to-email plugin before 1.2.66 for WordPress has CSRF. ...)
	NOT-FOR-US: contact-form-to-email plugin for WordPress
CVE-2018-20963 (The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. ...)
	NOT-FOR-US: contact-form-to-email plugin for WordPress
CVE-2018-20962 (The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows X ...)
	NOT-FOR-US: Backpack\CRUD Backpack
CVE-2018-20961 (In the Linux kernel before 4.16.4, a double free vulnerability in the  ...)
	- linux 4.16.5-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/7fafcfdf6377b18b2a726ea554d6e593ba44349f
CVE-2018-20960 (Nespresso Prodigio devices lack Bluetooth connection security. ...)
	NOT-FOR-US: Nespresso Prodigio
CVE-2018-20959 (Jura E8 devices lack Bluetooth connection security. ...)
	NOT-FOR-US: Jura E8 devices
CVE-2018-20958 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
	NOT-FOR-US: Tapplock devices
CVE-2018-20957 (The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 20 ...)
	NOT-FOR-US: Tapplock devices
CVE-2018-20956 (Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory re ...)
	NOT-FOR-US: Swann
CVE-2018-20955 (Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to ...)
	NOT-FOR-US: Swann
CVE-2018-20954 (The "Security and Privacy" Encryption feature in Mailpile before 1.0.0 ...)
	NOT-FOR-US: Mailpile
CVE-2018-20953 (cPanel before 68.0.27 allows self XSS in the WHM listips interface (SE ...)
	NOT-FOR-US: cPanel
CVE-2018-20952 (cPanel before 68.0.27 creates world-readable files during use of WHM A ...)
	NOT-FOR-US: cPanel
CVE-2018-20951 (cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC ...)
	NOT-FOR-US: cPanel
CVE-2018-20950 (cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20949 (cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Incl ...)
	NOT-FOR-US: cPanel
CVE-2018-20948 (cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SE ...)
	NOT-FOR-US: cPanel
CVE-2018-20947 (cPanel before 68.0.27 allows certain file-write operations via the tel ...)
	NOT-FOR-US: cPanel
CVE-2018-20946 (cPanel before 68.0.27 allows attackers to read zone information becaus ...)
	NOT-FOR-US: cPanel
CVE-2018-20945 (bin/csvprocess in cPanel before 68.0.27 allows insecure file operation ...)
	NOT-FOR-US: cPanel
CVE-2018-20944 (cPanel before 68.0.27 allows attackers to read a copy of httpd.conf th ...)
	NOT-FOR-US: cPanel
CVE-2018-20943 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...)
	NOT-FOR-US: cPanel
CVE-2018-20942 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...)
	NOT-FOR-US: cPanel
CVE-2018-20941 (cPanel before 68.0.27 allows arbitrary file-read operations via restor ...)
	NOT-FOR-US: cPanel
CVE-2018-20940 (cPanel before 68.0.27 allows attackers to read root's crontab file dur ...)
	NOT-FOR-US: cPanel
CVE-2018-20939 (cPanel before 68.0.27 allows a user to discover contents of directorie ...)
	NOT-FOR-US: cPanel
CVE-2018-20938 (cPanel before 68.0.27 does not enforce ownership during addpkgext and  ...)
	NOT-FOR-US: cPanel
CVE-2018-20937 (cPanel before 68.0.27 does not validate database and dbuser names duri ...)
	NOT-FOR-US: cPanel
CVE-2018-20936 (cPanel before 68.0.27 allows attackers to read the SRS secret via exim ...)
	NOT-FOR-US: cPanel
CVE-2018-20935 (cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone ...)
	NOT-FOR-US: cPanel
CVE-2018-20934 (cPanel before 70.0.23 does not prevent e-mail account suspensions from ...)
	NOT-FOR-US: cPanel
CVE-2018-20933 (cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20932 (cPanel before 70.0.23 exposes Apache HTTP Server logs after creation o ...)
	NOT-FOR-US: cPanel
CVE-2018-20931 (cPanel before 70.0.23 allows demo accounts to execute code via the Lan ...)
	NOT-FOR-US: cPanel
CVE-2018-20930 (cPanel before 70.0.23 allows .htaccess restrictions bypass when Htacce ...)
	NOT-FOR-US: cPanel
CVE-2018-20929 (cPanel before 70.0.23 allows an open redirect via the /unprotected/red ...)
	NOT-FOR-US: cPanel
CVE-2018-20928 (cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interf ...)
	NOT-FOR-US: cPanel
CVE-2018-20927 (cPanel before 70.0.23 allows jailshell escape because of incorrect cro ...)
	NOT-FOR-US: cPanel
CVE-2018-20926 (cPanel before 70.0.23 allows local privilege escalation via the WHM Lo ...)
	NOT-FOR-US: cPanel
CVE-2018-20925 (cPanel before 70.0.23 allows local privilege escalation via the WHM Le ...)
	NOT-FOR-US: cPanel
CVE-2018-20924 (cPanel before 70.0.23 allows arbitrary file-read and file-unlink opera ...)
	NOT-FOR-US: cPanel
CVE-2018-20923 (cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Reco ...)
	NOT-FOR-US: cPanel
CVE-2018-20922 (cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20921 (cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone"  ...)
	NOT-FOR-US: cPanel
CVE-2018-20920 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...)
	NOT-FOR-US: cPanel
CVE-2018-20919 (cPanel before 70.0.23 allows stored XSS via a WHM Create Account actio ...)
	NOT-FOR-US: cPanel
CVE-2018-20918 (cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). ...)
	NOT-FOR-US: cPanel
CVE-2018-20917 (cPanel before 70.0.23 allows any user to disable Solr (SEC-371). ...)
	NOT-FOR-US: cPanel
CVE-2018-20916 (cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-3 ...)
	NOT-FOR-US: cPanel
CVE-2018-20915 (cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action ...)
	NOT-FOR-US: cPanel
CVE-2018-20914 (In cPanel before 70.0.23, OpenID providers can inject arbitrary data i ...)
	NOT-FOR-US: cPanel
CVE-2018-20913 (cPanel before 70.0.23 allows attackers to read the root accesshash via ...)
	NOT-FOR-US: cPanel
CVE-2018-20912 (cPanel before 70.0.23 allows demo accounts to execute code via awstats ...)
	NOT-FOR-US: cPanel
CVE-2018-20911 (cPanel before 70.0.23 allows code execution because "." is in @INC dur ...)
	NOT-FOR-US: cPanel
CVE-2018-20910 (cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity ...)
	NOT-FOR-US: cPanel
CVE-2018-20909 (cPanel before 70.0.23 allows arbitrary file-chmod operations during le ...)
	NOT-FOR-US: cPanel
CVE-2018-20908 (cPanel before 71.9980.37 allows arbitrary file-read operations during  ...)
	NOT-FOR-US: cPanel
CVE-2018-20907 (cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API  ...)
	NOT-FOR-US: cPanel
CVE-2018-20906 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...)
	NOT-FOR-US: cPanel
CVE-2018-20905 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...)
	NOT-FOR-US: cPanel
CVE-2018-20904 (cPanel before 71.9980.37 allows attackers to make API calls that bypas ...)
	NOT-FOR-US: cPanel
CVE-2018-20903 (cPanel before 71.9980.37 allows self XSS in the WHM Backup Configurati ...)
	NOT-FOR-US: cPanel
CVE-2018-20902 (cPanel before 71.9980.37 allows attackers to read root's crontab file  ...)
	NOT-FOR-US: cPanel
CVE-2018-20901 (cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme In ...)
	NOT-FOR-US: cPanel
CVE-2018-20900 (cPanel before 71.9980.37 allows stored XSS in the YUM autorepair funct ...)
	NOT-FOR-US: cPanel
CVE-2018-20899 (cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons install ...)
	NOT-FOR-US: cPanel
CVE-2018-20898 (cPanel before 71.9980.37 allows e-mail injection during cPAddons moder ...)
	NOT-FOR-US: cPanel
CVE-2018-20897 (cPanel before 71.9980.37 allows arbitrary file-unlink operations via t ...)
	NOT-FOR-US: cPanel
CVE-2018-20896 (cPanel before 71.9980.37 allows code injection in the WHM cPAddons int ...)
	NOT-FOR-US: cPanel
CVE-2018-20895 (In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs a ...)
	NOT-FOR-US: cPanel
CVE-2018-20894 (cPanel before 74.0.0 makes web-site contents accessible to other local ...)
	NOT-FOR-US: cPanel
CVE-2018-20893 (cPanel before 74.0.0 allows file-rename operations during account rena ...)
	NOT-FOR-US: cPanel
CVE-2018-20892 (cPanel before 74.0.0 allows arbitrary zone file modifications because  ...)
	NOT-FOR-US: cPanel
CVE-2018-20891 (cPanel before 74.0.0 allows arbitrary file-read operations during File ...)
	NOT-FOR-US: cPanel
CVE-2018-20890 (cPanel before 74.0.0 allows arbitrary zone file modifications during r ...)
	NOT-FOR-US: cPanel
CVE-2018-20889 (cPanel before 74.0.0 allows certain file-read operations via password  ...)
	NOT-FOR-US: cPanel
CVE-2018-20888 (cPanel before 74.0.0 allows file modification in the context of the ro ...)
	NOT-FOR-US: cPanel
CVE-2018-20887 (cPanel before 74.0.0 allows SQL injection during database backups (SEC ...)
	NOT-FOR-US: cPanel
CVE-2018-20886 (cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-4 ...)
	NOT-FOR-US: cPanel
CVE-2018-20885 (cPanel before 74.0.0 allows Apache HTTP Server configuration injection ...)
	NOT-FOR-US: cPanel
CVE-2018-20884 (cPanel before 74.0.0 allows stored XSS in the WHM File Restoration int ...)
	NOT-FOR-US: cPanel
CVE-2018-20883 (cPanel before 74.0.8 allows FTP access during account suspension (SEC- ...)
	NOT-FOR-US: cPanel
CVE-2018-20882 (cPanel before 74.0.8 allows arbitrary file-write operations in the con ...)
	NOT-FOR-US: cPanel
CVE-2018-20881 (cPanel before 74.0.8 allows self stored XSS on the Security Questions  ...)
	NOT-FOR-US: cPanel
CVE-2018-20880 (cPanel before 74.0.8 mishandles account suspension because of an inval ...)
	NOT-FOR-US: cPanel
CVE-2018-20879 (cPanel before 74.0.8 allows demo accounts to execute arbitrary code vi ...)
	NOT-FOR-US: cPanel
CVE-2018-20878 (cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Rest ...)
	NOT-FOR-US: cPanel
CVE-2018-20877 (cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SE ...)
	NOT-FOR-US: cPanel
CVE-2018-20876 (cPanel before 74.0.8 allows self XSS in the Site Software Moderation i ...)
	NOT-FOR-US: cPanel
CVE-2018-20875 (cPanel before 74.0.8 allows self XSS in the WHM Security Questions int ...)
	NOT-FOR-US: cPanel
CVE-2018-20874 (cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" ...)
	NOT-FOR-US: cPanel
CVE-2018-20873 (cPanel before 74.0.8 allows local users to disable the ClamAV daemon ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20872 (DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or  ...)
	NOT-FOR-US: DrayTek routers
CVE-2018-20871 (In Univa Grid Engine before 8.6.3, when configured for Docker jobs and ...)
	- gridengine <undetermined>
CVE-2018-20870 (The WebDAV transport feature in cPanel before 76.0.8 enables debug log ...)
	NOT-FOR-US: cPanel
CVE-2018-20869 (cPanel before 76.0.8 allows arbitrary code execution in the context of ...)
	NOT-FOR-US: cPanel
CVE-2018-20868 (cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interf ...)
	NOT-FOR-US: cPanel
CVE-2018-20867 (cPanel before 76.0.8 has an open redirect when resetting connections ( ...)
	NOT-FOR-US: cPanel
CVE-2018-20866 (cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feat ...)
	NOT-FOR-US: cPanel
CVE-2018-20865 (cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destina ...)
	NOT-FOR-US: cPanel
CVE-2018-20864 (cPanel before 76.0.8 allows a persistent Virtual FTP accounts after re ...)
	NOT-FOR-US: cPanel
CVE-2018-20863 (cPanel before 76.0.8 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: cPanel
CVE-2018-20862 (cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SE ...)
	NOT-FOR-US: cPanel
CVE-2018-20861 (libopenmpt before 0.3.11 allows a crash with certain malformed custom  ...)
	- libopenmpt 0.3.11-1
	[stretch] - libopenmpt <no-dsa> (Minor issue)
	NOTE: https://lib.openmpt.org/libopenmpt/2018/07/28/security-updates-0.3.11-0.2.10635-beta34-0.2.7561-beta20.5-p10-0.2.7386-beta20.3-p13/
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10615 (0.3.11)
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10616 (0.2.10635-beta34)
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10617 (0.2.10635-beta34)
CVE-2018-20859 (edx-platform before 2018-07-18 allows XSS via a response to a Chemical ...)
	NOT-FOR-US: Open edX
CVE-2018-20858 (Recommender before 2018-07-18 allows XSS. ...)
	NOT-FOR-US: RecommenderXBlock
CVE-2018-20857 (Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as  ...)
	NOT-FOR-US: Zendesk Samlr
CVE-2018-20856 (An issue was discovered in the Linux kernel before 4.18.7. In block/bl ...)
	{DSA-4497-1 DLA-1885-1}
	- linux 4.18.8-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/54648cf1ec2d7f4b6a71767799c45676a138ca24
CVE-2018-20855 (An issue was discovered in the Linux kernel before 4.18.7. In create_q ...)
	- linux 4.18.8-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/0625b4ba1a5d4703c7fb01c497bd6c156908af00
CVE-2018-20854 (An issue was discovered in the Linux kernel before 4.20. drivers/phy/m ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/6acb47d1a318e5b3b7115354ebc4ea060c59d3a1
CVE-2018-20853 (An issue was discovered in the MailPoet Newsletters (aka wysija-newsle ...)
	NOT-FOR-US: MailPoet Newsletters (aka wysija- newsletters) plugin for WordPress
CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...)
	{DLA-2337-1 DLA-2280-1 DLA-1906-1 DLA-1889-1}
	- python3.7 3.7.3~rc1-1
	- python3.5 <removed>
	- python3.4 <removed>
	- python2.7 2.7.16-3
	[buster] - python2.7 2.7.16-2+deb10u1
	NOTE: https://bugs.python.org/issue35121
	NOTE: https://python-security.readthedocs.io/vuln/cookie-domain-check.html
	NOTE: https://github.com/python/cpython/commit/979daae300916adb399ab5b51410b6ebd0888f13 (2.7.x branch)
	NOTE: https://github.com/python/cpython/commit/42ad4101d3ba7ca3c371dadf0f8880764c9f15fb (v3.4.10)
	NOTE: https://github.com/python/cpython/commit/4749f1b69000259e23b4cc6f63c542a9bdc62f1b (v3.5.7)
	NOTE: https://github.com/python/cpython/commit/b241af861b37e20ad30533bc0b7e2e5491cc470f (v3.6.9rc1)
	NOTE: https://github.com/python/cpython/commit/e5123d81ffb3be35a1b2767d6ced1a097aaf77be (v3.7.3rc1)
CVE-2018-20851 (Helpy before 2.2.0 allows agents to edit admins. ...)
	NOT-FOR-US: Helpy
CVE-2018-20850 (Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3. ...)
	NOT-FOR-US: Stormshield Network Security
CVE-2018-20849 (Arastta eCommerce 1.6.2 is vulnerable to XSS via the PATH_INFO to the  ...)
	NOT-FOR-US: Arastta eCommerce
CVE-2018-20848 (Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and ...)
	NOT-FOR-US: Advisto PEEL SHOPPING
CVE-2018-20847 (An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the functi ...)
	{DLA-1851-1}
	- openjpeg2 2.3.1-1 (low; bug #931294)
	[buster] - openjpeg2 2.3.0-2+deb10u1
	[stretch] - openjpeg2 2.1.2-1.1+deb9u4
	NOTE: https://github.com/uclouvain/openjpeg/issues/431
	NOTE: https://github.com/uclouvain/openjpeg/commit/5d00b719f4b93b1445e6fb4c766b9a9883c57949
	NOTE: https://github.com/uclouvain/openjpeg/commit/2d24b6000d5611615e3e6d799e20d5fdbe4e2a1e
	NOTE: https://github.com/uclouvain/openjpeg/commit/c58df149900df862806d0e892859b41115875845
CVE-2018-20846 (Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/commit/c277159986c80142180fbe5efb256bbf3bdf3edc
	NOTE: Debian binary packages built with BUILD_MJ2:BOOL=OFF
CVE-2018-20845 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...)
	- openjpeg2 2.3.1-1 (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/commit/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf (2.3.1)
	NOTE: Debian binary packages built with BUILD_MJ2:BOOL=OFF
CVE-2018-20844
	RESERVED
CVE-2018-20843 (In libexpat in Expat before 2.2.7, XML input including XML names that  ...)
	{DSA-4472-1 DLA-1839-1}
	- expat 2.2.6-2 (bug #931031)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
	NOTE: https://github.com/libexpat/libexpat/issues/186
	NOTE: https://github.com/libexpat/libexpat/pull/262
	NOTE: https://github.com/libexpat/libexpat/commit/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
CVE-2018-20842
	RESERVED
CVE-2018-20841 (HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.02 ...)
	NOT-FOR-US: HooToo TripMate Titan HT-TM05 and HT-05 routers
CVE-2018-20840 (An unhandled exception vulnerability exists during Google Sign-In with ...)
	NOT-FOR-US: Google Sign-In
CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows attackers ...)
	- plymouth 0.9.4-1 (low)
	[stretch] - plymouth <no-dsa> (Minor issue)
	[jessie] - plymouth <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
	NOTE: https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
	NOTE: https://github.com/systemd/systemd/pull/12378
	NOTE: The fix for https://bugs.debian.org/929116 introduced a regression, cf.
	NOTE: https://bugs.debian.org/929229 .
	NOTE: Issue was originally fixed for unstable in 241-4 but was reverted in 241-5
	NOTE: https://gitlab.freedesktop.org/xorg/xserver/issues/857
	NOTE: Upstream from systemd claimed originally it's not an issue in systemd, but
	NOTE: might revisit. Furthermore the issue might be fixed in the xorg xserver.
	NOTE: Tentative merge request: https://gitlab.freedesktop.org/xorg/xserver/merge_requests/241
	NOTE: Further analysis on the problem: https://gitlab.freedesktop.org/xorg/xserver/issues/857#note_201402
	NOTE: plymouth fix: https://gitlab.freedesktop.org/plymouth/plymouth/commit/28ee4012c94b4045b97e5a2a66f66b7688b2dff3 (0.9.4)
	NOTE: The plymouth fix does not seem to be enough though, cf.
	NOTE: https://gitlab.freedesktop.org/xorg/xserver/issues/857#note_220255
CVE-2018-20838 (ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for ...)
	NOT-FOR-US: AMP for WP plugin for WordPress
CVE-2018-20837 (include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There is a ra ...)
	{DSA-4497-1 DSA-4495-1 DLA-1885-1 DLA-1884-1}
	- linux 5.2.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...)
	- node-tar-fs <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2 (v1.16.2)
CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2 (excluding  ...)
	- node-tar 4.4.4+ds1-2
	[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support, minor issue)
	[jessie] - node-tar <end-of-life> (Nodejs in jessie not covered by security support, minor issue)
	NOTE: https://github.com/npm/node-tar/commit/b0c58433c22f5e7fe8b1c76373f27e3f81dcd4c8
	NOTE: https://hackerone.com/reports/344595
CVE-2018-20833
	RESERVED
CVE-2018-20832
	RESERVED
CVE-2018-20831
	RESERVED
CVE-2018-20830
	RESERVED
CVE-2018-20829
	RESERVED
CVE-2018-20828
	RESERVED
CVE-2018-20827 (The activity stream gadget in Jira before version 7.13.1 allows remote ...)
	NOT-FOR-US: Atlassian Jira
CVE-2018-20826 (The inline-create rest resource in Jira before version 7.12.3 allows a ...)
	NOT-FOR-US: Atlassian Jira
CVE-2018-20825
	RESERVED
CVE-2018-20824 (The WallboardServlet resource in Jira before version 7.13.1 allows rem ...)
	NOT-FOR-US: Atlassian
CVE-2018-20823 (The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a deni ...)
	NOT-FOR-US: Xiaomi Mi 5s devices
CVE-2018-20822 (LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrol ...)
	- libsass 3.6.3-1 (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2671
	NOTE: Possibly introduced after https://github.com/sass/libsass/commit/25c9b4952f5838b615da996035453967d0420f57 (3.4.7)
	NOTE: Fixed in 3.6.1, but 3.6.3 first to land in unstable
CVE-2018-20821 (The parsing component in LibSass through 3.5.5 allows attackers to cau ...)
	- libsass 3.6.3-1 (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/sass/libsass/issues/2658
	NOTE: Introduced by: https://github.com/sass/libsass/commit/efd97dae376de50b3e6ed724337c4f274a21491d (3.5.0)
	NOTE: Fixed by: https://github.com/sass/libsass/commit/f2db04883e5fff4e03777dcc1eb60d4373c45be1
CVE-2018-20820 (read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to c ...)
	- lepton <removed> (bug #927925)
	NOTE: https://github.com/dropbox/lepton/commit/6a5ceefac1162783fffd9506a3de39c85c725761
	NOTE: https://github.com/dropbox/lepton/issues/111
CVE-2018-20819 (io/ZlibCompression.cc in the decompression component in Dropbox Lepton ...)
	- lepton <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/dropbox/lepton/issues/112
	NOTE: Fixed by: https://github.com/dropbox/lepton/commit/0b9967ec13b2c95771fa3da30bcc49d2fc055bfe
	NOTE: Introduced by: https://github.com/dropbox/lepton/commit/d62a8c0416c5a918bfd7d132cc1f6daa4e8bc055
CVE-2018-20818 (A buffer overflow vulnerability was discovered in the OpenPLC controll ...)
	NOT-FOR-US: OpenPLC
CVE-2018-20817 (SV_SteamAuthClient in various Activision Infinity Ward Call of Duty ga ...)
	NOT-FOR-US: Activision
CVE-2018-20816 (An XSS combined with CSRF vulnerability discovered in SalesAgility Sui ...)
	NOT-FOR-US: SalesAgility SuiteCRM
CVE-2018-20815 (In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated  ...)
	{DSA-4506-1 DLA-1781-1}
	- qemu 1:3.1+dfsg-7
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17
	NOTE: https://www.openwall.com/lists/oss-security/2019/03/27/1
CVE-2018-20814 (An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Con ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20813 (An input validation issue has been found with login_meeting.cgi in Pul ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20812 (An information exposure issue where IPv6 DNS traffic would be sent out ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20811 (A hidden RPC service issue was found with Pulse Secure Pulse Connect S ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20810 (Session data between cluster nodes during cluster synchronization is n ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20809 (A crafted message can cause the web server to crash with Pulse Secure  ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20808 (An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect  ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20807 (An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Conne ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-20806 (Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the  ...)
	- phamm <unfixed> (low; bug #924731)
	[stretch] - phamm <no-dsa> (Minor issue)
	[jessie] - phamm <no-dsa> (Minor issue)
	NOTE: https://github.com/lota/phamm/issues/24
CVE-2018-20805 (A user authorized to perform database queries may trigger denial of se ...)
	- mongodb <removed>
	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
	NOTE: https://jira.mongodb.org/browse/SERVER-38164
	NOTE: https://github.com/mongodb/mongo/commit/66316884a4b1180a8cceb6381e3c51e56586fc3e (v3.6.10, SSPL)
	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/f77527a942347313e2848e050e89480bc3cadb95 (v3.5.4)
CVE-2018-20804 (A user authorized to perform database queries may trigger denial of se ...)
	- mongodb <removed>
	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
	NOTE: https://jira.mongodb.org/browse/SERVER-35636
	NOTE: https://github.com/mongodb/mongo/commit/736d214fe2b1ad7cd9b57c05571b53628124668e (v3.6.13, SSPL)
	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a69ae445303fc4821c6745866b3902623a385c1c (v3.5.10)
CVE-2018-20803 (A user authorized to perform database queries may trigger denial of se ...)
	- mongodb <removed>
	[stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
	NOTE: https://jira.mongodb.org/browse/SERVER-38070
	NOTE: https://github.com/mongodb/mongo/commit/a2d97db8fe449d15eb8e275bbf318491781472bf (v3.4.19, AGPL)
	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a8176cf1da9fdbcc48334bfb3c71fedf37e77879 (v3.1.7)
CVE-2018-20802 (A user authorized to perform database queries may trigger denial of se ...)
	- mongodb <removed>
	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
	NOTE: https://jira.mongodb.org/browse/SERVER-36993
	NOTE: https://github.com/mongodb/mongo/commit/2b4634bb6512c5345de2ab8f698a687c6cec9973 (v3.6.9, AGPL)
	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/2f3b96e636329b68809bc63b681a862e3d3bccd5 (v3.6)
CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of b ...)
	NOT-FOR-US: Highcharts JS
CVE-2018-20800 (An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 an ...)
	- otrs2 6.0.14-1
	[stretch] - otrs2 <ignored> (Non-free not supported)
	[jessie] - otrs2 <not-affected> (Vulnerable code not present)
	NOTE: https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/7d3c56d5b9bb38207695dae174dbba89a132e7b9
	NOTE: For upstream versions only did affect OTRS 6.0.13 and OTRS 5.0.31.
CVE-2018-20799 (In pfSense 2.4.4_1, blocking of source IP addresses on the basis of fa ...)
	NOT-FOR-US: pfSense
CVE-2018-20798 (The expiretable configuration in pfSense 2.4.4_1 establishes block dur ...)
	NOT-FOR-US: pfSense
CVE-2018-20797 (An issue was discovered in PoDoFo 0.9.6. There is an attempted excessi ...)
	- libpodofo <unfixed> (unimportant; bug #923415)
	NOTE: https://sourceforge.net/p/podofo/tickets/34/
	NOTE: Negligible security impact
CVE-2018-20796 (In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limi ...)
	- glibc <unfixed> (unimportant)
	- eglibc <removed> (unimportant)
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
	NOTE: https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
	NOTE: No treated as vulnerability: https://sourceware.org/glibc/wiki/Security%20Exceptions
CVE-2018-20795 (tecrail Responsive FileManager 9.13.4 allows remote attackers to read  ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20794 (tecrail Responsive FileManager 9.13.4 allows remote attackers to write ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20793 (tecrail Responsive FileManager 9.13.4 allows remote attackers to write ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20792 (tecrail Responsive FileManager 9.13.4 allows remote attackers to read  ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20791 (tecrail Responsive FileManager 9.13.4 allows XSS via a media file uplo ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20790 (tecrail Responsive FileManager 9.13.4 allows remote attackers to delet ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20789 (tecrail Responsive FileManager 9.13.4 allows remote attackers to delet ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-20788 (drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels  ...)
	NOT-FOR-US: led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone
CVE-2018-20787 (The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi p ...)
	NOT-FOR-US: touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device
CVE-2018-20786 (libvterm through 0+bzr726, as used in Vim and other products, mishandl ...)
	- vim 2:8.1.0693-1 (unimportant)
	[stretch] - vim <not-affected> (Vulnerable code introduced later)
	[jessie] - vim <not-affected> (Vulnerable code introduced later)
	- libvterm <unfixed> (unimportant)
	NOTE: Introduced by: https://github.com/vim/vim/commit/e4f25e4a8db2c8a8a71a4ba2a68540b3ab341e42 (v8.0.0693)
	NOTE: Fixed by: https://github.com/vim/vim/commit/cd929f7ba8cc5b6d6dcf35c8b34124e969fed6b8 (v8.1.0633)
	NOTE: MISC:https://github.com/vim/vim/issues/3711
	NOTE: No security impact
CVE-2018-20785 (Secure boot bypass and memory extraction can be achieved on Neato Botv ...)
	NOT-FOR-US: Neato
CVE-2018-20784 (In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf ...)
	- linux 4.19.16-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/c40f7d74c741a907cfaeb73a7697081881c497d0
CVE-2018-20783 (In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2. ...)
	{DSA-4353-1 DLA-1608-1}
	- php7.3 7.3.0-1
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 5.6.39, 7.0.33, 7.1.25, 7.2.13
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77143
CVE-2018-1002161 [SQL injection in multiple remote calls]
	- koji 1.16.2-1 (bug #922922)
	[stretch] - koji 1.10.0-1+deb9u1
	NOTE: https://docs.pagure.org/koji/CVE-2018-1002161/
	NOTE: https://pagure.io/koji/issue/1183
CVE-2018-20782 (The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages ...)
	NOT-FOR-US: WooCommerce plugin
CVE-2018-20781 (In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's pas ...)
	- gnome-keyring 3.28.0-1 (unimportant)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781486
	NOTE: https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3
	NOTE: Not a vulnerability, just a hardening patch
CVE-2018-20780 (Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka ...)
	NOT-FOR-US: Traq
CVE-2018-20779 (Traq 3.7.1 allows SQL Injection via a tickets?search= URI. ...)
	NOT-FOR-US: Traq
CVE-2018-20778 (admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20777 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20776 (Frog CMS 0.9.5 provides a directory listing for a /public request. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20775 (admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code executio ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20774 (Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20773 (Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20772 (Frog CMS 0.9.5 allows PHP code execution via &lt;?php to the admin/?/l ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20771 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20770 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20769 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20768 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20767 (An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi,  ...)
	NOT-FOR-US: Xerox devices
CVE-2018-20766
	RESERVED
CVE-2018-20765
	RESERVED
CVE-2018-20764 (A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for Bo ...)
	NOT-FOR-US: BoKS
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1676393
	NOTE: https://community.helpsystems.com/knowledge-base/fox-technologies/hotfix/515/
	NOTE: No specific information is provided, but seems caused by BoKS shipping tcpcrypt setuid
CVE-2018-20763 (In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_i ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/1c449a34fe0b50aaffb881bfb9d7c5ab0bb18cdd
	NOTE: https://github.com/gpac/gpac/issues/1188
CVE-2018-20762 (GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in  ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
	NOTE: https://github.com/gpac/gpac/issues/1187
CVE-2018-20761 (GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in  ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/35ab4475a7df9b2a4bcab235e379c0c3ec543658
	NOTE: https://github.com/gpac/gpac/issues/1186
CVE-2018-20760 (In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_i ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #921969)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/4c1360818fc8948e9307059fba4dc47ba8ad255d
	NOTE: https://github.com/gpac/gpac/issues/1177
CVE-2018-20759
	RESERVED
CVE-2018-20758 (MODX Revolution through v2.7.0-pl allows XSS via User Settings such as ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-20757 (MODX Revolution through v2.7.0-pl allows XSS via an extended user fiel ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-20756 (MODX Revolution through v2.7.0-pl allows XSS via a document resource ( ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-20755 (MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-20754
	RESERVED
CVE-2018-20753 (Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 be ...)
	NOT-FOR-US: Kaseya VSA RMM
CVE-2018-20752 (An issue was discovered in Recon-ng before 4.9.5. Lack of validation i ...)
	- recon-ng 4.9.5-1
	NOTE: https://bitbucket.org/LaNMaSteR53/recon-ng/issues/285/csv-injection-vulnerability-identified-in
CVE-2018-1000999
	REJECTED
CVE-2018-1000998 (FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulne ...)
	- cvsweb 3:3.0.0-1
	NOTE: https://www.kvakil.me/posts/cvsweb/
CVE-2018-20751 (An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PD ...)
	- libpodofo 0.9.6+dfsg-4
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/33/
	NOTE: https://sourceforge.net/p/podofo/code/1954
CVE-2018-20747
	RESERVED
CVE-2018-20746
	RESERVED
CVE-2018-20745 (Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into ...)
	- yii <itp> (bug #597899)
CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a  ...)
	NOT-FOR-US: Olivier Poitrey Go CORS handler
CVE-2018-20742 (An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01.  ...)
	NOT-FOR-US: UC Berkeley RISE Opaque
CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web framework use ...)
	- jenkins <removed>
CVE-2018-20741
	RESERVED
CVE-2018-20740
	RESERVED
CVE-2018-20739
	RESERVED
CVE-2018-20738
	RESERVED
CVE-2018-20737 (An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected ...)
	NOT-FOR-US: WSO2 API Manager
CVE-2018-20736 (An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-bas ...)
	NOT-FOR-US: WSO2 API Manager
CVE-2018-20735 (** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11. ...)
	NOT-FOR-US: BMC PATROL Agent
CVE-2018-20734
	RESERVED
CVE-2018-20733 (BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows ...)
	NOT-FOR-US: SAS Web Infrastructure Platform
CVE-2018-20732 (SAS Web Infrastructure Platform before 9.4M6 allows remote attackers t ...)
	NOT-FOR-US: SAS Web Infrastructure Platform
CVE-2018-20731 (A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp ...)
	NOT-FOR-US: NeDi
CVE-2018-20730 (A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to ...)
	NOT-FOR-US: NeDi
CVE-2018-20729 (A reflected cross site scripting (XSS) vulnerability in NeDi before 1. ...)
	NOT-FOR-US: NeDi
CVE-2018-20728 (A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp ...)
	NOT-FOR-US: NeDi
CVE-2018-20727 (Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow ...)
	NOT-FOR-US: NeDi
CVE-2018-20726 (A cross-site scripting (XSS) vulnerability exists in host.php (via tre ...)
	- cacti 1.2.1+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <ignored> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
	NOTE: https://github.com/Cacti/cacti/issues/2213
CVE-2018-20725 (A cross-site scripting (XSS) vulnerability exists in graph_templates.p ...)
	- cacti 1.2.1+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <ignored> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
	NOTE: https://github.com/Cacti/cacti/issues/2214
CVE-2018-20724 (A cross-site scripting (XSS) vulnerability exists in pollers.php in Ca ...)
	- cacti 1.2.1+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <ignored> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53
	NOTE: https://github.com/Cacti/cacti/issues/2212
CVE-2018-20723 (A cross-site scripting (XSS) vulnerability exists in color_templates.p ...)
	- cacti 1.2.1+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <ignored> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
	NOTE: https://github.com/Cacti/cacti/issues/2215
CVE-2018-20722
	RESERVED
CVE-2018-20721 (URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bound ...)
	{DLA-1682-1}
	- uriparser 0.9.1-1 (low)
	[stretch] - uriparser <no-dsa> (Minor issue)
	NOTE: https://github.com/uriparser/uriparser/commit/cef25028de5ff872c2e1f0a6c562eb3ea9ecbce4
CVE-2018-20720 (ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1 ...)
	NOT-FOR-US: ABB Relion 630 devices
CVE-2018-20743 (murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple  ...)
	{DSA-4402-1 DLA-1661-1}
	- mumble 1.3.0~git20190114.9fcc588+dfsg-1 (bug #919249)
	NOTE: https://github.com/mumble-voip/mumble/issues/3505
	NOTE: https://github.com/mumble-voip/mumble/pull/3510
	NOTE: https://github.com/mumble-voip/mumble/pull/3512
CVE-2018-20719 (In Tiki before 17.2, the user task component is vulnerable to a SQL In ...)
	- tikiwiki <removed>
CVE-2018-20718 (In Pydio before 8.2.2, an attack is possible via PHP Object Injection  ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-20717 (In the orders section of PrestaShop before 1.7.2.5, an attack is possi ...)
	NOT-FOR-US: PrestaShop
CVE-2018-20716 (CubeCart before 6.1.13 has SQL Injection via the validate[] parameter  ...)
	NOT-FOR-US: CubeCart
CVE-2018-20715 (The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL in ...)
	NOT-FOR-US: OXID eSales
CVE-2018-20714 (The logging system of the Automattic WooCommerce plugin before 3.4.6 f ...)
	NOT-FOR-US: Automattic WooCommerce plugin for WordPress
CVE-2018-20713 (Shopware before 5.4.3 allows SQL Injection by remote authenticated use ...)
	NOT-FOR-US: Shopware
CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expression_1 in ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
	NOTE: binutils not covered by security support
CVE-2018-20711
	RESERVED
CVE-2018-20710
	REJECTED
CVE-2018-20709
	RESERVED
CVE-2018-20708
	RESERVED
CVE-2018-20707
	RESERVED
CVE-2018-20706
	RESERVED
CVE-2018-20705
	RESERVED
CVE-2018-20704
	RESERVED
CVE-2018-20703 (CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. ...)
	NOT-FOR-US: CubeCart
CVE-2018-20702
	RESERVED
CVE-2018-20701
	RESERVED
CVE-2018-20700
	RESERVED
CVE-2018-20699 (Docker Engine before 18.09 allows attackers to cause a denial of servi ...)
	- docker.io 18.09.1+dfsg1-2 (unimportant)
	NOTE: https://github.com/docker/engine/pull/70
	NOTE: https://github.com/moby/moby/pull/37967
	NOTE: Negligible security impact
CVE-2018-20698 (The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL  ...)
	NOT-FOR-US: floragunn Search Guard plugin for Kibana
CVE-2018-20697
	RESERVED
CVE-2018-20696
	RESERVED
CVE-2018-20695
	RESERVED
CVE-2018-20694
	RESERVED
CVE-2018-20693
	RESERVED
CVE-2018-20692
	RESERVED
CVE-2018-20691
	RESERVED
CVE-2018-20690
	RESERVED
CVE-2018-20689
	RESERVED
CVE-2018-20688
	RESERVED
CVE-2018-20687 (An XML external entity (XXE) vulnerability in CommandCenterWebServices ...)
	NOT-FOR-US: Raritan CommandCenter Secure Gateway
CVE-2018-20686
	RESERVED
CVE-2018-20684 (In WinSCP before 5.14 beta, due to missing validation, the scp impleme ...)
	NOT-FOR-US: WinSCP
CVE-2018-20685 (In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...)
	{DSA-4387-1 DLA-1728-1}
	- openssh 1:7.9p1-5 (bug #919101)
	NOTE: https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
	NOTE: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
CVE-2018-20682 (Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_ ...)
	NOT-FOR-US: Fork CMS
CVE-2018-20681 (mate-screensaver before 1.20.2 in MATE Desktop Environment allows phys ...)
	- mate-screensaver 1.20.2-1 (low)
	[stretch] - mate-screensaver <no-dsa> (Minor issue)
	[jessie] - mate-screensaver <not-affected> (Vulnerability only manifests when built against GTK-3.22)
	NOTE: https://github.com/mate-desktop/mate-screensaver/issues/152
	NOTE: https://github.com/mate-desktop/mate-screensaver/issues/155
	NOTE: https://github.com/mate-desktop/mate-screensaver/issues/170
	NOTE: https://github.com/mate-desktop/mate-screensaver/pull/167
CVE-2018-1000426 (A cross-site scripting vulnerability exists in Jenkins Git Changelog P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000425 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000424 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000423 (An insufficiently protected credentials vulnerability exists in Jenkin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000422 (An improper authorization vulnerability exists in Jenkins Crowd 2 Inte ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000421 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000420 (An improper authorization vulnerability exists in Jenkins Mesos Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000419 (An improper authorization vulnerability exists in Jenkins HipChat Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000418 (An improper authorization vulnerability exists in Jenkins HipChat Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000417 (A cross-site request forgery vulnerability exists in Jenkins Email Ext ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000416 (A reflected cross-site scripting vulnerability exists in Jenkins Job C ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000415 (A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000414 (A cross-site request forgery vulnerability exists in Jenkins Config Fi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000413 (A cross-site scripting vulnerability exists in Jenkins Config File Pro ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins Jira Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins JUnit Plu ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins 2.145 and earl ...)
	- jenkins <removed>
CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and earlier,  ...)
	- jenkins <removed>
CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145 and earlier, ...)
	- jenkins <removed>
CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145 and earli ...)
	- jenkins <removed>
CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and earlier, LT ...)
	- jenkins <removed>
CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsyn ...)
	- gitolite3 3.6.11-1 (bug #918849)
	[stretch] - gitolite3 <no-dsa> (Minor issue)
	[jessie] - gitolite3 <no-dsa> (Minor issue)
	- gitolite <removed>
	NOTE: https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae
	NOTE: https://groups.google.com/forum/#!topic/gitolite-announce/6xbjjmpLePQ
CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of bounds rea ...)
	- busybox 1:1.30.1-1 (low; bug #918846)
	[stretch] - busybox <no-dsa> (Minor issue)
	[jessie] - busybox <no-dsa> (Minor issue)
	NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
	NOTE: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
	NOTE: When fixing this issue make sure to not open CVE-2019-5747 by only
	NOTE: applying the partial fix. The followup commit
	NOTE: https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06
	NOTE: is needed to fix the issue completely.
CVE-2018-20678 (LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php ...)
	NOT-FOR-US: LibreNMS
CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configuration  ...)
	- twitter-bootstrap <removed>
	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
	- twitter-bootstrap3 3.4.0+dfsg-1
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
	NOTE: https://github.com/twbs/bootstrap/issues/27045
	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
	NOTE: https://github.com/twbs/bootstrap/pull/27047
	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewpor ...)
	- twitter-bootstrap <removed>
	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
	- twitter-bootstrap3 3.4.0+dfsg-1
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	[jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
	NOTE: https://github.com/twbs/bootstrap/issues/27044
	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
	NOTE: https://github.com/twbs/bootstrap/pull/27047
	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
CVE-2018-20675 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Be ...)
	NOT-FOR-US: D-Link
CVE-2018-20674 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Be ...)
	NOT-FOR-US: D-Link
CVE-2018-20673 (The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24039
	NOTE: binutils not covered by security support
CVE-2018-20672
	RESERVED
CVE-2018-20671 (load_specific_debug_section in objdump.c in GNU Binutils through 2.31. ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24005
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca
	NOTE: binutils not covered by security support
CVE-2018-20670
	RESERVED
CVE-2018-20669 (An issue where a provided address with access_ok() is not checked was  ...)
	- linux 5.2.6-1 (unimportant)
	[buster] - linux 4.19.131-1
	NOTE: Fixed by: https://git.kernel.org/linus/594cc251fdd0d231d342d88b2fdff4bc42fb0690
CVE-2018-20668
	RESERVED
CVE-2018-20667
	RESERVED
CVE-2018-20666
	RESERVED
CVE-2018-20665
	RESERVED
CVE-2018-20664 (Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2018-20663 (The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Pl ...)
	NOT-FOR-US: Reporting Addon for CUBA Platform
CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to caus ...)
	{DLA-2440-1 DLA-1706-1}
	- poppler 0.71.0-4 (low; bug #918158)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
CVE-2018-20661
	RESERVED
CVE-2018-20660
	RESERVED
CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote ...)
	NOT-FOR-US: Core FTP
CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...)
	NOTE: Short-lived, small  memleak, not considered a real bug by upstream
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539
CVE-2018-20656
	RESERVED
CVE-2018-20655 (When receiving calls using WhatsApp for iOS, a missing size check when ...)
	NOT-FOR-US: WhatsApp
CVE-2018-20654
	RESERVED
CVE-2018-20653
	RESERVED
CVE-2018-20652 (An attempted excessive memory allocation was discovered in the functio ...)
	NOT-FOR-US: tinyexr
CVE-2018-20651 (A NULL pointer dereference was discovered in elf_link_add_object_symbo ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24041
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=54025d5812ff100f5f0654eb7e1ffd50f2e37f5f
	NOTE: binutils not covered by security support
CVE-2018-20650 (A reachable Object::dictLookup assertion in Poppler 0.72.0 allows atta ...)
	{DLA-2440-1 DLA-1939-1}
	[experimental] - poppler 0.81.0-1
	- poppler 0.85.0-2 (low; bug #917974)
	[buster] - poppler <ignored> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/704
CVE-2018-20649
	RESERVED
CVE-2018-20648 (PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forger ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20647 (PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20646 (PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal vi ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20645 (PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the Fir ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20644 (PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-20643 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory tr ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20642 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote at ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20641 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site R ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20640 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20639 (PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injecti ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-20638 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has dire ...)
	NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website
CVE-2018-20637 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows r ...)
	NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website
CVE-2018-20636 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML ...)
	NOT-FOR-US: PHP Scripts Mall Chartered Accountant : Auditor Website
CVE-2018-20635 (PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via  ...)
	NOT-FOR-US: PHP Scripts Mall Advance B2B Script
CVE-2018-20634 (PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to c ...)
	NOT-FOR-US: PHP Scripts Mall Advance B2B Script
CVE-2018-20633 (PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forge ...)
	NOT-FOR-US: PHP Scripts Mall Advance B2B Script
CVE-2018-20632 (PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Script ...)
	NOT-FOR-US: PHP Scripts Mall Advance B2B Script
CVE-2018-20631 (PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosu ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-20630 (PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory trave ...)
	NOT-FOR-US: PHP Scripts Mall Advance Crowdfunding Script
CVE-2018-20629 (PHP Scripts Mall Charity Donation Script readymadeb2bscript has direct ...)
	NOT-FOR-US: PHP Scripts Mall Charity Donation Script readymadeb2bscript
CVE-2018-20628 (PHP Scripts Mall Charity Foundation Script 1 through 3 allows director ...)
	NOT-FOR-US: PHP Scripts Mall Charity Foundation Script
CVE-2018-20627 (PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via  ...)
	NOT-FOR-US: PHP Scripts Mall Consumer Reviews Script
CVE-2018-20626 (PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal ...)
	NOT-FOR-US: PHP Scripts Mall Consumer Reviews Script
CVE-2018-20625
	RESERVED
CVE-2018-20624
	RESERVED
CVE-2018-20623 (In GNU Binutils 2.31.1, there is a use-after-free in the error functio ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24049
	NOTE: binutils not covered by security support
CVE-2018-20622 (JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a wh ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/193
CVE-2018-20621 (An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe s ...)
	NOT-FOR-US: Microvirt MEmu
CVE-2018-20620
	RESERVED
CVE-2018-20619
	RESERVED
CVE-2018-20618 (ok-file-formats through 2018-10-16 has a heap-based buffer over-read i ...)
	NOT-FOR-US: ok-file-formats
CVE-2018-20617 (ok-file-formats through 2018-10-16 has a heap-based buffer overflow in ...)
	NOT-FOR-US: ok-file-formats
CVE-2018-20616 (ok-file-formats through 2018-10-16 has a heap-based buffer overflow in ...)
	NOT-FOR-US: ok-file-formats
CVE-2018-20615 (An out-of-bounds read issue was discovered in the HTTP/2 protocol deco ...)
	- haproxy 1.8.16-2
	[stretch] - haproxy <not-affected> (Vulnerable code introduced later)
	[jessie] - haproxy <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/haproxy/haproxy/commit/a01f45e3ced23c799f6e78b5efdbd32198a75354
CVE-2018-20614 (public\install\install.php in CIM 0.9.3 allows remote attackers to rel ...)
	NOT-FOR-US: CIM
CVE-2018-20613 (TEMMOKU T1.09 Beta allows admin/user/add CSRF. ...)
	NOT-FOR-US: TEMMOKU
CVE-2018-20612 (UWA 2.3.11 allows index.php?g=admin&amp;c=admin&amp;a=add_admin_do CSR ...)
	NOT-FOR-US: UWA
CVE-2018-20611 (imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo ...)
	NOT-FOR-US: imcat
CVE-2018-20610 (imcat 4.4 allows directory traversal via the root/run/adm.php efile pa ...)
	NOT-FOR-US: imcat
CVE-2018-20609 (imcat 4.4 allows remote attackers to obtain potentially sensitive conf ...)
	NOT-FOR-US: imcat
CVE-2018-20608 (imcat 4.4 allows remote attackers to read phpinfo output via the root/ ...)
	NOT-FOR-US: imcat
CVE-2018-20607 (imcat 4.4 allows remote attackers to obtain potentially sensitive debu ...)
	NOT-FOR-US: imcat
CVE-2018-20606 (imcat 4.4 allows full path disclosure via a dev.php?tools-ipaddr&amp;a ...)
	NOT-FOR-US: imcat
CVE-2018-20605 (imcat 4.4 allows remote attackers to execute arbitrary PHP code by usi ...)
	NOT-FOR-US: imcat
CVE-2018-20604 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via craft ...)
	NOT-FOR-US: Lei Feng TV CMS
CVE-2018-20603 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html  ...)
	NOT-FOR-US: Lei Feng TV CMS
CVE-2018-20602 (Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the  ...)
	NOT-FOR-US: Lei Feng TV CMS
CVE-2018-20601 (UCMS 1.4.7 has XSS via the description parameter in an index.php list_ ...)
	NOT-FOR-US: UCMS
CVE-2018-20600 (sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit a ...)
	NOT-FOR-US: UCMS
CVE-2018-20599 (UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by en ...)
	NOT-FOR-US: UCMS
CVE-2018-20598 (UCMS 1.4.7 has ?do=user_addpost CSRF. ...)
	NOT-FOR-US: UCMS
CVE-2018-20597 (UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileed ...)
	NOT-FOR-US: UCMS
CVE-2018-20596 (Jspxcms v9.0.0 allows SSRF. ...)
	NOT-FOR-US: Jspxcms
CVE-2018-20595 (A CSRF issue was discovered in web/authorization/oauth2/controller/OAu ...)
	NOT-FOR-US: hsweb
CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerab ...)
	NOT-FOR-US: hsweb
CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in  ...)
	- mxml <unfixed> (low; bug #924353)
	[buster] - mxml <ignored> (Minor issue)
	[stretch] - mxml <ignored> (Minor issue)
	[jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool)
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err (error output)
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err (error output)
	NOTE: https://github.com/michaelrsweet/mxml/issues/237
	NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely
CVE-2018-20592 (In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd ...)
	- mxml <unfixed> (low; bug #924353)
	[buster] - mxml <ignored> (Minor issue)
	[stretch] - mxml <ignored> (Minor issue)
	[jessie] - mxml <no-dsa> (Minor issue, only affected the mxmldoc tool)
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err (error output)
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt
	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err (error output)
	NOTE: https://github.com/michaelrsweet/mxml/issues/237
	NOTE: upstream tagged the issue with 'wontfix' and removed mxmldoc code completely
CVE-2018-20591 (A heap-based buffer over-read was discovered in decompileJUMP function ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/168
CVE-2018-20590 (Ivan Cordoba Generic Content Management System (CMS) through 2018-04-2 ...)
	NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS)
CVE-2018-20589 (Ivan Cordoba Generic Content Management System (CMS) through 2018-04-2 ...)
	NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS)
CVE-2018-20588 (lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-a ...)
	NOT-FOR-US: otfcc
CVE-2018-20587 (Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0. ...)
	- bitcoin <unfixed>
	NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587
	NOTE: Documentation of issue: https://github.com/bitcoin/bitcoin/pull/15223
CVE-2018-20586 (bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary d ...)
	- bitcoin 0.17.1~dfsg-1
CVE-2018-20585
	RESERVED
CVE-2018-20584 (JasPer 2.0.14 allows remote attackers to cause a denial of service (ap ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/192
CVE-2018-20583 (Cross-site scripting (XSS) vulnerability in the PHP League CommonMark  ...)
	NOT-FOR-US: PHP League CommonMark library
CVE-2018-20582 (The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suff ...)
	NOT-FOR-US: GREE+ (aka com.gree.greeplus) application
CVE-2018-20581
	RESERVED
CVE-2018-20580 (The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 al ...)
	NOT-FOR-US: SmartBear ReadyAPI
CVE-2018-20579 (Contiki-NG before 4.2 has a stack-based buffer overflow in the push fu ...)
	NOT-FOR-US: Contiki-NG
CVE-2018-20578 (An issue was discovered in NuttX before 7.27. The function netlib_pars ...)
	NOT-FOR-US: NuttX
CVE-2018-20577 (Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/f ...)
	NOT-FOR-US: Orange Livebox 00.96.320S devices
CVE-2018-20576 (Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cg ...)
	NOT-FOR-US: Orange Livebox 00.96.320S devices
CVE-2018-20575 (Orange Livebox 00.96.320S devices have an undocumented /system_firmwar ...)
	NOT-FOR-US: Orange Livebox 00.96.320S devices
CVE-2018-20574 (The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C ...)
	- yaml-cpp 0.6.3-1 (low; bug #918145)
	[buster] - yaml-cpp <no-dsa> (Minor issue)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <postponed> (Minor issue)
	- yaml-cpp0.3 <removed> (low; bug #918146)
	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
	[jessie] - yaml-cpp0.3 <postponed> (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/654
CVE-2018-20573 (The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++ ...)
	- yaml-cpp 0.6.3-1 (low; bug #918147)
	[buster] - yaml-cpp <no-dsa> (Minor issue)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <postponed> (Minor issue)
	- yaml-cpp0.3 <removed> (low; bug #918148)
	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
	[jessie] - yaml-cpp0.3 <postponed> (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/655
CVE-2018-20572 (WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL inj ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-20571 (DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a cr ...)
	NOT-FOR-US: DamiCMS
CVE-2018-20570 (jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer o ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/191
CVE-2018-20569 (user/index.php in Ivan Cordoba Generic Content Management System (CMS) ...)
	NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS)
CVE-2018-20568 (Administrator/index.php in Ivan Cordoba Generic Content Management Sys ...)
	NOT-FOR-US: Ivan Cordoba Generic Content Management System (CMS)
CVE-2018-20567 (An issue was discovered in DouCo DouPHP 1.5 20181221. \install\index.p ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20566 (An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full p ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20565 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/nav.php?re ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20564 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product_ca ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20563 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20562 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_ca ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20561 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.ph ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20560 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/show.php?r ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20559 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/product.ph ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20558 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20557 (An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?r ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20556 (SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordP ...)
	NOT-FOR-US: Booking Calendar plugin for WordPress
CVE-2018-20555 (The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress all ...)
	NOT-FOR-US: Design Chemical Social Network Tabs plugin for WordPress
CVE-2018-20554
	RESERVED
CVE-2018-20553 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in get_l2len  ...)
	- tcpreplay 4.3.1-1 (low; bug #917574)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (hard to exploit)
	NOTE: https://github.com/appneta/tcpreplay/issues/530
	NOTE: https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2
	NOTE: initial set of fixes got additional hardening, see:
	NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372
	NOTE: https://github.com/appneta/tcpreplay/pull/584
CVE-2018-20552 (Tcpreplay before 4.3.1 has a heap-based buffer over-read in packet2tre ...)
	- tcpreplay 4.3.1-1 (low; bug #917574)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (hard to exploit)
	NOTE: https://github.com/appneta/tcpreplay/issues/530
	NOTE: https://github.com/appneta/tcpreplay/pull/532/commits/6b830a1640ca20528032c89a4fdd8291a4d2d8b2
	NOTE: initial set of fixes got additional hardening, see:
	NOTE: https://github.com/appneta/tcpreplay/issues/530#issuecomment-480312372
	NOTE: https://github.com/appneta/tcpreplay/pull/584
CVE-2018-1000893 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when  ...)
	NOT-FOR-US: Bitcoin SV
CVE-2018-1000892 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when  ...)
	NOT-FOR-US: Bitcoin SV
CVE-2018-1000891 (Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when  ...)
	NOT-FOR-US: Bitcoin SV
CVE-2018-20551 (A reachable Object::getString assertion in Poppler 0.72.0 allows attac ...)
	- poppler 0.71.0-4 (low; bug #917525)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <not-affected> (vulnerable code is not present)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/703
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7f87dc10b6adccd6d1b977a28b064add254aa2da
CVE-2018-20550
	RESERVED
CVE-2018-20549 (There is an illegal WRITE memory access at caca/file.c (function caca_ ...)
	{DLA-1631-1}
	- libcaca 0.99.beta19-2.1 (low; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652628
	NOTE: https://github.com/cacalabs/libcaca/issues/41
	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
CVE-2018-20548 (There is an illegal WRITE memory access at common-image.c (function lo ...)
	- libcaca 0.99.beta19-2.1 (unimportant; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652625
	NOTE: https://github.com/cacalabs/libcaca/issues/40
	NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/f6c61faa26b3e150c3daf514589afa737f42f152
	NOTE: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
	NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20547 (There is an illegal READ memory access at caca/dither.c (function get_ ...)
	{DLA-1631-1}
	- libcaca 0.99.beta19-2.1 (low; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652624
	NOTE: https://github.com/cacalabs/libcaca/issues/39
	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
CVE-2018-20546 (There is an illegal READ memory access at caca/dither.c (function get_ ...)
	{DLA-1631-1}
	- libcaca 0.99.beta19-2.1 (low; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652622
	NOTE: https://github.com/cacalabs/libcaca/issues/38
	NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/02a09ec9e5ed8981e7a810bfb6a0172dc24f0790
CVE-2018-20545 (There is an illegal WRITE memory access at common-image.c (function lo ...)
	- libcaca 0.99.beta19-2.1 (unimportant; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652621
	NOTE: https://github.com/cacalabs/libcaca/issues/37
	NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/f6c61faa26b3e150c3daf514589afa737f42f152
	NOTE: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
	NOTE: Debian binary packages built with the Imlib2 library
CVE-2018-20544 (There is floating point exception at caca/dither.c (function caca_dith ...)
	{DLA-1631-1}
	- libcaca 0.99.beta19-2.1 (low; bug #917807)
	[stretch] - libcaca 0.99.beta19-2.1~deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652627
	NOTE: https://github.com/cacalabs/libcaca/issues/36
	NOTE: Upstream fix: https://github.com/cacalabs/libcaca/commit/84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c
CVE-2018-20543 (There is an attempted excessive memory allocation at libxsmm_sparse_cs ...)
	- libxsmm <unfixed> (bug #917573)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652634
CVE-2018-20542 (There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c ...)
	- libxsmm <unfixed> (bug #917526)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652633
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652635
	NOTE: https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
	NOTE: https://github.com/hfp/libxsmm/issues/287
CVE-2018-20541 (There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at  ...)
	- libxsmm <unfixed> (bug #917526)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652632
	NOTE: https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d
	NOTE: https://github.com/hfp/libxsmm/issues/287
CVE-2018-20540 (There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8 ...)
	- liblas 1.8.1-10 (low; bug #922459)
	[stretch] - liblas <ignored> (Minor issue)
	[jessie] - liblas <no-dsa> (Minor issue)
	NOTE: https://github.com/libLAS/libLAS/issues/158
	NOTE: https://github.com/libLAS/libLAS/commit/ba7346d349fb00b18d0c12e226ac3090eac25d7b
CVE-2018-20539 (There is a Segmentation fault triggered by illegal address access at l ...)
	- liblas <removed> (low; bug #924614)
	[buster] - liblas <ignored> (Minor issue)
	[stretch] - liblas <ignored> (Minor issue)
	[jessie] - liblas <no-dsa> (Minor issue)
	NOTE: https://github.com/libLAS/libLAS/issues/159
	NOTE: https://github.com/libLAS/libLAS/pull/183
	NOTE: https://github.com/libLAS/libLAS/commit/ca88a11a8a0548d3aa78b643e6c701708b826fa9
CVE-2018-20538 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...)
	- nasm <unfixed> (unimportant; bug #918269)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392531
	NOTE: Crash in CLI tool, no security impact
CVE-2018-20537 (There is a NULL pointer dereference at liblas::SpatialReference::GetGT ...)
	- liblas <removed> (low; bug #924614)
	[buster] - liblas <ignored> (Minor issue)
	[stretch] - liblas <ignored> (Minor issue)
	[jessie] - liblas <no-dsa> (Minor issue)
	NOTE: https://github.com/libLAS/libLAS/issues/160
	NOTE: https://github.com/libLAS/libLAS/pull/184
	NOTE: https://github.com/libLAS/libLAS/commit/1e854ec110d9bcebcae9db3136953c873f919235
CVE-2018-20536 (There is a heap-based buffer over-read at liblas::SpatialReference::Ge ...)
	- liblas <removed> (low; bug #924614)
	[buster] - liblas <ignored> (Minor issue)
	[stretch] - liblas <ignored> (Minor issue)
	[jessie] - liblas <no-dsa> (Minor issue)
	NOTE: https://github.com/libLAS/libLAS/issues/161
	NOTE: https://github.com/libLAS/libLAS/pull/183
	NOTE: https://github.com/libLAS/libLAS/commit/ca88a11a8a0548d3aa78b643e6c701708b826fa9
CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...)
	- nasm 2.15.04-1 (unimportant; bug #918270)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
	NOTE: Crash in CLI tool, no security impact
CVE-2018-20534 (** DISPUTED ** There is an illegal address access at ext/testcase.c in ...)
	- libsolv 0.6.36-1 (unimportant; bug #923002)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652604
	NOTE: https://github.com/openSUSE/libsolv/pull/291
	NOTE: https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
	NOTE: Only affects the test suite
CVE-2018-20533 (There is a NULL pointer dereference at ext/testcase.c (function testca ...)
	- libsolv 0.6.36-1 (low; bug #923002)
	[buster] - libsolv <ignored> (Minor issue)
	[stretch] - libsolv <ignored> (Minor issue)
	[jessie] - libsolv <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652599
	NOTE: https://github.com/openSUSE/libsolv/pull/291
	NOTE: https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
CVE-2018-20532 (There is a NULL pointer dereference at ext/testcase.c (function testca ...)
	- libsolv 0.6.36-1 (low; bug #923002)
	[buster] - libsolv <ignored> (Minor issue)
	[stretch] - libsolv <ignored> (Minor issue)
	[jessie] - libsolv <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1652605
	NOTE: https://github.com/openSUSE/libsolv/pull/291
	NOTE: https://github.com/openSUSE/libsolv/commit/4830af9d979d3685de538b80fbeba51ad590525e
CVE-2018-20531
	RESERVED
CVE-2018-20530 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile fie ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-20529
	RESERVED
CVE-2018-20528 (JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter ...)
	NOT-FOR-US: JEECMS
CVE-2018-20527
	RESERVED
CVE-2018-20526 (Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. ...)
	NOT-FOR-US: Roxy Fileman
CVE-2018-20525 (Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile ...)
	NOT-FOR-US: Roxy Fileman
CVE-2018-20524 (The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted us ...)
	NOT-FOR-US: Chat Anywhere Chrome extension
CVE-2018-20523 (Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and o ...)
	NOT-FOR-US: Xiaomi
CVE-2018-20522
	RESERVED
CVE-2018-20521
	RESERVED
CVE-2018-20520 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a r ...)
	NOT-FOR-US: MiniCMS
CVE-2018-20519 (An issue was discovered in 74cms v4.2.111. It allows remote authentica ...)
	NOT-FOR-US: 74cms
CVE-2018-20518
	RESERVED
CVE-2018-20517
	RESERVED
CVE-2018-20516
	RESERVED
CVE-2018-20515
	RESERVED
CVE-2018-20514
	RESERVED
CVE-2018-20513
	RESERVED
CVE-2018-20512 (EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privi ...)
	NOT-FOR-US: EPON CPE-WiFi devices
CVE-2018-20510 (The print_binder_transaction_ilocked function in drivers/android/binde ...)
	- linux 4.16.5-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux 3.16.57-1
	NOTE: https://git.kernel.org/linus/8ca86f1639ec5890d400fff9211aca22d0a392eb
CVE-2018-20509 (The print_binder_ref_olocked function in drivers/android/binder.c in t ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.184-1
	[jessie] - linux <ignored> (debugfs restricted to root by default)
	NOTE: https://security.netapp.com/advisory/ntap-20190517-0002/
CVE-2018-20508 (CrashFix 1.0.4 has SQL Injection via the User[status] parameter. This  ...)
	NOT-FOR-US: CrashFix
CVE-2018-1000890 (FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulner ...)
	- frontaccounting <removed>
CVE-2018-1000889 (Logisim Evolution version 2.14.3 and earlier contains an XML External  ...)
	NOT-FOR-US: Logisim Evolution
CVE-2018-1000888 (PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 ...)
	{DSA-4378-1 DLA-1674-1}
	- php-pear 1:1.10.6+submodules+notgz-1.1 (bug #919147)
	- php5 <removed>
	NOTE: https://pear.php.net/bugs/bug.php?id=23782
	NOTE: https://github.com/pear/Archive_Tar/commit/59ace120ac5ceb5f0d36e40e48e1884de1badf76
CVE-2018-1000887 (Peel shopping peel-shopping_9_1_0 version contains a Cross Site Script ...)
	NOT-FOR-US: Peel shopping
CVE-2018-20511 (An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ ...)
	{DLA-1731-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.130-1
	NOTE: Fixed by: https://git.kernel.org/linus/9824dfae5741275473a23a7ed5756c7b6efacc9d (4.19-rc5)
CVE-2018-20507 (An issue was discovered in GitLab Enterprise Edition 11.2.x through 11 ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20506 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
	{DLA-2340-1 DLA-1613-1}
	- sqlite3 3.25.3-1
	NOTE: https://sqlite.org/src/info/940f2adc8541a838
CVE-2018-20505 (SQLite 3.25.2, when queries are run on a table with a malformed PRIMAR ...)
	- sqlite3 3.25.3-1
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://sqlite.org/src/info/1a84668dcfdebaf12415d
CVE-2018-20504
	RESERVED
CVE-2018-20503 (Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.p ...)
	NOT-FOR-US: Allied Telesis 8100L/8 devices
CVE-2018-20502 (An issue was discovered in Bento4 1.5.1-627. There is an attempt at ex ...)
	NOT-FOR-US: Bento4
CVE-2018-20501 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20500 (An insecure permissions issue was discovered in GitLab Community and E ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20499 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20498 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20497 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20496 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20495 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20494 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20493 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20492 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20491 (An issue was discovered in GitLab Enterprise Edition 11.3.x and 11.4.x ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20490 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20489 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20488 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.5.6+dfsg-1 (bug #918086)
	NOTE: https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
CVE-2018-20487 (An issue was discovered in the firewall3 component in Inteno IOPSYS 1. ...)
	NOT-FOR-US: Inteno IOPSYS
CVE-2018-20486 (MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php ...)
	NOT-FOR-US: MetInfo
CVE-2018-20485 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in  ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2018-20484 (Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in  ...)
	NOT-FOR-US: Zoho ManageEngine ADSelfService Plus
CVE-2018-20483 (set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's ...)
	- wget 1.20.1-1 (bug #917375)
	[stretch] - wget <not-affected> (Vulnerable code introduced in 1.19)
	[jessie] - wget <not-affected> (Vulnerable code introduced in 1.19)
	NOTE: https://twitter.com/marcan42/status/1077676739877232640
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=3cdfb594cf75f11cdbb9702ac5e856c332ccacfa
	NOTE: Don't use extended attributes by default: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
	NOTE: Introduced by: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3 (v1.19)
CVE-2018-20482 (GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage ...)
	{DLA-1623-1}
	- tar 1.30+dfsg-3.1 (bug #917377)
	[stretch] - tar <no-dsa> (Minor issue)
	NOTE: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/TarFindingTruncateBug
	NOTE: https://news.ycombinator.com/item?id=18745431
	NOTE: https://twitter.com/thatcks/status/1076166645708668928
	NOTE: https://lists.gnu.org/archive/html/bug-tar/2018-12/msg00023.html
	NOTE: Fixed by https://git.savannah.gnu.org/cgit/tar.git/commit/?id=c15c42c
CVE-2018-20481 (XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRe ...)
	{DLA-2287-1 DLA-1706-1}
	- poppler 0.71.0-4 (low; bug #917325)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/692
	NOTE: Proposed fix: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/39a251b1b3a3343400a08e2f03c5518a26624626
CVE-2018-20480 (An issue was discovered in S-CMS 1.0. It allows SQL Injection via the  ...)
	NOT-FOR-US: S-CMS
CVE-2018-20479 (An issue was discovered in S-CMS 1.0. It allows SQL Injection via the  ...)
	NOT-FOR-US: S-CMS
CVE-2018-20478 (An issue was discovered in S-CMS 1.0. It allows reading certain files, ...)
	NOT-FOR-US: S-CMS
CVE-2018-20477 (An issue was discovered in S-CMS 3.0. It allows SQL Injection via the  ...)
	NOT-FOR-US: S-CMS
CVE-2018-20476 (An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo ...)
	NOT-FOR-US: S-CMS
CVE-2018-20475
	RESERVED
CVE-2018-20474
	RESERVED
CVE-2018-20473
	RESERVED
CVE-2018-20472 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The  ...)
	NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20471
	RESERVED
CVE-2018-20470 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A di ...)
	NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20469 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A pa ...)
	NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20468 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A we ...)
	NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can resu ...)
	{DLA-2333-1}
	- imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1408
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/4dd53a3f790147aaf18b2dd4d15f2a19f9432d3f
CVE-2018-20466
	RESERVED
CVE-2018-20465 (Craft CMS through 3.0.34 allows remote authenticated administrators to ...)
	NOT-FOR-US: Craft CMS
CVE-2018-20464 (There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 ad ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-20463 (An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. The ...)
	NOT-FOR-US: JSmol2WP plugin for WordPress
CVE-2018-20462 (An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. A c ...)
	NOT-FOR-US: JSmol2WP plugin for WordPress
CVE-2018-20461 (In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c all ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/a1bc65c3db593530775823d6d7506a457ed95267
	NOTE: https://github.com/radare/radare2/issues/12375
CVE-2018-20460 (In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf
	NOTE: https://github.com/radare/radare2/issues/12376
CVE-2018-20459 (In radare2 through 3.1.3, the armass_assemble function in libr/asm/arc ...)
	- radare2 3.2.1+dfsg-1 (low; bug #917322)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7
	NOTE: https://github.com/radare/radare2/issues/12418
CVE-2018-20458 (In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/ ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/30f4c7b52a4e2dc0d0b1bae487d90f5437c69d19
	NOTE: https://github.com/radare/radare2/issues/12374
CVE-2018-20457 (In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_ ...)
	- radare2 3.2.1+dfsg-1 (low; bug #917322)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/e5c14c167b0dcf0a53d76bd50bacbbcc0dfc1ae7
	NOTE: https://github.com/radare/radare2/issues/12417
CVE-2018-20456 (In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185
	NOTE: https://github.com/radare/radare2/issues/12372
CVE-2018-20455 (In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p ...)
	- radare2 3.1.2+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185
	NOTE: https://github.com/radare/radare2/issues/12373
CVE-2018-20454 (An issue was discovered in 74cms v4.2.111. upload/index.php?c=resume&a ...)
	NOT-FOR-US: 74cms
CVE-2018-20453 (The getlong function in numutils.c in libdoc through 2017-10-23 has a  ...)
	- catdoc <unfixed> (unimportant; bug #919526)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-20452 (The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid fr ...)
	- r-cran-readxl 1.2.0.9000-1 (bug #919324)
	[stretch] - r-cran-readxl 0.1.1-1+deb9u2
	NOTE: https://github.com/evanmiller/libxls/issues/35
CVE-2018-20451 (The process_file function in reader.c in libdoc through 2017-10-23 has ...)
	- catdoc <unfixed> (unimportant; bug #919526)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-20450 (The read_MSAT function in ole.c in libxls 1.4.0 has a double free that ...)
	- r-cran-readxl 1.2.0.9000-1 (bug #919324)
	[stretch] - r-cran-readxl 0.1.1-1+deb9u2
	NOTE: https://github.com/evanmiller/libxls/issues/34
CVE-2018-20449 (The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the L ...)
	- linux 4.15.4-1
	[stretch] - linux <ignored> (Minor issue)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.debian.org/debian-security-tracker/2019/01/msg00029.html
CVE-2018-20448 (Frog CMS 0.9.5 has XSS via the Database name field to the /install/ind ...)
	NOT-FOR-US: Frog CMS
CVE-2018-20447
	RESERVED
CVE-2018-20446
	RESERVED
CVE-2018-20445 (D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_ ...)
	NOT-FOR-US: D-Link
CVE-2018-20444 (Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU dev ...)
	NOT-FOR-US: Technicolor
CVE-2018-20443 (Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices  ...)
	NOT-FOR-US: Technicolor
CVE-2018-20442 (Technicolor TC7110.B STC8.62.02 devices allow remote attackers to disc ...)
	NOT-FOR-US: Technicolor
CVE-2018-20441 (Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to  ...)
	NOT-FOR-US: Technicolor
CVE-2018-20440 (Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow  ...)
	NOT-FOR-US: Technicolor
CVE-2018-20439 (Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices ...)
	NOT-FOR-US: Technicolor
CVE-2018-20438 (Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to dis ...)
	NOT-FOR-US: Technicolor
CVE-2018-20437 (** DISPUTED ** An issue was discovered in the fileDownload function in ...)
	NOT-FOR-US: FEBS-Shiro
CVE-2018-20436 (** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android ...)
	NOT-FOR-US: Telegram for Android
CVE-2018-20435
	RESERVED
CVE-2018-20434 (LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands ...)
	NOT-FOR-US: LibreNMS
CVE-2018-20433 (c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mcha ...)
	{DLA-1621-1}
	- c3p0 0.9.1.2-10 (bug #917257)
	[stretch] - c3p0 0.9.1.2-9+deb9u1
	NOTE: https://github.com/swaldman/c3p0/commit/7dfdda63f42759a5ec9b63d725b7412f74adb3e1
CVE-2018-20432 (D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded ...)
	NOT-FOR-US: D-Link
CVE-2018-20431 (GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerabil ...)
	{DSA-4361-1 DLA-1616-1}
	- libextractor 1:1.8-2 (bug #917213)
	NOTE: https://gnunet.org/bugs/view.php?id=5494
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=489c4a540bb2c4744471441425b8932b97a153e7
CVE-2018-20430 (GNU Libextractor through 1.8 has an out-of-bounds read vulnerability i ...)
	{DSA-4361-1 DLA-1616-1}
	- libextractor 1:1.8-2 (bug #917214)
	NOTE: https://gnunet.org/bugs/view.php?id=5493
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110
CVE-2018-20429 (libming 0.4.8 has a NULL pointer dereference in the getName function o ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/160
CVE-2018-20428 (libming 0.4.8 has a NULL pointer dereference in the strlenext function ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/161
CVE-2018-20427 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/164
CVE-2018-20426 (libming 0.4.8 has a NULL pointer dereference in the newVar3 function o ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/162
CVE-2018-20425 (libming 0.4.8 has a NULL pointer dereference in the pushdup function o ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/163
CVE-2018-20424 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attac ...)
	NOT-FOR-US: DiscuzX
CVE-2018-20423 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attac ...)
	NOT-FOR-US: DiscuzX
CVE-2018-20422 (Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attac ...)
	NOT-FOR-US: DiscuzX
CVE-2018-20421 (Go Ethereum (aka geth) 1.8.19 allows attackers to cause a denial of se ...)
	- golang-github-go-ethereum <itp> (bug #890541)
CVE-2018-20420 (In webERP 4.15, Z_CreateCompanyTemplateFile.php has Incorrect Access C ...)
	NOT-FOR-US: webERP
CVE-2018-20419 (DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add a ...)
	NOT-FOR-US: DouCo DouPHP
CVE-2018-20418 (index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allow ...)
	NOT-FOR-US: Craft CMS
CVE-2018-20417
	RESERVED
CVE-2018-20416
	RESERVED
CVE-2018-20415
	RESERVED
CVE-2018-20414
	RESERVED
CVE-2018-20413
	RESERVED
CVE-2018-20412
	RESERVED
CVE-2018-20411
	RESERVED
CVE-2018-20410 (WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer ov ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2018-20409 (An issue was discovered in Bento4 1.5.1-627. There is a heap-based buf ...)
	NOT-FOR-US: Bento4
CVE-2018-20408 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...)
	NOT-FOR-US: Bento4
CVE-2018-20407 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...)
	NOT-FOR-US: Bento4
CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...)
	{DLA-2280-1 DLA-1663-1}
	- python3.7 3.7.0-7 (unimportant)
	- python3.6 3.6.7~rc1-1 (unimportant)
	- python3.5 <removed> (unimportant)
	- python3.4 <removed> (unimportant)
	NOTE: https://bugs.python.org/issue34656
	NOTE: https://github.com/python/cpython/commit/a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd (master)
	NOTE: https://github.com/python/cpython/commit/ef4306b24c9034d6b37bb034e2ebe82e745d4b77 (3.7)
	NOTE: https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc (3.6)
	NOTE: Negligible security impact
CVE-2018-20405 (** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticat ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-20404 (ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system  ...)
	NOT-FOR-US: ETK_E900.sys (SmartETK driver for VIA Technologies EPIA-E900 system board)
CVE-2018-20403
	RESERVED
CVE-2018-20402 (Safe Software FME Server through 2018.1 creates and enables three addi ...)
	NOT-FOR-US: Safe Software FME Server
CVE-2018-20401 (Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credent ...)
	NOT-FOR-US: Zoom 5352 v5.5.8.6Y devices
CVE-2018-20400 (Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote atta ...)
	NOT-FOR-US: Ubee devices
CVE-2018-20399 (Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0 ...)
	NOT-FOR-US: Motorola
CVE-2018-20398 (Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100 ...)
	NOT-FOR-US: Skyworth devices
CVE-2018-20397 (mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to d ...)
	NOT-FOR-US: mplus devices
CVE-2018-20396 (NET&amp;SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allo ...)
	NOT-FOR-US: NET&SYS devices
CVE-2018-20395 (NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attacke ...)
	NOT-FOR-US: NETWAVE devices
CVE-2018-20394 (Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and ...)
	NOT-FOR-US: Thomson devices
CVE-2018-20393 (Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CW ...)
	NOT-FOR-US: Technicolor devices
CVE-2018-20392 (S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers  ...)
	NOT-FOR-US: S-A WebSTAR devices
CVE-2018-20391 (TEKNOTEL CBW700N 81.447.392110.729.024 devices allow remote attackers  ...)
	NOT-FOR-US: TEKNOTEL devices
CVE-2018-20390 (Kaonmedia CG2001-AN22A 1.2.1, CG2001-UDBNA 3.0.8, and CG2001-UN2NA 3.0 ...)
	NOT-FOR-US: Kaonmedia devices
CVE-2018-20389 (D-Link DCM-604 DCM604_C1_ViaCabo_1.04_20130606 and DCM-704 EU_DCM-704_ ...)
	NOT-FOR-US: D-Link
CVE-2018-20388 (Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices all ...)
	NOT-FOR-US: Comtrend devices
CVE-2018-20387 (Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices al ...)
	NOT-FOR-US: Bnmux devices
CVE-2018-20386 (ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote ...)
	NOT-FOR-US: ARRIS devices
CVE-2018-20385 (CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553m ...)
	NOT-FOR-US: CastleNet devices
CVE-2018-20384 (iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 1 ...)
	NOT-FOR-US: iNovo devices
CVE-2018-20383 (ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote at ...)
	NOT-FOR-US: ARRIS devices
CVE-2018-20382 (Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allo ...)
	NOT-FOR-US: Jiuzhou devices
CVE-2018-20381 (Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow re ...)
	NOT-FOR-US: Technicolor devices
CVE-2018-20380 (Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U ...)
	NOT-FOR-US: Ambit devices
CVE-2018-20379 (Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices ...)
	NOT-FOR-US: Technicolor devices
CVE-2018-20378 (The L2CAP signaling channel implementation and SDP server implementati ...)
	NOT-FOR-US: OpenSynergy Blue SDK
CVE-2018-20377 (Orange Livebox 00.96.320S devices allow remote attackers to discover W ...)
	NOT-FOR-US: Orange Livebox
CVE-2018-20376 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
	- tcc <unfixed> (unimportant)
	NOTE: Negligible security impact
	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00013.html
CVE-2018-20375 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
	- tcc <unfixed> (unimportant)
	NOTE: Negligible security impact
	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00014.html
CVE-2018-20374 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
	- tcc <unfixed> (unimportant)
	NOTE: Negligible security impact
	NOTE: https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00015.html
CVE-2018-20373 (Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP cl ...)
	NOT-FOR-US: Tenda ADSL modem routers
CVE-2018-20372 (TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client ...)
	NOT-FOR-US: TP-Link TD-W8961ND devices
CVE-2018-20371 (PhotoRange Photo Vault 1.2 appends the password to the URI for authori ...)
	NOT-FOR-US: PhotoRange Photo Vault
CVE-2018-20370 (SZ NetChat before 7.9 has XSS in the MyName input field of the Options ...)
	NOT-FOR-US: SZ NetChat
CVE-2018-20369 (Barracuda Message Archiver 2018 has XSS in the error_msg exception-han ...)
	NOT-FOR-US: Barracuda
CVE-2018-20368 (The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the ...)
	NOT-FOR-US: Master Slider plugin for WordPress
CVE-2018-20367 (The "mall some commodity details: commodity consultation" component in ...)
	NOT-FOR-US: WSTMart
CVE-2018-20366
	RESERVED
CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow ...)
	- libraw 0.19.2-2 (bug #917111)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/195
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL point ...)
	- libraw 0.19.2-2 (bug #917112)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/194
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointe ...)
	- libraw 0.19.2-2 (bug #917113)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/193
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
	{DSA-4522-1 DLA-1791-1}
	- faad2 2.8.8-2 (low)
	NOTE: https://github.com/knik0/faad2/issues/26
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20361 (An invalid memory address dereference was discovered in the hf_assembl ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/30
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20360 (An invalid memory address dereference was discovered in the sbr_proces ...)
	{DLA-1899-1}
	- faad2 2.8.8-3.1 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[stretch] - faad2 <no-dsa> (Minor issue)
	NOTE: https://github.com/knik0/faad2/issues/32
	NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20359 (An invalid memory address dereference was discovered in the sbrDecodeS ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/29
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3
CVE-2018-20358 (An invalid memory address dereference was discovered in the lt_predict ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/31
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20357 (A NULL pointer dereference was discovered in sbr_process_channel of li ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/28
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20356 (An invalid read of 8 bytes due to a use-after-free vulnerability in th ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20355 (An invalid write of 8 bytes due to a use-after-free vulnerability in t ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20354 (An invalid read of 8 bytes due to a use-after-free vulnerability durin ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20353 (An invalid read of 8 bytes due to a use-after-free vulnerability durin ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20352 (Use-after-free vulnerability in the mg_cgi_ev_handler function in mong ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-20351 (The Markdown component in Evernote (Chinese) before 8.3.2 on macOS all ...)
	NOT-FOR-US: Evernote
CVE-2018-20350
	RESERVED
CVE-2018-20349 (The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 ...)
	{DLA-2055-1}
	- igraph 0.7.1-3 (bug #917211)
	[stretch] - igraph 0.7.1-2.1+deb9u1
	- r-cran-igraph 1.2.2-2 (bug #917212)
	[stretch] - r-cran-igraph 1.0.1-1+deb9u1
	NOTE: https://github.com/igraph/igraph/issues/1141
	NOTE: Fixed by: https://github.com/igraph/igraph/commit/e3a9566e6463186230f215151b57b893df6d9ce2
CVE-2018-20348 (libpff_item_tree_create_node in libpff_item_tree.c in libpff before ex ...)
	- libpff 20180714-1
	[stretch] - libpff <no-dsa> (Minor issue)
	[jessie] - libpff <no-dsa> (Minor issue)
	NOTE: https://github.com/libyal/libpff/issues/48
CVE-2018-20347
	REJECTED
CVE-2018-20345 (Incorrect access control in StackStorm API (st2api) in StackStorm befo ...)
	NOT-FOR-US: SlackStorm
CVE-2018-20344
	RESERVED
CVE-2018-20343 (Multiple buffer overflow vulnerabilities have been found in Ken Silver ...)
	NOT-FOR-US: Ken Silverman Build Engine
CVE-2018-20342 (The Floureon IP Camera SP012 provides a root terminal on a UART serial ...)
	NOT-FOR-US: Floureon IP Camera SP012
CVE-2018-20341 (WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted ...)
	NOT-FOR-US: WINMAGIC SecureDoc Disk Encryption
CVE-2018-20340 (Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which c ...)
	{DSA-4389-1}
	- libu2f-host 1.1.7-1 (bug #921726)
	NOTE: https://www.yubico.com/support/security-advisories/ysa-2019-01/
	NOTE: https://github.com/Yubico/libu2f-host/commit/f526546bb29f2ef704ae9850f0f4b41fea7b62a4
	NOTE: https://github.com/Yubico/libu2f-host/commit/e77a109f8cf60d9eafdf005ab5c851d5f576c01e
CVE-2018-20339 (Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20338 (Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL inject ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20337 (There is a stack-based buffer overflow in the parse_makernote function ...)
	- libraw 0.19.2-1 (bug #917080)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/192
CVE-2018-20336 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack ...)
	NOT-FOR-US: ASUSWRT
CVE-2018-20335 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticat ...)
	NOT-FOR-US: ASUSWRT
CVE-2018-20334 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing  ...)
	NOT-FOR-US: ASUSWRT
CVE-2018-20333 (An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticat ...)
	NOT-FOR-US: ASUSWRT
CVE-2018-20332 (An issue has been discovered in the OpenWebif plugin through 1.2.4 for ...)
	NOT-FOR-US: OpenWebif plugin
CVE-2018-20331 (Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ...)
	NOT-FOR-US: Antiy AVL ATool
CVE-2018-20330 (The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflo ...)
	- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/304
	NOTE: Fixed by: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3d9c64e9f8aa1ee954d1d0bb3390fc894bb84da3
CVE-2018-20329 (Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsC ...)
	NOT-FOR-US: Chamilo LMS
CVE-2018-20328 (Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php  ...)
	NOT-FOR-US: Chamilo LMS
CVE-2018-20327 (Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin ...)
	NOT-FOR-US: Chamilo LMS
CVE-2018-20326 (ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W ...)
	NOT-FOR-US: ChinaMobile PLC Wireless Router
CVE-2018-20325 (There is a vulnerability in load() method in definitions/parser.py in  ...)
	NOT-FOR-US: Danijar Hafner
CVE-2018-20324
	RESERVED
CVE-2018-20323 (www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition  ...)
	NOT-FOR-US: MailCleaner
CVE-2018-20322 (LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulner ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-20321 (An issue was discovered in Rancher 2 through 2.1.5. Any project member ...)
	NOT-FOR-US: Rancher
CVE-2018-20320
	REJECTED
CVE-2018-20319
	RESERVED
CVE-2018-20318 (An issue was discovered in weixin-java-tools v3.2.0. There is an XXE v ...)
	NOT-FOR-US: weixin-java-tools
CVE-2018-1000886 (nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability ...)
	- nasm <unfixed> (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392514
	NOTE: Crash in CLI, no security impact
CVE-2018-1000885 (PHKP version including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b ...)
	NOT-FOR-US: PHKP
CVE-2018-1000884 (Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c4438682 ...)
	NOT-FOR-US: Vesta CP
CVE-2018-1000883 (Elixir Plug Plug version All contains a Header Injection vulnerability ...)
	NOT-FOR-US: Elixir Plug, different from src:elixir-lang
CVE-2018-20317
	RESERVED
CVE-2018-20316 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-20315 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-20314 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-20313 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-20312 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-20311 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-20310 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-20309 (Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-20308
	RESERVED
CVE-2018-1000882 (WeBid version up to current version 1.2.2 contains a Directory Travers ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2018-1000881 (Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Impr ...)
	NOT-FOR-US: Traccar Traccar Server
CVE-2018-1000880 (libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onw ...)
	{DSA-4360-1}
	- libarchive 3.3.3-2 (bug #916960)
	[jessie] - libarchive <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
	NOTE: https://github.com/libarchive/libarchive/pull/1105
	NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/9693801580c0cf7c70e862d305270a16b52826a7
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/9c84b7426660c09c18cc349f6d70b5f8168b5680
CVE-2018-1000879 (libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onw ...)
	- libarchive 3.3.3-2 (bug #916962)
	[stretch] - libarchive <not-affected> (Vulnerable code introduced later)
	[jessie] - libarchive <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
	NOTE: https://github.com/libarchive/libarchive/pull/1105
	NOTE: Introduced in: https://github.com/libarchive/libarchive/commit/379867ecb330b3a952fb7bfa7bffb7bbd5547205 (3.3.0)
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175
CVE-2018-1000878 (libarchive version commit 416694915449219d505531b1096384f3237dd6cc onw ...)
	{DSA-4360-1 DLA-1612-1}
	- libarchive 3.3.3-2 (bug #916963)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
	NOTE: https://github.com/libarchive/libarchive/pull/1105
	NOTE: Introduced after: https://github.com/libarchive/libarchive/commit/416694915449219d505531b1096384f3237dd6cc
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/bfcfe6f04ed20db2504db8a254d1f40a1d84eb28
CVE-2018-1000877 (libarchive version commit 416694915449219d505531b1096384f3237dd6cc onw ...)
	{DSA-4360-1 DLA-1612-1}
	- libarchive 3.3.3-2 (bug #916964)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
	NOTE: https://github.com/libarchive/libarchive/pull/1105
	NOTE: Introduced after: https://github.com/libarchive/libarchive/commit/416694915449219d505531b1096384f3237dd6cc
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/021efa522ad729ff0f5806c4ce53e4a6cc1daa31
CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer Overflow vulnerab ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23994
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
	NOTE: binutils not covered by security support
CVE-2018-1000875 (Berkeley Open Infrastructure for Network Computing BOINC Server and We ...)
	NOT-FOR-US: BOINC server (src:boinc only covers the client)
CVE-2018-1000874 (** DISPUTED ** PHP cebe markdown parser version 1.2.0 and earlier cont ...)
	NOT-FOR-US: cebe markdown parser (different from src:php-markdown)
CVE-2018-1000873 (Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Inp ...)
	NOT-FOR-US: Fasterxml Jackson Jackson-Modules-Java8 module
CVE-2018-1000872 (OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399:  ...)
	- python-pykmip 0.7.0-3 (low; bug #917030)
	[stretch] - python-pykmip 0.5.0-4+deb9u1
	NOTE: https://github.com/OpenKMIP/PyKMIP/commit/3a7b880bdf70d295ed8af3a5880bab65fa6b3932
	NOTE: https://github.com/OpenKMIP/PyKMIP/issues/430
CVE-2018-1000871 (HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL I ...)
	- hoteldruid 2.3.0-2 (low; bug #917099)
	[stretch] - hoteldruid <ignored> (Minor issue)
	[jessie] - hoteldruid <no-dsa> (Minor issue)
	NOTE: https://www.exploit-db.com/exploits/45976
CVE-2018-1000870 (PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in / ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040
	NOTE: https://github.com/phpipam/phpipam/issues/2326
CVE-2018-1000869 (phpIPAM version 1.3.2 contains a CWE-89 vulnerability in /app/admin/na ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/commit/856b10ca85a24c04ed8651f4e13f867ec78a353d
	NOTE: https://github.com/phpipam/phpipam/issues/2344
CVE-2018-1000868 (WeBid version up to current version 1.2.2 contains a Cross Site Script ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2018-1000867 (WeBid version up to current version 1.2.2 contains a SQL Injection vul ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2018-1000860 (phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/issues/2338
CVE-2018-1000858 (GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CS ...)
	- gnupg2 2.2.12-1
	[stretch] - gnupg2 <no-dsa> (Minor issue)
	[jessie] - gnupg2 <not-affected> (Vulnerable code was introduced later)
	- gnupg1 <not-affected> (Vulnerable code introduced in 2.x in 2.1.12)
	- gnupg <not-affected> (Vulnerable code introduced in 2.x in 2.1.12)
	NOTE: WKD (Web Key Directory) feature introduced in 2.1.12
	NOTE: https://sektioneins.de/en/advisories/advisory-012018-gnupg-wkd.html
	NOTE: https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144 (master)
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=4a4bb874f63741026bd26264c43bb32b1099f060 (2.2.12)
CVE-2018-1000857 (log-user-session version 0.7 and earlier contains a Directory Traversa ...)
	NOT-FOR-US: log-user-session
CVE-2018-1000856 (DomainMOD version 4.09.03 and above. Also verified in the latest versi ...)
	NOT-FOR-US: DomainMOD
CVE-2018-1000855 (easymon version 1.4 and earlier contains a Cross Site Scripting (XSS)  ...)
	NOT-FOR-US: easymon
CVE-2018-1000854 (esigate.org esigate version 5.2 and earlier contains a CWE-74: Imprope ...)
	NOT-FOR-US: esigate
CVE-2018-1000852 (FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac ...)
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FreeRDP/FreeRDP/issues/4866
	NOTE: https://github.com/FreeRDP/FreeRDP/pull/4871
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/baee520e3dd9be6511c45a14c5f5e77784de1471
CVE-2018-1000851 (Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/ ...)
	NOT-FOR-US: Copay Bitcoin Wallet
CVE-2018-1000850 (Square Retrofit version versions from (including) 2.0 and 2.5.0 (exclu ...)
	NOT-FOR-US: Square Retrofit
CVE-2018-1000849 (Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 conta ...)
	NOT-FOR-US: Alpine Linux
CVE-2018-1000848 (Wampserver version prior to version 3.1.5 contains a Cross Site Script ...)
	NOT-FOR-US: Wampserver
CVE-2018-1000847 (FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: FreshDNS
CVE-2018-1000846 (FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forger ...)
	NOT-FOR-US: FreshDNS
CVE-2018-1000845
	REJECTED
CVE-2018-1000844 (Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7 ...)
	NOT-FOR-US: Square Retrofit
CVE-2018-1000843 (Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc ...)
	NOT-FOR-US: Luigi
CVE-2018-1000842 (FatFreeCRM version &lt;=0.14.1, &gt;=0.15.0 &lt;=0.15.1, &gt;=0.16.0 & ...)
	NOT-FOR-US: FatFreeCRM
CVE-2018-1000841 (Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS)  ...)
	NOT-FOR-US: Zend.To
CVE-2018-1000840 (Processing Foundation Processing version 3.4 and earlier contains a XM ...)
	NOT-FOR-US: Processing Foundation Processing
CVE-2018-1000839 (LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerabilit ...)
	NOT-FOR-US: LH-EHR
CVE-2018-1000838 (autopsy version &lt;= 4.9.0 contains a XML External Entity (XXE) vulne ...)
	- autopsy <not-affected> (The ancient version in Debian predates the Java rewrite)
CVE-2018-1000837 (UML Designer version &lt;= 8.0.0 contains a XML External Entity (XXE)  ...)
	NOT-FOR-US: UML designer
CVE-2018-1000836 (bw-calendar-engine version &lt;= bw-calendar-engine-3.12.0 contains a  ...)
	NOT-FOR-US: bw-calendar-engine
CVE-2018-1000835 (KeePassDX version &lt;= 2.5.0.0beta17 contains a XML External Entity ( ...)
	NOT-FOR-US: KeePassDX
CVE-2018-1000834 (runelite version &lt;= runelite-parent-1.4.23 contains a XML External  ...)
	NOT-FOR-US: runelite
CVE-2018-1000833 (ZoneMinder version &lt;= 1.32.2 contains a Other/Unknown vulnerability ...)
	[experimental] - zoneminder 1.32.3-1
	- zoneminder 1.32.3-2 (bug #917024)
	NOTE: https://0dd.zone/2018/10/28/zoneminder-Object-Injection-2/
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2272
	NOTE: https://github.com/ZoneMinder/zoneminder/pull/2273
	NOTE: https://github.com/ZoneMinder/zoneminder/commit/f790eacc92f687442ae24df7a48f54861a4518b3 (1.32.3)
CVE-2018-1000832 (ZoneMinder version &lt;= 1.32.2 contains a Other/Unknown vulnerability ...)
	[experimental] - zoneminder 1.32.3-1
	- zoneminder 1.32.3-2 (bug #917024)
	NOTE: https://0dd.zone/2018/10/28/zoneminder-Object-Injection/
	NOTE: https://github.com/ZoneMinder/zoneminder/issues/2271
	NOTE: https://github.com/ZoneMinder/zoneminder/pull/2273
	NOTE: https://github.com/ZoneMinder/zoneminder/commit/f790eacc92f687442ae24df7a48f54861a4518b3 (1.32.3)
CVE-2018-1000831 (K9Mail version &lt;= v5.600 contains a XML External Entity (XXE) vulne ...)
	NOT-FOR-US: K9Mail
CVE-2018-1000830 (XR3Player version &lt;= V3.124 contains a XML External Entity (XXE) vu ...)
	NOT-FOR-US: XR3Player
CVE-2018-1000829 (Anyplace version before commit 80359b4 contains a XML External Entity  ...)
	NOT-FOR-US: Anyplace navigation service
CVE-2018-1000828 (FrostWire version &lt;= frostwire-desktop-6.7.4-build-272 contains a X ...)
	NOT-FOR-US: FrostWire
CVE-2018-1000827 (Ubilling version &lt;= 0.9.2 contains a Other/Unknown vulnerability in ...)
	NOT-FOR-US: Ubilling
CVE-2018-1000826 (Microweber version &lt;= 1.0.7 contains a Cross Site Scripting (XSS) v ...)
	NOT-FOR-US: Microweber
CVE-2018-1000825 (FreeCol version &lt;= nightly-2018-08-22 contains a XML External Entit ...)
	- freecol 0.11.6+dfsg2-3 (bug #917023; low)
	[buster] - freecol 0.11.6+dfsg2-2+deb10u1
	[stretch] - freecol <no-dsa> (Minor issue)
	[jessie] - freecol <end-of-life> (Games are not supported)
	NOTE: https://github.com/FreeCol/freecol/issues/26
	NOTE: https://github.com/FreeCol/freecol/commit/8963506897e3270a75b062f28486934bcb79b1e3
CVE-2018-1000824 (MegaMek version &lt; v0.45.1 contains a Other/Unknown vulnerability in ...)
	NOT-FOR-US: MegaMek
CVE-2018-1000823 (exist version &lt;= 5.0.0-RC4 contains a XML External Entity (XXE) vul ...)
	NOT-FOR-US: eXist DB
CVE-2018-1000822 (codelibs fess version before commit faa265b contains a XML External En ...)
	NOT-FOR-US: codelibs fess
CVE-2018-1000821 (MicroMathematics version before commit 5c05ac8 contains a XML External ...)
	NOT-FOR-US: MicroMathematics
CVE-2018-1000820 (neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c cont ...)
	NOT-FOR-US: neo4j-apoc-procedures
CVE-2018-1000817 (Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2. ...)
	NOT-FOR-US: Asset Pipeline Grails Plugin
CVE-2018-1000816 (Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Sc ...)
	- grafana <removed>
	NOTE: https://github.com/grafana/grafana/issues/13667
CVE-2018-1000815 (Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains  ...)
	- brave-browser <itp> (bug #864795)
CVE-2018-1000814 (aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Un ...)
	NOT-FOR-US: aio-libs aiohttp-session
CVE-2018-1000813 (Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scriptin ...)
	- backdrop <itp> (bug #914257)
CVE-2018-1000812 (Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versio ...)
	NOT-FOR-US: Integria IMS
CVE-2018-1000811 (bludit version 3.0.0 contains a Unrestricted Upload of File with Dange ...)
	NOT-FOR-US: bludit
CVE-2018-20307 (Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 1 ...)
	NOT-FOR-US: Pulse Secure Virtual Traffic Manager
CVE-2018-20306 (A stored cross-site scripting (XSS) vulnerability in the web administr ...)
	NOT-FOR-US: Pulse Secure Virtual Traffic Manager
CVE-2018-20305 (D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code executi ...)
	NOT-FOR-US: D-Link
CVE-2018-20304 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows ...)
	NOT-FOR-US: libexcel
CVE-2018-20303 (In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal ...)
	NOT-FOR-US: Go Git Service
CVE-2018-20302 (An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the  ...)
	NOT-FOR-US: Steve Pallen Xain
CVE-2018-20301 (An issue was discovered in Steve Pallen Coherence before 0.5.2 that is ...)
	NOT-FOR-US: Steve Pallen Coherence
CVE-2018-20300 (Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code v ...)
	NOT-FOR-US: Empire CMS
CVE-2018-20299 (An issue was discovered in several Bosch Smart Home cameras (360 degre ...)
	NOT-FOR-US: Bosch Smart Home cameras
CVE-2018-20298 (S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerab ...)
	NOT-FOR-US: S3 Browser
CVE-2018-20297
	RESERVED
CVE-2018-20296
	RESERVED
CVE-2018-20295
	RESERVED
CVE-2018-20294
	RESERVED
CVE-2018-20293
	RESERVED
CVE-2018-20292
	RESERVED
CVE-2018-20291
	RESERVED
CVE-2018-20290
	RESERVED
CVE-2018-20289
	RESERVED
CVE-2018-20288
	RESERVED
CVE-2018-20287
	RESERVED
CVE-2018-20286
	RESERVED
CVE-2018-20285
	RESERVED
CVE-2018-20284
	RESERVED
CVE-2018-20283
	RESERVED
CVE-2018-20282
	RESERVED
CVE-2018-20281
	RESERVED
CVE-2018-20280
	RESERVED
CVE-2018-20279
	RESERVED
CVE-2018-20278
	RESERVED
CVE-2018-20277
	RESERVED
CVE-2018-20276
	RESERVED
CVE-2018-20275
	RESERVED
CVE-2018-20274
	RESERVED
CVE-2018-20273
	RESERVED
CVE-2018-20272
	RESERVED
CVE-2018-20271
	RESERVED
CVE-2018-20270
	RESERVED
CVE-2018-20269
	RESERVED
CVE-2018-20268
	RESERVED
CVE-2018-20267
	RESERVED
CVE-2018-20266
	RESERVED
CVE-2018-20265
	RESERVED
CVE-2018-20264
	RESERVED
CVE-2018-20263
	RESERVED
CVE-2018-20262
	RESERVED
CVE-2018-20261
	RESERVED
CVE-2018-20260
	RESERVED
CVE-2018-20259
	RESERVED
CVE-2018-20258
	RESERVED
CVE-2018-20257
	RESERVED
CVE-2018-20256
	RESERVED
CVE-2018-20255
	RESERVED
CVE-2018-20254
	RESERVED
CVE-2018-20253 (In WinRAR versions prior to and including 5.60, There is an out-of-bou ...)
	NOT-FOR-US: WinRAR
CVE-2018-20252 (In WinRAR versions prior to and including 5.60, there is an out-of-bou ...)
	NOT-FOR-US: WinRAR
CVE-2018-20251 (In WinRAR versions prior to and including 5.61, there is path traversa ...)
	NOT-FOR-US: WinRAR
CVE-2018-20250 (In WinRAR versions prior to and including 5.61, There is path traversa ...)
	NOT-FOR-US: WinRAR
CVE-2018-20249 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where  ...)
	NOT-FOR-US: Foxit Quick PDF Library
CVE-2018-20248 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where  ...)
	NOT-FOR-US: Foxit Quick PDF Library
CVE-2018-20247 (In Foxit Quick PDF Library (all versions prior to 16.12), issue where  ...)
	NOT-FOR-US: Foxit Quick PDF Library
CVE-2018-20246
	REJECTED
CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior  ...)
	- airflow <itp> (bug #819700)
CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could edit the ...)
	- airflow <itp> (bug #819700)
CVE-2018-20243 (The implementation of POST with the username and password in the URL p ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache J ...)
	- jspwiki <removed>
CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and Crucibl ...)
	NOT-FOR-US: Atlassian
CVE-2018-20240 (The administrative linker functionality in Atlassian Fisheye and Cruci ...)
	NOT-FOR-US: Atlassian
CVE-2018-20239 (Application Links before version 5.0.11, from version 5.1.0 before 5.2 ...)
	NOT-FOR-US: Atlassian
CVE-2018-20238 (Various rest resources in Atlassian Crowd before version 3.2.7 and fro ...)
	NOT-FOR-US: Atlassian
CVE-2018-20237 (Atlassian Confluence Server and Data Center before version 6.13.1 allo ...)
	NOT-FOR-US: Atlassian
CVE-2018-20236 (There was an command injection vulnerability in Sourcetree for Windows ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-20235 (There was an argument injection vulnerability in Atlassian Sourcetree  ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-20234 (There was an argument injection vulnerability in Atlassian Sourcetree  ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-20233 (The Upload add-on resource in Atlassian Universal Plugin Manager befor ...)
	NOT-FOR-US: Atlassian
CVE-2018-20232 (The labels widget gadget in Atlassian Jira before version 7.6.11 and f ...)
	NOT-FOR-US: Atlassian
CVE-2018-20231 (Cross Site Request Forgery (CSRF) in the two-factor-authentication plu ...)
	NOT-FOR-US: two-factor-authentication plugin for WordPress
CVE-2018-20230 (An issue was discovered in PSPP 1.2.0. There is a heap-based buffer ov ...)
	- pspp 1.2.0-3 (bug #916902)
	[stretch] - pspp <no-dsa> (Minor issue)
	[jessie] - pspp <no-dsa> (Crash cannot be observed under normal conditions)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660318
	NOTE: https://git.savannah.gnu.org/cgit/pspp.git/commit/?id=abd1f816ca3b4f382bddf4564ad092aa934f0ccc
CVE-2018-20229 (GitLab Community and Enterprise Edition before 11.3.14, 11.4.x before  ...)
	- gitlab 11.5.5+dfsg-1
	NOTE: https://about.gitlab.com/2018/12/20/critical-security-release-gitlab-11-dot-5-dot-5-released/
CVE-2018-20228 (Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with ...)
	NOT-FOR-US: Subsonic
CVE-2018-20227 (RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP ar ...)
	NOT-FOR-US: RDF4J
CVE-2018-20226 (An organization administrator can add a super administrator in THEHIVE ...)
	NOT-FOR-US: THEHIVE
CVE-2018-20225 (** DISPUTED ** An issue was discovered in pip (all versions) because i ...)
	- python-pip <unfixed> (unimportant)
	NOTE: https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html
	NOTE: pip is inherently affected by malicious packages, use packages from Debian instead :-)
CVE-2018-20224
	RESERVED
CVE-2018-20223
	RESERVED
CVE-2018-20222 (XXE issue in Airsonic before 10.1.2 during parse. ...)
	NOT-FOR-US: Airsonic
CVE-2018-20221 (Secure/SAService.rem in Deltek Ajera Timesheets 9.10.16 and prior are  ...)
	NOT-FOR-US: Deltek
CVE-2018-20220 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
	NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20219 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
	NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20218 (An issue was discovered on Teracue ENC-400 devices with firmware 2.56  ...)
	NOT-FOR-US: Teracue ENC-400 devices
CVE-2018-20217 (A Reachable Assertion issue was discovered in the KDC in MIT Kerberos  ...)
	{DLA-1643-1}
	- krb5 1.16.2-1 (low; bug #917387)
	[stretch] - krb5 <no-dsa> (Minor issue)
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
	NOTE: https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
CVE-2018-20216 (QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c becaus ...)
	- qemu 1:4.1-1 (unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=f1e2e38ee0136b7710a2caa347049818afd57a1b
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20215
	RESERVED
CVE-2018-20214
	RESERVED
CVE-2018-20213 (wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows ...)
	NOT-FOR-US: libexcel
CVE-2018-20212 (bin/statistics in TWiki 6.0.2 allows cross-site scripting (XSS) via th ...)
	- twiki <removed>
CVE-2018-20211 (ExifTool 8.32 allows local users to gain privileges by creating a %TEM ...)
	NOT-FOR-US: Report for a Windows-specific flaw in a vintage version of libimage-exiftool-perl
CVE-2018-20210
	RESERVED
CVE-2018-20209
	RESERVED
CVE-2018-20208
	RESERVED
CVE-2018-20207
	RESERVED
CVE-2018-20206
	RESERVED
CVE-2018-20205
	RESERVED
CVE-2018-20204
	RESERVED
CVE-2018-20203
	RESERVED
CVE-2018-20202
	RESERVED
CVE-2018-20201 (There is a stack-based buffer over-read in the jsfNameFromString funct ...)
	NOT-FOR-US: Espruino 2V00
CVE-2018-20200 (** DISPUTED ** CertificatePinner.java in OkHttp 3.x through 3.12.0 all ...)
	- libokhttp-java <unfixed> (unimportant)
	NOTE: https://github.com/square/okhttp/issues/4967
	NOTE: No practicable security imapacting relevance
CVE-2018-20199 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
	{DLA-1899-1}
	- faad2 2.8.8-3.1 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[stretch] - faad2 <no-dsa> (Minor issue)
	NOTE: https://github.com/knik0/faad2/issues/24
	NOTE: https://github.com/knik0/faad2/commit/3b80a57483a6bc822d3ce3cc640fa81737a87c54
CVE-2018-20198 (A NULL pointer dereference was discovered in ifilter_bank of libfaad/f ...)
	{DSA-4522-1 DLA-1791-1}
	- faad2 2.8.8-2 (low)
	NOTE: https://github.com/knik0/faad2/issues/23
	NOTE: same underlying issue as CVE-2018-20362, same fix:
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-20197 (There is a stack-based buffer underflow in the third instance of the c ...)
	{DSA-4522-1 DLA-1791-1}
	- faad2 2.8.8-2
	NOTE: https://github.com/knik0/faad2/issues/20
	NOTE: very similar to CVE-2018-20194, same fix:
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20196 (There is a stack-based buffer overflow in the third instance of the ca ...)
	{DLA-1899-1}
	- faad2 2.8.8-3.1 (low)
	[buster] - faad2 <no-dsa> (Minor issue)
	[stretch] - faad2 <no-dsa> (Minor issue)
	NOTE: https://github.com/knik0/faad2/issues/19
	NOTE: https://github.com/knik0/faad2/commit/6aeeaa1af0caf986daf22852a97f7c13c5edd879
CVE-2018-20195 (A NULL pointer dereference was discovered in ic_predict of libfaad/ic_ ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://github.com/knik0/faad2/issues/25
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45f1e9169ac90b3e34ab94aed14
CVE-2018-20194 (There is a stack-based buffer underflow in the third instance of the c ...)
	{DSA-4522-1 DLA-1791-1}
	- faad2 2.8.8-2
	NOTE: https://github.com/knik0/faad2/issues/21
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2c
CVE-2018-20193 (Certain Secure Access SA Series SSL VPN products (originally developed ...)
	NOT-FOR-US: Juniper
CVE-2018-20192
	RESERVED
CVE-2018-20191 (hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation  ...)
	- qemu 1:4.1-1 (unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eva ...)
	- libsass 3.5.5-4 (low)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2786
CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c ha ...)
	{DLA-1619-1}
	- graphicsmagick 1.4~hg15873-1 (bug #916752)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/585/
CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator acco ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-20187 (A side-channel issue was discovered in Botan before 2.9.0. An attacker ...)
	[experimental] - botan 2.9.0-1
	- botan 2.9.0-2 (bug #918732)
	- botan1.10 <not-affected> (Vulnerable code introduced in 1.11.20)
	NOTE: https://github.com/randombit/botan/pull/1792
	NOTE: https://github.com/randombit/botan/commit/70aa7303acfff9eefc24598c289a84db3579ebd1
CVE-2018-20186 (An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in C ...)
	NOT-FOR-US: Bento4
CVE-2018-20185 (In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there  ...)
	{DLA-1619-1}
	- graphicsmagick 1.4~hg15880-1 (bug #916719)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: Partial fix: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e3977a293
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/582/
	NOTE: Partial fix adressed in 1.4~hg15873-1, but according to maintainer not yet
	NOTE: complete: Cf. https://bugs.debian.org/916719#15
	NOTE: Fix causes more issues: https://bugzilla.suse.com/show_bug.cgi?id=1119823#c1
	NOTE: Followup: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/c38fc0e3e465
CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buff ...)
	{DLA-1619-1}
	- graphicsmagick 1.4~hg15873-1 (bug #916721)
	[stretch] - graphicsmagick 1.3.30+hg15796-1~deb9u3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b
	NOTE: Upstream patch contains unrelated refactoring, trimmed down version available on
	NOTE: the Debian bug report: https://bugs.debian.org/916721#15
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/583/
CVE-2018-20183
	RESERVED
CVE-2018-20182 (rdesktop versions up to and including v1.8.3 contain a Buffer Overflow ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20181 (rdesktop versions up to and including v1.8.3 contain an Integer Underf ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20180 (rdesktop versions up to and including v1.8.3 contain an Integer Underf ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20179 (rdesktop versions up to and including v1.8.3 contain an Integer Underf ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20178 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20177 (rdesktop versions up to and including v1.8.3 contain an Integer Overfl ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20176 (rdesktop versions up to and including v1.8.3 contain several Out-Of- B ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20175 (rdesktop versions up to and including v1.8.3 contains several Integer  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20174 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection vi ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters a ...)
	{DSA-4352-1 DLA-2340-1 DLA-1613-1}
	- sqlite3 3.25.3-1
	- chromium 71.0.3578.80-1
	NOTE: https://blade.tencent.com/magellan/index_en.html
	NOTE: RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1659379
	NOTE: Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1659677
	NOTE: Fedora patch: https://src.fedoraproject.org/rpms/sqlite/c/d8da047b90b7eff583c50bf7fa7dc3bc37414249?branch=f28
	NOTE: https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html
	NOTE: Upstream change: https://www.sqlite.org/src/info/940f2adc8541a838
CVE-2018-20172 (An issue was discovered in Nagios XI before 5.5.8. The rss_url paramet ...)
	NOT-FOR-US: Nagios XI
CVE-2018-20171 (An issue was discovered in Nagios XI before 5.5.8. The url parameter o ...)
	NOT-FOR-US: Nagios XI
CVE-2018-20170 (** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeratio ...)
	NOT-FOR-US: Disputed issue in Keystone, no need to track for src:keystone
CVE-2018-20169 (An issue was discovered in the Linux kernel before 4.19.9. The USB sub ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.161-1
	NOTE: https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf
CVE-2018-20168 (Google gVisor before 2018-08-22 reuses a pagetable in a different leve ...)
	NOT-FOR-US: gVisor
CVE-2018-20166 (A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?mod ...)
	NOT-FOR-US: Rukovoditel
CVE-2018-20167 (Terminology before 1.3.1 allows Remote Code Execution because popmedia ...)
	- terminology 1.3.1-1 (bug #916630)
	[jessie] - terminology <not-affected> (vulnerable code is not present)
	NOTE: https://phab.enlightenment.org/T7504
	NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=1ac204da9148e7bccb1b5f34b523e2094dfc39e2
CVE-2018-20165 (Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allo ...)
	NOT-FOR-US: OpenText Portal
CVE-2018-20164 (An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser  ...)
	- uap-core 20190213-1 (bug #922717)
	NOTE: https://github.com/ua-parser/uap-core/commit/010ccdc7303546cd22b9da687c29f4a996990014
	NOTE: https://github.com/ua-parser/uap-core/commit/156f7e12b215bddbaf3df4514c399d683e6cdadc
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-009-uaparser/
CVE-2018-20163
	RESERVED
CVE-2018-20162 (Digi TransPort LR54 4.4.0.26 and possible earlier devices have Imprope ...)
	NOT-FOR-US: Digi TransPort
CVE-2018-20161 (A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.1 ...)
	NOT-FOR-US: BlinkForHome (aka Blink For Home) Sync Module
CVE-2018-20160 (ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in  ...)
	NOT-FOR-US: ZxChat
CVE-2018-20159 (i-doit open 1.11.2 allows Remote Code Execution because ZIP archives a ...)
	NOT-FOR-US: i-doit
CVE-2018-20158
	RESERVED
CVE-2018-20157 (The data import functionality in OpenRefine through 3.1 allows an XML  ...)
	NOT-FOR-US: OpenRefine
CVE-2018-20156 (The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remot ...)
	NOT-FOR-US: WordPress plugin wp-maintenance-mode
CVE-2018-20155 (The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remot ...)
	NOT-FOR-US: WordPress plugin wp-maintenance-mode
CVE-2018-20154 (The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remot ...)
	NOT-FOR-US: WordPress plugin wp-maintenance-mode
CVE-2018-20146 (An issue was discovered in Liquidware ProfileUnity before 6.8.0 with L ...)
	NOT-FOR-US: Liquidware ProfileUnity
CVE-2018-20153 (In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could mod ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20152 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass i ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20151 (In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation pa ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20150 (In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could tri ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
	NOTE: https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
CVE-2018-20149 (In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP S ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
	NOTE: https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
CVE-2018-20148 (In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could con ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20147 (In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify m ...)
	{DSA-4401-1 DLA-1673-1}
	- wordpress 5.0.1+dfsg1-1 (bug #916403)
	NOTE: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
CVE-2018-20144 (GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x be ...)
	- gitlab 11.5.4+dfsg-1
	NOTE: https://about.gitlab.com/2018/12/13/critical-security-release-gitlab-11-dot-5-dot-4-released/
CVE-2018-20143
	RESERVED
CVE-2018-20142
	RESERVED
CVE-2018-20141 (AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sor ...)
	NOT-FOR-US: AbanteCart
CVE-2018-20140 (Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilitie ...)
	NOT-FOR-US: Zenphoto
CVE-2018-20139
	RESERVED
CVE-2018-20138 (PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via A ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur B2B Script
CVE-2018-20137 (XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or  ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-20136 (XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Vari ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-20135 (Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostnam ...)
	NOT-FOR-US: Samsung Galaxy Apps
CVE-2018-20134
	RESERVED
CVE-2018-20133 (ymlref allows code injection. ...)
	NOT-FOR-US: ymlref
CVE-2018-20132
	REJECTED
CVE-2018-20131 (The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linu ...)
	NOT-FOR-US: Code42
CVE-2018-20130
	RESERVED
CVE-2018-20129 (An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/se ...)
	NOT-FOR-US: DedeCMS
CVE-2018-20128 (An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php a ...)
	NOT-FOR-US: UsualToolCMS
CVE-2018-20127 (An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.p ...)
	NOT-FOR-US: zzzphp cms
CVE-2018-20126 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory ...)
	- qemu 1:4.1-1 (unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02824.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=509f57c98e7536905bb4902363d0cba66ce7e089
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20125 (hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of ...)
	- qemu 1:4.1-1 (unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2c858ce5da8ae6689c75182b73bc455a291cad41
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
CVE-2018-20124 (hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of ...)
	- qemu 1:4.1-1 (bug #922461; unimportant)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=0e68373cc2b3a063ce067bc0cc3edaf370752890
	NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4
	NOTE: The issue is in PVRDMA support, cf. https://bugs.debian.org/922461#18
CVE-2018-20123 (pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak  ...)
	- qemu 1:4.1-1 (unimportant; bug #916442)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html
	NOTE: PVRDMA support not enabled until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4, and
	NOTE: applied patch in 1:3.1+dfsg-3 reverted.
CVE-2018-20145 (Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option  ...)
	- mosquitto 1.5.5-1
	[stretch] - mosquitto <not-affected> (Only affects 1.5.x)
	[jessie] - mosquitto <not-affected> (Only affects 1.5.x)
	NOTE: https://github.com/eclipse/mosquitto/commit/9097577b49b7fdcf45d30975976dd93808ccc0c4
	NOTE: https://github.com/eclipse/mosquitto/issues/1073
CVE-2018-20122 (The web interface on FASTGate Fastweb devices with firmware through 0. ...)
	NOT-FOR-US: FASTGate Fastweb
CVE-2018-20121 (Podcast Generator 2.7 has stored cross-site scripting (XSS) via the UR ...)
	NOT-FOR-US: Podcast Generator
CVE-2018-20120
	RESERVED
CVE-2018-20119
	RESERVED
CVE-2018-20118
	RESERVED
CVE-2018-20117
	RESERVED
CVE-2018-20116
	RESERVED
CVE-2018-20115
	RESERVED
CVE-2018-20114 (On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices ...)
	NOT-FOR-US: D-Link
CVE-2018-20113
	REJECTED
CVE-2018-20112
	REJECTED
CVE-2018-20111
	REJECTED
CVE-2018-20110
	REJECTED
CVE-2018-20109
	REJECTED
CVE-2018-20108
	REJECTED
CVE-2018-20107
	REJECTED
CVE-2018-20106 (In yast2-printer up to and including version 4.0.2 the SMB printer set ...)
	NOT-FOR-US: yast2-printer
CVE-2018-20105 (A Inclusion of Sensitive Information in Log Files vulnerability in yas ...)
	NOT-FOR-US: yast-rmt
CVE-2018-20104
	RESERVED
CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In the cas ...)
	- haproxy 1.8.15-1 (bug #916307)
	[stretch] - haproxy <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - haproxy <not-affected> (Vulnerable code not present)
	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25
CVE-2018-20102 (An out-of-bounds read in dns_validate_dns_response in dns.c was discov ...)
	- haproxy 1.8.15-1 (bug #916308)
	[stretch] - haproxy <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - haproxy <not-affected> (Vulnerable code not present)
	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=efbbdf72992cd20458259962346044cafd9331c0
CVE-2018-20101 (The codection "Import users from CSV with meta" plugin before 1.12.1 f ...)
	NOT-FOR-US: codection "Import users from CSV with meta" plugin for WordPress
CVE-2018-20100 (An issue was discovered on August Connect devices. Insecure data trans ...)
	NOT-FOR-US: August Connect
CVE-2018-20099 (There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2im ...)
	[experimental] - exiv2 <unfixed> (low)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/590
	NOTE: https://github.com/Exiv2/exiv2/commit/eff0f52d0466d81beabf304e2500f3039fd90252
CVE-2018-20098 (There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2He ...)
	[experimental] - exiv2 <unfixed> (low)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/590
	NOTE: https://github.com/Exiv2/exiv2/commit/eff0f52d0466d81beabf304e2500f3039fd90252
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206
CVE-2018-20097 (There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroup ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/590
	NOTE: https://github.com/Exiv2/exiv2/commit/203ab0db28c9666b16069d4056ac5f66f753a51d
CVE-2018-20096 (There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf fun ...)
	[experimental] - exiv2 <unfixed> (low)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/590
CVE-2018-20095 (An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 ...)
	NOT-FOR-US: Bento4
CVE-2018-20094 (An issue was discovered in XXL-CONF 1.6.0. There is a path traversal v ...)
	NOT-FOR-US: XXL-CONF
CVE-2018-20093
	RESERVED
CVE-2018-20092 (PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory trav ...)
	NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-20091 (An SQL injection vulnerability was found in Cloudera Data Science Work ...)
	NOT-FOR-US: Cloudera Data Science Workbench
CVE-2018-20090 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4. ...)
	NOT-FOR-US: Cloudera
CVE-2018-20089
	RESERVED
CVE-2018-20088
	RESERVED
CVE-2018-20087
	RESERVED
CVE-2018-20086
	RESERVED
CVE-2018-20085
	RESERVED
CVE-2018-20084
	RESERVED
CVE-2018-20083
	RESERVED
CVE-2018-20082
	RESERVED
CVE-2018-20081
	RESERVED
CVE-2018-20080
	RESERVED
CVE-2018-20079
	RESERVED
CVE-2018-20078
	RESERVED
CVE-2018-20077
	RESERVED
CVE-2018-20076
	RESERVED
CVE-2018-20075
	RESERVED
CVE-2018-20074
	RESERVED
CVE-2018-20073 (Use of extended attributes in downloads in Google Chrome prior to 72.0 ...)
	{DSA-4395-1}
	- chromium 72.0.3626.81-1 (low)
CVE-2018-20072
	RESERVED
CVE-2018-20071 (Insufficiently strict origin checks during JIT payment app installatio ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-20070 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20069 (Failure to prevent navigation to top frame to data URLs in Navigation  ...)
	- chromium <not-affected> (Specific to iOS)
CVE-2018-20068 (Incorrect handling of 304 status codes in Navigation in Google Chrome  ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20067 (A renderer initiated back navigation was incorrectly allowed to cancel ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20066 (Incorrect object lifecycle in Extensions in Google Chrome prior to 71. ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20065 (Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.8 ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-20064 (doorGets 7.0 allows remote attackers to write to arbitrary files via d ...)
	NOT-FOR-US: doorGets
CVE-2018-20063 (An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricte ...)
	NOT-FOR-US: Gurock TestRail
CVE-2018-20062 (An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.ph ...)
	NOT-FOR-US: NoneCms
CVE-2018-20061 (A SQL injection issue was discovered in ERPNext 10.x and 11.x through  ...)
	NOT-FOR-US: Frappe ERPNext
CVE-2018-20060 (urllib3 before version 1.23 does not remove the Authorization HTTP hea ...)
	- python-urllib3 1.24-1
	[stretch] - python-urllib3 <no-dsa> (Minor issue)
	[jessie] - python-urllib3 <ignored> (Minor issue)
	NOTE: https://github.com/urllib3/urllib3/issues/1316
	NOTE: https://github.com/urllib3/urllib3/pull/1346
	NOTE: https://github.com/urllib3/urllib3/commit/3d7f98b07b6e6e04c2e89cdf5afb18024a2d804c
	NOTE: https://github.com/urllib3/urllib3/commit/f99912beeaf230ee3634b938d3ea426ffd1f3e57
	NOTE: https://github.com/urllib3/urllib3/commit/48dba048081dfcb999afcda715d17147aa15b6ea
	NOTE: https://github.com/urllib3/urllib3/commit/23e2eb56af23db5a1eeb8ad9b51dd99a27c15522
	NOTE: https://github.com/urllib3/urllib3/commit/5e9c6b9175d66170ef65fc703f2e46788a59ca0c
	NOTE: https://github.com/urllib3/urllib3/commit/9c9dd6f3014e89bb9c532b641abcf1b24c3896ab
	NOTE: https://github.com/urllib3/urllib3/commit/6245ddddb7f80740c5c15e1750e5b9f68c5b2b5f
	NOTE: https://github.com/urllib3/urllib3/commit/3b5f27449e153ad05186beca8fbd9b134936fe50
	NOTE: https://github.com/urllib3/urllib3/commit/1742538d57865e61125c6c12a755b5db41636fe7
	NOTE: https://github.com/urllib3/urllib3/commit/2a42e70ff077006d5a6da92251ddbb2939303f94
	NOTE: https://github.com/urllib3/urllib3/commit/e8a727a0b8389f5f75981858a8bbb319646f4450
	NOTE: https://github.com/urllib3/urllib3/commit/63948f3a607ed8e7a3ce9ac4e20782359896e27e
	NOTE: https://github.com/urllib3/urllib3/commit/560bd227b90f74417ffaedebf5f8d05a8ee4f532
	NOTE: Fixed upstream in 1.23
CVE-2018-20059 (jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. ...)
	NOT-FOR-US: Pippo
CVE-2018-20058 (In Evernote before 7.6 on macOS, there is a local file path traversal  ...)
	NOT-FOR-US: Evernote
CVE-2018-20057 (An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 an ...)
	NOT-FOR-US: D-Link
CVE-2018-20056 (An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 an ...)
	NOT-FOR-US: D-Link
CVE-2018-20055
	RESERVED
CVE-2018-20054
	RESERVED
CVE-2018-20053 (An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. ...)
	NOT-FOR-US: Cerner Connectivity Engine (CCE) 4 devices
CVE-2018-20052 (An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. ...)
	NOT-FOR-US: Cerner Connectivity Engine (CCE) 4 devices
CVE-2018-20051 (Mishandling of '&gt;' on the Jooan JA-Q1H Wi-Fi camera with firmware 2 ...)
	NOT-FOR-US: Jooan JA-Q1H Wi-Fi camera
CVE-2018-20050 (Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with f ...)
	NOT-FOR-US: Jooan JA-Q1H Wi-Fi camera
CVE-2018-20049
	RESERVED
CVE-2018-20048
	RESERVED
CVE-2018-20047
	RESERVED
CVE-2018-20046
	RESERVED
CVE-2018-20045
	RESERVED
CVE-2018-20044
	RESERVED
CVE-2018-20043
	RESERVED
CVE-2018-20042
	RESERVED
CVE-2018-20041
	RESERVED
CVE-2018-20040
	RESERVED
CVE-2018-20039
	RESERVED
CVE-2018-20038
	RESERVED
CVE-2018-20037
	RESERVED
CVE-2018-20036
	RESERVED
CVE-2018-20035
	RESERVED
CVE-2018-20034 (A Denial of Service vulnerability related to adding an item to a list  ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2018-20033 (A Remote Code Execution vulnerability in lmgrd and vendor daemon compo ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2018-20032 (A Denial of Service vulnerability related to message decoding in lmgrd ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2018-20031 (A Denial of Service vulnerability related to preemptive item deletion  ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2018-20030 (An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EX ...)
	{DLA-2222-1 DLA-2214-1}
	- libexif 0.6.21-5.1 (bug #918730)
	[stretch] - libexif 0.6.21-2+deb9u2
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
	NOTE: https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
CVE-2018-20029 (The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6 ...)
	NOT-FOR-US: nxfs.sys driver in the DokanFS library in NoMachine on Windows
CVE-2018-20028 (Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11  ...)
	NOT-FOR-US: Contao
CVE-2018-20027 (The yaml_parse.load method in Pylearn2 allows code injection. ...)
	NOT-FOR-US: Pylearn2
CVE-2018-20026 (Improper Communication Address Filtering exists in CODESYS V3 products ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS V3 Products
CVE-2018-20025 (Use of Insufficiently Random Values exists in CODESYS V3 products vers ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS V3 Products
CVE-2018-20024 (LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains ...)
	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- ssvnc 1.0.29-5 (bug #945827)
	[buster] - ssvnc 1.0.29-4+deb10u1
	[stretch] - ssvnc 1.0.29-3+deb9u1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/254
	NOTE: https://github.com/LibVNC/libvncserver/commit/4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/
CVE-2018-20023 (LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-66 ...)
	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/253
	NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/
CVE-2018-20022 (LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multip ...)
	{DSA-4383-1 DLA-2045-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- ssvnc 1.0.29-5 (bug #945827)
	[buster] - ssvnc 1.0.29-4+deb10u1
	[stretch] - ssvnc 1.0.29-3+deb9u1
	- tightvnc 1:1.3.9-9.1
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/252
	NOTE: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/
CVE-2018-20021 (LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains ...)
	{DSA-4383-1 DLA-2045-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- ssvnc 1.0.29-5 (bug #945827)
	[buster] - ssvnc 1.0.29-4+deb10u1
	[stretch] - ssvnc 1.0.29-3+deb9u1
	- tightvnc 1:1.3.9-9.1
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/251
	NOTE: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
CVE-2018-20020 (LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains ...)
	{DSA-4383-1 DLA-2016-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
	- ssvnc 1.0.29-5 (bug #945827)
	[buster] - ssvnc 1.0.29-4+deb10u1
	[stretch] - ssvnc 1.0.29-3+deb9u1
	- veyon 4.1.4+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/issues/250
	NOTE: https://github.com/LibVNC/libvncserver/commit/09f2f3fb6a5a163e453e5c2979054670c39694bc
	NOTE: https://github.com/LibVNC/libvncserver/commit/7b1ef0ffc4815cab9a96c7278394152bdc89dc4d
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/
	NOTE: same as CVE-2019-8287/tightvnc
CVE-2018-20748 (LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulner ...)
	{DLA-1979-1 DLA-1652-1}
	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
	[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
	- italc <removed>
	[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-20019 not applied)
	- veyon 4.1.7+repack1-1
	NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
	NOTE: https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
	NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
	NOTE: https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae
CVE-2018-20019 (LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains ...)
	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	NOTE: https://github.com/LibVNC/libvncserver/issues/247
	NOTE: https://github.com/LibVNC/libvncserver/commit/a83439b9fbe0f03c48eb94ed05729cb016f8b72f
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/
	NOTE: When fixing this issue apply the complete set of fixes to not open CVE-2018-20748.
	NOTE: Additional commits:
	NOTE: https://github.com/LibVNC/libvncserver/commit/c5ba3fee85a7ecbbca1df5ffd46d32b92757bc2a
	NOTE: https://github.com/LibVNC/libvncserver/commit/e34bcbb759ca5bef85809967a268fdf214c1ad2c
	NOTE: https://github.com/LibVNC/libvncserver/commit/c2c4b81e6cb3b485fb1ec7ba9e7defeb889f6ba7
	NOTE: https://github.com/LibVNC/libvncserver/commit/a64c3b37af9a6c8f8009d7516874b8d266b42bae
CVE-2018-20018 (S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated b ...)
	NOT-FOR-US: S-CMS
CVE-2018-20017 (SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. ...)
	NOT-FOR-US: SEMCMS
CVE-2018-20016
	RESERVED
CVE-2018-20015 (YzmCMS v5.2 has admin/role/add.html CSRF. ...)
	NOT-FOR-US: YzmCMS
CVE-2018-20014 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...)
	NOT-FOR-US: UrBackup
CVE-2018-20013 (In UrBackup 2.2.6, an attacker can send a malformed request to the cli ...)
	NOT-FOR-US: UrBackup
CVE-2018-20012 (PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=memb ...)
	NOT-FOR-US: PHPCMF
CVE-2018-20011 (DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Nam ...)
	NOT-FOR-US: DomainMOD
CVE-2018-20010 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php  ...)
	NOT-FOR-US: DomainMOD
CVE-2018-20009 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Prov ...)
	NOT-FOR-US: DomainMOD
CVE-2018-1000866 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59  ...)
	- jenkins <removed>
CVE-2018-1000865 (A sandbox bypass vulnerability exists in Script Security Plugin 1.47 a ...)
	- jenkins <removed>
CVE-2018-1000864 (A denial of service vulnerability exists in Jenkins 2.153 and earlier, ...)
	- jenkins <removed>
CVE-2018-1000863 (A data modification vulnerability exists in Jenkins 2.153 and earlier, ...)
	- jenkins <removed>
CVE-2018-1000862 (An information exposure vulnerability exists in Jenkins 2.153 and earl ...)
	- jenkins <removed>
CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web framework use ...)
	- jenkins <removed>
CVE-2018-20008 (iBall Baton iB-WRB302N20122017 devices have improper access control ov ...)
	NOT-FOR-US: iBall Baton iB-WRB302N20122017 devices
CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access con ...)
	NOT-FOR-US: Yeelight Smart AI Speaker devices
CVE-2018-20006 (An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulne ...)
	NOT-FOR-US: PHPok
CVE-2018-20005 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after ...)
	- mxml <unfixed> (unimportant)
	NOTE: https://github.com/michaelrsweet/mxml/issues/234
	NOTE: Crash in mxmldoc CLI tool, no security impact
CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-bas ...)
	{DLA-1641-1}
	- mxml 2.12-2 (low; bug #918007)
	[stretch] - mxml <no-dsa> (Minor issue)
	NOTE: https://github.com/michaelrsweet/mxml/issues/233
	NOTE: Fixed by https://github.com/michaelrsweet/mxml/commit/4f5577dd4672d228e4180f06bdbd66f343ea45e0
CVE-2018-20003
	RESERVED
CVE-2018-20002 (The _bfd_generic_read_minisymbols function in syms.c in the Binary Fil ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23952
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c2f5dc30afa34696f2da0081c4ac50b958ecb0e9
	NOTE: binutils not covered by security support
CVE-2018-20001 (In Libav 12.3, there is a floating point exception in the range_decode ...)
	- libav <removed>
	[jessie] - libav <postponed> (not reproducible, requested more info from finder)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1141
CVE-2018-20000 (Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstr ...)
	NOT-FOR-US: Apereo Bedework bw-webdav
CVE-2018-19999 (The local management interface in SolarWinds Serv-U FTP Server 15.1.6. ...)
	NOT-FOR-US: SolarWinds
CVE-2018-19998 (SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a
	NOTE: https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924
CVE-2018-19997
	RESERVED
CVE-2018-19996
	RESERVED
CVE-2018-19995 (A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 al ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4b8be6ed64763327018ac1c076f81ddffa87855e
	NOTE: https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924
CVE-2018-19994 (An error-based SQL injection vulnerability in product/card.php in Doli ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/850b939ffd2c7a4443649331b923d5e0da2d6446
CVE-2018-19993 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/fc3fcc5455d9a610b85723e89e8be43a41ad1378
CVE-2018-19992 (A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 al ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/0f06e39d23636bd1e4039ac61a743c79725c798b
CVE-2018-19991 (VeryNginx 0.3.3 allows remote attackers to bypass the Web Application  ...)
	NOT-FOR-US: VeryNginx
CVE-2018-19990 (In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vuln ...)
	NOT-FOR-US: D-Link
CVE-2018-19989 (In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerab ...)
	NOT-FOR-US: D-Link
CVE-2018-19988 (In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable ...)
	NOT-FOR-US: D-Link
CVE-2018-19987 (D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2 ...)
	NOT-FOR-US: D-Link
CVE-2018-19986 (In the /HNAP1/SetRouterSettings message, the RemotePort parameter is v ...)
	NOT-FOR-US: D-Link
CVE-2018-19985 (The function hso_get_config_data in drivers/net/usb/hso.c in the Linux ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.13-1
	[stretch] - linux 4.9.161-1
	NOTE: https://git.kernel.org/linus/5146f95df782b0ac61abde36567e718692725c89
CVE-2018-19984
	RESERVED
CVE-2018-19983 (An issue was discovered on Sigma Design Z-Wave S0 through S2 devices.  ...)
	NOT-FOR-US: Sigma Design Z-Wave devices
CVE-2018-19982 (An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs be ...)
	NOT-FOR-US: KT MC01507L Z-Wave S0 devices
CVE-2018-19981 (Amazon AWS SDK &lt;=2.8.5 for Android uses Android SharedPreferences t ...)
	NOT-FOR-US: Amazon AWS SDK
CVE-2018-19980 (Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cau ...)
	NOT-FOR-US: Anker Nebula Capsule Pro devices
CVE-2018-19979
	RESERVED
CVE-2018-19978 (A buffer overflow vulnerability in the DHCP and PPPOE configuration in ...)
	NOT-FOR-US: Auerswald COMfort
CVE-2018-19977 (A command injection (missing input validation, escaping) in the ftp up ...)
	NOT-FOR-US: Auerswald COMfort
CVE-2018-19976 (In YARA 3.8.1, bytecode in a specially crafted compiled rule is expose ...)
	- yara 3.8.1-2 (bug #916932)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/999
	NOTE: https://bnbdr.github.io/posts/extracheese/
	NOTE: https://github.com/bnbdr/swisscheese/
	NOTE: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
	NOTE: https://github.com/VirusTotal/yara/commit/d8f714891ed92da15d50b397b74d1d9431e9c54c
CVE-2018-19975 (In YARA 3.8.1, bytecode in a specially crafted compiled rule can read  ...)
	- yara 3.8.1-2 (bug #916932)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/999
	NOTE: https://bnbdr.github.io/posts/extracheese/
	NOTE: https://github.com/bnbdr/swisscheese/
	NOTE: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
	NOTE: https://github.com/VirusTotal/yara/commit/d8f714891ed92da15d50b397b74d1d9431e9c54c
CVE-2018-19974 (In YARA 3.8.1, bytecode in a specially crafted compiled rule can read  ...)
	- yara 3.8.1-2 (bug #916932)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/999
	NOTE: https://bnbdr.github.io/posts/extracheese/
	NOTE: https://github.com/bnbdr/swisscheese/
	NOTE: https://github.com/VirusTotal/yara/commit/6acc08d7329413f60e0976be017e18a581450d7a
	NOTE: https://github.com/VirusTotal/yara/commit/d8f714891ed92da15d50b397b74d1d9431e9c54c
CVE-2018-19973
	RESERVED
CVE-2018-19972
	RESERVED
CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. ...)
	NOT-FOR-US: JFrog Artifactory Pro
CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ...)
	{DLA-1658-1}
	- phpmyadmin 4:4.9.1+dfsg1-2
	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...)
	- phpmyadmin 4:4.9.1+dfsg1-2
	[stretch] - phpmyadmin <ignored> (Minor issue and too intrusive to backport)
	[jessie] - phpmyadmin <ignored> (invasive with 49 patches to backport, only mitigate with _REQUEST->_POST instead of adding CSRF tokens)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-7/
	NOTE: Upstream explicitly fixed only the 4.7/4.8 branch but the problem exists in
	NOTE: earlier versions as well. At least parts of the listed commits are needed.
CVE-2018-19968 (An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents o ...)
	{DLA-1658-1}
	- phpmyadmin 4:4.9.1+dfsg1-2
	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-6/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
CVE-2018-19959
	RESERVED
CVE-2018-19958
	RESERVED
CVE-2018-19957
	RESERVED
CVE-2018-19956 (The cross-site scripting vulnerability has been reported to affect ear ...)
	NOT-FOR-US: QNAP
CVE-2018-19955 (The cross-site scripting vulnerability has been reported to affect ear ...)
	NOT-FOR-US: QNAP
CVE-2018-19954 (The cross-site scripting vulnerability has been reported to affect ear ...)
	NOT-FOR-US: QNAP
CVE-2018-19953 (If exploited, this cross-site scripting vulnerability could allow remo ...)
	NOT-FOR-US: QNAP
CVE-2018-19952 (If exploited, this SQL injection vulnerability could allow remote atta ...)
	NOT-FOR-US: QNAP
CVE-2018-19951 (If exploited, this cross-site scripting vulnerability could allow remo ...)
	NOT-FOR-US: QNAP
CVE-2018-19950 (If exploited, this command injection vulnerability could allow remote  ...)
	NOT-FOR-US: QNAP
CVE-2018-19949 (If exploited, this command injection vulnerability could allow remote  ...)
	NOT-FOR-US: QNAP
CVE-2018-19948 (The vulnerability have been reported to affect earlier versions of Hel ...)
	NOT-FOR-US: QNAP
CVE-2018-19947 (The vulnerability have been reported to affect earlier versions of Hel ...)
	NOT-FOR-US: QNAP
CVE-2018-19946 (The vulnerability have been reported to affect earlier versions of Hel ...)
	NOT-FOR-US: QNAP
CVE-2018-19945 (A vulnerability has been reported to affect earlier QNAP devices runni ...)
	NOT-FOR-US: QNAP
CVE-2018-19944 (A cleartext transmission of sensitive information vulnerability has be ...)
	NOT-FOR-US: QNAP
CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could allow remo ...)
	NOT-FOR-US: QNAP
CVE-2018-19942
	RESERVED
CVE-2018-19941 (A vulnerability has been reported to affect QNAP NAS. If exploited, th ...)
	NOT-FOR-US: QNAP
CVE-2018-19940
	RESERVED
CVE-2018-19939 (The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi ...)
	NOT-FOR-US: Goodix GT9xx touchscreen driver
CVE-2018-19938
	RESERVED
CVE-2018-19937 (A local, authenticated attacker can bypass the passcode in the VideoLA ...)
	NOT-FOR-US: VLC port/application for iOS
CVE-2018-19936 (PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-19934 (SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site script ...)
	NOT-FOR-US: SolarWinds
CVE-2018-19933 (Bolt CMS &lt;3.6.2 allows XSS via text input click preview button as d ...)
	NOT-FOR-US: Bolt CMS
CVE-2018-19960 (The debug_mode function in web/web.py in OnionShare through 1.3.1, whe ...)
	- onionshare 1.3.2-1 (bug #915859; unimportant)
	[jessie] - onionshare <no-dsa> (contrib not supported)
	NOTE: https://github.com/micahflee/onionshare/issues/837
	NOTE: Negligible (and disputable) security impact, as the debug mode is not enabled by default
CVE-2018-19935 (ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote atta ...)
	{DSA-4353-1 DLA-1608-1}
	- php7.3 7.3.0-1
	- php7.2 <removed>
	- php7.0 <removed>
	- php5 <removed>
	NOTE: Fixed in 5.6.39, 7.0.33, 7.1.26, 7.2.14, 7.3.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77020
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=648fc1e369fc05fb9200a42c7938912236b2a318
CVE-2018-19932 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23932
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7
	NOTE: binutils not covered by security support
CVE-2018-19931 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23942
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f60af5d24d181371d67534fa273dd221df20c07
	NOTE: binutils not covered by security support
CVE-2018-19930
	RESERVED
CVE-2018-19929
	RESERVED
CVE-2018-19928
	RESERVED
CVE-2018-19927 (Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the  ...)
	NOT-FOR-US: Zenitel Norway IP-StationWeb
CVE-2018-19926 (Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via t ...)
	NOT-FOR-US: Zenitel Norway IP-StationWeb
CVE-2018-19925 (An issue was discovered in Sales &amp; Company Management System (SCMS ...)
	NOT-FOR-US: Sales & Company Management System (SCMS)
CVE-2018-19924 (An issue was discovered in Sales &amp; Company Management System (SCMS ...)
	NOT-FOR-US: Sales & Company Management System (SCMS)
CVE-2018-19923 (An issue was discovered in Sales &amp; Company Management System (SCMS ...)
	NOT-FOR-US: Sales & Company Management System (SCMS)
CVE-2018-19922 (Persistent Cross-Site Scripting (XSS) in the advancedsetup_websitebloc ...)
	NOT-FOR-US: Actiontec C1000A router
CVE-2018-19921 (Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain c ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-19920
	RESERVED
CVE-2018-19919 (Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[tit ...)
	NOT-FOR-US: Pixelimity
CVE-2018-19918 (CuppaCMS has XSS via an SVG document uploaded to the administrator/#/c ...)
	NOT-FOR-US: CuppaCMS
CVE-2018-19917 (Microweber 1.0.8 has reflected cross-site scripting (XSS) vulnerabilit ...)
	NOT-FOR-US: Microweber
CVE-2018-19916
	RESERVED
CVE-2018-19915 (DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Hos ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19914 (DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile N ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19913 (DomainMOD through 4.11.01 has XSS via the assets/add/registrar-account ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19912
	RESERVED
CVE-2018-19911 (FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote a ...)
	- freeswitch <itp> (bug #389591)
CVE-2018-19910
	RESERVED
CVE-2018-19909
	RESERVED
CVE-2018-19908 (An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Eve ...)
	NOT-FOR-US: MISP
CVE-2018-1000859
	REJECTED
CVE-2018-1000853
	REJECTED
CVE-2018-19907 (A Server-Side Template Injection issue was discovered in Crafter CMS 3 ...)
	NOT-FOR-US: Crafter CMS
CVE-2018-19906 (Stored XSS exists in razorCMS 3.4.8 via the /#/page description parame ...)
	NOT-FOR-US: razorCMS
CVE-2018-19905 (HTML injection exists in razorCMS 3.4.8 via the /#/page keywords param ...)
	NOT-FOR-US: razorCMS
CVE-2018-19904 (Persistent XSS exists in XSLT CMS via the create/?action=items.edit&am ...)
	NOT-FOR-US: XSLT CMS
CVE-2018-19903 (Persistent XSS exists in XSLT CMS via the create/?action=items.edit&am ...)
	NOT-FOR-US: XSLT CMS
CVE-2018-19902 (No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "k ...)
	NOT-FOR-US: NO-CMS
CVE-2018-19901 (No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/in ...)
	NOT-FOR-US: NO-CMS
CVE-2018-19900
	RESERVED
CVE-2018-19899
	RESERVED
CVE-2018-19898 (ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleC ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19897 (ThinkCMF X2.2.2 has SQL Injection via the function _listorders() in Ad ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19896 (ThinkCMF X2.2.2 has SQL Injection via the function delete() in SlideCo ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19895 (ThinkCMF X2.2.2 has SQL Injection via the function edit_post() in NavC ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19894 (ThinkCMF X2.2.2 has SQL Injection via the functions check() and delete ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-19893 (SearchController.php in PbootCMS 1.2.1 has SQL injection via the index ...)
	NOT-FOR-US: PbootCMS
CVE-2018-19892 (DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php Disp ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19891 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/24
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19890 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/20
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19889 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/22
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19888 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/25
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19887 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/21
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19886 (An invalid memory address dereference was discovered in the huffcode f ...)
	- faac 1.30-1 (unimportant; bug #915763)
	NOTE: https://github.com/knik0/faac/issues/23
	NOTE: Negligable security impact, crash in CLI tool (builds a lib, but only internal)
CVE-2018-19885
	RESERVED
CVE-2018-19884
	RESERVED
CVE-2018-19883
	RESERVED
CVE-2018-19882 (In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c a ...)
	- mupdf 1.15.0+ds1-1 (unimportant)
	NOTE: Negligable security impact, crash in CLI tool
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
CVE-2018-19881 (In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to caus ...)
	- mupdf 1.15.0+ds1-1 (unimportant)
	NOTE: Negligable security impact, crash in CLI tool
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700342
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/mupdf/20181203
CVE-2018-19880
	RESERVED
CVE-2018-19879 (An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RU ...)
	NOT-FOR-US: Teltonika devices
CVE-2018-19878 (An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The ap ...)
	NOT-FOR-US: Teltonika devices
CVE-2018-19877 (login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Bu ...)
	NOT-FOR-US: Adiscon LogAnalyzer
CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would ...)
	- cairo 1.16.0-4 (bug #915801; bug #916389)
	[stretch] - cairo <not-affected> (Vulnerable code introduced later)
	[jessie] - cairo <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=191595
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/merge_requests/5
	NOTE: Code introduced in
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/616fb7a9f2612f6cc3472542a70ba3e8ccf16584 and
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/0fd0fd0ae9ad8cfb177bb844091de98c0235917e,
	NOTE: and became vulnerable with freetype 2.9 which allows to define a different allocator. Partially
	NOTE: fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/c3659d7ef662b55949307ece7b1f613a7dc32620
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645
CVE-2018-1002104 (Versions &lt; 1.5 of the Kubernetes ingress default backend, which han ...)
	NOT-FOR-US: Kubernetes NGINX Ingress Controller
CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Das ...)
	NOT-FOR-US: minikube
CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API server in ...)
	- kubernetes 1.17.4-1
	NOTE: https://github.com/kubernetes/kubernetes/issues/85867
CVE-2018-19875
	RESERVED
CVE-2018-19874
	RESERVED
CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer  ...)
	{DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1}
	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
	- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/238749/
	NOTE: https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes a div ...)
	{DLA-2377-1 DLA-2376-1}
	- qtbase-opensource-src 5.11.2+dfsg-3 (low)
	[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
	- qt4-x11 4:4.8.7+dfsg-18
	[jessie] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://bugreports.qt.io/browse/QTBUG-69449
	NOTE: qt4-x11: POC doesn't crash on neither jessie nor stretch, it's possibly incomplete; patch applies though.
CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontr ...)
	{DLA-2377-1 DLA-1786-1}
	- qtimageformats-opensource-src 5.11.3-2 (low)
	[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
	[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
	- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/237761/
	NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
	NOTE: https://github.com/qt/qtimageformats/commit/7cfe47a8fe2f987fb2a066a696fb3d9d0afe4d65
CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image cau ...)
	{DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1}
	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
	- qtbase-opensource-src 5.11.3+dfsg-2 (low)
	- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/235998/
	NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
	NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version
	NOTE: https://github.com/qt/qtbase/commit/2841e2b61e32f26900bde987d469c8b97ea31999
CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG image cau ...)
	{DLA-2422-1 DLA-2377-1 DLA-1786-1}
	[experimental] - qtsvg-opensource-src 5.11.3-1
	- qtsvg-opensource-src 5.11.3-2 (low)
	[jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)
	- qt4-x11 4:4.8.7+dfsg-18 (low)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/234142/
	NOTE: https://github.com/qt/qtsvg/commit/8c199714e9bc638fb3f6ec747fb7a23373e49335
CVE-2018-19868
	RESERVED
CVE-2018-19867
	RESERVED
CVE-2018-19866
	RESERVED
CVE-2018-19865 (A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7 ...)
	[experimental] - qtvirtualkeyboard-opensource-src 5.11.3+dfsg-1
	- qtvirtualkeyboard-opensource-src 5.11.3+dfsg-2
	NOTE: http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
CVE-2018-19864 (NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows rem ...)
	NOT-FOR-US: NUUO NVRmini2 Network Video Recorder firmware
CVE-2018-19863 (An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on ...)
	NOT-FOR-US: 1Password
CVE-2018-19862 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: MiniShare
CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: MiniShare
CVE-2018-19860 (Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11,  ...)
	NOT-FOR-US: Broadcom components for Android
CVE-2018-19859 (OpenRefine before 3.2 beta allows directory traversal via a relative p ...)
	NOT-FOR-US: OpenRefine
CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack ...)
	NOT-FOR-US: PrinceXML
CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3. ...)
	{DSA-4366-1}
	- vlc 3.0.4-4 (bug #915760)
	[jessie] - vlc <end-of-life> (See https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://dyntopia.com/advisories/013-vlc
	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0
CVE-2018-19856 (GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before  ...)
	- gitlab 11.5.4+dfsg-1
	NOTE: https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/54857
CVE-2018-19855 (UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to t ...)
	NOT-FOR-US: UiPath Orchestrator
CVE-2018-19854 (An issue was discovered in the Linux kernel before 4.19.3. crypto_repo ...)
	- linux 4.18.20-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/f43f39958beb206b53292801e216d9b8a660f087
CVE-2018-19853 (An issue was discovered in hitshop through 2014-07-15. There is an ele ...)
	NOT-FOR-US: hitshop
CVE-2018-19852
	RESERVED
CVE-2018-19851
	RESERVED
CVE-2018-19850
	RESERVED
CVE-2018-19849 (An issue was discovered in YzmCMS 5.2. XSS exists via the admin/conten ...)
	NOT-FOR-US: YzmCMS
CVE-2018-19848
	RESERVED
CVE-2018-19847
	RESERVED
CVE-2018-19846
	RESERVED
CVE-2018-19845 (There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "po ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-19844 (FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, whi ...)
	NOT-FOR-US: FROG CMS
CVE-2018-19843 (opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attack ...)
	- radare2 3.1.0+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (Vulnerable code not present in libr/asm/p/asm_x86_nz.c)
	NOTE: https://github.com/radare/radare2/commit/f17bfd9f1da05f30f23a4dd05e9d2363e1406948
	NOTE: https://github.com/radare/radare2/issues/12242
CVE-2018-19842 (getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows att ...)
	- radare2 3.1.0+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (Vulnerable code not present in libr/asm/p/asm_x86_nz.c)
	NOTE: https://github.com/radare/radare2/commit/66191f780863ea8c66ace4040d0d04a8842e8432
	NOTE: https://github.com/radare/radare2/issues/12239
CVE-2018-19841 (The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a  ...)
	{DLA-2525-1}
	- wavpack 5.1.0-5 (bug #915565)
	NOTE: https://github.com/dbry/WavPack/commit/bba5389dc598a92bdf2b297c3ea34620b6679b5b
	NOTE: https://github.com/dbry/WavPack/issues/54
CVE-2018-19840 (The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPac ...)
	{DLA-2525-1}
	- wavpack 5.1.0-5 (bug #915564)
	NOTE: https://github.com/dbry/WavPack/commit/070ef6f138956d9ea9612e69586152339dbefe51
	NOTE: https://github.com/dbry/WavPack/issues/53
CVE-2018-19839 (In LibSass prior to 3.5.5, the function handle_error in sass_context.c ...)
	- libsass 3.5.5-4
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2657
	NOTE: https://github.com/sass/libsass/pull/2767
CVE-2018-19838 (In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_ ...)
	- libsass 3.6.3-1 (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2660
	NOTE: Fixed in 3.6.1, but 3.6.3 first to land in unstable
CVE-2018-19837 (In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Express ...)
	- libsass 3.5.4+20180621~c0a6cf3-1
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f
	NOTE: https://github.com/sass/libsass/issues/2659
CVE-2018-19836 (In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitr ...)
	NOT-FOR-US: Metinfo
CVE-2018-19835 (Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_col ...)
	NOT-FOR-US: Metinfo
CVE-2018-19834 (The quaker function of a smart contract implementation for BOMBBA (BOM ...)
	NOT-FOR-US: BOMBBA (BOMB) (tradable Ethereum ERC20 token)
CVE-2018-19833 (The owned function of a smart contract implementation for DDQ, an trad ...)
	NOT-FOR-US: DDQ (tradable Ethereum ERC20 token)
CVE-2018-19832 (The NETM() function of a smart contract implementation for NewIntelTec ...)
	NOT-FOR-US: NewIntelTechMedia (NETM)
CVE-2018-19831 (The ToOwner() function of a smart contract implementation for Cryptbon ...)
	NOT-FOR-US: Cryptbond Network (CBN)
CVE-2018-19830 (The UBSexToken() function of a smart contract implementation for Busin ...)
	NOT-FOR-US: Business Alliance Financial Circle (BAFC)
CVE-2018-19829 (Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios ...)
	NOT-FOR-US: Artica Integria IMS
CVE-2018-19828 (Artica Integria IMS 5.0.83 has XSS via the search_string parameter. ...)
	NOT-FOR-US: Artica Integria IMS
CVE-2018-19827 (In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedP ...)
	- libsass 3.5.5-3
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2782
CVE-2018-19826 (** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprin ...)
	NOTE: https://github.com/sass/libsass/issues/2781
	NOTE: Per libsass upstream this is not a security issues, but works as designed
CVE-2018-19825
	RESERVED
CVE-2018-19824 (In the Linux kernel through 4.19.6, a local user could exploit a use-a ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.161-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1118152
CVE-2018-19823
	RESERVED
CVE-2018-19822 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19821 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19820 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19819 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19818 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19817 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19816 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19815 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19814 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19813 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19812 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19811 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19810 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19809 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-1002105 (In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, in ...)
	- kubernetes 1.17.4-1 (bug #915828)
	NOTE: https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
	NOTE: https://github.com/kubernetes/kubernetes/issues/71411
CVE-2018-19808
	RESERVED
CVE-2018-19807
	RESERVED
CVE-2018-19806
	RESERVED
CVE-2018-19805
	RESERVED
CVE-2018-19804
	RESERVED
CVE-2018-19803
	RESERVED
CVE-2018-19802 (aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference. ...)
	- aubio 0.4.9-1 (bug #930186)
	[buster] - aubio <ignored> (Minor issue)
	[stretch] - aubio <ignored> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
CVE-2018-19801 (aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_fil ...)
	- aubio 0.4.9-1 (bug #930186)
	[buster] - aubio <ignored> (Minor issue)
	[stretch] - aubio <ignored> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
CVE-2018-19800 (aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo. ...)
	- aubio 0.4.9-1 (bug #930186)
	[buster] - aubio <no-dsa> (Minor issue)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
CVE-2018-19799 (Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= X ...)
	- dolibarr <removed>
CVE-2018-19798 (Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uplo ...)
	NOT-FOR-US: Fleetco Fleet Maintenance Management (FMM)
CVE-2018-19797 (In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Sel ...)
	- libsass 3.6.3-1
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2779
	NOTE: https://github.com/sass/libsass/commit/e94b5f91ec372a84be1f9c0da32cb6e0af0b99fe
CVE-2018-19796 (An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPre ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-19795 (ChipsBank UMPTool saves the password to the NAND with a simple substit ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-19794 (Cross-site scripting (XSS) vulnerability in UiV2Public.index in Intern ...)
	NOT-FOR-US: ChipsBank UMPTool
CVE-2018-19793 (jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Internet2 Grouper
CVE-2018-19792 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local us ...)
	NOT-FOR-US: OpenLiteSpeed
CVE-2018-19791 (The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 does not correc ...)
	NOT-FOR-US: OpenLiteSpeed
CVE-2018-19790 (An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x  ...)
	{DSA-4441-1 DLA-1707-1}
	- symfony 3.4.20+dfsg-1
	NOTE: https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http
CVE-2018-19789 (An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2 ...)
	{DSA-4441-1 DLA-1707-1}
	- symfony 3.4.20+dfsg-1
	NOTE: https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path
CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user wi ...)
	{DSA-4350-1 DLA-1644-1}
	- policykit-1 0.105-23 (bug #915332)
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/issues/74
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/14
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
	NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126
CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...)
	{DLA-2467-1}
	- lxml 4.2.5-1
	NOTE: Fixed by: https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 (lxml-4.2.5)
CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the server log i ...)
	NOT-FOR-US: HashiCorp Vault
CVE-2018-19785 (PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL fie ...)
	NOT-FOR-US: PHP-Proxy
CVE-2018-19784 (The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.p ...)
	NOT-FOR-US: PHP-Proxy
CVE-2018-19783 (Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authenticati ...)
	NOT-FOR-US: Kentix MultiSensor-LAN
CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET requests in ...)
	NOT-FOR-US: FreshRSS
CVE-2018-19781
	RESERVED
CVE-2018-19780
	RESERVED
CVE-2018-19779
	RESERVED
CVE-2018-19778
	RESERVED
CVE-2018-19777 (In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg ...)
	- mupdf 1.15.0+ds1-1 (unimportant; bug #915137)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700301
	NOTE: No security impact, hang in GUI/CLI tool
CVE-2018-19776
	RESERVED
CVE-2018-19775 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19774 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19773 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19772 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19771 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19770 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19769 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19768 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19767 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19766 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19765 (Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (b ...)
	NOT-FOR-US: InfoVista VistaPortal SE
CVE-2018-19764
	REJECTED
CVE-2018-19763 (There is a heap-based buffer over-read at writer.c (function: write_pn ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <not-affected> (The vulnerable code is not present)
	NOTE: https://github.com/saitoha/libsixel/issues/82
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649201 (reproducer)
CVE-2018-19762 (There is a heap-based buffer overflow at fromsixel.c (function: image_ ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <not-affected> (The vulnerable code is not present)
	NOTE: https://github.com/saitoha/libsixel/issues/81
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649199 (reproducer)
CVE-2018-19761 (There is an illegal address access at fromsixel.c (function: sixel_dec ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/78
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649200 (reproducer)
CVE-2018-19760 (cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. ...)
	- confuse <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649152
	NOTE: https://github.com/martinh/libconfuse/issues/120
	NOTE: https://github.com/martinh/libconfuse/commit/5f0e9ea4213d4047649c462e4f1b59a082af58e2
	NOTE: Issue caused by premature exit without cleanup on an error in the caller
	NOTE: not in the library; Negligible security impact in itself and disputed.
CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (function: ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/77
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer)
	NOTE: CVE description is misleading, not an issue in libstb
CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...)
	{DLA-2418-1 DLA-1632-1}
	- libsndfile 1.0.28-5 (bug #917416)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812
	NOTE: https://github.com/erikd/libsndfile/issues/435
	NOTE: https://github.com/erikd/libsndfile/commit/42132c543358cee9f7c3e9e9b15bb6c1063a608e
	NOTE: when fixing this issue, the fix needs to be made complete to not open CVE-2019-3832
CVE-2018-19757 (There is a NULL pointer dereference at function sixel_helper_set_addit ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <no-dsa> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/79
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649197 (reproducer)
CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function: stbi_ ...)
	- libsixel 1.8.2-2 (bug #931311)
	[buster] - libsixel 1.8.2-1+deb10u1
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <not-affected> (The vulnerable code is not present)
	NOTE: https://github.com/saitoha/libsixel/issues/80
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
	NOTE: CVE description is misleading, not an issue in libstb
CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...)
	- nasm 2.15.02-1 (unimportant; bug #915087)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
	NOTE: https://github.com/netwide-assembler/nasm/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
	NOTE: Crash in CLI tool, no security impact
CVE-2018-19754 (Tarantella Enterprise before 3.11 allows bypassing Access Control. ...)
	NOT-FOR-US: Tarantella Enterprise
CVE-2018-19753 (Tarantella Enterprise before 3.11 allows Directory Traversal. ...)
	NOT-FOR-US: Tarantella Enterprise
CVE-2018-19752 (DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php not ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19751 (DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php not ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19750 (DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes f ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19749 (DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19748 (app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows ...)
	NOT-FOR-US: SDCMS
CVE-2018-19747
	REJECTED
CVE-2018-19746
	REJECTED
CVE-2018-19745
	REJECTED
CVE-2018-19744
	REJECTED
CVE-2018-19743
	REJECTED
CVE-2018-19742
	REJECTED
CVE-2018-19741
	REJECTED
CVE-2018-19740
	REJECTED
CVE-2018-19739
	REJECTED
CVE-2018-19738
	REJECTED
CVE-2018-19737
	REJECTED
CVE-2018-19736
	REJECTED
CVE-2018-19735
	REJECTED
CVE-2018-19734
	REJECTED
CVE-2018-19733
	REJECTED
CVE-2018-19732
	REJECTED
CVE-2018-19731
	REJECTED
CVE-2018-19730
	REJECTED
CVE-2018-19729
	REJECTED
CVE-2018-19728 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19727 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a r ...)
	NOT-FOR-US: Adobe
CVE-2018-19726 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
	NOT-FOR-US: Adobe
CVE-2018-19725 (Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-19724 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...)
	NOT-FOR-US: Adobe
CVE-2018-19723 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-19722 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-19721 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-19720 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19719 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19718 (Adobe Connect versions 9.8.1 and earlier have a session token exposure ...)
	NOT-FOR-US: Adobe
CVE-2018-19717 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19716 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19715 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19714 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19713 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19712 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19711 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19710 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19709 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19708 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19707 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19706 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19705 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19704 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19703 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19702 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19701 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19700 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19699 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-19698 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-1000819
	REJECTED
CVE-2018-1000818
	REJECTED
CVE-2018-19697
	RESERVED
CVE-2018-19696
	RESERVED
CVE-2018-19695
	RESERVED
CVE-2018-19694 (HMS Industrial Networks Netbiter WS100 3.30.5 devices and previous hav ...)
	NOT-FOR-US: HMS Industrial Networks Netbiter WS100
CVE-2018-19693 (An issue was discovered in tp5cms through 2017-05-25. admin.php/system ...)
	NOT-FOR-US: tp5cms
CVE-2018-19692 (An issue was discovered in tp5cms through 2017-05-25. admin.php/upload ...)
	NOT-FOR-US: tp5cms
CVE-2018-19691
	RESERVED
CVE-2018-19690
	RESERVED
CVE-2018-19689
	RESERVED
CVE-2018-19688
	RESERVED
CVE-2018-19687
	RESERVED
CVE-2018-19686
	RESERVED
CVE-2018-19685
	RESERVED
CVE-2018-19684
	RESERVED
CVE-2018-19683
	RESERVED
CVE-2018-19682
	RESERVED
CVE-2018-19681
	RESERVED
CVE-2018-19680
	RESERVED
CVE-2018-19679
	RESERVED
CVE-2018-19678
	RESERVED
CVE-2018-19677
	RESERVED
CVE-2018-19676
	RESERVED
CVE-2018-19675
	RESERVED
CVE-2018-19674
	RESERVED
CVE-2018-19673
	RESERVED
CVE-2018-19672
	RESERVED
CVE-2018-19671
	RESERVED
CVE-2018-19670
	RESERVED
CVE-2018-19669
	RESERVED
CVE-2018-19668
	REJECTED
CVE-2018-19667
	RESERVED
CVE-2018-19666 (The agent in OSSEC through 3.1.0 on Windows allows local users to gain ...)
	- ossec-hids <itp> (bug #361954)
CVE-2018-19665 (The Bluetooth subsystem in QEMU mishandles negative values for length  ...)
	- qemu 1:3.1+dfsg-2 (low; bug #916278)
	[stretch] - qemu <ignored> (Minor issue)
	[jessie] - qemu <ignored> (Minor issue, bluetooth subsystem unmaintained/unusable and now deprecated, no sanctioned patch)
	- qemu-kvm <removed>
	NOTE: initial patch disputed
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg03822.html
	NOTE: second patch never accepted, no activity as of 20190909
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg03570.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg07426.html
	NOTE: https://github.com/qemu/qemu/commit/c0188e69d (bluetooth subsystem deprecated in 3.1)
	NOTE: https://github.com/qemu/qemu/commit/1d4ffe8dc (bluetooth subsystem removed in 5.0)
CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel ...)
	- libjpeg-turbo <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
	NOTE: Introduced in: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/aa7459050d7a50e1d8a99488902d41fbc118a50f
	NOTE: Fixed by: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f8cca819a4fb42aafa5f70df43c45e8c416d716f
CVE-2018-19663
	RESERVED
CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...)
	{DLA-2418-1 DLA-1618-1}
	- libsndfile 1.0.28-5 (low)
	NOTE: https://github.com/erikd/libsndfile/issues/429
	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
	NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...)
	{DLA-2418-1 DLA-1618-1}
	- libsndfile 1.0.28-5 (low)
	NOTE: https://github.com/erikd/libsndfile/issues/429
	NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f
	NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate)
CVE-2018-19660 (An exploitable authenticated command-injection vulnerability exists in ...)
	NOT-FOR-US: Moxa
CVE-2018-19659 (An exploitable authenticated command-injection vulnerability exists in ...)
	NOT-FOR-US: Moxa
CVE-2018-19658 (The Markdown editor in YXBJ before 8.3.2 on macOS has stored XSS. This ...)
	NOT-FOR-US: YXBJ
CVE-2018-19657
	RESERVED
CVE-2018-19656
	RESERVED
CVE-2018-19655 (A stack-based buffer overflow in the find_green() function of dcraw th ...)
	- ufraw 0.22-3.1 (unimportant; bug #890086)
	- dcraw 9.28-2 (unimportant; bug #906529)
	NOTE: No security impact, crash in CLI tool
CVE-2018-19654 (An issue was discovered in Sales &amp; Company Management System (SCMS ...)
	NOT-FOR-US: Sales & Company Management System (SCMS)
CVE-2018-19653 (HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent  ...)
	- consul 1.4.4~dfsg1-1
	[buster] - consul <no-dsa> (Minor issue)
	NOTE: https://github.com/hashicorp/consul/pull/5069
CVE-2018-19652
	RESERVED
CVE-2018-19651 (admin/functions/remote.php in Interspire Email Marketer through 6.1.6  ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19650 (Local attackers can trigger a stack-based buffer overflow on vulnerabl ...)
	NOT-FOR-US: Antiy-AVL ATool security management
CVE-2018-19649 (XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). VPor ...)
	NOT-FOR-US: InfoVista VistaPortal
CVE-2018-19648 (An issue was discovered in ADTRAN PMAA 1.6.2-1, 1.6.3, and 1.6.4. NETC ...)
	NOT-FOR-US: ADTRAN
CVE-2018-19647
	RESERVED
CVE-2018-19646 (The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10 ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-19645 (An Authentication Bypass issue exists in Solutions Business Manager (S ...)
	NOT-FOR-US: Solutions Business Manager (SBM)
CVE-2018-19644 (Reflected cross site script issue in Micro Focus Solutions Business Ma ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-19643 (Information leakage issue in Micro Focus Solutions Business Manager (S ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-19642 (Denial of service issue in Micro Focus Solutions Business Manager (SBM ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-19641 (Unauthenticated remote code execution issue in Micro Focus Solutions B ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-19640 (If the attacker manages to create files in the directory used to colle ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19639 (If supportutils before version 3.1-5.7.1 is run with -v to perform rpm ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19638 (In supportutils, before version 3.1-5.7.1 and if pacemaker is installe ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19637 (Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19636 (Supportutils, before version 3.1-5.7.1, when run with command line arg ...)
	NOT-FOR-US: SLES support scripts
CVE-2018-19635 (CA Service Desk Manager 14.1 and 17 contain a vulnerability that can a ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2018-19634 (CA Service Desk Manager 14.1 and 17 contain a vulnerability that can a ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2018-19633
	RESERVED
CVE-2018-19632
	RESERVED
CVE-2018-19631
	RESERVED
CVE-2018-19630 (cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE throu ...)
	NOT-FOR-US: uhttpd (in OpenWRT and LEDE)
CVE-2018-19629 (A Denial of Service vulnerability in the ImageNow Server service in Hy ...)
	NOT-FOR-US: Hyland Perceptive Content Server
CVE-2018-19628 (In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. Thi ...)
	{DSA-4359-1}
	- wireshark 2.6.5-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, zigbee color control support added in v2.1.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15281
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=212b18825d9b668cda23d334c48867dfa66b2b36
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-57.html
CVE-2018-19627 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file p ...)
	{DSA-4359-1}
	- wireshark 2.6.5-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, variable buffer to find_signature introduced in 2.4.0 with OCTO support)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15279
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bdc33cfaecb1b4cf2c114ed9015713ddf8569a60
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-55.html
CVE-2018-19626 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector co ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15130
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c5a65115ebab55cfd5ce0a855c2256e01cab6449
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-52.html
CVE-2018-19625 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14466
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc4d209f39132a4ae05675a11609176ae9705cfc
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-51.html
CVE-2018-19624 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector co ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15280
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3e319db1107b08fc3be804b6d449143ec9aa0dec
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-56.html
CVE-2018-19623 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector  ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15132
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9c8645ec7b28e4d7193962ecd2a418613bf6a84f
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-53.html
CVE-2018-19622 (In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector co ...)
	{DSA-4359-1 DLA-1634-1}
	- wireshark 2.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15250
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b7555d32d11862f0e500ec466ad6bfe54190076
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-54.html
CVE-2018-19621 (server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF th ...)
	NOT-FOR-US: ShowDoc
CVE-2018-19620 (ShowDoc 2.4.1 allows remote attackers to edit other users' notes by na ...)
	NOT-FOR-US: ShowDoc
CVE-2018-19619
	RESERVED
CVE-2018-19618
	RESERVED
CVE-2018-19617
	RESERVED
CVE-2018-19616 (An issue was discovered in Rockwell Automation Allen-Bradley PowerMoni ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
CVE-2018-19615 (Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A re ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley PowerMonitor 1000
CVE-2018-19614 (XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre ...)
	NOT-FOR-US: Westermo routers
CVE-2018-19613 (Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. ...)
	NOT-FOR-US: Westermo routers
CVE-2018-19612 (The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260  ...)
	NOT-FOR-US: Westermo routers
CVE-2018-19611
	RESERVED
CVE-2018-19610
	RESERVED
CVE-2018-19609 (ShowDoc 2.4.1 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: ShowDoc
CVE-2018-19608 (Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a l ...)
	- mbedtls 2.14.1-1 (bug #915796)
	[stretch] - mbedtls <no-dsa> (Minor issue)
	- polarssl <removed>
	[jessie] - polarssl <no-dsa> (Minor issue)
	NOTE: http://cat.eyalro.net/
	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
CVE-2018-19607 (Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote att ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental; bug #915134)
	NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/97e7905a8b90fcbd5e8c440ad7d55bf8ffe007e5
	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/6e42c1b55e0fc4f360cc56010b0ffe19aa6062d9
CVE-2018-19606
	RESERVED
CVE-2018-19605
	RESERVED
CVE-2018-19604
	RESERVED
CVE-2018-19603
	RESERVED
CVE-2018-19602
	RESERVED
CVE-2018-19601 (Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&amp;act=d ...)
	NOT-FOR-US: Rhymix CMS
CVE-2018-19600 (Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&amp;act=di ...)
	NOT-FOR-US: Rhymix CMS
CVE-2018-19599 (Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/i ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-19598 (Statamic 2.10.3 allows XSS via First Name or Last Name to the /users U ...)
	NOT-FOR-US: Statamic
CVE-2018-19597 (CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a relat ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-19596 (Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the re ...)
	NOT-FOR-US: Zurmo
CVE-2018-19595 (PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute ar ...)
	NOT-FOR-US: PbootCMS
CVE-2018-19594
	RESERVED
CVE-2018-19593
	RESERVED
CVE-2018-19592 (The "CLink4Service" service is installed with Corsair Link 4.9.7.35 wi ...)
	NOT-FOR-US: Corsair
CVE-2018-19591 (In the GNU C Library (aka glibc or libc6) through 2.28, attempting to  ...)
	- glibc 2.28-1 (bug #914837)
	[stretch] - glibc <not-affected> (Vulnerable code introduced later and not backported to stretch)
	[jessie] - glibc <not-affected> (Vulnerable code introduced later and not backported to jessie)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23927
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d527c860f5a3f0ed687bd03f0cb464612dc23408
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2180fee114b778515b3f560e5ff1e795282e60b0
CVE-2018-19590
	RESERVED
CVE-2018-19589 (Incorrect Access Controls of Security Officer (SO) in PKCS11 R2 provid ...)
	NOT-FOR-US: Utimaco CryptoServer HSM
CVE-2018-19588 (Alarm.com ADC-V522IR 0100b9 devices have Incorrect Access Control. ...)
	NOT-FOR-US: Alarm.com ADC-V522IR 0100b9 devices
CVE-2018-19587 (In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_a ...)
	NOT-FOR-US: Cesanta Mongoose
	NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1
CVE-2018-19586 (Silverpeas 5.15 through 6.0.2 is affected by an authenticated Director ...)
	NOT-FOR-US: Silverpeas
CVE-2018-19585 (GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19584 (GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5  ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19583 (GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19582 (GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affe ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19581 (GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19580 (All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not sen ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19579 (GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19578 (GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure ob ...)
	- gitlab <not-affected> (Specific to Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19577 (Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19576 (GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19575 (GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19574 (GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19573 (GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19572 (GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-c ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19571 (GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19570 (GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19569 (GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4 ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19568 (A floating point exception in kodak_radc_load_raw in dcraw through 9.2 ...)
	- dcraw <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
	NOTE: No security impact, crash in CLI tool
CVE-2018-19567 (A floating point exception in parse_tiff_ifd in dcraw through 9.28 cou ...)
	- dcraw <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
	NOTE: No security impact, crash in CLI tool
CVE-2018-19566 (A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could  ...)
	- dcraw <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
	NOTE: No security impact, crash in CLI tool
CVE-2018-19565 (A buffer over-read in crop_masked_pixels in dcraw through 9.28 could b ...)
	- dcraw <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/23/1
	NOTE: No security impact, crash in CLI tool
CVE-2018-19564 (Stored XSS was discovered in the Easy Testimonials plugin 3.2 for Word ...)
	NOT-FOR-US: Easy Testimonials plugin for WordPress
CVE-2018-19563
	RESERVED
CVE-2018-19562 (An issue was discovered in PHPok 4.9.015. admin.php?c=update&amp;f=unz ...)
	NOT-FOR-US: PHPok
CVE-2018-19561 (sikcms 1.1 has CSRF via admin.php?m=Admin&amp;c=Users&amp;a=userAdd to ...)
	NOT-FOR-US: sikcms
CVE-2018-19560 (BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate ...)
	NOT-FOR-US: BageCMS
CVE-2018-19559 (CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ ...)
	NOT-FOR-US: CuppaCMS
CVE-2018-19558 (An issue was discovered in arcms through 2018-03-19. SQL injection exi ...)
	NOT-FOR-US: arcms
CVE-2018-19557 (An issue was discovered in arcms through 2018-03-19. No authentication ...)
	NOT-FOR-US: arcms
CVE-2018-19556 (** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1. ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-19555 (tp4a TELEPORT 3.1.0 has CSRF via user/do-reset-password to change any  ...)
	NOT-FOR-US: tp4a TELEPORT
CVE-2018-19554 (An issue was discovered in Dotcms through 5.0.3. Attackers may perform ...)
	NOT-FOR-US: dotCMS
CVE-2018-19553 (Interspire Email Marketer through 6.1.6 has SQL Injection via an updat ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19552 (Interspire Email Marketer through 6.1.6 has SQL Injection via a delete ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19551 (Interspire Email Marketer through 6.1.6 has SQL Injection via a checkd ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19550 (Interspire Email Marketer through 6.1.6 allows arbitrary file upload v ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19549 (Interspire Email Marketer through 6.1.6 has SQL Injection via a tagids ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2018-19548 (index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sen ...)
	NOT-FOR-US: EduSec
CVE-2018-19547 (JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&a ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2018-19546 (JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action& ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2018-19545 (JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. ...)
	NOT-FOR-US: JEECMS
CVE-2018-19544 (JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. ...)
	NOT-FOR-US: JEECMS
CVE-2018-19543 (An issue was discovered in JasPer 2.0.14. There is a heap-based buffer ...)
	- jasper <removed>
	[jessie] - jasper <postponed> (Code appears to work correctly but wait for more information)
	NOTE: https://github.com/mdadams/jasper/issues/182
	NOTE: This issue is reproducible with ASAN, however without ASAN the guard,
	NOTE: introduced with the fix for CVE-2014-8138, works as expected and
	NOTE: jasper terminates properly. Still I am going to mark this bug as
	NOTE: postponed until we receive feedback from upstream.
CVE-2018-19542 (An issue was discovered in JasPer 2.0.14. There is a NULL pointer dere ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/182
CVE-2018-19541 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/182
CVE-2018-19540 (An issue was discovered in JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11 ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/182
CVE-2018-19539 (An issue was discovered in JasPer 2.0.14. There is an access violation ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/182
CVE-2018-19538
	RESERVED
CVE-2018-19537 (TP-Link Archer C5 devices through V2_160201_US allow remote command ex ...)
	NOT-FOR-US: TP-Link Archer C5 devices
CVE-2018-19536
	RESERVED
CVE-2018-19535 (In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngch ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (bug #915135)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/428
	NOTE: https://github.com/Exiv2/exiv2/pull/430
CVE-2018-19534
	RESERVED
CVE-2018-19533
	RESERVED
CVE-2018-19532 (A NULL pointer dereference vulnerability exists in the function PdfTra ...)
	- libpodofo 0.9.6+dfsg-4 (low; bug #916085)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/32/
	NOTE: https://sourceforge.net/p/podofo/code/1950/
CVE-2018-19531 (HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote c ...)
	NOT-FOR-US: HTTL
CVE-2018-19530 (HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote c ...)
	NOT-FOR-US: HTTL
CVE-2018-19529
	RESERVED
CVE-2018-19528 (TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a  ...)
	NOT-FOR-US: TP-Link
CVE-2018-19527 (i4 assistant 7.85 allows XSS via a crafted machine name field within i ...)
	NOT-FOR-US: i4 assistant
CVE-2018-19526
	RESERVED
CVE-2018-19525 (An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1 ...)
	NOT-FOR-US: Systrome
CVE-2018-19524 (An issue was discovered on Shenzhen Skyworth DT741 Converged Intellige ...)
	NOT-FOR-US: Shenzhen Skyworth
CVE-2018-19523 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
	NOT-FOR-US: DriverAgent
CVE-2018-19522 (DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows ...)
	NOT-FOR-US: DriverAgent
CVE-2018-19521
	RESERVED
CVE-2018-19520 (An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controlle ...)
	NOT-FOR-US: SDCMS
CVE-2018-19519 (In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_p ...)
	- tcpdump <unfixed> (unimportant)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/763
	NOTE: https://github.com/zyingp/temp/blob/master/tcpdump.md
	NOTE: Crash in CLI tool, no security impact
CVE-2018-19516 (messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE App ...)
	- kf5-messagelib 4:18.08.3-2 (bug #915039)
	[stretch] - kf5-messagelib <no-dsa> (Minor issue)
	NOTE: https://www.kde.org/info/security/advisory-20181128-1.txt
	NOTE: https://github.com/KDE/messagelib/commit/34765909cdf8e55402a8567b48fb288839c61612
CVE-2018-19515 (In Webgalamb through 7.0, system/ajax.php functionality is supposed to ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19514 (In Webgalamb through 7.0, an arbitrary code execution vulnerability co ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19513 (In Webgalamb through 7.0, log files are exposed to the internet with p ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19512 (In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" director ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19511 (wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attac ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19510 (subscriber.php in Webgalamb through 7.0 is vulnerable to SQL injection ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19509 (wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars ...)
	NOT-FOR-US: Webgalamb
CVE-2018-19508 (CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?user ...)
	NOT-FOR-US: CMSimple
CVE-2018-19507 (CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&amp;action ...)
	NOT-FOR-US: CMSimple
CVE-2018-19506 (Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the re ...)
	NOT-FOR-US: Zurmo
CVE-2018-19505 (Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct  ...)
	NOT-FOR-US: Remedy AR System Server in BMC Remedy
CVE-2018-19504 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (low; bug #914641)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://sourceforge.net/p/faac/bugs/240/
	NOTE: https://github.com/knik0/faad2/issues/26
	NOTE: https://github.com/knik0/faad2/commit/466b01d504d7e45
CVE-2018-19503 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
	{DSA-4522-1}
	- faad2 2.8.8-2 (bug #914641)
	[jessie] - faad2 2.7-8+deb8u2
	NOTE: https://sourceforge.net/p/faac/bugs/240/
	NOTE: https://github.com/knik0/faad2/issues/18
	NOTE: https://github.com/knik0/faad2/commit/6b4a7cde30f2e2cb03e78ef476cc73179cfffda3
CVE-2018-19502 (An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2 ...)
	{DSA-4522-1 DLA-1899-1}
	- faad2 2.8.8-3 (bug #914641)
	NOTE: https://sourceforge.net/p/faac/bugs/240/
	NOTE: https://github.com/knik0/faad2/issues/22
	NOTE: https://github.com/knik0/faad2/commit/942c3e0aee748ea6fe97cb2c1aa5893225316174
CVE-2018-19501
	RESERVED
CVE-2018-19500
	RESERVED
CVE-2018-19499 (Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Executi ...)
	NOT-FOR-US: Vanilla
CVE-2018-19498 (The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XS ...)
	NOT-FOR-US: Atlassian plugin
CVE-2018-19497 (In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs. ...)
	{DLA-1610-1}
	- sleuthkit 4.6.5-1 (low; bug #914796)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/pull/1374
	NOTE: https://github.com/sleuthkit/sleuthkit/commit/bc04aa017c0bd297de8a3b7fc40ffc6ddddbb95d
CVE-2018-19496 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19495 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19494 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19493 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.3.11+dfsg-1
	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19492 (An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allo ...)
	{DLA-1597-1 DLA-1595-1}
	- gnuplot <unfixed> (unimportant)
	- gnuplot5 <removed> (unimportant)
	NOTE: https://sourceforge.net/p/gnuplot/bugs/2089/
	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
	NOTE: No security impact, neutralised by toolchain hardening
	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
	NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19491 (An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allow ...)
	{DLA-1597-1 DLA-1595-1}
	- gnuplot <unfixed> (unimportant)
	- gnuplot5 <removed> (unimportant)
	NOTE: https://sourceforge.net/p/gnuplot/bugs/2094/
	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
	NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue all ...)
	{DLA-1597-1 DLA-1595-1}
	- gnuplot <unfixed> (unimportant)
	- gnuplot5 <removed> (unimportant)
	NOTE: https://sourceforge.net/p/gnuplot/bugs/2093/
	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
	NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a de ...)
	{DSA-4454-1 DLA-1646-1}
	- qemu 1:3.1+dfsg-1 (bug #914727)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1d20398694a3b67a388d955b7a945ba4aa90a8a8 (master)
CVE-2018-19488 (The WP-jobhunt plugin before version 2.4 for WordPress does not contro ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19487 (The WP-jobhunt plugin before version 2.4 for WordPress does not contro ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19485
	RESERVED
CVE-2018-19484
	RESERVED
CVE-2018-19483
	RESERVED
CVE-2018-19482
	RESERVED
CVE-2018-19481
	RESERVED
CVE-2018-19480
	RESERVED
CVE-2018-19479
	RESERVED
CVE-2018-19478 (In Artifex Ghostscript before 9.26, a carefully crafted PDF file can t ...)
	{DSA-4346-1 DLA-1620-1}
	- ghostscript 9.26~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699856
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0a7e5a1c309fa0911b892fa40996a7d55d90bace
CVE-2018-19474
	RESERVED
CVE-2018-19473
	RESERVED
CVE-2018-19472
	RESERVED
CVE-2018-19471
	RESERVED
CVE-2018-19470
	RESERVED
CVE-2018-19469 (ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomat ...)
	NOT-FOR-US: ArticleCMS
CVE-2018-19468 (HuCart 5.7.4 has SQL injection in get_ip() in system/class/helper_clas ...)
	NOT-FOR-US: HuCart
CVE-2018-19467
	RESERVED
CVE-2018-19466 (A vulnerability was found in Portainer before 1.20.0. Portainer stores ...)
	NOT-FOR-US: Portainer
CVE-2018-19465 (Maccms through 8.0 allows XSS via the site_keywords field to index.php ...)
	NOT-FOR-US: Maccms
CVE-2018-19464 (Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting. ...)
	NOT-FOR-US: Discuz!
CVE-2018-19463 (** DISPUTED ** zb_system/function/lib/upload.php in Z-BlogPHP through  ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-19462 (admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-19461 (admin\db\DoSql.php in EmpireCMS through 7.5 allows XSS via crafted SQL ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-19460
	RESERVED
CVE-2018-19459 (Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List ...)
	NOT-FOR-US: Adult Filter
CVE-2018-19458 (In PHP Proxy 3.0.3, any user can read files from the server without au ...)
	NOT-FOR-US: PHP Proxy
CVE-2018-19457 (Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which le ...)
	NOT-FOR-US: Logicspice FAQ Script
CVE-2018-19456 (The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPr ...)
	NOT-FOR-US: WP Backup+ (aka WPbackupplus) plugin for WordPress
CVE-2018-19455
	RESERVED
CVE-2018-19486 (Git before 2.19.2 on Linux and UNIX executes commands from the current ...)
	- git 1:2.19.2-1
	[stretch] - git <not-affected> (Vulnerable code introduced later)
	[jessie] - git <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
	NOTE: Introduced by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e3a434468fecca7c14a6bef32050dfa60534fde6
CVE-2018-19477 (psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attacke ...)
	{DSA-4346-1 DLA-1598-1}
	- ghostscript 9.26~dfsg-1
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb (ghostscript-9.26)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03 (master)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700168
CVE-2018-19476 (psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers  ...)
	{DSA-4346-1 DLA-1598-1}
	- ghostscript 9.26~dfsg-1
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a (ghostscript-9.26)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16 (master)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700169
CVE-2018-19475 (psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attack ...)
	{DSA-4346-1 DLA-1598-1}
	- ghostscript 9.26~dfsg-1
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e (ghostscript-9.26)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315 (master)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700153
CVE-2018-19518 (University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_o ...)
	{DSA-4353-1 DLA-1700-1 DLA-1608-1}
	- php7.3 7.3.0-1 (bug #913775)
	- php7.2 <removed> (bug #913835)
	- php7.0 <removed> (bug #913836)
	- php5 <removed>
	- uw-imap 8:2007f~dfsg-6 (bug #914632)
	[stretch] - uw-imap <no-dsa> (Minor issue)
	NOTE: Fixed in 5.6.39, 7.0.33, 7.1.25, 7.2.13, 7.3.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76428
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77153
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77160
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/22/3
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdffe45adddb
CVE-2018-19454
	RESERVED
CVE-2018-19453 (Kentico CMS before 11.0.45 allows unrestricted upload of a file with a ...)
	NOT-FOR-US: Kentico CMS
CVE-2018-19452 (A use after free in the TextBox field Mouse Enter action in IReader_Co ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19451 (A command injection can occur for specially crafted PDF files in Foxit ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19450 (A command injection can occur for specially crafted PDF files in Foxit ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19449 (A File Write can occur for specially crafted PDF files in Foxit Reader ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19448 (In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialize ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19447 (A stack-based buffer overflow can occur for specially crafted PDF file ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19446 (A File Write can occur for specially crafted PDF files in Foxit Reader ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19445 (A command injection can occur for specially crafted PDF files in Foxit ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19444 (A use after free in the TextBox field Validate action in IReader_Conte ...)
	NOT-FOR-US: Foxit Reader SDK
CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...)
	NOT-FOR-US: Neato Botvac Connected
CVE-2018-19441 (An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateR ...)
	NOT-FOR-US: Neato Botvac Connected
CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...)
	NOT-FOR-US: ARM Trusted Firmware-A
CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global Deskt ...)
	NOT-FOR-US: Oracle
CVE-2018-19438
	RESERVED
CVE-2018-19443 (The client in Tryton 5.x before 5.0.1 tries to make a connection to th ...)
	- tryton-client <not-affected> (Only affects 5.x, vulnerable 5.0.0 version never in Debian)
	NOTE: https://discuss.tryton.org/t/security-release-for-issue7792/830
	NOTE: https://bugs.tryton.org/issue7792
CVE-2018-19437 (UCMS 1.4.7 allows remote authenticated users to change the administrat ...)
	NOT-FOR-US: UCMS
CVE-2018-19436 (An issue was discovered in the Manufacturing component in webERP 4.15. ...)
	NOT-FOR-US: webERP
CVE-2018-19435 (An issue was discovered in the Sales component in webERP 4.15. SalesIn ...)
	NOT-FOR-US: webERP
CVE-2018-19434 (An issue was discovered on the "Bank Account Matching - Receipts" scre ...)
	NOT-FOR-US: webERP
CVE-2018-19433 (ShowDoc 2.4.1 has XSS via the lang parameter because install/database. ...)
	NOT-FOR-US: ShowDoc
CVE-2018-19432 (An issue was discovered in libsndfile 1.0.28. There is a NULL pointer  ...)
	{DLA-1618-1}
	- libsndfile 1.0.28-5 (unimportant; bug #914381)
	NOTE: https://github.com/erikd/libsndfile/issues/427
	NOTE: https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077
	NOTE: Similar underlying issue as CVE-2018-13139 but not considered a duplicate.
	NOTE: Missing channel number check in sndfile-deinterleave program, not a
	NOTE: security issue in the library.
CVE-2018-19431
	RESERVED
CVE-2018-19430
	RESERVED
CVE-2018-19429
	RESERVED
CVE-2018-19428
	RESERVED
CVE-2018-19427
	RESERVED
CVE-2018-19426
	RESERVED
CVE-2018-19425
	RESERVED
CVE-2018-19424 (ClipperCMS 1.3.3 allows remote authenticated administrators to upload  ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-19423 (Codiad 2.8.4 allows remote authenticated administrators to execute arb ...)
	NOT-FOR-US: Codiad
CVE-2018-19422 (/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-19421 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Inte ...)
	NOT-FOR-US: GetSimpleCMS
CVE-2018-19420 (In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but ther ...)
	NOT-FOR-US: GetSimpleCMS
CVE-2018-19419
	RESERVED
CVE-2018-19418 (Foxit PDF ActiveX before 5.5.1 allows remote code execution via comman ...)
	NOT-FOR-US: Foxit PDF ActiveX
CVE-2018-19417 (An issue was discovered in the MQTT server in Contiki-NG before 4.2. T ...)
	NOT-FOR-US: Contiki-NG
CVE-2018-19517 (An issue was discovered in sysstat 12.1.1. The remap_struct function i ...)
	[experimental] - sysstat 12.0.3-1
	- sysstat 12.0.3-2 (low; bug #914553)
	[stretch] - sysstat <not-affected> (Vulnerable code introduced later)
	[jessie] - sysstat <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/sysstat/sysstat/issues/199
	NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/fbc691eaaa10d0bcea6741d5a223dc3906106548
CVE-2018-19416 (An issue was discovered in sysstat 12.1.1. The remap_struct function i ...)
	[experimental] - sysstat 12.0.3-1
	- sysstat 12.0.3-2 (low; bug #914384)
	[stretch] - sysstat <not-affected> (Vulnerable code introduced later)
	[jessie] - sysstat <not-affected> (vulnerable code was introduced later)
	NOTE: https://github.com/sysstat/sysstat/issues/196
	NOTE: Fixed by: https://github.com/sysstat/sysstat/commit/fbc691eaaa10d0bcea6741d5a223dc3906106548
	NOTE: Vulnerable code introduced with https://github.com/sysstat/sysstat/commit/65ac30359e49ee717397e39950d7c24a6610d57c#diff-cccb0877d1539c562536a98e0d17428f
CVE-2018-19415 (Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remot ...)
	NOT-FOR-US: Plikli CMS
CVE-2018-19414 (Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0. ...)
	NOT-FOR-US: Plikli CMS
CVE-2018-19413 (A vulnerability in the API of SonarSource SonarQube before 7.4 could a ...)
	NOT-FOR-US: SonarQube
CVE-2018-19412
	RESERVED
CVE-2018-19411 (PRTG Network Monitor before 18.2.40.1683 allows an authenticated user  ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-19410 (PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-19409 (An issue was discovered in Artifex Ghostscript before 9.26. LockSafety ...)
	{DSA-4346-1 DLA-1598-1}
	- ghostscript 9.26~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700176
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=661e8d8fb8248c38d67958beda32f3a5876d0c3f
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea1b3ef437f39e45874f821c06bd953196625ac5
CVE-2018-19408
	RESERVED
CVE-2018-19407 (The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kerne ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2018/11/20/580
CVE-2018-19406 (kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4. ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://lkml.org/lkml/2018/11/20/411
	NOTE: Introduced by: https://git.kernel.org/linus/4180bf1b655a791a0a6ef93a2ffffc762722c782 (4.19-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/38ab012f109caf10f471db1adf284e620dd8d701 (4.20-rc5)
CVE-2018-19405
	RESERVED
CVE-2018-19404 (In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.ph ...)
	NOT-FOR-US: YXcms
CVE-2018-19403
	RESERVED
CVE-2018-19402
	RESERVED
CVE-2018-19401
	RESERVED
CVE-2018-19400
	RESERVED
CVE-2018-19399
	RESERVED
CVE-2018-19398
	RESERVED
CVE-2018-19397
	RESERVED
CVE-2018-19396 (ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attac ...)
	- php7.3 <not-affected> (Windows-specific)
	- php7.2 <not-affected> (Windows-specific)
	- php7.1 <not-affected> (Windows-specific)
	- php7.0 <not-affected> (Windows-specific)
	- php5 <not-affected> (Windows-specific)
	NOTE: https://bugs.php.net/bug.php?id=77177
CVE-2018-19395 (ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attacke ...)
	- php7.3 <not-affected> (Windows-specific)
	- php7.2 <not-affected> (Windows-specific)
	- php7.1 <not-affected> (Windows-specific)
	- php7.0 <not-affected> (Windows-specific)
	- php5 <not-affected> (Windows-specific)
	NOTE: https://bugs.php.net/bug.php?id=77177
CVE-2018-19394 (Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, whi ...)
	NOT-FOR-US: Cobham Satcom Sailor
CVE-2018-19393 (Cobham Satcom Sailor 800 and 900 devices contained a vulnerability tha ...)
	NOT-FOR-US: Cobham Satcom Sailor
CVE-2018-19392 (Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unau ...)
	NOT-FOR-US: Cobham Satcom Sailor
CVE-2018-19391 (Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persist ...)
	NOT-FOR-US: Cobham Satcom Sailor
CVE-2018-19390 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to ...)
	NOT-FOR-US: Foxit
CVE-2018-19389 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to ...)
	NOT-FOR-US: Foxit
CVE-2018-19388 (FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to ...)
	NOT-FOR-US: Foxit
CVE-2018-19387
	REJECTED
CVE-2018-19386 (SolarWinds Database Performance Analyzer 11.1.457 contains an instance ...)
	NOT-FOR-US: SolarWinds Database Performance Analyzer
CVE-2018-19385
	RESERVED
CVE-2018-19384
	RESERVED
CVE-2018-19383
	RESERVED
CVE-2018-19382
	RESERVED
CVE-2018-19381
	RESERVED
CVE-2018-19380
	RESERVED
CVE-2018-19379
	RESERVED
CVE-2018-19378
	RESERVED
CVE-2018-19377
	RESERVED
CVE-2018-19376 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnera ...)
	NOT-FOR-US: GreenCMS
CVE-2018-19375
	RESERVED
CVE-2018-19374 (Zoho ManageEngine ADManager Plus 6.6 Build 6657 allows local users to  ...)
	NOT-FOR-US: Zoho ManageEngine ADManager Plus
CVE-2018-19373
	RESERVED
CVE-2018-19372
	RESERVED
CVE-2018-19371 (The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has a ...)
	NOT-FOR-US: SDL Web
CVE-2018-19370 (A Race condition vulnerability in unzip_file in admin/import/class-imp ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19369
	RESERVED
CVE-2018-19368
	RESERVED
CVE-2018-19367 (Portainer through 1.19.2 provides an API endpoint (/api/users/admin/ch ...)
	NOT-FOR-US: Portainer
CVE-2018-19966 (An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS ...)
	{DSA-4369-1 DLA-1949-1}
	- xen 4.11.1-1
	NOTE: https://xenbits.xen.org/xsa/advisory-280.txt
CVE-2018-19965 (An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest ...)
	{DSA-4369-1}
	- xen 4.11.1-1
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://xenbits.xen.org/xsa/advisory-279.txt
CVE-2018-19964 (An issue was discovered in Xen 4.11.x allowing x86 guest OS users to c ...)
	- xen 4.11.1-1
	[stretch] - xen <not-affected> (Only affects 4.11)
	[jessie] - xen <not-affected> (Only affects 4.11)
	NOTE: https://xenbits.xen.org/xsa/advisory-277.txt
CVE-2018-19963 (An issue was discovered in Xen 4.11 allowing HVM guest OS users to cau ...)
	- xen 4.11.1-1
	[stretch] - xen <not-affected> (Only affects 4.11)
	[jessie] - xen <not-affected> (Only affects 4.11)
	NOTE: https://xenbits.xen.org/xsa/advisory-276.txt
CVE-2018-19962 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, po ...)
	{DSA-4369-1 DLA-1949-1}
	- xen 4.11.1-1
	NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
CVE-2018-19961 (An issue was discovered in Xen through 4.11.x on AMD x86 platforms, po ...)
	{DSA-4369-1 DLA-1949-1}
	- xen 4.11.1-1
	NOTE: https://xenbits.xen.org/xsa/advisory-275.txt
CVE-2018-19366
	RESERVED
CVE-2018-19365 (The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of th ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-19364 (hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while ...)
	{DSA-4454-1 DLA-1646-1}
	- qemu 1:3.1+dfsg-1 (bug #914599)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b76ef50f62079a2389ba28cacaf6cce68b1a0ed
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5b3c77aa581ebb215125c84b0742119483571e55
CVE-2018-19363
	RESERVED
CVE-2018-19362 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
	NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
CVE-2018-19361 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
	NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
CVE-2018-19360 (FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to h ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/42912cac4753f3f718ece875e4d486f8264c2f2b
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2186
	NOTE: https://issues.apache.org/jira/browse/TINKERPOP-2121
CVE-2018-19359 (GitLab Community and Enterprise Edition 8.9 and later and before 11.5. ...)
	- gitlab 11.3.10+dfsg-2 (bug #914166)
	NOTE: https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/
CVE-2018-19358 (GNOME Keyring through 3.28.2 allows local users to retrieve login cred ...)
	- gnome-keyring <unfixed> (unimportant; bug #914154)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365
	NOTE: https://github.com/sungjungk/keyring_crack
	NOTE: The default keyring is automatically unlocked upon successful login.
	NOTE: The current behavior to access passwords via DBus is expected but
	NOTE: cannot be compromised by another user on the system. Users can choose
	NOTE: to use a separate keyring if they prefer to be prompted.
	NOTE: Non issue
	NOTE: https://wiki.gnome.org/Projects/GnomeKeyring/SecurityFAQ
	NOTE: https://gitlab.gnome.org/GNOME/gnome-keyring/issues/5
CVE-2018-19357 (XMPlay 3.8.3 allows remote attackers to execute arbitrary code or caus ...)
	NOT-FOR-US: XMPlay
CVE-2018-19356
	RESERVED
CVE-2018-19355 (modules/orderfiles/ajax/upload.php in the Customer Files Upload addon  ...)
	NOT-FOR-US: Customer Files Upload addon for PrestaShop
CVE-2018-19354
	RESERVED
CVE-2018-19353 (The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allo ...)
	NOT-FOR-US: libansilove
CVE-2018-19352 (Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name  ...)
	- jupyter-notebook 5.7.4-1 (bug #917408)
	[stretch] - jupyter-notebook <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/jupyter/notebook/commit/288b73e1edbf527740e273fcc69b889460871648
CVE-2018-19351 (Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook bec ...)
	{DLA-2432-1}
	- jupyter-notebook 5.7.4-1 (bug #917409)
	NOTE: https://github.com/jupyter/notebook/commit/107a89fce5f413fb5728c1c5d2c7788e1fb17491
CVE-2018-19350 (In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwd ...)
	NOT-FOR-US: SeaCMS
CVE-2018-19349 (In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php top ...)
	NOT-FOR-US: SeaCMS
CVE-2018-19348 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19347 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19346 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19345 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19344 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19343 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19342 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19341 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-19340 (Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default. ...)
	NOT-FOR-US: Guriddo Form PHP
CVE-2018-19339
	RESERVED
CVE-2018-19338
	RESERVED
CVE-2018-19337
	RESERVED
CVE-2018-19336
	RESERVED
CVE-2018-19335 (Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search)  ...)
	NOT-FOR-US: Google Monorail
CVE-2018-19334 (Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search)  ...)
	NOT-FOR-US: Google Monorail
CVE-2018-19333 (pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows ...)
	NOT-FOR-US: gVisor
CVE-2018-19332 (An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability t ...)
	NOT-FOR-US: S-CMS
CVE-2018-19331 (An issue was discovered in S-CMS v1.5. There is a SQL injection vulner ...)
	NOT-FOR-US: S-CMS
CVE-2018-19330
	RESERVED
CVE-2018-19329 (GreenCMS v2.3.0603 allows remote authenticated administrators to delet ...)
	NOT-FOR-US: GreenCMS
CVE-2018-19328 (LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19327 (An issue was discovered in JTBC(PHP) 3.0.1.7. aboutus/manage.php?type= ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2018-19326 (Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory T ...)
	NOT-FOR-US: Zyxel
CVE-2018-19325
	REJECTED
CVE-2018-19324 (kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&a ...)
	NOT-FOR-US: kimsQ Rb
CVE-2018-19323 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
	NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19322 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 ...)
	NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19321 (The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 ...)
	NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19320 (The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, ...)
	NOT-FOR-US: GIGABYTE APP Center
CVE-2018-19319 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&amp;c=gifts&amp;a=update ...)
	NOT-FOR-US: SRCMS
CVE-2018-19318 (SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&amp;c=manager&amp;a=upda ...)
	NOT-FOR-US: SRCMS
CVE-2018-19317
	RESERVED
CVE-2018-19316
	RESERVED
CVE-2018-19315
	RESERVED
CVE-2018-19314
	RESERVED
CVE-2018-19313
	RESERVED
CVE-2018-19312 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) all ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19311 (Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service  ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19310
	RESERVED
CVE-2018-19309
	RESERVED
CVE-2018-19308
	RESERVED
CVE-2018-19307
	RESERVED
CVE-2018-19306
	RESERVED
CVE-2018-19305
	RESERVED
CVE-2018-19304
	RESERVED
CVE-2018-19303
	RESERVED
CVE-2018-19302
	RESERVED
CVE-2018-19301 (tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted us ...)
	NOT-FOR-US: tp4a TELEPORT
CVE-2018-19300 (On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) ...)
	NOT-FOR-US: D-Link
CVE-2018-19299
	RESERVED
CVE-2018-19298
	RESERVED
CVE-2018-19297
	RESERVED
CVE-2018-19296 (PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an objec ...)
	{DSA-4351-1 DLA-1591-1}
	- libphp-phpmailer 5.2.14+dfsg-2.4 (bug #913912)
	NOTE: https://github.com/PHPMailer/PHPMailer/commit/f1231a9771505f4f34da060390d82eadb8448271
CVE-2018-19295 (Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper I ...)
	- singularity-container 2.6.1-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/12/2
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1111411
CVE-2018-19294
	RESERVED
CVE-2018-19293
	RESERVED
CVE-2018-19292
	RESERVED
CVE-2018-19291 (An issue was discovered in DiliCMS 2.4.0. There is a CSRF vulnerabilit ...)
	NOT-FOR-US: DiliCMS
CVE-2018-19290 (In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax valid ...)
	NOT-FOR-US: Budabot
CVE-2018-19289 (An issue was discovered in Valine v1.3.3. It allows HTML injection, wh ...)
	NOT-FOR-US: Valine
CVE-2018-19288 (Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the u ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-19287 (XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remot ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-19286 (The server in mubu note 2018-11-11 has XSS by configuring an account w ...)
	NOT-FOR-US: mubu note
CVE-2018-19285
	RESERVED
CVE-2018-19284
	REJECTED
CVE-2018-19283
	RESERVED
CVE-2018-19282 (Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow re ...)
	NOT-FOR-US: Rockwell Automation
CVE-2018-19281 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) all ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19280 (Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource na ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19279 (PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plain ...)
	NOT-FOR-US: PRIMX ZoneCentral
CVE-2018-19278 (Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x b ...)
	- asterisk <not-affected> (Vulnerable code introduced in 15.x and 16.x releases)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2018-010.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28127
CVE-2018-19277 (securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypa ...)
	NOT-FOR-US: PHPOffice
CVE-2018-19276 (OpenMRS before 2.24.0 is affected by an Insecure Object Deserializatio ...)
	NOT-FOR-US: OpenMRS
CVE-2018-19275 (The BluStar component in Mitel InAttend before 2.5 SP3 and CMG before  ...)
	NOT-FOR-US: Mitel
CVE-2018-19274 (Passing an absolute path to a file_exists check in phpBB before 3.2.4  ...)
	{DLA-1593-1}
	- phpbb3 <removed>
	NOTE: https://www.phpbb.com/community/viewtopic.php?f=14&t=2492206
	NOTE: https://github.com/phpbb/phpbb/commit/0dfbb60bc322ccda7a6e670a5f5ec9ab2f536eac
CVE-2018-19273
	RESERVED
CVE-2018-19272
	RESERVED
CVE-2018-19271 (Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) all ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-19270
	REJECTED
CVE-2018-19269
	REJECTED
CVE-2018-19268
	REJECTED
CVE-2018-19267
	REJECTED
CVE-2018-19266
	REJECTED
CVE-2018-19265
	REJECTED
CVE-2018-19264
	REJECTED
CVE-2018-19263
	REJECTED
CVE-2018-19262
	REJECTED
CVE-2018-19261
	REJECTED
CVE-2018-19260
	REJECTED
CVE-2018-19259
	REJECTED
CVE-2018-19258
	REJECTED
CVE-2018-19257
	REJECTED
CVE-2018-19256
	REJECTED
CVE-2018-19255
	REJECTED
CVE-2018-19254
	REJECTED
CVE-2018-19253
	REJECTED
CVE-2018-19252
	REJECTED
CVE-2018-19251
	REJECTED
CVE-2018-19250
	REJECTED
CVE-2018-19249 (The Stripe API v1 allows remote attackers to bypass intended access re ...)
	NOT-FOR-US: Stripe API
CVE-2018-19248 (The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode) ...)
	NOT-FOR-US: Epson
CVE-2018-19247
	RESERVED
CVE-2018-19246 (PHP-Proxy 5.1.0 allows remote attackers to read local files if the def ...)
	NOT-FOR-US: PHP-Proxy
CVE-2018-19245
	RESERVED
CVE-2018-19244 (An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 ...)
	NOT-FOR-US: Charles
CVE-2018-19243
	RESERVED
CVE-2018-19242 (Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-6 ...)
	NOT-FOR-US: TRENDnet
CVE-2018-19241 (Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V ...)
	NOT-FOR-US: TRENDnet
CVE-2018-19240 (Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, ...)
	NOT-FOR-US: TRENDnet
CVE-2018-19239 (TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vuln ...)
	NOT-FOR-US: TRENDnet
CVE-2018-19238
	RESERVED
CVE-2018-19237
	RESERVED
CVE-2018-19236
	RESERVED
CVE-2018-19235
	RESERVED
CVE-2018-19234 (The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edi ...)
	NOT-FOR-US: Miss Marple Enterprise
CVE-2018-19233 (COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users  ...)
	NOT-FOR-US: Miss Marple Enterprise
CVE-2018-19232 (The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode) ...)
	NOT-FOR-US: Epson
CVE-2018-19231
	RESERVED
CVE-2018-19230
	RESERVED
CVE-2018-19229 (An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/ ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19228 (An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file del ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19227 (An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/ ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19226 (An issue was discovered in LAOBANCMS 2.0. It allows remote attackers t ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19225 (An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF. ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19224 (An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoo ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19223 (An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first  ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19222 (An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_h ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19221 (An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via  ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19220 (An issue was discovered in LAOBANCMS 2.0. It allows remote attackers t ...)
	NOT-FOR-US: LAOBANCMS
CVE-2018-19219 (In LibSass 3.5-stable, there is an illegal address access at Sass::Eva ...)
	NOTE: Bogus report for libsass
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643760
CVE-2018-19218 (In LibSass 3.5-stable, there is an illegal address access at Sass::Par ...)
	NOTE: Bogus report for libsass
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643758
CVE-2018-19217 (** DISPUTED ** In ncurses, possibly a 6.x version, there is a NULL poi ...)
	- ncurses 6.0+20170701-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-04/msg00020.html
CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoke ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425
	NOTE: Fix: https://github.com/netwide-assembler/nasm/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1115758#c7
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
	NOTE: https://github.com/netwide-assembler/nasm/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
	NOTE: No security impact, crash in CLI tool
CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392521
	NOTE: https://github.com/netwide-assembler/nasm/commit/661f723d39e03ca6eb05d7376a43ca33db478354
	NOTE: No security impact, crash in CLI tool
CVE-2018-19213 (Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may le ...)
	- nasm <unfixed> (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392524
	NOTE: No security impact, crash in CLI tool
CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwebm::We ...)
	NOT-FOR-US: libwebm
	NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...)
	- ncurses 6.1+20180210-3 (low)
	[stretch] - ncurses <ignored> (Minor issue)
	[jessie] - ncurses <no-dsa> (Minor issue)
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
CVE-2018-19210 (In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWrite ...)
	{DSA-4670-1 DLA-1680-1}
	- tiff 4.0.10-4 (bug #913675)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2820
	NOTE: https://gitlab.com/libtiff/libtiff/commit/d0a842c5dbad2609aed43c701a12ed12461d3405
	NOTE: https://gitlab.com/libtiff/libtiff/commit/38ede78b13810ff0fa8e61f86ef9aa0ab2964668
CVE-2018-19209 (Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in th ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392522
	NOTE: No security impact, crash in CLI tool
CVE-2018-19208 (In libwpd 0.10.2, there is a NULL pointer dereference in the function  ...)
	- libwpd 0.10.2-3 (low; bug #913702)
	[stretch] - libwpd <no-dsa> (Minor issue)
	[jessie] - libwpd <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643752
	NOTE: Patch used in Fedora: https://src.fedoraproject.org/rpms/libwpd/raw/e42834b844f3282d8ccb0889abf1b33f3f71e02f/f/0001-Resolves-rhbz-1643752-bounds-check-m_currentTable-ac.patch
CVE-2018-19204 (PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-19203 (PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-19202 (A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.1 ...)
	NOT-FOR-US: MyBB
CVE-2018-19201 (A reflected XSS vulnerability in the ModCP Profile Editor in MyBB befo ...)
	NOT-FOR-US: MyBB
CVE-2018-19200 (An issue was discovered in uriparser before 0.9.0. UriCommon.c allows  ...)
	{DLA-1581-1}
	- uriparser 0.9.0-1 (bug #913817)
	[stretch] - uriparser 0.8.4-1+deb9u1
	NOTE: https://github.com/uriparser/uriparser/commit/f58c25069cf4a986fe17a80c5b38687e31feb539
CVE-2018-19199 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows a ...)
	{DLA-1581-1}
	- uriparser 0.9.0-1 (bug #913817)
	[stretch] - uriparser 0.8.4-1+deb9u1
	NOTE: https://github.com/uriparser/uriparser/commit/f76275d4a91b28d687250525d3a0c5509bbd666f
CVE-2018-19198 (An issue was discovered in uriparser before 0.9.0. UriQuery.c allows a ...)
	{DLA-1581-1}
	- uriparser 0.9.0-1 (bug #913817)
	[stretch] - uriparser 0.8.4-1+deb9u1
	NOTE: https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e
CVE-2018-19207 (The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before  ...)
	NOT-FOR-US: WordPress plugin wp-gdpr-compliance
CVE-2018-19206 (steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use  ...)
	{DSA-4344-1}
	- roundcube 1.3.8+dfsg.1-1
	NOTE: https://roundcube.net/news/2018/10/26/update-1.3.8-released
	NOTE: https://github.com/roundcube/roundcubemail/issues/6410
	NOTE: https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059 (released-1.3)
	NOTE: https://github.com/roundcube/roundcubemail/commit/adcac3b9de2728c34c4d2b107e54823b6a7f6a5b (master)
CVE-2018-19205 (Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warni ...)
	- roundcube 1.3.8+dfsg.1-1
	[stretch] - roundcube <ignored> (Relies on php-crypt-gpg, not in stretch. Old version in 1.3 doesn't verify signature anyway)
	NOTE: https://roundcube.net/news/2018/07/27/update-1.3.7-released
	NOTE: https://github.com/roundcube/roundcubemail/issues/6289
	NOTE: https://github.com/roundcube/roundcubemail/commit/94da947855329c5062ec2a7098eb86fb675aac37 (release-1.3)
	NOTE: https://github.com/roundcube/roundcubemail/commit/2fa112bd836e5e144e270bda11c9fda1a66a22ae (master)
CVE-2018-19197 (An issue was discovered in XiaoCms 20141229. admin\controller\database ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19196 (An issue was discovered in XiaoCms 20141229. It allows remote attacker ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19195 (An issue was discovered in XiaoCms 20141229. There is XSS related to t ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19194 (An issue was discovered in XiaoCms 20141229. /admin/index.php?c=databa ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19193 (An issue was discovered in XiaoCms 20141229. There is XSS via the larg ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19192 (An issue was discovered in XiaoCms 20141229. admin/index.php?c=content ...)
	NOT-FOR-US: XiaoCms
CVE-2018-19191 (Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi hist ...)
	- webmin <removed>
CVE-2018-19190 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19189 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19188 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19187 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19186 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
	NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19185 (An issue has been found in libIEC61850 v1.3. It is a heap-based buffer ...)
	NOT-FOR-US: libIEC61850
CVE-2018-19184 (cmd/evm/runner.go in Go Ethereum (aka geth) 1.8.17 allows attackers to ...)
	- golang-github-go-ethereum <itp> (bug #890541)
CVE-2018-19183 (ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm. ...)
	NOT-FOR-US: ethereumjs-vm
CVE-2018-19182 (Engelsystem before commit hash 2e28336 allows CSRF. ...)
	NOT-FOR-US: Engelsystem
CVE-2018-19181 (statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arb ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-19180 (statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install. ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-19179
	RESERVED
CVE-2018-19178 (In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapp ...)
	NOT-FOR-US: JEESNS
CVE-2018-19177
	RESERVED
CVE-2018-19176
	RESERVED
CVE-2018-19175
	RESERVED
CVE-2018-19174
	RESERVED
CVE-2018-19173
	RESERVED
CVE-2018-19172
	RESERVED
CVE-2018-19171
	RESERVED
CVE-2018-19170 (In JPress v1.0-rc.5, there is stored XSS via each of the first three i ...)
	NOT-FOR-US: JPress
CVE-2018-19169
	RESERVED
CVE-2018-19168 (Shell Metacharacter Injection in www/modules/save.php in FruityWifi (a ...)
	NOT-FOR-US: FruityWifi
CVE-2018-19167 (CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency ...)
	NOT-FOR-US: CloakCoin
CVE-2018-19166 (peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) a ...)
	NOT-FOR-US: peercoin
CVE-2018-19165 (neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) all ...)
	NOT-FOR-US: neblio
CVE-2018-19164 (reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) ...)
	NOT-FOR-US: reddcoin
CVE-2018-19163 (stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) ...)
	NOT-FOR-US: stratisX
CVE-2018-19162 (Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allow ...)
	NOT-FOR-US: Divi
CVE-2018-19161 (alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows  ...)
	NOT-FOR-US: alqo
CVE-2018-19160 (Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency)  ...)
	NOT-FOR-US: Diamond
CVE-2018-19159 (lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows ...)
	NOT-FOR-US: lux
CVE-2018-19158 (ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurre ...)
	NOT-FOR-US: ColossusCoinXT
CVE-2018-19157 (Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) al ...)
	NOT-FOR-US: Phore
CVE-2018-19156 (PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allo ...)
	NOT-FOR-US: PIVX
CVE-2018-19155 (navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) al ...)
	NOT-FOR-US: navcoin
CVE-2018-19154 (HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) al ...)
	NOT-FOR-US: HTMLCOIN
CVE-2018-19153 (particl through 0.17 (a chain-based proof-of-stake cryptocurrency) all ...)
	NOT-FOR-US: particl
CVE-2018-19152 (emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) all ...)
	NOT-FOR-US: emercoin
CVE-2018-19151 (qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows ...)
	NOT-FOR-US: qtum
CVE-2018-19150 (Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdffor ...)
	NOT-FOR-US: pdfforge PDF Architect
CVE-2018-19149 (Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attac ...)
	- poppler 0.71.0-2 (unimportant; bug #914600)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/664
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649457#c3
	NOTE: https://github.com/freedesktop/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 (poppler-0.70.0)
CVE-2018-19148 (Caddy through 0.11.0 sends incorrect certificates for certain invalid  ...)
	- caddy <itp> (bug #810890)
CVE-2018-19147
	RESERVED
CVE-2018-19146 (Concrete5 8.4.3 has XSS because config/concrete.php allows uploads (by ...)
	NOT-FOR-US: Concrete5
CVE-2018-19145 (An issue was discovered in S-CMS v1.5. There is an XSS vulnerability i ...)
	NOT-FOR-US: S-CMS
CVE-2018-19144
	RESERVED
CVE-2018-19140
	RESERVED
CVE-2018-19139 (An issue has been found in JasPer 2.0.14. There is a memory leak in ja ...)
	- jasper <removed> (low)
	[jessie] - jasper <postponed> (can be fixed later)
	NOTE: https://github.com/mdadams/jasper/issues/188
CVE-2018-19138 (WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI. ...)
	NOT-FOR-US: WSTMart
CVE-2018-19137 (DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php i ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19136 (DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-accoun ...)
	NOT-FOR-US: DomainMOD
CVE-2018-19135 (ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file up ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-19134 (In Artifex Ghostscript through 9.25, the setpattern operator did not p ...)
	{DSA-4346-1 DLA-1620-1}
	- ghostscript 9.26~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700141
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=693baf02152119af6e6afd30bb8ec76d14f84bbf (master)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7c8f85a23db24031945af3cacb2c0b4740e67072 (ghostscript-9.26)
CVE-2018-19133 (In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email ...)
	NOT-FOR-US: Flarum Core
CVE-2018-19130 (** DISPUTED ** In Libav 12.3, there is an invalid memory access in vc1 ...)
	{DLA-2021-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1139
	NOTE: Duplicate of CVE-2017-17127
CVE-2018-19129 (In Libav 12.3, a NULL pointer dereference (RIP points to zero) issue i ...)
	- libav <removed>
	[jessie] - libav <postponed> (no patch, ffmpeg backport fails, sent info upstream)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1138
	NOTE: Duplicate of CVE-2019-14441
CVE-2018-19128 (In Libav 12.3, there is a heap-based buffer over-read in decode_frame  ...)
	{DLA-2021-1}
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1137
CVE-2018-19127 (A code injection vulnerability in /type.php in PHPCMS 2008 allows atta ...)
	NOT-FOR-US: PHPCMS
CVE-2018-19126 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remot ...)
	NOT-FOR-US: PrestaShop
CVE-2018-19125 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remot ...)
	NOT-FOR-US: PrestaShop
CVE-2018-19124 (PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 on Windows a ...)
	NOT-FOR-US: PrestaShop
CVE-2018-19123
	RESERVED
CVE-2018-19122 (An issue has been found in libIEC61850 v1.3. It is a NULL pointer dere ...)
	NOT-FOR-US: libIEC61850
CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in Ethernet_ ...)
	NOT-FOR-US: libIEC61850
CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...)
	{DLA-1592-1}
	- otrs2 6.0.1-1
	[stretch] - otrs2 <ignored> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
	NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions).
	NOTE: Add workaround and mark first 6.x version as fixing version
CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin  ...)
	- otrs2 6.0.13-1
	[stretch] - otrs2 <not-affected> (Only affects 6.x)
	[jessie] - otrs2 <not-affected> (Only affects 6.x)
	NOTE: https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/
CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5. ...)
	{DLA-1592-1}
	- otrs2 6.0.13-1
	[stretch] - otrs2 <ignored> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows  ...)
	- kio-extras 4:18.08.3-1 (bug #913595)
	[stretch] - kio-extras <no-dsa> (Minor issue)
	- kde-runtime <removed> (bug #913596)
	[buster] - kde-runtime <ignored> (Minor issue)
	[stretch] - kde-runtime <no-dsa> (Minor issue)
	[jessie] - kde-runtime <ignored> (Minor issue)
	NOTE: https://www.kde.org/info/security/advisory-20181012-1.txt
CVE-2018-19119
	RESERVED
CVE-2018-19118 (Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attacker ...)
	NOT-FOR-US: Zoho
CVE-2018-19117
	RESERVED
CVE-2018-19116
	RESERVED
CVE-2018-19967 (An issue was discovered in Xen through 4.11.x on Intel x86 platforms a ...)
	{DSA-4369-1 DLA-1577-1}
	- xen 4.11.1-1
	NOTE: https://xenbits.xen.org/xsa/advisory-282.txt
CVE-2018-19115 (keepalived before 2.0.7 has a heap-based buffer overflow when parsing  ...)
	{DLA-1589-1}
	- keepalived 1:2.0.10-1 (low; bug #914393)
	[stretch] - keepalived <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
	NOTE: https://github.com/acassen/keepalived/pull/961
	NOTE: https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9
CVE-2018-19114 (An issue was discovered in MinDoc through v1.0.2. It allows attackers  ...)
	NOT-FOR-US: MinDoc
CVE-2018-19113 (The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in bef ...)
	NOT-FOR-US: Pronestor PNHM
CVE-2018-19112
	RESERVED
CVE-2018-19111 (The Google Cardboard application 1.8 for Android and 1.2 for iOS sends ...)
	NOT-FOR-US: Google Cardboard application for Android and iOS
CVE-2018-19110 (The skin-management feature in tianti 2.3 allows remote authenticated  ...)
	NOT-FOR-US: tianti
CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass intended permis ...)
	NOT-FOR-US: tianti
CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PS ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (bug #913272)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/426
	NOTE: https://github.com/Exiv2/exiv2/pull/518
	NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
	NOTE: https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdi ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (low; bug #913273)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/427
	NOTE: https://github.com/Exiv2/exiv2/pull/518
	NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
	NOTE: https://github.com/Exiv2/exiv2/commit/b7c71f3ad0386cd7af3b73443c0615ada073f0d5
CVE-2018-19106 (Avi Vantage before 17.2.13 uses an invalid URL encoding during a redir ...)
	NOT-FOR-US: Avi Vantage
CVE-2018-19105 (LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0 ...)
	{DLA-1776-1}
	- librecad 2.1.3-1.2 (bug #928477)
	[stretch] - librecad 2.1.2-1+deb9u1
	NOTE: https://code610.blogspot.com/2018/11/crashing-librecad-213.html
	NOTE: https://github.com/LibreCAD/LibreCAD/issues/1038
	NOTE: Fixed by https://github.com/LibreCAD/LibreCAD/commit/6da7cc5f7f31afb008f03dbd11e07207ccd82085
	NOTE: Regression fix https://github.com/LibreCAD/LibreCAD/commit/8604f171ee380f294102da6154adf77ab754d403
CVE-2018-19104 (In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can b ...)
	NOT-FOR-US: BageCMS
CVE-2018-19103
	RESERVED
CVE-2018-19102
	RESERVED
CVE-2018-19101
	RESERVED
CVE-2018-19100
	RESERVED
CVE-2018-19099
	RESERVED
CVE-2018-19098
	RESERVED
CVE-2018-19097
	RESERVED
CVE-2018-19096
	RESERVED
CVE-2018-19095
	RESERVED
CVE-2018-19094
	RESERVED
CVE-2018-19093 (** DISPUTED ** An issue has been found in libIEC61850 v1.3. It is a SE ...)
	NOT-FOR-US: libIEC61850
CVE-2018-19092 (An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/ ...)
	NOT-FOR-US: YzmCMS
CVE-2018-19091 (tianti 2.3 has reflected XSS in the user management module via the tia ...)
	NOT-FOR-US: tianti
CVE-2018-19090 (tianti 2.3 has stored XSS in the article management module via an arti ...)
	NOT-FOR-US: tianti
CVE-2018-19089 (tianti 2.3 has stored XSS in the userlist module via the tianti-module ...)
	NOT-FOR-US: tianti
CVE-2018-19088
	RESERVED
CVE-2018-19087 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-b ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-19086 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-b ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-19085 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-b ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-19084 (RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-b ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-19083 (WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/ind ...)
	NOT-FOR-US: WeCenter
CVE-2018-19082 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19081 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19080 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19079 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19078 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19077 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19076 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19075 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19074 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19073 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19072 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19071 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19070 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19069 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19068 (An issue was discovered on Foscam Opticam i5 devices with System Firmw ...)
	NOT-FOR-US: Foscam Opticam i5 devices
CVE-2018-19067 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19066 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19065 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19064 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19063 (An issue was discovered on Foscam C2 devices with System Firmware 1.11 ...)
	NOT-FOR-US: Foscam C2 devices
CVE-2018-19062
	RESERVED
CVE-2018-19061 (DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter ...)
	NOT-FOR-US: DedeCMS
CVE-2018-19060 (An issue was discovered in Poppler 0.71.0. There is a NULL pointer der ...)
	- poppler 0.85.0-2 (unimportant; bug #913182)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/660
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/d2f5d424ba8752f9a9e9dad410546ec1b46caa0a (poppler-0.72.0)
	NOTE: Issue in pdfdetach cli tool leading to crash
CVE-2018-19059 (An issue was discovered in Poppler 0.71.0. There is a out-of-bounds re ...)
	- poppler 0.85.0-2 (unimportant; bug #913180)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/661
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/77a30e94d96220d7e22dff5b3f0a7f296f01b118 (poppler-0.72.0)
	NOTE: Issue in pdfdetach cli tool leading to crash
CVE-2018-19058 (An issue was discovered in Poppler 0.71.0. There is a reachable abort  ...)
	{DLA-2440-1 DLA-1706-1}
	[experimental] - poppler 0.81.0-1
	- poppler 0.85.0-2 (low; bug #913177)
	[buster] - poppler <ignored> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/659
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/6912e06d9ab19ba28991b5cab3319d61d856bd6d
CVE-2018-19057 (SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG ele ...)
	NOT-FOR-US: SimpleMDE
CVE-2018-19056 (pandao Editor.md 1.5.0 has DOM XSS via input starting with a "&lt;&lt; ...)
	NOT-FOR-US: pandao Editor.md
CVE-2018-XXXX [VirtualBox E1000 Guest-to-Host Escape]
	- virtualbox 5.2.22-dfsg-1 (bug #913137)
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	NOTE: https://github.com/MorteNoir1/virtualbox_e1000_0day
	NOTE: Changes between 5.2.20 and 5.2.22: https://paste.debian.net/plain/1051089
	NOTE: https://github.com/MorteNoir1/virtualbox_e1000_0day/issues/12
CVE-2018-19055
	RESERVED
CVE-2018-19054
	RESERVED
CVE-2018-19053 (PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code b ...)
	NOT-FOR-US: PbootCMS
CVE-2018-19051 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type ...)
	NOT-FOR-US: MetInfo
CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset  ...)
	NOT-FOR-US: MetInfo
CVE-2018-19049
	RESERVED
CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c i ...)
	- lighttpd 1.4.52-1 (bug #913528)
	[stretch] - lighttpd <no-dsa> (Minor issue)
	[jessie] - lighttpd <no-dsa> (Minor issue)
	NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1
CVE-2018-19048 (Simditor through 2.3.21 allows DOM XSS via an onload attribute within  ...)
	NOT-FOR-US: Simditor
CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application th ...)
	NOT-FOR-US: mPDF
CVE-2018-19046 (keepalived 2.0.8 didn't check for existing plain files when writing da ...)
	- keepalived 1:2.0.10-1 (unimportant)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
	NOTE: https://github.com/acassen/keepalived/issues/1048
	NOTE: Neutralised by kernel hardening
CVE-2018-19045 (keepalived 2.0.8 used mode 0666 when creating new temporary files upon ...)
	- keepalived 1:2.0.10-1 (unimportant)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
	NOTE: https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
	NOTE: https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
	NOTE: https://github.com/acassen/keepalived/issues/1048
CVE-2018-19044 (keepalived 2.0.8 didn't check for pathnames with symlinks when writing ...)
	- keepalived 1:2.0.10-1 (unimportant)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1015141
	NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
	NOTE: https://github.com/acassen/keepalived/issues/1048
CVE-2018-19043 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary fil ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19042 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary fil ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19041 (The Media File Manager plugin 1.4.2 for WordPress allows XSS via the d ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19040 (The Media File Manager plugin 1.4.2 for WordPress allows directory lis ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated  ...)
	- grafana <removed>
	NOTE: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
CVE-2018-19038
	RESERVED
CVE-2018-19037 (On Virgin Media wireless router 3.0 hub devices, the web interface is  ...)
	NOT-FOR-US: Virgin Media wireless router
CVE-2018-19036 (An issue was discovered in several Bosch IP cameras for firmware versi ...)
	NOT-FOR-US: Bosch
CVE-2018-19035
	RESERVED
CVE-2018-19034
	RESERVED
CVE-2018-19033
	RESERVED
CVE-2018-19032
	RESERVED
CVE-2018-19031 (A command injection vulnerability exists when the authorized user pass ...)
	NOT-FOR-US: 360 routers
CVE-2018-19030
	RESERVED
CVE-2018-19029 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19028
	RESERVED
CVE-2018-19027 (Three type confusion vulnerabilities exist in CX-One Versions 4.50 and ...)
	NOT-FOR-US: CX-One
CVE-2018-19026
	RESERVED
CVE-2018-19025 (In JUUKO K-808, an attacker could specially craft a packet that encode ...)
	NOT-FOR-US: JUUKO K-808
CVE-2018-19024
	RESERVED
CVE-2018-19023 (Hetronic Nova-M prior to verson r161 uses fixed codes that are reprodu ...)
	NOT-FOR-US: Hetronic Nova-M radio control systems
CVE-2018-19022
	RESERVED
CVE-2018-19021 (A specially crafted script could bypass the authentication of a mainte ...)
	NOT-FOR-US: Emerson DeltaV DCS
CVE-2018-19020 (When CX-Supervisor (Versions 3.42 and prior) processes project files a ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19019 (A type confusion vulnerability exists when processing project files in ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19018 (An access of uninitialized pointer vulnerability in CX-Supervisor (Ver ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19017 (Several use after free vulnerabilities have been identified in CX-Supe ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19016 (Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes ...)
	NOT-FOR-US: Rockwell Automation
CVE-2018-19015 (An attacker could inject commands to launch programs and create, write ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19014 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all ver ...)
	NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19013 (An attacker could inject commands to delete files and/or delete the co ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19012 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all ver ...)
	NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19011 (CX-Supervisor (Versions 3.42 and prior) can execute code that has been ...)
	NOT-FOR-US: CX-Supervisor
CVE-2018-19010 (Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all ver ...)
	NOT-FOR-US: Drager patient monitoring medical devices
CVE-2018-19009 (Pilz PNOZmulti Configurator prior to version 10.9 allows an authentica ...)
	NOT-FOR-US: Pilz PNOZmulti Configurator
CVE-2018-19008 (The TextEditor 2.0 in ABB CP400 Panel Builder versions 2.0.7.05 and ea ...)
	NOT-FOR-US: TextEditor 2.0 in ABB CP400 Panel Builder
CVE-2018-19007 (In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the D ...)
	NOT-FOR-US: Geutebrueck cameras
CVE-2018-19006 (OSIsoft PI Vision, versions PI Vision 2017, and PI Vision 2017 R2, The ...)
	NOT-FOR-US: OSIsoft PI Vision
CVE-2018-19005 (Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation  ...)
	NOT-FOR-US: Cscape
CVE-2018-19004 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds rea ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19003 (GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 0 ...)
	NOT-FOR-US: GE Mark
CVE-2018-19002 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control  ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-19001 (Philips HealthSuite Health Android App, all versions. The software use ...)
	NOT-FOR-US: Philips HealthSuite Health Android App
CVE-2018-19000 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18999 (WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 20 ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2018-18998 (LCDS Laquis SCADA prior to version 4.1.0.4150 uses hard coded credenti ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18997 (Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 a ...)
	NOT-FOR-US: ABB GATE-E2
CVE-2018-18996 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user in ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18995 (Pluto Safety PLC Gateway Ethernet devices ABB GATE-E1 and GATE-E2 all  ...)
	NOT-FOR-US: ABB GATE-E2
CVE-2018-18994 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows an out of bounds  ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18993 (Two stack-based buffer overflow vulnerabilities have been discovered i ...)
	NOT-FOR-US: CX-One
CVE-2018-18992 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user in ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18991 (Reflected cross-site scripting (non-persistent) in SCADA WebServer (Ve ...)
	NOT-FOR-US: SCADA WebServer
CVE-2018-18990 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied p ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18989 (In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and pri ...)
	NOT-FOR-US: CX-One
CVE-2018-18988 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of scri ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18987 (VT-Designer Version 2.1.7.31 is vulnerable by the program populating o ...)
	NOT-FOR-US: VT-Designer
CVE-2018-18986 (LCDS Laquis SCADA prior to version 4.1.0.4150 allows the opening of a  ...)
	NOT-FOR-US: LCDS Laquis SCADA
CVE-2018-18985 (Tridium Niagara Enterprise Security 2.3u1, all versions prior to 2.3.1 ...)
	NOT-FOR-US: Tridium Niagara Enterprise
CVE-2018-18984 (Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Enco ...)
	NOT-FOR-US: Medtronic
CVE-2018-18983 (VT-Designer Version 2.1.7.31 is vulnerable by the program reading the  ...)
	NOT-FOR-US: VT-Designer
CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application allows  ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-18981 (In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2018-18980 (An XML External Entity injection (XXE) vulnerability exists in Zoho Ma ...)
	NOT-FOR-US: Zoho ManageEngine Network Configuration Manager and OpManager
CVE-2018-18979 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for Android
CVE-2018-18978 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for Android
CVE-2018-18977 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for Android
CVE-2018-18976 (An issue was discovered in the Ascensia Contour NEXT ONE application f ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for iOS
CVE-2018-18975 (An issue was discovered in the Ascensia Contour NEXT ONE app for iOS b ...)
	NOT-FOR-US: Ascensia Contour NEXT ONE application for iOS
CVE-2018-18974
	RESERVED
CVE-2018-18973
	RESERVED
CVE-2018-18972
	RESERVED
CVE-2018-18971
	RESERVED
CVE-2018-18970
	RESERVED
CVE-2018-18969
	RESERVED
CVE-2018-18968
	RESERVED
CVE-2018-18967
	RESERVED
CVE-2018-18966 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18965 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18964 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18963 (Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerc ...)
	NOT-FOR-US: Degrau Publicidade e Internet Plataforma de E-commerce
CVE-2018-18962
	RESERVED
CVE-2018-18961
	RESERVED
CVE-2018-18960 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51 ...)
	NOT-FOR-US: Epson
CVE-2018-18959 (An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51 ...)
	NOT-FOR-US: Epson
CVE-2018-18958 (OPNsense 18.7.x before 18.7.7 has Incorrect Access Control. ...)
	NOT-FOR-US: OPNsense
CVE-2018-18957 (An issue has been found in libIEC61850 v1.3. It is a stack-based buffe ...)
	NOT-FOR-US: libIEC61850
CVE-2018-18956 (The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x b ...)
	- suricata 1:4.0.6-1
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <not-affected> (Vulnerable code not present, no MIME support in this version)
	NOTE: https://lists.openinfosecfoundation.org/pipermail/oisf-users/2018-October/016227.html
	NOTE: https://redmine.openinfosecfoundation.org/issues/2658#change-10374
CVE-2018-18955 (In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() i ...)
	- linux 4.18.20-1
	[stretch] - linux <not-affected> (Introduced in 4.15-rc1)
	[jessie] - linux <not-affected> (Introduced in 4.15-rc1)
	NOTE: https://git.kernel.org/linus/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd
	NOTE: Introduced in https://git.kernel.org/linus/6397fac4915a
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1712
CVE-2018-18954 (The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 al ...)
	{DSA-4454-1}
	- qemu 1:3.1+dfsg-1 (low; bug #914604)
	[jessie] - qemu <not-affected> (Vulnerable code not present. ppc/pnv lpc was added in 2.7)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d07945e78eb6b593cd17a4640c1fc9eb35e3245d
CVE-2018-18953
	RESERVED
CVE-2018-18952 (JEECMS 9.3 has XSS via an index.do#/content/update?type=update URI. ...)
	NOT-FOR-US: JEECMS
CVE-2018-18951
	RESERVED
CVE-2018-18950 (KindEditor through 4.1.11 has a path traversal vulnerability in php/up ...)
	NOT-FOR-US: KindEditor
CVE-2018-18949 (Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via M ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-18948
	RESERVED
CVE-2018-18947
	RESERVED
CVE-2018-18946
	RESERVED
CVE-2018-18945
	RESERVED
CVE-2018-18944 (Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow. ...)
	NOT-FOR-US: Artha ~ The Open Thesaurus
CVE-2018-18943 (An issue was discovered in baserCMS before 4.1.4. In the Register New  ...)
	NOT-FOR-US: baserCMS
CVE-2018-18942 (In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remot ...)
	NOT-FOR-US: baserCMS
CVE-2018-18941 (In Vignette Content Management version 6, it is possible to gain remot ...)
	NOT-FOR-US: Vignette Content Management
CVE-2018-18940 (servlet/SnoopServlet (a servlet installed by default) in Netscape Ente ...)
	NOT-FOR-US: Netscape Enterprise
CVE-2018-18939 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ind ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-18938 (An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in ind ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-18937 (An issue has been found in libIEC61850 v1.3. It is a NULL pointer dere ...)
	NOT-FOR-US: libIEC61850
CVE-2018-18936 (An issue was discovered in PopojiCMS v2.0.1. admin_library.php allows  ...)
	NOT-FOR-US: PopojiCMS
CVE-2018-18935 (An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-ad ...)
	NOT-FOR-US: PopojiCMS
CVE-2018-18934 (An issue was discovered in PopojiCMS v2.0.1. admin_component.php is ex ...)
	NOT-FOR-US: PopojiCMS
CVE-2018-18933 (The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-18932
	RESERVED
CVE-2018-18931 (An issue was discovered in the Tightrope Media Carousel digital signag ...)
	NOT-FOR-US: Tightrope Media Carousel
CVE-2018-18930 (The Tightrope Media Carousel digital signage product 7.0.4.104 contain ...)
	NOT-FOR-US: Tightrope Media Carousel
CVE-2018-18929 (The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4. ...)
	NOT-FOR-US: Tightrope Media Carousel
CVE-2018-18928 (International Components for Unicode (ICU) for C/C++ 63.1 has an integ ...)
	- icu 63.1-3
	[stretch] - icu <not-affected> (Vulnerable code not present)
	[jessie] - icu <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=900059
	NOTE: Fixed by: https://github.com/unicode-org/icu/commit/53d8c8f3d181d87a6aa925b449b51c4a2c922a51
	NOTE: https://unicode-org.atlassian.net/browse/ICU-20246
CVE-2018-18927 (An issue was discovered in PublicCMS V4.0. It allows XSS by modifying  ...)
	NOT-FOR-US: PublicCMS
CVE-2018-18926 (Gitea before 1.5.4 allows remote code execution because it does not pr ...)
	- gitea <removed>
	NOTE: https://github.com/go-gitea/gitea/issues/5140
CVE-2018-18925 (Gogs 0.11.66 allows remote code execution because it does not properly ...)
	NOT-FOR-US: Go Git Service
CVE-2018-18924 (The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to ...)
	NOT-FOR-US: ProjeQtOr
CVE-2018-18923 (AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabili ...)
	NOT-FOR-US: AbiSoft Ticketly
CVE-2018-18922 (add_user in AbiSoft Ticketly 1.0 allows remote attackers to create adm ...)
	NOT-FOR-US: AbiSoft Ticketly
CVE-2018-18921 (PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete  ...)
	NOT-FOR-US: PHP Server Monitor
CVE-2018-18920 (Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode  ...)
	- python3-py-evm <itp> (bug #884796)
CVE-2018-18919 (The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the commen ...)
	NOT-FOR-US: WP Editor.md plugin for WordPress
CVE-2018-18918
	RESERVED
CVE-2018-18917
	RESERVED
CVE-2018-18916
	RESERVED
CVE-2018-18915 (There is an infinite loop in the Exiv2::Image::printIFDStructure funct ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental; bug #912828)
	NOTE: https://github.com/Exiv2/exiv2/issues/511
CVE-2018-18914
	RESERVED
CVE-2018-18913 (Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacki ...)
	NOT-FOR-US: Opera
CVE-2018-18912 (An issue was discovered in Easy File Sharing (EFS) Web Server 7.2. A s ...)
	NOT-FOR-US: Easy File Sharing
CVE-2018-18911
	RESERVED
CVE-2018-18910
	RESERVED
CVE-2018-18909 (xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of  ...)
	NOT-FOR-US: xhEditor
CVE-2018-18908 (The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows p ...)
	NOT-FOR-US: Sky Go Desktop
CVE-2018-18907
	RESERVED
CVE-2018-18906
	RESERVED
CVE-2018-18905
	RESERVED
CVE-2018-18904
	RESERVED
CVE-2018-18903 (Vanilla 2.6.x before 2.6.4 allows remote code execution. ...)
	NOT-FOR-US: Vanilla
CVE-2018-18902
	RESERVED
CVE-2018-18901
	RESERVED
CVE-2018-18900
	RESERVED
CVE-2018-18899
	RESERVED
CVE-2018-18898 (The email-ingestion feature in Best Practical Request Tracker 4.1.13 t ...)
	{DLA-2101-1}
	- libemail-address-list-perl 0.06-1
	[stretch] - libemail-address-list-perl 0.05-1+deb9u1
	NOTE: https://github.com/bestpractical/email-address-list/commit/a22e6b233443fe3ad1a408e50ecbd7237674817d
	NOTE: https://github.com/bestpractical/email-address-list/commit/6dd5021a6e5df2e8c86a163dc2e180a76a38e63b
	NOTE: https://github.com/bestpractical/email-address-list/commit/31bd4dc2dfb26fd6a17e4436df3d3c8904856f30
CVE-2018-18897 (An issue was discovered in Poppler 0.71.0. There is a memory leak in G ...)
	[experimental] - poppler 0.81.0-1
	- poppler 0.85.0-2 (low; bug #913164)
	[buster] - poppler <ignored> (Negligible security impact)
	[stretch] - poppler <ignored> (Negligible security impact)
	[jessie] - poppler <ignored> (Negligible security impact; memory leak)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/654
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/e07c8b4784234383cb5ddcf1133ea91a772506e2
CVE-2018-18896
	RESERVED
CVE-2018-18895
	REJECTED
CVE-2018-18894 (Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) c ...)
	NOT-FOR-US: Lexmark
CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to co ...)
	NOT-FOR-US: Jinjava
CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the install.ph ...)
	NOT-FOR-US: MiniCMS
CVE-2018-18891 (MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete& ...)
	NOT-FOR-US: MiniCMS
CVE-2018-18890 (MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state= ...)
	NOT-FOR-US: MiniCMS
CVE-2018-18889
	RESERVED
CVE-2018-18888 (An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Co ...)
	NOT-FOR-US: laravelCMS
CVE-2018-18887 (S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type ...)
	NOT-FOR-US: S-CMS
CVE-2018-18886 (Helpy v2.1.0 has Stored XSS via the Ticket title. ...)
	NOT-FOR-US: Helpy
CVE-2018-18885
	RESERVED
CVE-2018-18884
	RESERVED
CVE-2018-18882 (A stored cross-site scripting (XSS) issue was discovered in ControlByW ...)
	NOT-FOR-US: ControlByWeb
CVE-2018-18881 (A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M- ...)
	NOT-FOR-US: ControlByWeb
CVE-2018-18880 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a net ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18879 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an au ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18878 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the B ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18877 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an au ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18876 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a rea ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18875 (In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a sto ...)
	NOT-FOR-US: Columbia Weather MicroServer
CVE-2018-18874 (nc-cms through 2017-03-10 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: nc-cms
CVE-2018-18873 (An issue was discovered in JasPer 2.0.14. There is a NULL pointer dere ...)
	{DLA-1628-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/184
CVE-2018-18872 (The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stor ...)
	NOT-FOR-US: Kieran O'Shea Calendar plugin for WordPress
CVE-2018-18871 (Missing password verification in the web interface on Gigaset Maxwell  ...)
	NOT-FOR-US: Gigaset
CVE-2018-18870
	RESERVED
CVE-2018-18869 (EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-18868 (No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name paramete ...)
	NOT-FOR-US: No-CMS
CVE-2018-18867 (An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4  ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-18866
	RESERVED
CVE-2018-18865 (The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07 ...)
	NOT-FOR-US: Royal browser extensions TS
CVE-2018-18864 (Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache ...)
	NOT-FOR-US: Loadbalancer.org Enterprise VA MAX
CVE-2018-18863 (NGA ResourceLink 20.0.2.1 allows local file inclusion. ...)
	NOT-FOR-US: NGA ResourceLink
CVE-2018-18862 (BMC Remedy Mid-Tier 7.1.00 and 9.1.02.003 for BMC Remedy AR System has ...)
	NOT-FOR-US: BMC
CVE-2018-18861 (Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execu ...)
	NOT-FOR-US: PCMan FTP Server
CVE-2018-18860 (A local privilege escalation vulnerability has been identified in the  ...)
	NOT-FOR-US: SwitchVPN for macOS
CVE-2018-18859 (Multiple local privilege escalation vulnerabilities have been identifi ...)
	NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18858 (Multiple local privilege escalation vulnerabilities have been identifi ...)
	NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18857 (Multiple local privilege escalation vulnerabilities have been identifi ...)
	NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18856 (Multiple local privilege escalation vulnerabilities have been identifi ...)
	NOT-FOR-US: LiquidVPN client for macOS
CVE-2018-18855
	RESERVED
CVE-2018-18854 (Lightbend Spray spray-json through 1.3.4 allows remote attackers to ca ...)
	NOT-FOR-US: Lightbend Spray spray-json
CVE-2018-18853 (Lightbend Spray spray-json through 1.3.4 allows remote attackers to ca ...)
	NOT-FOR-US: Lightbend Spray spray-json
CVE-2018-18852 (Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection  ...)
	NOT-FOR-US: Cerio devices
CVE-2018-18851
	RESERVED
CVE-2018-18850 (In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authen ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-18849 (In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-boun ...)
	{DSA-4454-1 DLA-1781-1}
	- qemu 1:3.1+dfsg-1 (bug #912535)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e58ccf039650065a9442de43c9816f81e88f27f6
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/1
CVE-2018-18848
	RESERVED
CVE-2018-18847
	RESERVED
CVE-2018-18846
	RESERVED
CVE-2018-18845 (internal/advanced_comment_system/index.php and internal/advanced_comme ...)
	NOT-FOR-US: Advanced Comment System
CVE-2018-18844
	RESERVED
CVE-2018-18843 (The Kubernetes integration in GitLab Enterprise Edition 11.x before 11 ...)
	- gitlab <not-affected> (Only affects Enterprise edition)
	NOTE: https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/
CVE-2018-18842 (CSRF exists in zb_users/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5 ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-18841 (XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Cla ...)
	NOT-FOR-US: SEMCMS PHP
CVE-2018-18840 (XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Cla ...)
	NOT-FOR-US: SEMCMS PHP
CVE-2018-18839 (** DISPUTED ** An issue was discovered in Netdata 1.10.0. Full Path Di ...)
	- netdata 1.11.1+dfsg-1
	NOTE: https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
	NOTE: https://github.com/netdata/netdata/pull/4521
CVE-2018-18838 (An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forge ...)
	- netdata 1.11.1+dfsg-1
	NOTE: https://github.com/netdata/netdata/pull/4521
	NOTE: https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
CVE-2018-18837 (An issue was discovered in Netdata 1.10.0. HTTP Header Injection exist ...)
	- netdata 1.11.1+dfsg-1
	NOTE: https://github.com/netdata/netdata/pull/4521
	NOTE: https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
CVE-2018-18836 (An issue was discovered in Netdata 1.10.0. JSON injection exists via t ...)
	- netdata 1.11.1+dfsg-1
	NOTE: https://github.com/netdata/netdata/pull/4521
	NOTE: https://github.com/netdata/netdata/commit/92327c9ec211bd1616315abcb255861b130b97ca
CVE-2018-18835 (upload_template() in system/changeskin.php in DocCms 2016.5.12 allows  ...)
	NOT-FOR-US: DocCms
CVE-2018-18834 (An issue has been found in libIEC61850 v1.3. It is a heap-based buffer ...)
	NOT-FOR-US: libIEC61850
CVE-2018-18833
	RESERVED
CVE-2018-18832 (admin/check.asp in DKCMS 9.4 allows SQL Injection via an ASPSESSIONID  ...)
	NOT-FOR-US: DKCMS
CVE-2018-18831 (An issue was discovered in com\mingsoft\cms\action\GeneraterAction.jav ...)
	NOT-FOR-US: MCMS
CVE-2018-18830 (An issue was discovered in com\mingsoft\basic\action\web\FileAction.ja ...)
	NOT-FOR-US: MCMS
CVE-2018-18829 (There exists a NULL pointer dereference in ff_vc1_parse_frame_header_a ...)
	- libav <removed>
	[jessie] - libav <postponed> (Minor issue, clean crash, no patch)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1136
	NOTE: ffmpeg PoC crash fixed but different vector:
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c79cf0129edafc388ba1c47cd7b6a620557e48de
CVE-2018-18828 (There exists a heap-based buffer overflow in vc1_decode_i_block_adv in ...)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1135
CVE-2018-18827 (There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_bl ...)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1135
CVE-2018-18826 (There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in  ...)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1135
CVE-2018-18825 (Pagoda Linux panel V6.0 has XSS via the verification code associated w ...)
	NOT-FOR-US: Pagoda Linux panel
CVE-2018-18824 (WolfCMS v0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_ma ...)
	NOT-FOR-US: WolfCMS
CVE-2018-18823 (WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/file_man ...)
	NOT-FOR-US: WolfCMS
CVE-2018-18822 (Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pagere ...)
	NOT-FOR-US: Grapixel New Media
CVE-2018-18821
	RESERVED
CVE-2018-18820 (A buffer overflow was discovered in the URL-authentication backend of  ...)
	{DSA-4333-1 DLA-1588-1}
	- icecast2 2.4.4-1 (bug #912611)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/3
	NOTE: https://gitlab.xiph.org/xiph/icecast-server/issues/2342
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/icecast-server/commit/b21a7283bd1598c5af0bbb250a041ba8198f98f2
	NOTE: Additional issue fixed with https://gitlab.xiph.org/xiph/icecast-server/commit/03ea74c04a5966114c2fe66e4e6892d11a68181e
	NOTE: https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820
CVE-2018-18819 (A vulnerability in the web conference chat component of MiCollab, vers ...)
	NOT-FOR-US: Mitel
CVE-2018-18818
	RESERVED
CVE-2018-18817 (The Leostream Agent before Build 7.0.1.0 when used with Leostream Conn ...)
	NOT-FOR-US: Leostream Agent
CVE-2018-18816 (The repository component of TIBCO Software Inc.'s TIBCO JasperReports  ...)
	NOT-FOR-US: TIBCO
CVE-2018-18815 (The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...)
	NOT-FOR-US: TIBCO
CVE-2018-18814 (The TIBCO Spotfire authentication component of TIBCO Software Inc.'s T ...)
	NOT-FOR-US: TIBCO
CVE-2018-18813 (The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotf ...)
	NOT-FOR-US: TIBCO
CVE-2018-18812 (The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
	NOT-FOR-US: TIBCO
CVE-2018-18811
	REJECTED
CVE-2018-18810 (The Administrator Service component of TIBCO Software Inc.'s TIBCO Man ...)
	NOT-FOR-US: TIBCO
CVE-2018-18809 (The default server implementation of TIBCO Software Inc.'s TIBCO Jaspe ...)
	NOT-FOR-US: TIBCO
CVE-2018-18808 (The domain management component of TIBCO Software Inc.'s TIBCO JasperR ...)
	NOT-FOR-US: TIBCO
CVE-2018-18807 (The web application of the TIBCO Statistica component of TIBCO Softwar ...)
	NOT-FOR-US: TIBCO
CVE-2018-19132 (Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...)
	{DLA-2278-1 DLA-1596-1}
	- squid 4.4-1 (low; bug #912294)
	- squid3 <removed> (low)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
	NOTE: 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch
	NOTE: 4.x: http://www.squid-cache.org/Versions/v4/changesets/squid-4-983c5c36e5f109512ed1af38a329d0b5d0967498.patch
CVE-2018-19131 (Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S ...)
	- squid 4.4-1 (unimportant; bug #912293)
	- squid3 <removed> (unimportant)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_4.txt
	NOTE: Squid in Debian builds without TLS support
CVE-2018-18806 (School Equipment Monitoring System 1.0 allows SQL injection via the lo ...)
	NOT-FOR-US: School Equipment Monitoring System
CVE-2018-18805 (PointOfSales 1.0 allows SQL injection via the login screen, related to ...)
	NOT-FOR-US: PointOfSales
CVE-2018-18804 (Bakeshop Inventory System 1.0 has SQL injection via the login screen,  ...)
	NOT-FOR-US: Bakeshop Inventory System
CVE-2018-18803 (Curriculum Evaluation System 1.0 allows SQL Injection via the login sc ...)
	NOT-FOR-US: Curriculum Evaluation System
CVE-2018-18802 (The Tubigan "Welcome to our Resort" 1.0 software allows CSRF via admin ...)
	NOT-FOR-US: Tubigan "Welcome to our Resort" software
CVE-2018-18801 (The BSEN Ordering software 1.0 has SQL Injection via student/index.php ...)
	NOT-FOR-US: BSEN Ordering software
CVE-2018-18800 (The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection  ...)
	NOT-FOR-US: Tubigan "Welcome to our Resort" software
CVE-2018-18799 (School Attendance Monitoring System 1.0 has CSRF via event/controller. ...)
	NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18798 (Attendance Monitoring System 1.0 has SQL Injection via the 'id' parame ...)
	NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18797 (School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.p ...)
	NOT-FOR-US: School Attendance Monitoring System
CVE-2018-18796 (Library Management System 1.0 has SQL Injection via the "Search for Bo ...)
	NOT-FOR-US: Library Management System
CVE-2018-18795 (School Event Management System 1.0 has SQL Injection via the student/i ...)
	NOT-FOR-US: School Event Management System
CVE-2018-18794 (School Event Management System 1.0 allows CSRF via user/controller.php ...)
	NOT-FOR-US: School Event Management System
CVE-2018-18793 (School Event Management System 1.0 allows Arbitrary File Upload via ev ...)
	NOT-FOR-US: School Event Management System
CVE-2018-18792 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_li ...)
	NOT-FOR-US: zzcms
CVE-2018-18791 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/searc ...)
	NOT-FOR-US: zzcms
CVE-2018-18790 (An issue was discovered in zzcms 8.3. SQL Injection exists in admin/sp ...)
	NOT-FOR-US: zzcms
CVE-2018-18789 (An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.p ...)
	NOT-FOR-US: zzcms
CVE-2018-18788 (An issue was discovered in zzcms 8.3. SQL Injection exists in admin/cl ...)
	NOT-FOR-US: zzcms
CVE-2018-18787 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.ph ...)
	NOT-FOR-US: zzcms
CVE-2018-18786 (An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs. ...)
	NOT-FOR-US: zzcms
CVE-2018-18785 (An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs ...)
	NOT-FOR-US: zzcms
CVE-2018-18784 (An issue was discovered in zzcms 8.3. SQL Injection exists in admin/ta ...)
	NOT-FOR-US: zzcms
CVE-2018-18783 (XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok um ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18782 (Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php f ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18781 (DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or key ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18780
	RESERVED
CVE-2018-18779
	RESERVED
CVE-2018-18778 (ACME mini_httpd before 1.30 lets remote users read arbitrary files. ...)
	- mini-httpd 1.30-0.1 (bug #913095)
	[stretch] - mini-httpd <no-dsa> (Minor issue)
CVE-2018-18777 (Directory traversal vulnerability in Microstrategy Web, version 7, in  ...)
	NOT-FOR-US: Microstrategy Web
CVE-2018-18776 (Microstrategy Web, version 7, does not sufficiently encode user-contro ...)
	NOT-FOR-US: Microstrategy Web
CVE-2018-18775 (Microstrategy Web, version 7, does not sufficiently encode user-contro ...)
	NOT-FOR-US: Microstrategy Web
CVE-2018-18774 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allow ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18773 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allow ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18772 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allow ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18771 (An issue was discovered in LuLu CMS through 2015-05-14. backend\module ...)
	NOT-FOR-US: Lulu CMS
CVE-2018-18770
	RESERVED
CVE-2018-18769
	RESERVED
CVE-2018-18768
	RESERVED
CVE-2018-18767 (An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06.  ...)
	NOT-FOR-US: D-Link
CVE-2018-18766 (An elevation of privilege vulnerability exists in the Call Dispatcher  ...)
	NOT-FOR-US: Provisio SiteKiosk
CVE-2018-18765 (An exploitable arbitrary memory read vulnerability exists in the MQTT  ...)
	- smplayer 18.5.0~ds1-1
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2018-18764 (An exploitable arbitrary memory read vulnerability exists in the MQTT  ...)
	- smplayer 18.5.0~ds1-1
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2018-18763 (SaltOS 3.1 r8126 allows action=ajax&amp;query=numbers&amp;page=usuario ...)
	NOT-FOR-US: SaltOS
CVE-2018-18762 (SaltOS 3.1 r8126 contains a database download vulnerability. ...)
	NOT-FOR-US: SaltOS
CVE-2018-18761 (SaltOS 3.1 r8126 allows action=login&amp;querystring=&amp;user=[SQL] S ...)
	NOT-FOR-US: SaltOS
CVE-2018-18760 (RhinOS 3.0 build 1190 allows CSRF. ...)
	NOT-FOR-US: RhinOS
CVE-2018-18759 (Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. ...)
	NOT-FOR-US: Modbus Slave
CVE-2018-18758 (Open Faculty Evaluation System 7 for PHP 7 allows submit_feedback.php  ...)
	NOT-FOR-US: Open Faculty Evaluation System
CVE-2018-18757 (Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback. ...)
	NOT-FOR-US: Open Faculty Evaluation System
CVE-2018-18756 (Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008 ...)
	NOT-FOR-US: Local Server
CVE-2018-18755 (K-iwi Framework 1775 has SQL Injection via the admin/user/group/update ...)
	NOT-FOR-US: K-iwi Framework
CVE-2018-18754 (ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account w ...)
	NOT-FOR-US: ZyXEL
CVE-2018-18753 (Typecho V1.1 allows remote attackers to send shell commands via base64 ...)
	NOT-FOR-US: Typecho
CVE-2018-18752 (Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerabi ...)
	NOT-FOR-US: Webiness Inventory
CVE-2018-18751 (An issue was discovered in GNU gettext 0.19.8. There is a double free  ...)
	- gettext 0.19.8.1-9 (unimportant; bug #913173)
	NOTE: https://git.savannah.gnu.org/gitweb/?p=gettext.git;a=commitdiff;h=dce3a16e5e9368245735e29bf498dcd5e3e474a4
	NOTE: Negligible security impact
CVE-2018-18750
	RESERVED
CVE-2018-18749 (data-tools through 2017-07-26 has an Integer Overflow leading to an in ...)
	NOT-FOR-US: data-tools
CVE-2018-18748 (** DISPUTED ** Sandboxie 5.26 allows a Sandbox Escape via an "import o ...)
	NOT-FOR-US: Sandboxie
CVE-2018-18747
	RESERVED
CVE-2018-18746
	RESERVED
CVE-2018-18745 (An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Menu.php?lg ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18744 (An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to th ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18743 (An XSS issue was discovered in SEMCMS 3.4 via the second text field to ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18742 (A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.ph ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18741 (An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.ph ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18740 (An XSS issue was discovered in SEMCMS 3.4 via the first input field to ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18739 (An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Product ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18738 (An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Categor ...)
	NOT-FOR-US: SEMCMS
CVE-2018-18737 (An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php c ...)
	NOT-FOR-US: Douchat
CVE-2018-18736 (An XSS issue was discovered in catfish blog 2.0.33, related to "write  ...)
	NOT-FOR-US: catfish blog (different from src:catfish)
CVE-2018-18735 (A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0. ...)
	NOT-FOR-US: catfish blog (different from src:catfish)
CVE-2018-18734 (A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfi ...)
	NOT-FOR-US: Catfish CMS
CVE-2018-18733 (An XSS issue was discovered in Catfish CMS 4.8.30, related to "write s ...)
	NOT-FOR-US: Catfish CMS
CVE-2018-18732 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18731 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18730 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18729 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18728 (An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN, AC15 V15.0 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18727 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18726 (An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YU ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18725 (An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCM ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18724 (An XSS issue was discovered in index.php/admin/category/editcategory?i ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18723 (An XSS issue was discovered in index.php/admin/area/editarea/id/110000 ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18722 (An XSS issue was discovered in admin/content/editcontent?id=29&amp;gop ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18721 (An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1 ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18720 (An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-18719
	RESERVED
CVE-2018-18718 (An issue was discovered in gThumb through 3.6.2. There is a double-fre ...)
	{DLA-1567-1}
	- gthumb 3:3.6.2-2 (unimportant; bug #912290)
	[stretch] - gthumb 3:3.4.4.1-5+deb9u1
	NOTE: https://gitlab.gnome.org/GNOME/gthumb/issues/18
	NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/06c39346fda502bd37429006d4822dd977995661 (master)
	NOTE: https://gitlab.gnome.org/GNOME/gthumb/commit/f3edf6952757f887569e8c26cf18d40409f3fdca (3.6)
	NOTE: Crash in end user application, no security impact
CVE-2018-18717 (An issue was discovered in Eleanor CMS through 2015-03-19. XSS exists  ...)
	NOT-FOR-US: Eleanor CMS
CVE-2018-18716 (Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerab ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-18715 (Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-18714 (RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible  ...)
	NOT-FOR-US: IOBit Malware Fighter
CVE-2018-18713 (The function down_sql_action() in /admin/model/database.class.php in P ...)
	NOT-FOR-US: PHPYun
CVE-2018-18712 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-18711 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-18709 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18708 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18707 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18706 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda devices
CVE-2018-18710 (An issue was discovered in the Linux kernel through 4.19. An informati ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.144-1
	NOTE: https://git.kernel.org/linus/e4f3aa2e1e67bb48dfbaaf1cad59013d5a5bc276
CVE-2018-18705 (PhpTpoint hospital management system suffers from multiple SQL injecti ...)
	NOT-FOR-US: PhpTpoint hospital management system
CVE-2018-18704 (PhpTpoint Pharmacy Management System suffers from a SQL injection vuln ...)
	NOT-FOR-US: PhpTpoint Pharmacy Management System
CVE-2018-18703 (PhpTpoint Mailing Server Using File Handling 1.0 suffers from multiple ...)
	NOT-FOR-US: PhpTpoint Mailing Server Using File Handling
CVE-2018-18702 (spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.ph ...)
	NOT-FOR-US: iCMS
CVE-2018-18701 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-18700 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-18699 (An issue was discovered in GoPro gpmf-parser 1.2.1. There is an out-of ...)
	NOT-FOR-US: GoPro gpmf-parser
CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.17101 ...)
	NOT-FOR-US: Xiaomi Mi A1 devices
CVE-2018-18697
	RESERVED
CVE-2018-18696 (** DISPUTED ** main.aspx in Microstrategy Analytics 10.4.0026.0049 and ...)
	NOT-FOR-US: Microstrategy Analytics
CVE-2018-18695 (M2SOFT Report Designer Viewer 5.0 allows a Buffer Overflow with Extend ...)
	NOT-FOR-US: M2SOFT Report Designer Viewer
CVE-2018-18694 (admin/index.php?id=filesmanager in Monstra CMS 3.0.4 allows remote aut ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-18693
	RESERVED
CVE-2018-18692 (A reflected Cross-Site scripting (XSS) vulnerability in SEMCO Semcosof ...)
	NOT-FOR-US: SEMCO
CVE-2018-18691
	RESERVED
CVE-2018-18690 (In the Linux kernel before 4.17, a local attacker able to set attribut ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199119
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1105025
	NOTE: https://git.kernel.org/linus/7b38460dc8e4eafba06c78f8e37099d3b34d473c
CVE-2018-18689 (The Portable Document Format (PDF) specification does not provide any  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-18688 (The Portable Document Format (PDF) specification does not provide any  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-18687
	RESERVED
CVE-2018-18686
	RESERVED
CVE-2018-18685
	RESERVED
CVE-2018-18684
	RESERVED
CVE-2018-18683
	RESERVED
CVE-2018-18682
	RESERVED
CVE-2018-18681
	RESERVED
CVE-2018-18680
	RESERVED
CVE-2018-18679
	RESERVED
CVE-2018-18678 (GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to injec ...)
	NOT-FOR-US: GNU Board
CVE-2018-18677
	RESERVED
CVE-2018-18676 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18675 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18674 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18673 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18672 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18671 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18670 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18669 (GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbit ...)
	NOT-FOR-US: GNU Board
CVE-2018-18668 (GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to injec ...)
	NOT-FOR-US: GNU Board
CVE-2018-18667 (The mintToken function of Pylon (PYLNT) aka PylonToken, an Ethereum to ...)
	NOT-FOR-US: Some Ethereum token
CVE-2018-18666 (The mintToken function of SwftCoin (SWFTC) aka SwftCoin, an Ethereum t ...)
	NOT-FOR-US: Some Ethereum token
CVE-2018-18665 (The mintToken function of Nexxus (NXX) aka NexxusToken, an Ethereum to ...)
	NOT-FOR-US: Some Ethereum token
CVE-2018-18664
	RESERVED
CVE-2018-18663
	RESERVED
CVE-2018-18662 (There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Ar ...)
	{DLA-2289-1}
	- mupdf 1.14.0+ds1-3 (bug #912013)
	[jessie] - mupdf <not-affected> (vulnerable code introduced later)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=700043
	NOTE: https://git.ghostscript.com/?p=mupdf.git;h=164ddc22ee0d5b63a81d5148f44c37dd132a9356
CVE-2018-18661 (An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dere ...)
	{DLA-2009-1}
	- tiff 4.0.10-1 (unimportant; bug #912012)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2819
	NOTE: https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f
	NOTE: No security impact, crash in CLI tool
CVE-2018-18660 (An issue was discovered in Arcserve Unified Data Protection (UDP) thro ...)
	NOT-FOR-US: Arcserve Unified Data Protection
CVE-2018-18659 (An issue was discovered in Arcserve Unified Data Protection (UDP) thro ...)
	NOT-FOR-US: Arcserve Unified Data Protection
CVE-2018-18658 (An issue was discovered in Arcserve Unified Data Protection (UDP) thro ...)
	NOT-FOR-US: Arcserve Unified Data Protection
CVE-2018-18657 (An issue was discovered in Arcserve Unified Data Protection (UDP) thro ...)
	NOT-FOR-US: Arcserve Unified Data Protection
CVE-2018-18656 (The PureVPN client before 6.1.0 for Windows stores Login Credentials ( ...)
	NOT-FOR-US: PureVPN client for Windows
CVE-2018-18653 (The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Se ...)
	- linux 5.4.6-1
	[buster] - linux <not-affected> (Vulnerable code introduced later)
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863
	NOTE: Broken lockdown patch introduced in: https://salsa.debian.org/kernel-team/linux/commit/a7cd45ba217652e89afd40020fa3ee9d8900b2d6
	NOTE: Dropped in: https://salsa.debian.org/kernel-team/linux/commit/bcf44784663c6b77a4922d9a88f114c9810623cc
CVE-2018-18652 (A remote command execution vulnerability in Veritas NetBackup Applianc ...)
	NOT-FOR-US: Veritas NetBackup Appliance
CVE-2018-18655 (Prayer through 1.3.5 sends a Referer header, containing a user's usern ...)
	- prayer 1.3.5-dfsg1-5 (low; bug #911842)
	[stretch] - prayer <no-dsa> (Minor issue)
	[jessie] - prayer <no-dsa> (Minor issue)
CVE-2018-18654 (Crossroads 2.81 does not properly handle the /tmp directory during a b ...)
	- crossroads <removed> (unimportant; bug #911877)
	NOTE: Issue exploitable only during build of package
CVE-2018-18651 (An issue was discovered in Xpdf 4.00. catalog-&gt;getNumPages() in Acr ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2018-18650 (An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc  ...)
	- xpdf <not-affected> (xpdf in Debian uses poppler, which is not affected or fixed)
CVE-2018-18649 (An issue was discovered in the wiki API in GitLab Community and Enterp ...)
	- gitlab <not-affected> (Only affects 11.3 and later)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18648 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab <not-affected> (Only affects 11.2 and later)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18647 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab <not-affected> (Only affects GitLab EE)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18646 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.2.8+dfsg-1
	- gitlab 11.2.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18645 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.2.8+dfsg-1
	- gitlab 11.2.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18644 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (Only affects GitLab EE)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18643 (GitLab CE &amp; EE 11.2 and later and before 11.5.0-rc12, 11.4.6, and  ...)
	- gitlab <not-affected> (Only affects 11.2 and later)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18642 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab <not-affected> (Only affects GitLab EE)
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18641 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.2.8+dfsg-1
	- gitlab 11.2.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18640 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	[experimental] - gitlab 11.2.8+dfsg-1
	- gitlab 11.2.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
CVE-2018-18639
	RESERVED
CVE-2018-18638 (A command injection vulnerability in the setup API in the Neato Botvac ...)
	NOT-FOR-US: Neato
CVE-2018-18637
	RESERVED
CVE-2018-18636 (XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:Re ...)
	NOT-FOR-US: D-Link
CVE-2018-18635 (www/guis/admin/application/controllers/UserController.php in the admin ...)
	NOT-FOR-US: MailCleaner
CVE-2018-18634
	RESERVED
CVE-2018-18633
	RESERVED
CVE-2018-18632
	RESERVED
CVE-2018-18883 (An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 plat ...)
	- xen 4.11.1-1
	[stretch] - xen <not-affected> (Only affects 4.9 and later)
	[jessie] - xen <not-affected> (Only affects 4.9 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-278.txt
CVE-2018-18631 (mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 befo ...)
	NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2018-18630 (A vulnerability was found in McKesson Cardiology product 13.x and 14.x ...)
	NOT-FOR-US: McKesson Cardiology
CVE-2018-18629 (An issue was discovered in the Keybase command-line client before 2.8. ...)
	NOT-FOR-US: Keybase command-line client
CVE-2018-18628 (An issue was discovered in Pippo 1.11.0. The function SerializationSes ...)
	NOT-FOR-US: Pippo
CVE-2018-18627
	RESERVED
CVE-2018-18626 (An issue was discovered in PHPYun V4.6. There is a vulnerability that  ...)
	NOT-FOR-US: PHPYun
CVE-2018-18625 (Grafana 5.3.1 has XSS via a link on the "Dashboard &gt; All Panels &gt ...)
	- grafana <removed>
CVE-2018-18624 (Grafana 5.3.1 has XSS via a column style on the "Dashboard &gt; Table  ...)
	- grafana <removed>
CVE-2018-18623 (Grafana 5.3.1 has XSS via the "Dashboard &gt; Text Panel" screen. NOTE ...)
	- grafana <removed>
CVE-2018-18622 (An issue was discovered in Waimai Super Cms 20150505. There is XSS via ...)
	NOT-FOR-US: Waimai Super Cms
CVE-2018-18621 (CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Ma ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2018-18620
	RESERVED
CVE-2018-18619 (internal/advanced_comment_system/admin.php in Advanced Comment System  ...)
	NOT-FOR-US: Advanced Comment System
CVE-2018-18618
	RESERVED
CVE-2018-18617
	RESERVED
CVE-2018-18616
	RESERVED
CVE-2018-18615
	RESERVED
CVE-2018-18614
	RESERVED
CVE-2018-18613
	RESERVED
CVE-2018-18612
	RESERVED
CVE-2018-18611
	RESERVED
CVE-2018-18610
	RESERVED
CVE-2018-18609
	RESERVED
CVE-2018-18608 (DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined  ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18607 (An issue was discovered in elf_link_input_bfd in elflink.c in the Bina ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23805
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a
	NOTE: binutils not covered by security support
CVE-2018-18606 (An issue was discovered in the merge_strings function in merge.c in th ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23806
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc
	NOTE: binutils not covered by security support
CVE-2018-18605 (A heap-based buffer over-read issue was discovered in the function sec ...)
	[experimental] - binutils 2.31.51.20181204-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23804
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ab419ddbb2cdd17ca83618990f2cacf904ce1d61
	NOTE: binutils not covered by security support
CVE-2018-18604
	RESERVED
CVE-2018-18603 (** DISPUTED ** 360 Total Security 3.5.0.1033 allows a Sandbox Escape v ...)
	NOT-FOR-US: 360 Total Security
CVE-2018-18602 (The Cloud API on Guardzilla smart cameras allows user enumeration, wit ...)
	NOT-FOR-US: Guardzilla
CVE-2018-18601 (The TK_set_deviceModel_req_handle function in the cloud communication  ...)
	NOT-FOR-US: Guardzilla
CVE-2018-18600 (The remote upgrade feature in Guardzilla GZ180 devices allow command i ...)
	NOT-FOR-US: Guardzilla
CVE-2018-18599 (Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compres ...)
	- stegdetect <removed>
CVE-2018-18598
	RESERVED
CVE-2018-18597
	RESERVED
CVE-2018-18596
	RESERVED
CVE-2018-18595
	RESERVED
CVE-2018-18594
	RESERVED
CVE-2018-18593 (Remote Directory Traversal and Remote Disclosure of Privileged Informa ...)
	NOT-FOR-US: UCMDB Configuration Management Service
CVE-2018-18592
	RESERVED
CVE-2018-18591 (A potential unauthorized disclosure of data vulnerability has been ide ...)
	NOT-FOR-US: Micro Focus
CVE-2018-18590 (A potential remote code execution and information disclosure vulnerabi ...)
	NOT-FOR-US: Micro Focus
CVE-2018-18589 (A potential Remote Arbitrary Code Execution vulnerability has been ide ...)
	NOT-FOR-US: Micro Focus
CVE-2018-18588
	RESERVED
CVE-2018-18587 (BigProf AppGini 5.70 stores the passwords in the database using the MD ...)
	NOT-FOR-US: BigProf AppGini
CVE-2018-18583 (An issue has been found in LuPng through 2017-03-10. It is a heap-base ...)
	NOT-FOR-US: LuPng
CVE-2018-18582 (An issue has been found in LuPng through 2017-03-10. It is a heap-base ...)
	NOT-FOR-US: LuPng
CVE-2018-18581 (An issue has been found in LuPng through 2017-03-10. It is a heap-base ...)
	NOT-FOR-US: LuPng
CVE-2018-18580
	RESERVED
CVE-2018-18579 (Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder  ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18578 (DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. ...)
	NOT-FOR-US: DedeCMS
CVE-2018-18577
	RESERVED
CVE-2018-18576 (The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress al ...)
	NOT-FOR-US: Hustle (aka wordpress-popup) plugin for WordPress
CVE-2018-18585 (chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accept ...)
	{DLA-1555-1}
	- libmspack 0.8-1 (bug #911637)
	[stretch] - libmspack 0.5-1+deb9u3
	NOTE: https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
CVE-2018-18586 (** DISPUTED ** chmextract.c in the chmextract sample program, as distr ...)
	- libmspack 0.8-1 (unimportant; bug #911639)
	NOTE: https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
	NOTE: src/chmextract.c was renamed from originally test/chmx.c
	NOTE: This sample code is not installed into the binary packages and was as well
	NOTE: never the idea to use it in "productised" binaries, but rather just simple
	NOTE: examples of the library use.
CVE-2018-18584 (In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8 ...)
	{DLA-1555-1}
	- cabextract 1.4-5
	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
	- libmspack 0.8-1 (bug #911640)
	[stretch] - libmspack 0.5-1+deb9u3
	NOTE: https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
CVE-2018-18575
	RESERVED
CVE-2018-18574
	RESERVED
CVE-2018-18573 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18572 (osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filteri ...)
	NOT-FOR-US: osCommerce
CVE-2018-18571 (An Incorrect Access Control vulnerability has been identified in Citri ...)
	NOT-FOR-US: Citrix
CVE-2018-18570 (Planon before Live Build 41 has XSS. ...)
	NOT-FOR-US: Planon
CVE-2018-18569 (The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side  ...)
	NOT-FOR-US: Dundas BI
CVE-2018-18568 (Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in- ...)
	NOT-FOR-US: Polycom
CVE-2018-18567 (AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in- ...)
	NOT-FOR-US: AudioCodes devices
CVE-2018-18566 (The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and ear ...)
	NOT-FOR-US: Polycom
CVE-2018-18565 (An issue was discovered in Roche Accu-Chek Inform II Instrument before ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18564 (An issue was discovered in Roche Accu-Chek Inform II Instrument before ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18563 (An issue was discovered in Roche Accu-Chek Inform II Instrument before ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18562 (An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base  ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18561 (An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base  ...)
	NOT-FOR-US: Roche Diagnostics
CVE-2018-18560
	RESERVED
CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due to a  ...)
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux 3.16.56-1
	NOTE: Fixed by: https://git.kernel.org/linus/15fe076edea787807a7cdc168df832544b58eba6
CVE-2018-18558 (An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6  ...)
	NOT-FOR-US: Espressif ESP-IDF
CVE-2018-18557 (LibTIFF 3.9.3, 3.9.4, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta ...)
	{DSA-4349-1 DLA-1557-1}
	- tiff 4.0.9+git181026-1 (bug #911635)
	- tiff3 <removed>
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/38
	NOTE: https://gitlab.com/libtiff/libtiff/commit/681748ec2f5ce88da5f9fa6831e1653e46af8a66
CVE-2018-20860 (libopenmpt before 0.3.13 allows a crash with malformed MED files. ...)
	- libopenmpt 0.3.13-1 (low; bug #911584)
	[stretch] - libopenmpt <no-dsa> (Minor issue)
	NOTE: https://lib.openmpt.org/libopenmpt/2018/10/21/security-updates-0.3.13-0.2.10933-beta36-0.2.7561-beta20.5-p11-0.2.7386-beta20.3-p14/
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10903
CVE-2018-18556 (A privilege escalation issue was discovered in VyOS 1.1.8. The default ...)
	NOT-FOR-US: VyOS
CVE-2018-18555 (A sandbox escape issue was discovered in VyOS 1.1.8. It provides a res ...)
	NOT-FOR-US: VyOS
CVE-2018-18554
	RESERVED
CVE-2018-18553 (Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is ...)
	NOT-FOR-US: Leanote
CVE-2018-18552 (ServersCheck Monitoring Software through 14.3.3 allows local users to  ...)
	NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18551 (ServersCheck Monitoring Software through 14.3.3 has Persistent and Ref ...)
	NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18550 (ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by ...)
	NOT-FOR-US: ServersCheck Monitoring Software
CVE-2018-18549
	RESERVED
CVE-2018-18548 (ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23. ...)
	NOT-FOR-US: Ajenti
CVE-2018-18547 (Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain  ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2018-18546 (ThinkPHP 3.2.4 has SQL Injection via the order parameter because the L ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-18545 (Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name  ...)
	NOT-FOR-US: Fiyo CMS
CVE-2018-18544 (There is a memory leak in the function WriteMSLImage of coders/msl.c i ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	- graphicsmagick 1.3.31-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1360
CVE-2018-18543
	RESERVED
CVE-2018-18542
	RESERVED
CVE-2018-18540 (TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's  ...)
	NOT-FOR-US: TeaKKi
CVE-2018-18539
	RESERVED
CVE-2018-18541 (In Teeworlds before 0.6.5, connection packets could be forged. There w ...)
	{DSA-4329-1}
	- teeworlds 0.7.0-1 (bug #911487)
	[jessie] - teeworlds <end-of-life> (Not supported in jessie LTS)
	NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=12544
	NOTE: https://github.com/teeworlds/teeworlds/issues/1536
	NOTE: https://github.com/teeworlds/teeworlds/commit/a263185571903ead01f6b351a91ea219ac9d215f
	NOTE: https://github.com/teeworlds/teeworlds/commit/aababc63eeeee1bc41672502ca6c7a1dd9f61d94
	NOTE: https://github.com/teeworlds/teeworlds/commit/f5fa1a92ed81ed8da721e803a036b1553a38e39e
CVE-2018-18538
	RESERVED
CVE-2018-18537 (The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exp ...)
	NOT-FOR-US: ASUS
CVE-2018-18536 (The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 an ...)
	NOT-FOR-US: ASUS
CVE-2018-18535 (The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier ex ...)
	NOT-FOR-US: ASUS
CVE-2018-18534
	RESERVED
CVE-2018-18533
	RESERVED
CVE-2018-18532
	RESERVED
CVE-2018-18531 (text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, ...)
	NOT-FOR-US: kaptcha
CVE-2018-18530 (ThinkPHP 5.1.25 has SQL Injection via the count parameter because the  ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-18529 (ThinkPHP 3.2.4 has SQL Injection via the count parameter because the L ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-18528
	RESERVED
CVE-2018-18527 (OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or edit ...)
	NOT-FOR-US: OwnTicket
CVE-2018-18526
	RESERVED
CVE-2018-18525
	RESERVED
CVE-2018-18524 (Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulner ...)
	NOT-FOR-US: Evernote
CVE-2018-18523
	RESERVED
CVE-2018-18522
	RESERVED
CVE-2018-18521 (Divide-by-zero vulnerabilities in the function arlib_add_symbols() in  ...)
	{DLA-1689-1}
	- elfutils 0.175-1 (low; bug #911413)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23786
	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=2b16a9be69939822dcafe075413468daac98b327
CVE-2018-18520 (An Invalid Memory Address Dereference exists in the function elf_end i ...)
	{DLA-1689-1}
	- elfutils 0.175-1 (low; bug #911414)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23787
	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=22d2d082d57a7470fadc0eae67179553f4919209
CVE-2018-18519 (BestXsoftware Best Free Keylogger before 6.0.0 allows local users to g ...)
	NOT-FOR-US: BestXsoftware Best Free Keylogger
CVE-2018-18518
	RESERVED
CVE-2018-18517 (Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1 ...)
	NOT-FOR-US: Citrix
CVE-2018-18516
	REJECTED
CVE-2018-18515
	REJECTED
CVE-2018-18514
	REJECTED
CVE-2018-18513 (A crash can occur when processing a crafted S/MIME message or an XPI p ...)
	{DSA-4392-1 DLA-1678-1}
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18513
CVE-2018-18512 (A use-after-free vulnerability can occur while playing a sound notific ...)
	{DSA-4392-1 DLA-1678-1}
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18512
CVE-2018-18511 (Cross-origin images can be read from a canvas element in violation of  ...)
	{DSA-4451-1 DSA-4448-1 DLA-1806-1 DLA-1800-1}
	- firefox 65.0.1-1
	- firefox-esr 60.7.0esr-1
	- thunderbird 1:60.7.0-1
	- skia <itp> (bug #818180)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18511
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2018-18511
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-15/#CVE-2018-18511
CVE-2018-18510 (The about:crashcontent and about:crashparent pages can be triggered by ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18510
CVE-2018-18509 (A flaw during verification of certain S/MIME signatures causes emails  ...)
	{DSA-4392-1 DLA-1678-1}
	- thunderbird 1:60.5.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
CVE-2018-18508 (In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a  ...)
	{DLA-2388-1 DLA-1704-1}
	- nss 2:3.42.1-1 (bug #921614)
	NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f
	NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac
	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.42.1_release_notes
CVE-2018-18507
	REJECTED
CVE-2018-18506 (When proxy auto-detection is enabled, if a web server serves a Proxy A ...)
	{DSA-4420-1 DSA-4411-1 DLA-1743-1 DLA-1722-1}
	- firefox 65.0-1
	- firefox-esr 60.6.0esr-1
	- thunderbird 1:60.6.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2018-18506
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18506
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-11/#CVE-2018-18506
CVE-2018-18505 (An earlier fix for an Inter-process Communication (IPC) vulnerability, ...)
	{DSA-4392-1 DSA-4376-1 DLA-1678-1 DLA-1648-1}
	- firefox 65.0-1
	- firefox-esr 60.5.0esr-1
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18505
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18505
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18505
CVE-2018-18504 (A crash and out-of-bounds read can occur when the buffer of a texture  ...)
	- firefox 65.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18504
CVE-2018-18503 (When JavaScript is used to create and manipulate an audio buffer, a po ...)
	- firefox 65.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18503
CVE-2018-18502 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 65.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18502
CVE-2018-18501 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4392-1 DSA-4376-1 DLA-1678-1 DLA-1648-1}
	- firefox 65.0-1
	- firefox-esr 60.5.0esr-1
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18501
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18501
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18501
CVE-2018-18500 (A use-after-free vulnerability can occur while parsing an HTML5 stream ...)
	{DSA-4392-1 DSA-4376-1 DLA-1678-1 DLA-1648-1}
	- firefox 65.0-1
	- firefox-esr 60.5.0esr-1
	- thunderbird 1:60.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/#CVE-2018-18500
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/#CVE-2018-18500
CVE-2018-18499 (A same-origin policy violation allowing the theft of cross-origin URL  ...)
	{DSA-4327-1 DSA-4287-1 DLA-1575-1 DLA-1571-1}
	- firefox 62.0-1
	- firefox-esr 60.2.0esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-18499
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-18499
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-18499
CVE-2018-18498 (A potential vulnerability leading to an integer overflow can occur dur ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18498
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18498
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18498
CVE-2018-18497 (Limitations on the URIs allowed to WebExtensions by the browser.window ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18497
CVE-2018-18496 (When the RSS Feed preview about:feeds page is framed within another pa ...)
	- firefox <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18496
CVE-2018-18495 (WebExtension content scripts can be loaded into about: pages in some c ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18495
CVE-2018-18494 (A same-origin policy violation allowing the theft of cross-origin URL  ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18494
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18494
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18494
CVE-2018-18493 (A buffer overflow can occur in the Skia library during buffer offset c ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18493
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18493
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18493
CVE-2018-18492 (A use-after-free vulnerability can occur after deleting a selection el ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-18492
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18492
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-18492
CVE-2018-18491
	RESERVED
CVE-2018-18490
	RESERVED
CVE-2018-18489 (The ping feature in the Diagnostic functionality on TP-LINK WR840N v2  ...)
	NOT-FOR-US: TP-LINK
CVE-2018-18488 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, SQL Injectio ...)
	NOT-FOR-US: Gxlcms
CVE-2018-18487 (In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database ...)
	NOT-FOR-US: Gxlcms
CVE-2018-18486 (An issue was discovered in PHPSHE 1.7. SQL injection exists via the ad ...)
	NOT-FOR-US: PHPSHE
CVE-2018-18485 (An issue was discovered in PHPSHE 1.7. admin.php?mod=db&amp;act=del al ...)
	NOT-FOR-US: PHPSHE
CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as distributed ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23767
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87602
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83472
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79111
	NOTE: binutils not covered by security support
CVE-2018-18482 (An issue was discovered in libpg_query 10-1.0.2. There is a memory lea ...)
	NOT-FOR-US: libpg_query
CVE-2018-18481 (A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadCH ...)
	NOT-FOR-US: libopencad
CVE-2018-18480 (A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadMC ...)
	NOT-FOR-US: libopencad
CVE-2018-18479
	REJECTED
CVE-2018-18478 (Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 a ...)
	NOT-FOR-US: LibreNMS
CVE-2018-18477
	RESERVED
CVE-2018-18476 (mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it  ...)
	NOT-FOR-US: mysql-binuuid-rails
CVE-2018-18475 (Zoho ManageEngine OpManager before 12.3 build 123214 allows Unrestrict ...)
	NOT-FOR-US: Zoho
CVE-2018-18474
	RESERVED
CVE-2018-18473 (A hidden backdoor on PATLITE NH-FB Series devices with firmware versio ...)
	NOT-FOR-US: PATLITE NBM-D88N
CVE-2018-18472 (Western Digital WD My Book Live (all versions) has a root Remote Comma ...)
	NOT-FOR-US: Western Digital WD My Book Live
CVE-2018-18471 (/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stor ...)
	NOT-FOR-US: Axentra firmware
CVE-2018-18470
	RESERVED
CVE-2018-18469
	RESERVED
CVE-2018-18468
	RESERVED
CVE-2018-18467 (An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is p ...)
	NOT-FOR-US: Daniel Gultsch Conversations
CVE-2018-18466 (** DISPUTED ** An issue was discovered in SecurEnvoy SecurAccess 9.3.5 ...)
	NOT-FOR-US: SecurEnvoy SecurAccess
CVE-2018-18465
	RESERVED
CVE-2018-18464
	RESERVED
CVE-2018-18463
	RESERVED
CVE-2018-18462
	RESERVED
CVE-2018-XXXX [Injection in DefaultMailSystem::mail()]
	- drupal7 <removed> (bug #911337)
	[stretch] - drupal7 7.52-2+deb9u5
	[jessie] - drupal7 7.32-1+deb8u13
	NOTE: https://www.drupal.org/sa-core-2018-006
	NOTE: http://cgit.drupalcode.org/drupal/commit/?id=ee301cf5ebff3534b59fcece583b3a0e4f094f15
CVE-2018-XXXX [External URL injection through URL aliases]
	- drupal7 <removed> (bug #911336)
	[stretch] - drupal7 7.52-2+deb9u5
	[jessie] - drupal7 7.32-1+deb8u13
	NOTE: https://www.drupal.org/sa-core-2018-006
	NOTE: http://cgit.drupalcode.org/drupal/commit/?id=ee301cf5ebff3534b59fcece583b3a0e4f094f15
CVE-2018-18461 (The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5. ...)
	NOT-FOR-US: Arigato
CVE-2018-18460 (XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress vi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-18459 (The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remo ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18458 (The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows r ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18457 (The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remo ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18456 (The function Object::isName() in Object.h (called from Gfx::opSetFillC ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18455 (The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote a ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18454 (CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote atta ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/xpdf/2018_10_16/pdftoppm
	NOTE: no security impact, crash in CLI tool
CVE-2018-18453
	RESERVED
CVE-2018-18452
	RESERVED
CVE-2018-18451
	RESERVED
CVE-2018-18450 (apps\admin\controller\content\SingleController.php in PbootCMS before  ...)
	NOT-FOR-US: PbooCMS
CVE-2018-18449 (EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUs ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-18448
	RESERVED
CVE-2018-18447
	RESERVED
CVE-2018-18446
	RESERVED
CVE-2018-18444 (makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bound ...)
	- openexr 2.5.3-2 (unimportant)
	NOTE: Issue in exrmultiview which is not installed in the binary package.
	NOTE: https://github.com/openexr/openexr/issues/351
CVE-2018-18443 (OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/Ilm ...)
	- openexr 2.5.3-2 (unimportant)
	NOTE: https://github.com/openexr/openexr/issues/350
	NOTE: https://github.com/openexr/openexr/commit/adbc1900cb9d25fcc4df008d4008b781cf2fa4f8
	NOTE: Memory leak with overall negligible security impact
CVE-2018-18442 (D-Link DCS-825L devices with firmware 1.08 do not employ a suitable me ...)
	NOT-FOR-US: D-Link
CVE-2018-18441 (D-Link DCS series Wi-Fi cameras expose sensitive information regarding ...)
	NOT-FOR-US: D-Link
CVE-2018-18440 (DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overf ...)
	- u-boot <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/02/2
	NOTE: No security impact as supported/packaged in Debian
CVE-2018-18439 (DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer over ...)
	- u-boot <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/02/2
	NOTE: No security impact as supported/packaged in Debian
CVE-2018-18445 (In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before  ...)
	- linux 4.18.20-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
	NOTE: https://git.kernel.org/linus/b799207e1e1816b09e7a5920fbb2d5fcf6edd681
CVE-2018-18438 (Qemu has integer overflows because IOReadHandler and its associated fu ...)
	- qemu 1:3.1+dfsg-1 (bug #911470)
	[stretch] - qemu <ignored> (Minor issue, too intrusive to backport)
	[jessie] - qemu <ignored> (Minor issue, too intrusive to backport)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/17/3
CVE-2018-18437 (In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret ...)
	NOT-FOR-US: AXIOS
CVE-2018-18436 (JTBC(PHP) 3.0 allows CSRF for creating an account via the console/acco ...)
	NOT-FOR-US: JTBC(PHP)
CVE-2018-18435 (KioWare Server version 4.9.6 and older installs by default to "C:\kiow ...)
	NOT-FOR-US: KioWare Server
CVE-2018-18434 (An issue was discovered in litemall 0.9.0. Arbitrary file download is  ...)
	NOT-FOR-US: litemall
CVE-2018-18433 (An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has ...)
	NOT-FOR-US: DESTOON B2B
CVE-2018-18432 (An issue was discovered in DESTOON B2B 7.0. CSRF exists via the admin. ...)
	NOT-FOR-US: DESTOON B2B
CVE-2018-18431 (An issue was discovered in DESTOON B2B 7.0. XSS exists via certain tex ...)
	NOT-FOR-US: DESTOON B2B
CVE-2018-18430 (An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has  ...)
	NOT-FOR-US: DESTOON B2B
CVE-2018-18429
	RESERVED
CVE-2018-18428 (TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP  ...)
	NOT-FOR-US: TP-Link
CVE-2018-18427 (s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter  ...)
	NOT-FOR-US: s-cms
CVE-2018-18426 (s-cms 3.0 allows remote attackers to execute arbitrary PHP code by pla ...)
	NOT-FOR-US: s-cms
CVE-2018-18425 (The doAirdrop function of a smart contract implementation for Primeo ( ...)
	NOT-FOR-US: Primeo
CVE-2018-18424
	RESERVED
CVE-2018-18423
	RESERVED
CVE-2018-18422 (UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmi ...)
	NOT-FOR-US: UsualToolCMS
CVE-2018-18421
	RESERVED
CVE-2018-18420 (Cross-Site Request Forgery (CSRF) vulnerability was discovered in the  ...)
	NOT-FOR-US: Zenario Content Management System
CVE-2018-18419 (Stored XSS has been discovered in the upload section of ARDAWAN.COM Us ...)
	NOT-FOR-US: ARDAWAN.COM User Management
CVE-2018-18418
	RESERVED
CVE-2018-18417 (In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been ...)
	NOT-FOR-US: Ekushey Project Manager CRM
CVE-2018-18416 (LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upl ...)
	NOT-FOR-US: LANGO Codeigniter Multilingual Scrip
CVE-2018-18415
	RESERVED
CVE-2018-18414
	RESERVED
CVE-2018-18413
	RESERVED
CVE-2018-18412
	RESERVED
CVE-2018-18411
	RESERVED
CVE-2018-18410
	RESERVED
CVE-2018-18409 (A stack-based buffer over-read exists in setbit() at iptree.h of TCPFL ...)
	- tcpflow 1.5.2+repack1-1 (unimportant; bug #911263)
	NOTE: https://github.com/simsong/tcpflow/issues/195
	NOTE: https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9
	NOTE: Crash in CLI tool, no security impact
CVE-2018-18408 (A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4 ...)
	- tcpreplay 4.3.1-1 (bug #911493)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/489
	NOTE: https://github.com/appneta/tcpreplay/commit/59dc76a1d641b1a6b22fd7cd409bee6e0a015616
CVE-2018-18407 (A heap-based buffer over-read was discovered in the tcpreplay-edit bin ...)
	- tcpreplay 4.3.1-1 (bug #911454)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/488
	NOTE: https://github.com/appneta/tcpreplay/commit/1d7561a4d542842a1aeabf55bfd4aaf88b3a1071
CVE-2018-18406 (An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 bu ...)
	NOT-FOR-US: Tufin SecureTrack
CVE-2018-18405 (** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribut ...)
	- jquery <removed> (unimportant)
CVE-2018-18404
	RESERVED
CVE-2018-18403
	RESERVED
CVE-2018-18402
	RESERVED
CVE-2018-18401
	RESERVED
CVE-2018-18400
	RESERVED
CVE-2018-18399 (SQL injection vulnerability in the "ContentPlaceHolder1_uxTitle" compo ...)
	NOT-FOR-US: KARMA
CVE-2018-18398 (Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey ...)
	- thunar <unfixed> (unimportant)
	NOTE: https://0xd0ff9.wordpress.com/2018/10/18/cve-2018-18398/
	NOTE: no security impact, crash in end user tool
CVE-2018-18397 (The userfaultfd implementation in the Linux kernel before 4.19.7 misha ...)
	- linux 4.19.9-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lore.kernel.org/lkml/20181126173452.26955-1-aarcange@redhat.com/T/#u
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1700
CVE-2018-18396 (Remote Code Execution in Moxa ThingsPro IIoT Gateway and Device Manage ...)
	NOT-FOR-US: Moxa
CVE-2018-18395 (Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Manageme ...)
	NOT-FOR-US: Moxa
CVE-2018-18394 (Sensitive Information Stored in Clear Text in Moxa ThingsPro IIoT Gate ...)
	NOT-FOR-US: Moxa
CVE-2018-18393 (Password Management Issue in Moxa ThingsPro IIoT Gateway and Device Ma ...)
	NOT-FOR-US: Moxa
CVE-2018-18392 (Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT  ...)
	NOT-FOR-US: Moxa
CVE-2018-18391 (User Privilege Escalation in Moxa ThingsPro IIoT Gateway and Device Ma ...)
	NOT-FOR-US: Moxa
CVE-2018-18390 (User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management  ...)
	NOT-FOR-US: Moxa
CVE-2018-18389 (Due to incorrect access control in Neo4j Enterprise Database Server 3. ...)
	NOT-FOR-US: Neo4J server
CVE-2018-18388 (eScan Agent Application (MWAGENT.EXE) 4.0.2.98 in MicroWorld Technolog ...)
	NOT-FOR-US: MicroWorld Technologies eScan
CVE-2018-18387 (playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse ...)
	NOT-FOR-US: playSMS
CVE-2018-18386 (drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local at ...)
	- linux 4.14.12-1
	[stretch] - linux 4.9.82-1+deb9u1
	[jessie] - linux 3.16.56-1
	NOTE: Fixed by: https://git.kernel.org/linus/966031f340185eddd05affcf72b740549f056348
CVE-2018-18385 (Asciidoctor in versions &lt; 1.5.8 allows remote attackers to cause a  ...)
	- asciidoctor 1.5.8-1 (low; bug #913892)
	[stretch] - asciidoctor <no-dsa> (Minor issue)
	[jessie] - asciidoctor <no-dsa> (Minor issue)
	NOTE: https://github.com/asciidoctor/asciidoctor/issues/2888
CVE-2018-18384 (Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive ...)
	- unzip 6.0-11 (bug #741384)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1110194
	NOTE: https://sourceforge.net/p/infozip/bugs/53/
	NOTE: The cfactorstr buffer was already increased to 12 with the
	NOTE: 07-increase-size-of-cfactorstr.patch patch as applied for #741384
	NOTE: Upstream confirmed as well this is indeed enough as per
	NOTE: https://sourceforge.net/p/infozip/bugs/53/#ba07
CVE-2018-18383
	RESERVED
CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php f ...)
	NOT-FOR-US: Advanced HRM
CVE-2018-18381 (Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_syste ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-18380 (A Session Fixation issue was discovered in Bigtree before 4.2.24. admi ...)
	NOT-FOR-US: Bigtree CMS
CVE-2018-18379 (The elementor-edit-template class in wp-admin/customize.php in the Ele ...)
	NOT-FOR-US: Elementor Pro plugin for WordPress
CVE-2018-18378
	RESERVED
CVE-2018-18377 (goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attac ...)
	NOT-FOR-US: Orange AirBox Y858_FL_01.16_04 devices
CVE-2018-18376 (goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remo ...)
	NOT-FOR-US: Orange AirBox
CVE-2018-18375 (goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attacke ...)
	NOT-FOR-US: Orange AirBox
CVE-2018-18374 (XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid par ...)
	NOT-FOR-US: MetInfo
CVE-2018-18373 (In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-18372 (A Stored XSS vulnerability has been discovered in KAASoft Library CMS  ...)
	NOT-FOR-US: KAASoft Library CMS
CVE-2018-18371 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
	NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
CVE-2018-18370 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
	NOT-FOR-US: ASG/ProxySG FTP proxy WebFTP
CVE-2018-18369 (Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows ...)
	NOT-FOR-US: Norton Security
CVE-2018-18368 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU1, may be ...)
	NOT-FOR-US: Symantec
CVE-2018-18367 (Symantec Endpoint Protection Manager (SEPM) prior to and including 12. ...)
	NOT-FOR-US: Symantec
CVE-2018-18366 (Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior  ...)
	NOT-FOR-US: Symantec
CVE-2018-18365 (Norton Password Manager may be susceptible to an address spoofing issu ...)
	NOT-FOR-US: Norton Password Manager
CVE-2018-18364 (Symantec Ghost Solution Suite (GSS) versions prior to 3.3 RU1 may be s ...)
	NOT-FOR-US: Symantec
CVE-2018-18363 (Norton App Lock prior to 1.4.0.445 can be susceptible to a bypass expl ...)
	NOT-FOR-US: Norton App Lock
CVE-2018-18362 (Norton Password Manager for Android (formerly Norton Identity Safe) ma ...)
	NOT-FOR-US: Norton Password Manager for Android
CVE-2018-18361 (An issue was discovered in nc-cms through 2017-03-10. index.php?action ...)
	NOT-FOR-US: nc-cms
CVE-2018-18360
	RESERVED
CVE-2018-18359 (Incorrect handling of Reflect.construct in V8 in Google Chrome prior t ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18358 (Lack of special casing of localhost in WPAD files in Google Chrome pri ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18357 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18356 (An integer overflow in path handling lead to a use after free in Skia  ...)
	{DSA-4392-1 DSA-4391-1 DSA-4352-1 DLA-1678-1 DLA-1677-1}
	- chromium 71.0.3578.80-1
	- firefox 65.0.1-1
	- firefox-esr 60.5.1esr-1
	- thunderbird 1:60.5.1-1
	- skia <itp> (bug #818180)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18356
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18356
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18356
CVE-2018-18355 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18354 (Insufficient validate of external protocols in Shell Integration in Go ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18353 (Failure to dismiss http auth dialogs on navigation in Network Authenti ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18352 (Service works could inappropriately gain access to cross origin audio  ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18351 (Lack of proper validation of ancestor frames site when sending lax coo ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18350 (Incorrect handling of CSP enforcement during navigations in Blink in G ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18349 (Remote frame navigations was incorrectly permitted to local resources  ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18348 (Incorrect handling of bidirectional domain names with RTL characters i ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18347 (Incorrect handling of failed navigations with invalid URLs in Navigati ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18346 (Incorrect handling of alert box display in Blink in Google Chrome prio ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18345 (Incorrect handling of blob URLS in Site Isolation in Google Chrome pri ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18344 (Inappropriate allowance of the setDownloadBehavior devtools protocol f ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18343 (Incorrect handing of paths leading to a use after free in Skia in Goog ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18342 (Execution of user supplied Javascript during object deserialization ca ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18341 (An integer overflow leading to a heap buffer overflow in Blink in Goog ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18340 (Incorrect object lifecycle in MediaRecorder in Google Chrome prior to  ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18339 (Incorrect object lifecycle in WebAudio in Google Chrome prior to 71.0. ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18338 (Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome pri ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18337 (Incorrect handling of stylesheets leading to a use after free in Blink ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18336 (Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.35 ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-18335 (Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 al ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
	- firefox-esr <not-affected> (Only affects MacOS specific which had Canvas 2D acceleration enabled)
	- thunderbird <not-affected> (Only affects MacOS specific which had Canvas 2D acceleration enabled)
	- skia <itp> (bug #818180)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18335
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18335
CVE-2018-18334 (A vulnerability in the Private Browser of Trend Micro Dr. Safety for A ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18333 (A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer)  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18332 (A Trend Micro OfficeScan XG weak file permissions vulnerability may al ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18331 (A Trend Micro OfficeScan XG weak file permissions vulnerability on a p ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18330 (An Address Bar Spoofing vulnerability in Trend Micro Dr. Safety for An ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18329 (A KERedirect Untrusted Pointer Dereference Privilege Escalation vulner ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18328 (A KERedirect Untrusted Pointer Dereference Privilege Escalation vulner ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18327 (A KERedirect Untrusted Pointer Dereference Privilege Escalation vulner ...)
	NOT-FOR-US: Trend Micro
CVE-2018-18326 (DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption ...)
	NOT-FOR-US: DNN
CVE-2018-18325 (DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorith ...)
	NOT-FOR-US: DNN
CVE-2018-18324 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via t ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18323 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local Fil ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18322 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command I ...)
	NOT-FOR-US: CentOS Web Panel
CVE-2018-18321
	RESERVED
CVE-2018-18320 (** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6 ...)
	NOT-FOR-US: Merlin.PHP component for Asuswrt-Merlin devices
CVE-2018-18319 (** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6 ...)
	NOT-FOR-US: Merlin.PHP component for Asuswrt-Merlin devices
CVE-2018-18318 (The /dev/block/mmcblk0rpmb driver kernel module on Qiku 360 Phone N6 P ...)
	NOT-FOR-US: Qiku 360 Phone
CVE-2018-18317 (DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.ht ...)
	NOT-FOR-US: DESHANG DSCMS
CVE-2018-18316 (emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. ...)
	NOT-FOR-US: emlog
CVE-2018-18315 (com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to u ...)
	NOT-FOR-US: lemon, different from src:lemon
CVE-2018-18314 (Perl before 5.26.3 has a buffer overflow via a crafted regular express ...)
	{DSA-4347-1}
	- perl 5.28.0-3
	[jessie] - perl <not-affected> (Vulnerable code introduced later)
	NOTE: https://rt.perl.org/Ticket/Display.html?id=131649
	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/19a498a461d7c81ae3507c450953d1148efecf4f
CVE-2018-18313 (Perl before 5.26.3 has a buffer over-read via a crafted regular expres ...)
	{DSA-4347-1}
	- perl 5.28.0-3
	[jessie] - perl <not-affected> (Vulnerable code introduced later)
	NOTE: https://rt.perl.org/Ticket/Display.html?id=133192
	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
CVE-2018-18312 (Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via  ...)
	{DSA-4347-1}
	- perl 5.28.1-1
	[jessie] - perl <not-affected> (Vulnerable code introduced later)
	NOTE: https://rt.perl.org/Ticket/Display.html?id=133423
	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/9b0464aa670d0a59bda5b75d54f2a6b6f9d1288a
CVE-2018-18311 (Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via  ...)
	{DSA-4347-1 DLA-1601-1}
	- perl 5.28.1-1
	NOTE: https://rt.perl.org/Ticket/Display.html?id=133204
	NOTE: Introduced by: https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
	NOTE: maint-5.28: https://perl5.git.perl.org/perl.git/commitdiff/0589f071dc6836de80b24fd798c3336c72ead850
CVE-2018-18310 (An invalid memory address dereference was discovered in dwfl_segment_r ...)
	{DLA-1689-1}
	- elfutils 0.175-1 (bug #911083)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=20f9de9b5f704cec55df92406a50bcbcfca96acd
CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181022-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23770
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f
	NOTE: binutils not covered by security support
CVE-2018-18308 (In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been  ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-18307 (A Stored XSS vulnerability has been discovered in version 4.1.0 of Alc ...)
	NOT-FOR-US: AlchemyCMS
CVE-2018-18306
	RESERVED
CVE-2018-18305
	RESERVED
CVE-2018-18304
	RESERVED
CVE-2018-18303
	RESERVED
CVE-2018-18302
	RESERVED
CVE-2018-18301
	RESERVED
CVE-2018-18300
	RESERVED
CVE-2018-18299
	RESERVED
CVE-2018-18298
	RESERVED
CVE-2018-18297
	RESERVED
CVE-2018-18296 (MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in a ...)
	NOT-FOR-US: MetInfo
CVE-2018-18295
	RESERVED
CVE-2018-18294
	RESERVED
CVE-2018-18293
	RESERVED
CVE-2018-18292
	RESERVED
CVE-2018-18291 (A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.38 ...)
	NOT-FOR-US: ASUS RT-AC58U devices
CVE-2018-18290 (** DISPUTED ** An issue was discovered in nc-cms through 2017-03-10. i ...)
	NOT-FOR-US: nc-cms
CVE-2018-18289 (The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allow ...)
	NOT-FOR-US: Zabbix Plugin for Confluence
CVE-2018-18288 (CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redi ...)
	NOT-FOR-US: CrushFTP
CVE-2018-18287 (On ASUS RT-AC58U 3.0.0.4.380_6516 devices, remote attackers can discov ...)
	NOT-FOR-US: ASUS RT-AC58U devices
CVE-2018-18286 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could  ...)
	NOT-FOR-US: CMG Suite
CVE-2018-18285 (SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could  ...)
	NOT-FOR-US: CMG Suite
CVE-2018-18284 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sand ...)
	{DSA-4336-1 DLA-1552-1}
	- ghostscript 9.25~dfsg-3 (bug #911175)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699963
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1696
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/16/2
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=8d19fdf63f91f50466b08f23e2d93d37a4c5ea0b
CVE-2018-18283
	RESERVED
CVE-2018-18282 (Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. ...)
	NOT-FOR-US: Next.js
CVE-2018-18281 (Since Linux kernel version 3.2, the mremap() syscall performs TLB flus ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.135-1
	NOTE: https://git.kernel.org/linus/eb66ae030829605d61fbef1909ce310e29f78821
CVE-2018-18280
	RESERVED
CVE-2018-18279
	RESERVED
CVE-2018-18278
	RESERVED
CVE-2018-18277
	RESERVED
CVE-2018-18276 (XSS exists in the ProFiles 1.5 component for Joomla! via the name or p ...)
	NOT-FOR-US: ProFiles for Joomla!
CVE-2018-18275
	RESERVED
CVE-2018-18274 (A issue was found in pdfalto 0.2. There is a heap-based buffer overflo ...)
	NOT-FOR-US: pdfalto
CVE-2018-18273
	RESERVED
CVE-2018-18272
	RESERVED
CVE-2018-18271 (XSS exists in CMS Made Simple version 2.2.7 via the m1_extra parameter ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-18270 (XSS exists in CMS Made Simple version 2.2.7 via the m1_news_url parame ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-18269
	RESERVED
CVE-2018-18268
	RESERVED
CVE-2018-18267
	RESERVED
CVE-2018-18266
	RESERVED
CVE-2018-18265
	RESERVED
CVE-2018-18264 (Kubernetes Dashboard before 1.10.1 allows attackers to bypass authenti ...)
	NOT-FOR-US: Kubernetes Dashboard
CVE-2018-18263
	RESERVED
CVE-2018-18262 (Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. ...)
	NOT-FOR-US: Zoho
CVE-2018-18261 (In waimai Super Cms 20150505, there is an XSS vulnerability via the /a ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-18260 (In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Th ...)
	NOT-FOR-US: Camaleon CMS
CVE-2018-18259 (Stored XSS has been discovered in version 1.0.12 of the LUYA CMS softw ...)
	NOT-FOR-US: LUYA CMS
CVE-2018-18258 (An issue was discovered in BageCMS 3.1.3. The attacker can execute arb ...)
	NOT-FOR-US: BageCMS
CVE-2018-18257 (An issue was discovered in BageCMS 3.1.3. An attacker can delete any f ...)
	NOT-FOR-US: BageCMS
CVE-2018-18256 (An issue was discovered in CapMon Access Manager 5.4.1.1005. A regular ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18255 (An issue was discovered in CapMon Access Manager 5.4.1.1005. The clien ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18254 (An issue was discovered in CapMon Access Manager 5.4.1.1005. An unpriv ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18253 (An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunEle ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18252 (An issue was discovered in CapMon Access Manager 5.4.1.1005. CALRunEle ...)
	NOT-FOR-US: CapMon Access Manager
CVE-2018-18251 (Deltek Vision 7.x before 7.6 permits the execution of any attacker sup ...)
	NOT-FOR-US: Deltek Vision
CVE-2018-18250 (Icinga Web 2 before 2.6.2 allows parameters that break navigation dash ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt
CVE-2018-18249 (Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives  ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt
CVE-2018-18248 (Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir  ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt
CVE-2018-18247 (Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add i ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180029.txt
CVE-2018-18246 (Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisabl ...)
	- icingaweb2 2.6.2-1
	[stretch] - icingaweb2 <no-dsa> (Minor issue)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt
CVE-2018-18245 (Nagios Core 4.4.2 has XSS via the alert summary reports of plugin resu ...)
	{DLA-1615-1}
	- nagios4 4.3.4-3 (unimportant; bug #917138)
	- nagios3 <removed> (unimportant)
	NOTE: https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180026.txt
	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/602
	NOTE: Fixed by: https://github.com/NagiosEnterprises/nagioscore/commit/0329033db9a1d0954c304f209ea88824e8f78b8a
	NOTE: No real security impact, plugins need to be trusted to begin with
CVE-2018-18244 (Cross-site scripting in syslog.html in VIVOTEK Network Camera Series p ...)
	NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18243
	RESERVED
CVE-2018-18242 (youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrate ...)
	NOT-FOR-US: youke365
CVE-2018-18241
	RESERVED
CVE-2018-18240 (Pippo through 1.11.0 allows remote code execution via a command to jav ...)
	NOT-FOR-US: Pippo
CVE-2018-18239
	RESERVED
CVE-2018-18238
	RESERVED
CVE-2018-18237
	RESERVED
CVE-2018-18236
	RESERVED
CVE-2018-18235
	RESERVED
CVE-2018-18234
	RESERVED
CVE-2018-18233
	RESERVED
CVE-2018-18232
	RESERVED
CVE-2018-18231
	RESERVED
CVE-2018-18230
	RESERVED
CVE-2018-18229
	RESERVED
CVE-2018-18228
	RESERVED
CVE-2018-18227 (In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol di ...)
	{DSA-4359-1}
	- wireshark 2.6.4-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, mswsp support added in v1.99.9)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15119
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d443be449a52f95df5754adc39e1f3472fec2f03
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-47.html
CVE-2018-18226 (In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could c ...)
	{DSA-4359-1}
	- wireshark 2.6.4-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15171
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6e920ddc3cad2886ef07ca1a8e50e2a5c50986f7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-48.html
CVE-2018-18225 (In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was  ...)
	{DSA-4359-1}
	- wireshark 2.6.4-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, 2.31-continue-code added in v2.1.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15172
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=09a02cc1ea6de9f6c6cae75b3510a5477ef5f555
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-49.html
CVE-2018-18224 (A vulnerability exists in the file reading procedure in Open Design Al ...)
	NOT-FOR-US: Open Design Alliance Drawings
CVE-2018-18223 (Open Design Alliance Drawings SDK 2019Update1 has a vulnerability duri ...)
	NOT-FOR-US: Open Design Alliance Drawings
CVE-2018-18222
	RESERVED
CVE-2018-18221
	RESERVED
CVE-2018-18220
	RESERVED
CVE-2018-18219
	RESERVED
CVE-2018-18218
	RESERVED
CVE-2018-18217
	RESERVED
CVE-2018-18216
	RESERVED
CVE-2018-18215 (In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can  ...)
	NOT-FOR-US: youke365
CVE-2018-18214
	RESERVED
CVE-2018-18213
	RESERVED
CVE-2018-18212
	RESERVED
CVE-2018-18211 (PbootCMS 1.2.1 has SQL injection via the HTTP POST data to the api.php ...)
	NOT-FOR-US: PbootCMS
CVE-2018-18210 (XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=s ...)
	NOT-FOR-US: DiliCMS
CVE-2018-18209 (XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=s ...)
	NOT-FOR-US: DiliCMS
CVE-2018-18208 (Virtualmin 6.03 allows XSS via the query string, as demonstrated by th ...)
	NOT-FOR-US: Virtualmin
CVE-2018-18207 (Virtualmin 6.03 allows Frame Injection via the settings-editor_read.cg ...)
	NOT-FOR-US: Virtualmin
CVE-2018-18206 (In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discove ...)
	NOT-FOR-US: Bytom
CVE-2018-18205 (Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sen ...)
	NOT-FOR-US: Topvision CC8800 CMTS C-E devices
CVE-2018-18204
	RESERVED
CVE-2018-18203 (A vulnerability in the update mechanism of Subaru StarLink Harman head ...)
	NOT-FOR-US: Subaru
CVE-2018-18202 (The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modul ...)
	NOT-FOR-US: IBM
CVE-2018-18201 (qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&amp;action=ad ...)
	NOT-FOR-US: qibosoft
CVE-2018-18200 (There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4. ...)
	NOT-FOR-US: REDAXO
CVE-2018-18199 (Mediamanager in REDAXO before 5.6.4 has XSS. ...)
	NOT-FOR-US: REDAXO
CVE-2018-18198 (The $opener_input_field variable in addons/mediapool/pages/index.php i ...)
	NOT-FOR-US: REDAXO
CVE-2018-18197 (An issue was discovered in libgig 4.1.0. There is an operator new[] fa ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-18196 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-18195 (An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-ze ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-18194 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-18193 (An issue was discovered in libgig 4.1.0. There is operator new[] failu ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-18192 (An issue was discovered in libgig 4.1.0. There is a NULL pointer deref ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-18191 (Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member ...)
	NOT-FOR-US: FineCms
CVE-2018-18190 (An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a  ...)
	NOT-FOR-US: GoPro gpmf-parser
CVE-2018-18189
	RESERVED
CVE-2018-18188
	RESERVED
CVE-2018-18187
	RESERVED
CVE-2018-18186
	RESERVED
CVE-2018-18185
	RESERVED
CVE-2018-18184
	RESERVED
CVE-2018-18183
	RESERVED
CVE-2018-18182
	RESERVED
CVE-2018-18181
	RESERVED
CVE-2018-18180
	RESERVED
CVE-2018-18179
	RESERVED
CVE-2018-18178
	RESERVED
CVE-2018-18177
	RESERVED
CVE-2018-18176
	RESERVED
CVE-2018-18175
	RESERVED
CVE-2018-18174
	RESERVED
CVE-2018-18173
	RESERVED
CVE-2018-18172
	RESERVED
CVE-2018-18171
	RESERVED
CVE-2018-18170
	RESERVED
CVE-2018-18169
	RESERVED
CVE-2018-18168
	RESERVED
CVE-2018-18167
	RESERVED
CVE-2018-18166
	RESERVED
CVE-2018-18165
	RESERVED
CVE-2018-18164
	RESERVED
CVE-2018-18163
	RESERVED
CVE-2018-18162
	RESERVED
CVE-2018-18161
	RESERVED
CVE-2018-18160
	RESERVED
CVE-2018-18159
	RESERVED
CVE-2018-18158
	RESERVED
CVE-2018-18157
	RESERVED
CVE-2018-18156
	RESERVED
CVE-2018-18155
	RESERVED
CVE-2018-18154
	RESERVED
CVE-2018-18153
	RESERVED
CVE-2018-18152
	RESERVED
CVE-2018-18151
	RESERVED
CVE-2018-18150
	RESERVED
CVE-2018-18149
	RESERVED
CVE-2018-18148
	RESERVED
CVE-2018-18147
	RESERVED
CVE-2018-18146
	RESERVED
CVE-2018-18145
	RESERVED
CVE-2018-18144
	RESERVED
CVE-2018-18143
	RESERVED
CVE-2018-18142
	RESERVED
CVE-2018-18141
	RESERVED
CVE-2018-18140
	RESERVED
CVE-2018-18139
	RESERVED
CVE-2018-18138
	RESERVED
CVE-2018-18137
	RESERVED
CVE-2018-18136
	RESERVED
CVE-2018-18135
	RESERVED
CVE-2018-18134
	RESERVED
CVE-2018-18133
	RESERVED
CVE-2018-18132
	RESERVED
CVE-2018-18131
	RESERVED
CVE-2018-18130
	RESERVED
CVE-2018-18129
	RESERVED
CVE-2018-18128
	RESERVED
CVE-2018-18127
	RESERVED
CVE-2018-18126
	RESERVED
CVE-2018-18125
	RESERVED
CVE-2018-18124
	RESERVED
CVE-2018-18123
	RESERVED
CVE-2018-18122
	RESERVED
CVE-2018-18121
	RESERVED
CVE-2018-18120
	RESERVED
CVE-2018-18119
	RESERVED
CVE-2018-18118
	RESERVED
CVE-2018-18117
	RESERVED
CVE-2018-18116
	RESERVED
CVE-2018-18115
	RESERVED
CVE-2018-18114
	RESERVED
CVE-2018-18113
	RESERVED
CVE-2018-18112
	RESERVED
CVE-2018-18111
	RESERVED
CVE-2018-18110
	RESERVED
CVE-2018-18109
	RESERVED
CVE-2018-18108
	RESERVED
CVE-2018-18107
	RESERVED
CVE-2018-18106
	RESERVED
CVE-2018-18105
	RESERVED
CVE-2018-18104
	RESERVED
CVE-2018-18103
	RESERVED
CVE-2018-18102
	RESERVED
CVE-2018-18101
	RESERVED
CVE-2018-18100
	RESERVED
CVE-2018-18099
	RESERVED
CVE-2018-18098 (Improper file verification in install routine for Intel(R) SGX SDK and ...)
	NOT-FOR-US: Intel
CVE-2018-18097 (Improper directory permissions in Intel Solid State Drive Toolbox befo ...)
	NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2018-18096 (Improper memory handling in Intel QuickAssist Technology for Linux (al ...)
	NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-18095 (Improper authentication in firmware for Intel(R) SSD DC S4500 Series a ...)
	NOT-FOR-US: Intel
CVE-2018-18094 (Improper directory permissions in installer for Intel(R) Media SDK bef ...)
	NOT-FOR-US: Intel
CVE-2018-18093 (Improper file permissions in the installer for Intel VTune Amplifier 2 ...)
	NOT-FOR-US: Intel VTune Amplifier
CVE-2018-18092
	RESERVED
CVE-2018-18091 (Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for W ...)
	NOT-FOR-US: Intel
CVE-2018-18090 (Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Wind ...)
	NOT-FOR-US: Intel
CVE-2018-18089 (Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver ...)
	NOT-FOR-US: Intel
CVE-2018-18088 (OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imageto ...)
	{DSA-4405-1 DLA-1579-1}
	- openjpeg2 2.3.0-2 (low; bug #910763)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1152
	NOTE: https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2
CVE-2018-18087 (The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user ...)
	NOT-FOR-US: Bixie Portfolio plugin for Pagekit
CVE-2018-18086 (EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadI ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-18085
	RESERVED
CVE-2018-18084 (An issue was discovered in DuomiCMS 3.0. SQL injection exists in the a ...)
	NOT-FOR-US: DuomiCMS
CVE-2018-18083 (An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is  ...)
	NOT-FOR-US: DuomiCMS
CVE-2018-18082 (XSS exists in Waimai Super Cms 20150505 via the fname parameter to the ...)
	NOT-FOR-US: Waimai Super Cms
CVE-2018-18081
	RESERVED
CVE-2018-18080
	RESERVED
CVE-2018-18079
	RESERVED
CVE-2018-18078
	RESERVED
CVE-2018-18077
	RESERVED
CVE-2018-18076
	RESERVED
CVE-2018-18075 (WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or nu ...)
	NOT-FOR-US: WikidForum
CVE-2018-18074 (The Requests package before 2.20.0 for Python sends an HTTP Authorizat ...)
	- requests 2.20.0-1 (low; bug #910766)
	[stretch] - requests <no-dsa> (Minor issue)
	[jessie] - requests <postponed> (Minor issue)
	NOTE: https://github.com/requests/requests/issues/4716
	NOTE: https://github.com/requests/requests/pull/4718
	NOTE: https://github.com/requests/requests/commit/c45d7c49ea75133e52ab22a8e9e13173938e36ff
CVE-2018-18073 (Artifex Ghostscript allows attackers to bypass a sandbox protection me ...)
	{DSA-4336-1 DLA-1552-1}
	- ghostscript 9.25~dfsg-3 (bug #910758)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1690
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699927
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/10/12
CVE-2018-18072
	RESERVED
CVE-2018-18071 (An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 ...)
	NOT-FOR-US: Daimler Mercedes-Benz Me app for iOS
CVE-2018-18070 (An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12  ...)
	NOT-FOR-US: Daimler Mercedes-Benz COMAND on Mercedes-Benz C-Class 2018 vehicles
CVE-2018-18069 (process_forms in the WPML (aka sitepress-multilingual-cms) plugin thro ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-18068 (The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ a ...)
	NOT-FOR-US: ARM-based hardware debugging feature on Raspberry Pi 3 module B+ (and possibly other devices)
CVE-2018-18067
	RESERVED
CVE-2018-18066 (snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NU ...)
	- net-snmp 5.7.3+dfsg-1.1
	[jessie] - net-snmp 5.7.2.1+dfsg-1+deb8u1
	NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
	NOTE: The same commit as for other CVEs (CVE-2018-1000116, CVE-2015-5621) adresses this
	NOTE: issue, but might still not be just a duplicate but an independent issue fixed with
	NOTE: same commit.
CVE-2018-18065 (_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has ...)
	{DSA-4314-1 DLA-1540-1}
	- net-snmp 5.7.3+dfsg-4 (bug #910638)
	NOTE: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos
	NOTE: https://sourceforge.net/p/net-snmp/code/ci/7ffb8e25a0db851953155de91f0170e9bf8c457d/
CVE-2018-18064 (cairo through 1.15.14 has an out-of-bounds stack-memory write during p ...)
	- cairo <unfixed> (low; bug #916083)
	[bullseye] - cairo <ignored> (Minor issue)
	[buster] - cairo <ignored> (Minor issue)
	[stretch] - cairo <no-dsa> (Minor issue)
	[jessie] - cairo <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/341
CVE-2018-18063
	RESERVED
CVE-2018-18062 (An issue was discovered in dialog.php in tecrail Responsive FileManage ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-18061 (An issue was discovered in dialog.php in tecrail Responsive FileManage ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-18060 (An issue was discovered in Bitdefender Engines before 7.76808. A vulne ...)
	NOT-FOR-US: Bitdefender
CVE-2018-18059 (An issue was discovered in Bitdefender Engines before 7.76675. A vulne ...)
	NOT-FOR-US: Bitdefender
CVE-2018-18058 (An issue was discovered in Bitdefender Engines before 7.76662. A vulne ...)
	NOT-FOR-US: Bitdefender
CVE-2018-18057
	RESERVED
CVE-2018-18056 (An issue was discovered in the Texas Instruments (TI) TM4C, MSP432E an ...)
	NOT-FOR-US: Texas Instruments
CVE-2018-1000810 (The Rust Programming Language Standard Library version 1.29.0, 1.28.0, ...)
	- rustc 1.30.0+dfsg1-1
	[stretch] - rustc <not-affected> (Introduced in 1.26)
	[jessie] - rustc <not-affected> (Vulnerable code not present)
	NOTE: https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html
	NOTE: https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0
CVE-2018-1000809 (privacyIDEA version 2.23.1 and earlier contains a Improper Input Valid ...)
	NOT-FOR-US: privacyIDEA
CVE-2018-1000808 (Python Cryptographic Authority pyopenssl version Before 17.5.0 contain ...)
	- pyopenssl 17.5.0-1 (low)
	[stretch] - pyopenssl <no-dsa> (Minor issue)
	[jessie] - pyopenssl <no-dsa> (Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method)
	NOTE: https://github.com/pyca/pyopenssl/pull/723
	NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000807 (Python Cryptographic Authority pyopenssl version prior to version 17.5 ...)
	- pyopenssl 17.5.0-1
	[stretch] - pyopenssl <no-dsa> (Minor issue)
	[jessie] - pyopenssl <no-dsa> (Minor issue, but also requires at least cryptography 2.1.4 which exposes the X509_up_ref method)
	NOTE: https://github.com/pyca/pyopenssl/pull/723
	NOTE: https://github.com/pyca/pyopenssl/commit/e73818600065821d588af475b024f4eb518c3509
CVE-2018-1000805 (Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 con ...)
	{DLA-1556-1}
	- paramiko 2.4.2-0.1 (bug #910760)
	[stretch] - paramiko <no-dsa> (Minor issue)
	NOTE: https://github.com/paramiko/paramiko/issues/1283
	NOTE: https://github.com/paramiko/paramiko/commit/56c96a659658acdbb873aef8809a7b508434dcce
CVE-2018-1000804 (contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL ( ...)
	NOT-FOR-US: contiki-ng
CVE-2018-1000803 (Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability  ...)
	- gitea <removed>
	NOTE: https://github.com/go-gitea/gitea/pull/4664
	NOTE: https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57
CVE-2018-18055
	RESERVED
CVE-2018-18054
	RESERVED
CVE-2018-18053
	RESERVED
CVE-2018-18052
	RESERVED
CVE-2018-18051
	RESERVED
CVE-2018-18050
	RESERVED
CVE-2018-18049
	RESERVED
CVE-2018-18048
	RESERVED
CVE-2018-18047
	RESERVED
CVE-2018-18046
	RESERVED
CVE-2018-18045
	RESERVED
CVE-2018-18044
	RESERVED
CVE-2018-18043
	RESERVED
CVE-2018-18042
	RESERVED
CVE-2018-18041
	RESERVED
CVE-2018-18040
	RESERVED
CVE-2018-18039
	RESERVED
CVE-2018-18038
	RESERVED
CVE-2018-18037
	RESERVED
CVE-2018-18036
	RESERVED
CVE-2018-18035 (A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 cou ...)
	NOT-FOR-US: OpenEMR
CVE-2018-18034
	RESERVED
CVE-2018-18033
	RESERVED
CVE-2018-18032
	RESERVED
CVE-2018-18031
	RESERVED
CVE-2018-18030
	RESERVED
CVE-2018-18029 (Navigate CMS has Stored XSS via the navigate.php Title field in an edi ...)
	NOT-FOR-US: Navigate CMS
CVE-2018-18028
	RESERVED
CVE-2018-18027
	RESERVED
CVE-2018-18026 (IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower  ...)
	NOT-FOR-US: IObit Malware Fighter
CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
	{DLA-2366-1 DLA-1574-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (low; bug #911435)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1335
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a22fc0c8837838e60daecc0bf01648f359dd6fd
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/394b3e6edf74d1337ce338927da053bb40c00ae9
CVE-2018-18024 (In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPI ...)
	{DLA-2333-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (low)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1337
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/948f1c86d649a29df08a38d2ff8b91cdf3e92b82
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/b268ce7a59440972f4476b9fd98104b6a836d971
CVE-2018-18023 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in ...)
	- imagemagick 8:6.9.10.14+dfsg-1
	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1336
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5d71e23b853461dd3628cd1218834fcf13938365
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a5db4873626f702d2ddd8bc293573493e0a412c0
CVE-2018-18022
	RESERVED
CVE-2018-18020 (In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and ...)
	- qpdf 9.0.0-1
	[buster] - qpdf <no-dsa> (Minor issue)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/243
	NOTE: https://github.com/qpdf/qpdf/commit/cf469d789024cdda41684f1ea48b41829b98c242
CVE-2018-1000806
	REJECTED
CVE-2018-18019 (XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPre ...)
	NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2018-18018 (SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 f ...)
	NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2018-18017 (XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPre ...)
	NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2018-18016 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage  ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1049
CVE-2018-18015
	RESERVED
CVE-2018-18014 (** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10 ...)
	NOT-FOR-US: Citrix
CVE-2018-18013 (** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening ...)
	NOT-FOR-US: Citrix
CVE-2018-18012
	RESERVED
CVE-2018-18011
	RESERVED
CVE-2018-18010
	RESERVED
CVE-2018-18009 (dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthen ...)
	NOT-FOR-US: D-Link
CVE-2018-18008 (spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote un ...)
	NOT-FOR-US: D-Link
CVE-2018-18007 (atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated at ...)
	NOT-FOR-US: D-Link
CVE-2018-18006 (Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Win ...)
	NOT-FOR-US: Ricoh myPrint application
CVE-2018-18005 (Cross-site scripting in event_script.js in VIVOTEK Network Camera Seri ...)
	NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18004 (Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Se ...)
	NOT-FOR-US: VIVOTEK Network Camera
CVE-2018-18003
	RESERVED
CVE-2018-18002
	RESERVED
CVE-2018-18001
	RESERVED
CVE-2018-18000
	RESERVED
CVE-2018-17999
	RESERVED
CVE-2018-17998
	RESERVED
CVE-2018-17997 (LayerBB 1.1.1 allows XSS via the titles of conversations (PMs). ...)
	NOT-FOR-US: LayerBB
CVE-2018-17996 (LayerBB before 1.1.3 allows CSRF for adding a user via admin/new_user. ...)
	NOT-FOR-US: LayerBB
CVE-2018-17995
	RESERVED
CVE-2018-17994
	RESERVED
CVE-2018-17993
	RESERVED
CVE-2018-17992
	RESERVED
CVE-2018-17991
	RESERVED
CVE-2018-17990 (An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. ...)
	NOT-FOR-US: D-Link
CVE-2018-17989 (A stored XSS vulnerability exists in the web interface on D-Link DSL-3 ...)
	NOT-FOR-US: D-Link
CVE-2018-17988 (LayerBB 1.1.1 has SQL Injection via the search.php search_query parame ...)
	NOT-FOR-US: LayerBB
CVE-2018-17987 (The determineWinner function of a smart contract implementation for Ha ...)
	NOT-FOR-US: Some Ethereum application
CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password ...)
	NOT-FOR-US: razorCMS
CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 ...)
	NOT-FOR-US: ISPConfig
CVE-2018-17982
	RESERVED
CVE-2018-17981 (Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the int ...)
	NOT-FOR-US: Lifesize Express
CVE-2018-17980 (NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain  ...)
	NOT-FOR-US: NoMachine
CVE-2018-17983 (cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read du ...)
	- mercurial 4.7.2-1 (unimportant)
	[jessie] - mercurial <not-affected> (Vulnerable code not present)
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901
	NOTE: Crash in CLI tool, no security impact
CVE-2018-17979
	RESERVED
CVE-2018-17978
	RESERVED
CVE-2018-17977 (The Linux kernel 4.14.67 mishandles certain interaction among XFRM Net ...)
	- linux <unfixed> (unimportant)
	NOTE: Needs major rework on protocol level to fix. Exploitable (likely) only with CAP_NET_ADMIN.
CVE-2018-17976 (An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/51581
CVE-2018-17975 (An issue was discovered in GitLab Community Edition 11.x before 11.1.8 ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/50744
CVE-2018-17974 (An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer  ...)
	- tcpreplay 4.3.1-1 (bug #910598)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/486
CVE-2018-17973
	RESERVED
CVE-2018-17971
	RESERVED
CVE-2018-17970
	RESERVED
CVE-2018-17972 (An issue was discovered in the proc_pid_stack function in fs/proc/base ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.135-1
	NOTE: https://marc.info/?l=linux-fsdevel&m=153806242024956&w=2
	NOTE: https://git.kernel.org/linus/f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7
CVE-2018-17969 (Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attacke ...)
	NOT-FOR-US: Samsung SCX-6545X V2.00.03.01 03-23-2012 devices
CVE-2018-17968 (A gambling smart contract implementation for RuletkaIo, an Ethereum ga ...)
	NOT-FOR-US: RuletkaIo
CVE-2018-17967 (ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage i ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1051
CVE-2018-17966 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage  ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1050
CVE-2018-17965 (ImageMagick 7.0.7-28 has a memory leak vulnerability in WriteSGIImage  ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1052
CVE-2018-17964 (Aryanic HighPortal 12.5 has XSS via an Add Tags action. ...)
	NOT-FOR-US: Aryanic HighPortal
CVE-2018-17963 (qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes grea ...)
	{DSA-4338-1 DLA-1599-1}
	- qemu 1:3.1+dfsg-1 (bug #911469)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1592a9947036d60dde5404204a5d45975133caf5
CVE-2018-17962 (Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because  ...)
	{DSA-4338-1 DLA-1599-1}
	- qemu 1:3.1+dfsg-1 (bug #911468)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03268.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b1d80d12c5f7ff081bb80ab4f4241d4248691192
CVE-2018-17961 (Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sand ...)
	{DSA-4336-1 DLA-1552-1}
	- ghostscript 9.25~dfsg-3 (bug #910678)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1682
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/09/4
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d02bbc620bcba9b1c208462a876afb
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94b708be24758287b606154daaaed9
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63aa4ac6874234fe8cd63e72077291
CVE-2018-17960 (CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source ...)
	- ckeditor 4.11.1+dfsg-1 (low)
	[stretch] - ckeditor <no-dsa> (Minor issue)
	[jessie] - ckeditor <ignored> (Minor issue)
	- fckeditor <removed>
CVE-2018-17959
	RESERVED
CVE-2018-17958 (Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c b ...)
	{DSA-4454-1 DLA-1646-1}
	- qemu 1:3.1+dfsg-1 (bug #911499)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03269.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1a326646fef38782e5542280040ec3ea23e4a730
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
CVE-2018-17957 (The YaST2 RMT module for configuring the SUSE Repository Mirroring Too ...)
	NOT-FOR-US: YaST2 RMT module
CVE-2018-17956 (In yast2-samba-provision up to and including version 1.0.1 the passwor ...)
	NOT-FOR-US: yast2-samba-provision
CVE-2018-17955 (In yast2-multipath before version 4.1.1 a static temporary filename al ...)
	NOT-FOR-US: yast2-multipath
CVE-2018-17954 (A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack ...)
	NOT-FOR-US: crowbar
CVE-2018-17953 (A incorrect variable in a SUSE specific patch for pam_access rule matc ...)
	- pam <not-affected> (Issue introduced by SUSE specific patch)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1115640
	NOTE: Issue introduced by SUSE specific patch (pam-hostnames-in-access_conf.patch)
	NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/pam-hostnames-in-access_conf.patch
	NOTE: And fixed with (use-correct-IP-address.patch)
	NOTE: https://build.opensuse.org/package/view_file/Linux-PAM/pam/use-correct-IP-address.patch
CVE-2018-17952 (Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 ...)
	NOT-FOR-US: eDirectory
CVE-2018-17951
	RESERVED
CVE-2018-17950 (Incorrect enforcement of authorization checks in eDirectory prior to 9 ...)
	NOT-FOR-US: eDirectory
CVE-2018-17949 (Cross site scripting vulnerability in iManager prior to 3.1 SP2. ...)
	NOT-FOR-US: iManager
CVE-2018-17948 (An open redirect vulnerability exists in the Access Manager Identity P ...)
	NOT-FOR-US: Microfocus
CVE-2018-17947 (The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text ...)
	NOT-FOR-US: WordPress plugin snazzy-maps
CVE-2018-17946 (The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress ha ...)
	NOT-FOR-US: WordPress plugin slideshow-gallery
CVE-2018-17945
	RESERVED
CVE-2018-17944 (On certain Lexmark devices that communicate with an LDAP or SMTP serve ...)
	NOT-FOR-US: Lexmark
CVE-2018-17943
	RESERVED
CVE-2018-17942 (The convert_to_decimal function in vasnprintf.c in Gnulib before 2018- ...)
	{DLA-1543-1}
	- gnulib 20140202+stable-3.1 (low; bug #910757)
	[stretch] - gnulib 20140202+stable-2+deb9u1
	NOTE: pspp affecting bug: https://savannah.gnu.org/bugs/?func=detailitem&item_id=54686
	NOTE: https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html
	NOTE: https://github.com/coreutils/gnulib/commit/278b4175c9d7dd47c1a3071554aac02add3b3c35
CVE-2018-17941
	RESERVED
CVE-2018-17940
	RESERVED
CVE-2018-17939 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/51956
CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content spoofing via ...)
	NOT-FOR-US: Zimbra
CVE-2018-17937 (gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open  ...)
	{DLA-1738-1}
	[experimental] - gpsd 3.18.1-1
	- gpsd 3.17-6 (low; bug #925327)
	[stretch] - gpsd <no-dsa> (Minor issue)
	NOTE: http://git.savannah.nongnu.org/cgit/gpsd.git/commit/?id=7646cbd04055a50b157312ba6b376e88bd398c19
CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the upload  ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before 00.0A use f ...)
	NOT-FOR-US: Telecrane
CVE-2018-17934 (NUUO CMS All versions 3.3 and prior the application allows external in ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may al ...)
	NOT-FOR-US: VGo Robot
CVE-2018-17932 (JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, . ...)
	NOT-FOR-US: JUUKO K-800
CVE-2018-17931 (If an attacker has physical access to the VGo Robot (Versions 3.0.3.52 ...)
	NOT-FOR-US: VGo Robot
CVE-2018-17930 (A stack-based buffer overflow vulnerability has been identified in Tel ...)
	NOT-FOR-US: Teledyne DALSA Sherlock
CVE-2018-17929 (In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and pr ...)
	NOT-FOR-US: TPEditor
CVE-2018-17928 (The product CMS-770 (Software Versions 1.7.1 and prior)is vulnerable t ...)
	NOT-FOR-US: ABB CMS-770
CVE-2018-17927 (In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and pr ...)
	NOT-FOR-US: TPEditor
CVE-2018-17926 (The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions  ...)
	NOT-FOR-US: ABB M2M ETHERNET
CVE-2018-17925 (Multiple instances of this vulnerability (Unsafe ActiveX Control Marke ...)
	NOT-FOR-US: Gigasoft
CVE-2018-17924 (Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix  ...)
	NOT-FOR-US: Rockwell
CVE-2018-17923 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to  ...)
	NOT-FOR-US: SAGA1-L8B
CVE-2018-17922 (Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials ...)
	NOT-FOR-US: Circontrol CirCarLife
CVE-2018-17921 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to  ...)
	NOT-FOR-US: SAGA1-L8B
CVE-2018-17920
	RESERVED
CVE-2018-17919 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud  ...)
	NOT-FOR-US: P2P Cloud Server
CVE-2018-17918 (Circontrol CirCarLife all versions prior to 4.3.1, authentication to t ...)
	NOT-FOR-US: Circontrol CirCarLife
CVE-2018-17917 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud  ...)
	NOT-FOR-US: P2P Cloud Server
CVE-2018-17916 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (f ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2018-17915 (All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud  ...)
	NOT-FOR-US: P2P Cloud Server
CVE-2018-17914 (InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (f ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2018-17913 (A type confusion vulnerability exists when processing project files in ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-17912 (An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when ...)
	NOT-FOR-US: CASE Suite
CVE-2018-17911 (LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buf ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17910 (WebAccess Versions 8.3.2 and prior. The application fails to properly  ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-17909 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0  ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-17908 (WebAccess Versions 8.3.2 and prior. During installation, the applicati ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-17907 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0  ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-17906 (Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and Int ...)
	NOT-FOR-US: Philips
CVE-2018-17905 (When processing project files in Omron CX-Supervisor Versions 3.4.1.0  ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-17904 (Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerabi ...)
	NOT-FOR-US: Reliance 4 SCADA/HMI
CVE-2018-17903 (SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to  ...)
	NOT-FOR-US: SAGA1-L8B
CVE-2018-17902 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versi ...)
	NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17901 (LAquis SCADA Versions 4.1.0.3870 and prior, when processing project fi ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17900 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versi ...)
	NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17899 (LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulner ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17898 (Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versio ...)
	NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17897 (LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflo ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17896 (Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versi ...)
	NOT-FOR-US: Yokogawa STARDOM Controllers
CVE-2018-17895 (LAquis SCADA Versions 4.1.0.3870 and prior has several out-of-bounds r ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17894 (NUUO CMS all versions 3.1 and prior, The application creates default a ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17893 (LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer de ...)
	NOT-FOR-US: LAquis SCADA
CVE-2018-17892 (NUUO CMS all versions 3.1 and prior, The application implements a meth ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17891 (Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running  ...)
	NOT-FOR-US: Carestream Vue RIS, RIS Client Builds
CVE-2018-17890 (NUUO CMS all versions 3.1 and prior, The application uses insecure and ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17889 (In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior a ...)
	NOT-FOR-US: PI Studio HMI
CVE-2018-17888 (NUUO CMS all versions 3.1 and prior, The application uses a session id ...)
	NOT-FOR-US: NUUO CMS
CVE-2018-17887
	RESERVED
CVE-2018-17886 (An issue was discovered in JEESNS 1.3. The XSS filter in com.lxinet.je ...)
	NOT-FOR-US: JEESNS
CVE-2018-17885
	RESERVED
CVE-2018-17883
	RESERVED
	- otrs2 6.0.12-1
	[stretch] - otrs2 <not-affected> (Only affects 6.x)
	[jessie] - otrs2 <not-affected> (Only affects 6.x)
	NOTE: https://community.otrs.com/security-advisory-2018-06-security-update-for-otrs-framework/
	NOTE: https://github.com/OTRS/otrs/commit/40bbcc261a77c2f4c0383658cd99c07d577179ce
CVE-2018-18021 (arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on th ...)
	{DSA-4313-1 DLA-1715-1}
	- linux 4.18.10-2
	[jessie] - linux <ignored> (arm64 not supported in jessie LTS)
	NOTE: https://git.kernel.org/linus/d26c25a9d19b5976b319af528886f89cf455692d
	NOTE: https://git.kernel.org/linus/2a3f93459d689d990b3ecfbe782fec89b97d3279
CVE-2018-17884 (XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (g ...)
	NOT-FOR-US: WordPress plugin gwolle-gb
CVE-2018-17882 (An Integer overflow vulnerability exists in the batchTransfer function ...)
	NOT-FOR-US: CryptoBotsBattle
CVE-2018-17881 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allow ...)
	NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17880 (On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allow ...)
	NOT-FOR-US: D-Link DIR-823G 2018-09-19 devices
CVE-2018-17879
	RESERVED
CVE-2018-17878
	RESERVED
CVE-2018-17877 (A lottery smart contract implementation for Greedy 599, an Ethereum ga ...)
	NOT-FOR-US: Greedy 599
CVE-2018-17876 (A Stored XSS vulnerability has been discovered in the v5.5.0 version o ...)
	NOT-FOR-US: Coaster CMS
CVE-2018-17875
	RESERVED
CVE-2018-17874 (ExpressionEngine before 4.3.5 has reflected XSS. ...)
	NOT-FOR-US: ExpressionEngine
CVE-2018-17873 (An incorrect access control vulnerability in the FTP configuration of  ...)
	NOT-FOR-US: WifiRanger
CVE-2018-17872 (Verba Collaboration Compliance and Quality Management Platform before  ...)
	NOT-FOR-US: Verba Collaboration Compliance and Quality Management Platform
CVE-2018-17871 (Verba Collaboration Compliance and Quality Management Platform before  ...)
	NOT-FOR-US: Verba Collaboration Compliance and Quality Management Platform
CVE-2018-17870 (An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" paramet ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-17869 (DASAN H660GW devices do not implement any CSRF protection mechanism. ...)
	NOT-FOR-US: DASAN H660GW devices
CVE-2018-17868 (DASAN H660GW devices have Stored XSS in the Port Forwarding functional ...)
	NOT-FOR-US: DASAN H660GW devices
CVE-2018-17867 (The Port Forwarding functionality on DASAN H660GW devices allows remot ...)
	NOT-FOR-US: DASAN H660GW device
CVE-2018-17866 (Multiple cross-site scripting (XSS) vulnerabilities in includes/core/u ...)
	NOT-FOR-US: "Ultimate Member - User Profile & Membership" plugin for WordPress
CVE-2018-17865
	RESERVED
CVE-2018-17864
	RESERVED
CVE-2018-17863
	RESERVED
CVE-2018-17862
	RESERVED
CVE-2018-17861
	RESERVED
CVE-2018-17860 (Cloudera CDH has Insecure Permissions because ALL cannot be revoked.Th ...)
	NOT-FOR-US: Cloudera
CVE-2018-17859 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks in ...)
	NOT-FOR-US: Joomla!
CVE-2018-17858 (An issue was discovered in Joomla! before 3.8.13. com_installer action ...)
	NOT-FOR-US: Joomla!
CVE-2018-17857 (An issue was discovered in Joomla! before 3.8.13. Inadequate checks on ...)
	NOT-FOR-US: Joomla!
CVE-2018-17856 (An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate all ...)
	NOT-FOR-US: Joomla!
CVE-2018-17855 (An issue was discovered in Joomla! before 3.8.13. If an attacker gets  ...)
	NOT-FOR-US: Joomla!
CVE-2018-17854 (SIMDComp before 0.1.1 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: SIMDComp
CVE-2018-17853
	RESERVED
CVE-2018-17852 (A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/cou ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-17851
	REJECTED
CVE-2018-17850
	REJECTED
CVE-2018-17849 (Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Up ...)
	NOT-FOR-US: Navigate CMS
CVE-2018-17848 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles  ...)
	- golang-golang-x-net-dev 1:0.0+git20181201.351d144+dfsg-3 (bug #911795)
	[stretch] - golang-golang-x-net-dev <not-affected> (Vulnerable code not present)
	- golang-go.net-dev <removed>
	[jessie] - golang-go.net-dev <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/27846
	NOTE: https://github.com/golang/net/commit/4b62a64f59f73840b9ab79204c94fee61cd1ba2c
CVE-2018-17847 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles  ...)
	- golang-golang-x-net-dev 1:0.0+git20181201.351d144+dfsg-3 (bug #911795)
	[stretch] - golang-golang-x-net-dev <not-affected> (Vulnerable code not present)
	- golang-go.net-dev <removed>
	[jessie] - golang-go.net-dev <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/27846
	NOTE: https://github.com/golang/net/commit/4b62a64f59f73840b9ab79204c94fee61cd1ba2c
CVE-2018-17846 (The html package (aka x/net/html) through 2018-09-25 in Go mishandles  ...)
	- golang-golang-x-net-dev 1:0.0+git20181201.351d144+dfsg-3 (bug #911795)
	[stretch] - golang-golang-x-net-dev <not-affected> (Vulnerable code not present)
	- golang-go.net-dev <removed>
	[jessie] - golang-go.net-dev <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/27842
	NOTE: https://github.com/golang/net/commit/d26f9f9a57f3fab6a695bec0d84433c2c50f8bbf
CVE-2018-17845
	RESERVED
CVE-2018-17844
	RESERVED
CVE-2018-17843 (SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Soft ...)
	NOT-FOR-US: ADD Clicking MLM
CVE-2018-17842 (SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hot ...)
	NOT-FOR-US: Scriptzee Hotel Booking Engine
CVE-2018-17841 (SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the ...)
	NOT-FOR-US: Scriptzee Flippa Marketplace Clone
CVE-2018-17840 (SQL injection exists in Scriptzee Education Website 1.0 via the colleg ...)
	NOT-FOR-US: Scriptzee Education Website
CVE-2018-17839
	RESERVED
CVE-2018-17838 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read oper ...)
	NOT-FOR-US: JTBC
CVE-2018-17837 (An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file deletion  ...)
	NOT-FOR-US: JTBC
CVE-2018-17836 (An issue was discovered in JTBC(PHP) 3.0.1.6. It allows remote attacke ...)
	NOT-FOR-US: JTBC
CVE-2018-17835 (An issue was discovered in GetSimple CMS 3.3.15. An administrator can  ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-17834
	RESERVED
CVE-2018-17833
	RESERVED
CVE-2018-17832 (XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-17831 (In REDAXO before 5.6.3, a critical SQL injection vulnerability has bee ...)
	NOT-FOR-US: REDAXO
CVE-2018-17830 (The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 ...)
	NOT-FOR-US: REDAXO
CVE-2018-17829
	RESERVED
CVE-2018-17828 (Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers  ...)
	- zziplib <unfixed> (unimportant)
	NOTE: https://github.com/gdraheim/zziplib/issues/62
	NOTE: unzzipcat-mem not installed into the binary packages
CVE-2018-17827 (HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by ...)
	NOT-FOR-US: HisiPHP
CVE-2018-17826 (HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add ...)
	NOT-FOR-US: HisiPHP
CVE-2018-17825 (An issue was discovered in AdPlug 2.3.1. There are several double-free ...)
	{DLA-1534-1}
	- adplug 2.2.1+dfsg3-1 (low; bug #910534)
	[stretch] - adplug <ignored> (Minor issue)
	NOTE: https://github.com/adplug/adplug/issues/67
	NOTE: https://github.com/adplug/adplug/commit/19ebb61bf92262dc1868de10ba5a211db249ce76
CVE-2018-17824
	RESERVED
CVE-2018-17823
	RESERVED
CVE-2018-17822
	RESERVED
CVE-2018-17821
	RESERVED
CVE-2018-17820
	RESERVED
CVE-2018-17819
	RESERVED
CVE-2018-17818
	RESERVED
CVE-2018-17817
	RESERVED
CVE-2018-17816
	RESERVED
CVE-2018-17815
	RESERVED
CVE-2018-17814
	RESERVED
CVE-2018-17813
	RESERVED
CVE-2018-17812
	RESERVED
CVE-2018-17811
	RESERVED
CVE-2018-17810
	RESERVED
CVE-2018-17809
	RESERVED
CVE-2018-17808
	RESERVED
CVE-2018-17807
	RESERVED
CVE-2018-17806
	RESERVED
CVE-2018-17805
	RESERVED
CVE-2018-17804
	RESERVED
CVE-2018-17803
	RESERVED
CVE-2018-17802
	RESERVED
CVE-2018-17801
	RESERVED
CVE-2018-17800
	RESERVED
CVE-2018-17799
	RESERVED
CVE-2018-17798 (An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote  ...)
	NOT-FOR-US: zzcms
CVE-2018-17797 (An issue was discovered in zzcms 8.3. user/zssave.php allows remote at ...)
	NOT-FOR-US: zzcms
CVE-2018-17796 (An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The Web ...)
	NOT-FOR-US: MRCMS
CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier  ...)
	- tiff 4.0.9-2
	[stretch] - tiff 4.0.8-2+deb9u2
	[jessie] - tiff 4.0.3-12.3+deb8u5
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2816
	NOTE: Similar issue as CVE-2017-9935 but not considered the same, but adressed
	NOTE: with same commit.
	NOTE: https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
CVE-2018-17794 (An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-17793
	REJECTED
CVE-2018-17792 (MDaemon Webmail (formerly WorldClient) has CSRF. ...)
	NOT-FOR-US: MDaemon Webmail
CVE-2018-17791 (Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an " ...)
	NOT-FOR-US: Newgen OmniFlow Intelligent Business Process Suite
CVE-2018-17790 (Prospecta Master Data Online (MDO) 2.0 has Stored XSS. ...)
	NOT-FOR-US: Prospecta Master Data Online (MDO)
CVE-2018-17789 (Prospecta Master Data Online (MDO) allows CSRF. ...)
	NOT-FOR-US: Prospecta Master Data Online (MDO)
CVE-2018-17788
	RESERVED
CVE-2018-17787 (On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Co ...)
	NOT-FOR-US: D-Link DIR-823G devices
CVE-2018-17786 (On D-Link DIR-823G devices, ExportSettings.sh, upload_settings.cgi, Ge ...)
	NOT-FOR-US: D-Link DIR-823G devices
CVE-2018-17785 (In blynk-server in Blynk before 0.39.7, Directory Traversal exists via ...)
	NOT-FOR-US: blynk-server in Blynk
CVE-2018-17784 (Multiple vulnerabilities in YUI and FlashCanvas embedded in SugarCRM C ...)
	NOT-FOR-US: SugarCRM
CVE-2018-17783 (A cross-site scripting (XSS) vulnerability in the Edit Filter page (ma ...)
	- mantis <removed>
	NOTE: https://mantisbt.org/blog/archives/mantisbt/613
	NOTE: https://mantisbt.org/bugs/view.php?id=24814
CVE-2018-17782 (A cross-site scripting (XSS) vulnerability in the Manage Filters page  ...)
	- mantis <removed>
	NOTE: https://mantisbt.org/blog/archives/mantisbt/613
	NOTE: https://mantisbt.org/bugs/view.php?id=24813
CVE-2018-17781 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigg ...)
	NOT-FOR-US: Foxit
CVE-2018-17780 (Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on  ...)
	- telegram-desktop 1.4.0-1
	NOTE: https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
	NOTE: https://github.com/telegramdesktop/tdesktop/commit/c4ca180745300e3d1ac755341e9879fca9087b74
CVE-2018-17779
	RESERVED
CVE-2018-17778
	RESERVED
CVE-2018-17777 (An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If  ...)
	NOT-FOR-US: D-Link
CVE-2018-17776 (PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGR ...)
	NOT-FOR-US: PCProtect Anti-Virus
CVE-2018-17775 (Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PR ...)
	NOT-FOR-US: Seqrite End Point Security
CVE-2018-17774 (Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This  ...)
	NOT-FOR-US: Ingenico
CVE-2018-17773 (Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK ...)
	NOT-FOR-US: Ingenico
CVE-2018-17772 (Ingenico Telium 2 POS terminals allow arbitrary code execution via the ...)
	NOT-FOR-US: Ingenico
CVE-2018-17771 (Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This i ...)
	NOT-FOR-US: Ingenico
CVE-2018-17770 (Ingenico Telium 2 POS terminals have a buffer overflow via the RemoteP ...)
	NOT-FOR-US: Ingenico
CVE-2018-17769 (Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 co ...)
	NOT-FOR-US: Ingenico
CVE-2018-17768 (Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This  ...)
	NOT-FOR-US: Ingenico
CVE-2018-17767 (Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This i ...)
	NOT-FOR-US: Ingenico
CVE-2018-17766 (Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrict ...)
	NOT-FOR-US: Ingenico
CVE-2018-17765 (Ingenico Telium 2 POS terminals have undeclared TRACE protocol command ...)
	NOT-FOR-US: Ingenico
CVE-2018-17764
	RESERVED
CVE-2018-17763
	RESERVED
CVE-2018-17762
	RESERVED
CVE-2018-17761
	RESERVED
CVE-2018-17760
	RESERVED
CVE-2018-17759
	RESERVED
CVE-2018-17758
	RESERVED
CVE-2018-17757
	RESERVED
CVE-2018-17756
	RESERVED
CVE-2018-17755
	RESERVED
CVE-2018-17754
	RESERVED
CVE-2018-17753
	RESERVED
CVE-2018-17752
	RESERVED
CVE-2018-17751
	RESERVED
CVE-2018-17750
	RESERVED
CVE-2018-17749
	RESERVED
CVE-2018-17748
	RESERVED
CVE-2018-17747
	RESERVED
CVE-2018-17746
	RESERVED
CVE-2018-17745
	RESERVED
CVE-2018-17744
	RESERVED
CVE-2018-17743
	RESERVED
CVE-2018-17742
	RESERVED
CVE-2018-17741
	RESERVED
CVE-2018-17740
	RESERVED
CVE-2018-17739
	RESERVED
CVE-2018-17738
	RESERVED
CVE-2018-17737
	RESERVED
CVE-2018-17736
	RESERVED
CVE-2018-17735
	RESERVED
CVE-2018-17734
	RESERVED
CVE-2018-17733
	RESERVED
CVE-2018-17732
	RESERVED
CVE-2018-17731
	RESERVED
CVE-2018-17730
	RESERVED
CVE-2018-17729
	RESERVED
CVE-2018-17728
	RESERVED
CVE-2018-17727
	RESERVED
CVE-2018-17726
	RESERVED
CVE-2018-17725
	RESERVED
CVE-2018-17724
	RESERVED
CVE-2018-17723
	RESERVED
CVE-2018-17722
	RESERVED
CVE-2018-17721
	RESERVED
CVE-2018-17720
	RESERVED
CVE-2018-17719
	RESERVED
CVE-2018-17718
	RESERVED
CVE-2018-17717
	RESERVED
CVE-2018-17716
	RESERVED
CVE-2018-17715
	RESERVED
CVE-2018-17714
	RESERVED
CVE-2018-17713
	RESERVED
CVE-2018-17712
	RESERVED
CVE-2018-17711
	RESERVED
CVE-2018-17710
	RESERVED
CVE-2018-17709
	RESERVED
CVE-2018-17708
	RESERVED
CVE-2018-17707 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Epic Games
CVE-2018-17706 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit PhantomPDF Phantom PDF
CVE-2018-17705 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17704 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17703 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17702 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17701 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17700 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17699 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17698 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17697 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17696 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17695 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17694 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17693 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17692 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17691 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17690 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17689 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17688 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17687 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-17686 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17685 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17684 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17683 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17682 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17681 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17680 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17679 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17678 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17677 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17676 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17675 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17674 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17673 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17672 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17671 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17670 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17669 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17668 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17667 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17666 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17665 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17664 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17663 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17662 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17661 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17660 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17659 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17658 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17657 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17656 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17655 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17654 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17653 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17652 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17651 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17650 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17649 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17648 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17647 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17646 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17645 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17644 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17643 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17642 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17641 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17640 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17639 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17638 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17637 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17636 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17635 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17634 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17633 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17632 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17631 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17630 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17629 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17628 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17627 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17626 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17625 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17624 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17623 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17622 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17621 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17620 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17619 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17618 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17616 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17615 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-17614 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Losant Arduino MQTT Client
CVE-2018-17613 (Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enab ...)
	- telegram-desktop <unfixed> (unimportant; bug #921133)
	NOTE: https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html
	NOTE: Non issue, works as expected, should probably be rejected
CVE-2018-17612 (Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) cert ...)
	NOT-FOR-US: Sennheiser
CVE-2018-17611 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17610 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17609 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17608 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17607 (Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execu ...)
	NOT-FOR-US: Foxit
CVE-2018-17606
	REJECTED
CVE-2018-17605 (An issue was discovered in the Asset Pipeline plugin before 3.0.4 for  ...)
	NOT-FOR-US: Grails plugin
CVE-2018-17604
	RESERVED
CVE-2018-17603
	RESERVED
CVE-2018-17602
	RESERVED
CVE-2018-17601
	RESERVED
CVE-2018-17600
	RESERVED
CVE-2018-17599
	RESERVED
CVE-2018-17598
	RESERVED
CVE-2018-17597
	RESERVED
CVE-2018-17596 (In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was dis ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2018-17595 (In the 5.4.0 version of the Fork CMS software, HTML Injection and Stor ...)
	NOT-FOR-US: Fork CMS
CVE-2018-17594 (AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top ...)
	NOT-FOR-US: AirTies Air 5443v2 devices
CVE-2018-17593 (AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5453 devices
CVE-2018-17592
	RESERVED
CVE-2018-17591 (AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top ...)
	NOT-FOR-US: AirTies Air 5343v2 devices
CVE-2018-17590 (AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5442 devices
CVE-2018-17589 (AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5650 devices
CVE-2018-17588 (AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5021 devices
CVE-2018-17587 (AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.h ...)
	NOT-FOR-US: AirTies Air 5750 devices
CVE-2018-17586 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rule ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2018-17585 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfa ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2018-17584 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp- ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2018-17583 (The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rule ...)
	NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2018-17582 (Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. The get ...)
	- tcpreplay 4.3.1-1 (bug #910597)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/484
	NOTE: https://github.com/appneta/tcpreplay/commit/68f67b1a3a4d319543692afb5bd5b191ec984287
CVE-2018-17581 (CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has e ...)
	{DLA-1691-1}
	- exiv2 0.27.2-6 (low; bug #910060)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/460
	NOTE: Fixed in: https://github.com/Exiv2/exiv2/commit/b3d077dcaefb6747fff8204490f33eba5a144edb
CVE-2018-17580 (A heap-based buffer over-read exists in the function fast_edit_packet( ...)
	- tcpreplay 4.3.1-1 (bug #910596)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/485
CVE-2018-17579
	RESERVED
CVE-2018-17578
	RESERVED
CVE-2018-17577
	RESERVED
CVE-2018-17576
	RESERVED
CVE-2018-17575 (SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/al ...)
	NOT-FOR-US: SWA SWA.JACAD
CVE-2018-17574 (An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in th ...)
	NOT-FOR-US: YMFE YApi
CVE-2018-17573 (The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbi ...)
	NOT-FOR-US: Wp-Insert plugin for WordPress
CVE-2018-17572 (InfluxDB 0.9.5 has Reflected XSS in the Write Data module. ...)
	- influxdb 0.9.6.1+dfsg1-1
	NOTE: https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48
CVE-2018-17571 (Vanilla before 2.6.1 allows XSS via the email field of a profile. ...)
	NOT-FOR-US: Vanilla
CVE-2018-17570 (utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an i ...)
	NOT-FOR-US: ViaBTC Exchange Server
CVE-2018-17569 (network/nw_buf.c in ViaBTC Exchange Server before 2018-08-21 has an in ...)
	NOT-FOR-US: ViaBTC Exchange Server
CVE-2018-17568 (utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an inte ...)
	NOT-FOR-US: ViaBTC Exchange Server
CVE-2018-17567 (Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 all ...)
	{DLA-1541-1}
	- jekyll 3.8.3+dfsg-3.1 (low; bug #909933)
	[stretch] - jekyll <no-dsa> (Minor issue)
	NOTE: https://github.com/jekyll/jekyll/pull/7224
	NOTE: https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/
CVE-2018-17566 (In ThinkPHP 5.1.24, the inner function delete can be used for SQL inje ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-17565 (Shell Metacharacter Injection in the SSH configuration interface on Gr ...)
	NOT-FOR-US: Grandstream GXP16xx VoIP phones
CVE-2018-17564 (A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx  ...)
	NOT-FOR-US: Grandstream GXP16xx VoIP phones
CVE-2018-17563 (A Malformed Input String to /cgi-bin/api-get_line_status on Grandstrea ...)
	NOT-FOR-US: Grandstream GXP16xx VoIP phones
CVE-2018-17562 (Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_ ...)
	NOT-FOR-US: Multi-Tech FaxFinder
CVE-2018-17561
	RESERVED
CVE-2018-17560 (The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1. ...)
	NOT-FOR-US: Grouptime Teamwire Client
CVE-2018-17559
	RESERVED
CVE-2018-17558
	RESERVED
CVE-2018-17557
	REJECTED
CVE-2018-17556 (MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Sou ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-17555 (The web component on ARRIS TG2492LG-NA 061213 devices allows remote at ...)
	NOT-FOR-US: ARRIS TG2492LG-NA 061213 devices
CVE-2018-17554
	RESERVED
CVE-2018-17553 (An "Unrestricted Upload of File with Dangerous Type" issue with direct ...)
	NOT-FOR-US: Naviwebs Navigate CMS
CVE-2018-17552 (SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote  ...)
	NOT-FOR-US: Naviwebs Navigate CMS
CVE-2018-17551
	RESERVED
CVE-2018-17550
	RESERVED
CVE-2018-17549
	RESERVED
CVE-2018-17548
	RESERVED
CVE-2018-17547
	RESERVED
CVE-2018-17546
	RESERVED
CVE-2018-17545
	RESERVED
CVE-2018-17544
	RESERVED
CVE-2018-17543
	RESERVED
CVE-2018-17542 (SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allow ...)
	NOT-FOR-US: MailSherlock
CVE-2018-17541
	RESERVED
CVE-2018-17540 (The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a  ...)
	{DSA-4309-1 DLA-1528-1}
	- strongswan 5.7.1-1
	NOTE: https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
CVE-2018-17539 (The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and  ...)
	NOT-FOR-US: BGP daemon (bgpd) in IP Infusion ZebOS and OcNOS
CVE-2018-17538 (** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15. ...)
	NOT-FOR-US: Axon Evidence Sync
CVE-2018-17537 [Persistent XSS package.json]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.4 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17536 [Persistent XSS merge request project import]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.4 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17535
	RESERVED
CVE-2018-17534 (Teltonika RUT9XX routers with firmware before 00.04.233 provide a root ...)
	NOT-FOR-US: Teltonika RUT9XX routers
CVE-2018-17533 (Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to  ...)
	NOT-FOR-US: Teltonika RUT9XX routers
CVE-2018-17532 (Teltonika RUT9XX routers with firmware before 00.04.233 are prone to m ...)
	NOT-FOR-US: Teltonika RUT9XX routers
CVE-2018-17531
	RESERVED
CVE-2018-17530
	RESERVED
CVE-2018-17529
	RESERVED
CVE-2018-17528
	RESERVED
CVE-2018-17527
	RESERVED
CVE-2018-17526
	RESERVED
CVE-2018-17525
	RESERVED
CVE-2018-17524
	RESERVED
CVE-2018-17523
	RESERVED
CVE-2018-17522
	RESERVED
CVE-2018-17521
	RESERVED
CVE-2018-17520
	RESERVED
CVE-2018-17519
	RESERVED
CVE-2018-17518
	RESERVED
CVE-2018-17517
	RESERVED
CVE-2018-17516
	RESERVED
CVE-2018-17515
	RESERVED
CVE-2018-17514
	RESERVED
CVE-2018-17513
	RESERVED
CVE-2018-17512
	RESERVED
CVE-2018-17511
	RESERVED
CVE-2018-17510
	RESERVED
CVE-2018-17509
	RESERVED
CVE-2018-17508
	RESERVED
CVE-2018-17507
	RESERVED
CVE-2018-17506
	RESERVED
CVE-2018-17505
	RESERVED
CVE-2018-17504
	RESERVED
CVE-2018-17503
	RESERVED
CVE-2018-17502 (The Receptionist for iPad could allow a local attacker to obtain sensi ...)
	NOT-FOR-US: Receptionist for iPad
CVE-2018-17501
	RESERVED
CVE-2018-17500 (Envoy Passport for Android and Envoy Passport for iPhone could allow a ...)
	NOT-FOR-US: Envoy Passport
CVE-2018-17499 (Envoy Passport for Android and Envoy Passport for iPhone could allow a ...)
	NOT-FOR-US: Envoy Passport
CVE-2018-17498
	RESERVED
CVE-2018-17497 (eVisitorPass contains default administrative credentials. An attacker  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17496 (eVisitorPass could allow a local attacker to gain elevated privileges  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17495 (eVisitorPass could allow a local attacker to gain elevated privileges  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17494 (eVisitorPass could allow a local attacker to gain elevated privileges  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17493 (eVisitorPass could allow a local attacker to gain elevated privileges  ...)
	NOT-FOR-US: eVisitorPass
CVE-2018-17492 (EasyLobby Solo contains default administrative credentials. An attacke ...)
	NOT-FOR-US: EasyLobby Solo
CVE-2018-17491 (EasyLobby Solo could allow a local attacker to gain elevated privilege ...)
	NOT-FOR-US: EasyLobby Solo
CVE-2018-17490 (EasyLobby Solo is vulnerable to a denial of service. By visiting the k ...)
	NOT-FOR-US: EasyLobby Solo
CVE-2018-17489 (EasyLobby Solo could allow a local attacker to obtain sensitive inform ...)
	NOT-FOR-US: EasyLobby Solo
CVE-2018-17488 (Lobby Track Desktop could allow a local attacker to gain elevated priv ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17487 (Lobby Track Desktop could allow a local attacker to gain elevated priv ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17486 (Lobby Track Desktop could allow a local attacker to bypass security re ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17485 (Lobby Track Desktop contains default administrative credentials. An at ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17484 (Lobby Track Desktop could allow a local attacker to obtain sensitive i ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17483 (Lobby Track Desktop could allow a local attacker to obtain sensitive i ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17482 (Lobby Track Desktop could allow a local attacker to obtain sensitive i ...)
	NOT-FOR-US: Lobby Track Desktop
CVE-2018-17481 (Incorrect object lifecycle handling in PDFium in Google Chrome prior t ...)
	{DSA-4395-1 DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-17480 (Execution of user supplied Javascript during array deserialization lea ...)
	{DSA-4352-1}
	- chromium 71.0.3578.80-1
CVE-2018-17479 (Incorrect object lifetime calculations in GPU code in Google Chrome pr ...)
	{DSA-4342-1}
	- chromium-browser 70.0.3538.110-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17478 (Incorrect array position calculations in V8 in Google Chrome prior to  ...)
	{DSA-4340-1}
	- chromium-browser 70.0.3538.102-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17477 (Incorrect dialog placement in Extensions in Google Chrome prior to 70. ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17476 (Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3 ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17475 (Incorrect handling of history on iOS in Navigation in Google Chrome pr ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17474 (Use after free in HTMLImportsController in Blink in Google Chrome prio ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17473 (Incorrect handling of confusable characters in Omnibox in Google Chrom ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17472 (Incorrect handling of googlechrome:// URL scheme on iOS in Intents in  ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17471 (Incorrect dialog placement in WebContents in Google Chrome prior to 70 ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17470 (A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 a ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17469 (Incorrect handling of PDF filter chains in PDFium in Google Chrome pri ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17468 (Incorrect handling of timer information during navigation in Blink in  ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17467 (Insufficiently quick clearing of stale rendered content in Navigation  ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17466 (Incorrect texture handling in Angle in Google Chrome prior to 70.0.353 ...)
	{DSA-4362-1 DSA-4354-1 DSA-4330-1 DLA-1624-1 DLA-1605-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-17466
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-17466
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-17466
CVE-2018-17465 (Incorrect implementation of object trimming in V8 in Google Chrome pri ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17464 (Incorrect handling of history on iOS in Navigation in Google Chrome pr ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17463 (Incorrect side effect annotation in V8 in Google Chrome prior to 70.0. ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17462 (Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538. ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17461 (An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17460 (Insufficient data validation in filesystem URIs in Google Chrome prior ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17457 (An object lifecycle issue in Blink could lead to a use after free in W ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17456 (Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x  ...)
	{DSA-4311-1 DLA-1533-1}
	- git 1:2.19.1-1
	NOTE: https://public-inbox.org/git/xmqqy3bcuy3l.fsf@gitster-ct.c.googlers.com/
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=98afac7a7cefdca0d2c4917dd8066a59f7088265
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=f6adec4e329ef0e25e14c63b735a5956dc67b8bc
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=273c61496f88c6495b886acb1041fe57965151da
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404
CVE-2018-17455 [IDOR merge request approvals]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17454 [Persistent XSS on issue details]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 9.3 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17453 [GRPC::Unknown logging token disclosure]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.4 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17452 [validate_localhost function in url_blocker.rb could be bypassed]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17451 [Slack integration CSRF Oauth2]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17450 [SSRF GCP access token disclosure]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.2 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17449 [Confidential information disclosure in events API endpoint]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 9.3 and later)
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-17448 (An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1 ...)
	NOT-FOR-US: Citrix
CVE-2018-17447 (An Information Exposure Through Log Files issue was discovered in Citr ...)
	NOT-FOR-US: Citrix
CVE-2018-17446 (A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetSc ...)
	NOT-FOR-US: Citrix
CVE-2018-17445 (A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and N ...)
	NOT-FOR-US: Citrix
CVE-2018-17444 (A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and ...)
	NOT-FOR-US: Citrix
CVE-2018-17443 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
	NOT-FOR-US: D-Link
CVE-2018-17442 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
	NOT-FOR-US: D-Link
CVE-2018-17441 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
	NOT-FOR-US: D-Link
CVE-2018-17440 (An issue was discovered on D-Link Central WiFi Manager before v 1.03r0 ...)
	NOT-FOR-US: D-Link
CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is a sta ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589
CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ...)
	- hdf5 1.10.6+repack-1 (unimportant)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587
	NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
	NOTE: Negligible security impact
CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
	- hdf5 1.10.6+repack-2 (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10588
	NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17436 (ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allo ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc
CVE-2018-17435 (A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln7#heap-overflow-in-h5o_attr_decode
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10591
CVE-2018-17434 (A SIGFPE signal is raised in the function apply_filters() of h5repack_ ...)
	- hdf5 1.10.6+repack-2 (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10586
	NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/02d03b4624122955ee3de635699a4e3880fea377
CVE-2018-17433 (A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10592
CVE-2018-17432 (A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in  ...)
	- hdf5 <unfixed>
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode
	NOTE: upstream bug tracker (not public): https://jira.hdfgroup.org/browse/HDFFV-10590
	NOTE: fix planned for HDF5-1.10.6 (will also be backported to HDF5-1.8)
CVE-2018-17431 (Web Console in Comodo UTM Firewall before 2.7.0 allows remote attacker ...)
	NOT-FOR-US: Comodo UTM
CVE-2018-17430
	RESERVED
CVE-2018-17429 (/console/account/manage.php?type=action&amp;action=add in JTBC v3.0(C) ...)
	NOT-FOR-US: JTBC
CVE-2018-17428 (An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injecti ...)
	NOT-FOR-US: OPAC EasyWeb Five
CVE-2018-17427 (SIMDComp before 0.1.0 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: SIMDComp
CVE-2018-17426 (WUZHI CMS 4.1.0 has stored XSS via the "Extension module" "SMS in stat ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-17425 (WUZHI CMS 4.1.0 has stored XSS via the "Membership Center" "I want to  ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-17424
	RESERVED
CVE-2018-17423 (An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_ ...)
	NOT-FOR-US: e107
CVE-2018-17422 (dotCMS before 5.0.2 has open redirects via the html/common/forward_js. ...)
	NOT-FOR-US: dotCMS
CVE-2018-17421 (An issue was discovered in ZrLog 2.0.3. There is stored XSS in the fil ...)
	NOT-FOR-US: ZrLog
CVE-2018-17420 (An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulne ...)
	NOT-FOR-US: ZrLog
CVE-2018-17419 (An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS  ...)
	NOT-FOR-US: Miek Gieben DNS library for Go
CVE-2018-17418 (Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP cod ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-17417
	RESERVED
CVE-2018-17416 (A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adcl ...)
	NOT-FOR-US: zzcms
CVE-2018-17415 (zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parame ...)
	NOT-FOR-US: zzcms
CVE-2018-17414 (zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass ...)
	NOT-FOR-US: zzcms
CVE-2018-17413 (XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin paramet ...)
	NOT-FOR-US: zzcms
CVE-2018-17412 (zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck. ...)
	NOT-FOR-US: zzcms
CVE-2018-17411 (An XML External Entity (XXE) vulnerability exists in iWay Data Quality ...)
	NOT-FOR-US: iWay Data Quality Suite Web Console
CVE-2018-17410 (Horus CMS allows SQL Injection, as demonstrated by a request to the /b ...)
	NOT-FOR-US: Horus CMS
CVE-2018-17409
	RESERVED
CVE-2018-17408 (Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 thr ...)
	NOT-FOR-US: Zahir Accounting Enterprise Plus
CVE-2018-17406
	RESERVED
CVE-2018-17405
	RESERVED
CVE-2018-17404 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Androi ...)
	NOT-FOR-US: SBIbuddy application
CVE-2018-17403 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3. ...)
	NOT-FOR-US: PhonePe wallet application
CVE-2018-17402 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3. ...)
	NOT-FOR-US: PhonePe wallet application
CVE-2018-17401 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3. ...)
	NOT-FOR-US: PhonePe wallet application
CVE-2018-17400 (** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3. ...)
	NOT-FOR-US: PhonePe wallet application
CVE-2018-17399 (SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via th ...)
	NOT-FOR-US: Jimtawl
CVE-2018-17398 (SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via  ...)
	NOT-FOR-US: AMGallery
CVE-2018-17397 (SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for  ...)
	NOT-FOR-US: AlphaIndex Dictionaries component for Joomla!
CVE-2018-17396
	RESERVED
CVE-2018-17395
	RESERVED
CVE-2018-17394 (SQL Injection exists in the Timetable Schedule 3.6.8 component for Joo ...)
	NOT-FOR-US: Timetable Schedule component for Joomla!
CVE-2018-17393 (SQL Injection exists in HealthNode Hospital Management System 1.0 via  ...)
	NOT-FOR-US: HealthNode Hospital Management System
CVE-2018-17392
	RESERVED
CVE-2018-17391 (SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via ...)
	NOT-FOR-US: Super Cms Blog Pro
CVE-2018-17390
	RESERVED
CVE-2018-17389 (CSRF exists in server.php in Live Call Support Application 1.5 for add ...)
	NOT-FOR-US: Live Call Support Application
CVE-2018-17388 (SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the e ...)
	NOT-FOR-US: Twilio WEB To Fax Machine System
CVE-2018-17387 (CSRF exists in Nimble Messaging Bulk SMS Marketing Application 1.0 for ...)
	NOT-FOR-US: Nimble Messaging Bulk SMS Marketing Application
CVE-2018-17386 (SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joo ...)
	NOT-FOR-US: Micro Deal Factory component for Joomla!
CVE-2018-17385 (SQL Injection exists in the Social Factory 3.8.3 component for Joomla! ...)
	NOT-FOR-US: Social Factory component for Joomla!
CVE-2018-17384 (SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! v ...)
	NOT-FOR-US: Swap Factory component for Joomla!
CVE-2018-17383 (SQL Injection exists in the Collection Factory 4.1.9 component for Joo ...)
	NOT-FOR-US: Collection Factory component for Joomla!
CVE-2018-17382 (SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! v ...)
	NOT-FOR-US: Jobs Factory component for Joomla!
CVE-2018-17381 (SQL Injection exists in the Dutch Auction Factory 2.0.2 component for  ...)
	NOT-FOR-US: Dutch Auction Factory component for Joomla!
CVE-2018-17380 (SQL Injection exists in the Article Factory Manager 4.3.9 component fo ...)
	NOT-FOR-US: Article Factory Manager component for Joomla!
CVE-2018-17379 (SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! ...)
	NOT-FOR-US: Raffle Factory component for Joomla!
CVE-2018-17378 (SQL Injection exists in the Penny Auction Factory 2.0.4 component for  ...)
	NOT-FOR-US: Penny Auction Factory component for Joomla!
CVE-2018-17377 (SQL Injection exists in the Questions 1.4.3 component for Joomla! via  ...)
	NOT-FOR-US: Questions component for Joomla!
CVE-2018-17376 (SQL Injection exists in the Reverse Auction Factory 4.3.8 component fo ...)
	NOT-FOR-US: Reverse Auction Factory component for Joomla!
CVE-2018-17375 (SQL Injection exists in the Music Collection 3.0.3 component for Jooml ...)
	NOT-FOR-US: Music Collection component for Joomla!
CVE-2018-17374 (SQL Injection exists in the Auction Factory 4.5.5 component for Joomla ...)
	NOT-FOR-US: Auction Factory component for Joomla!
CVE-2018-17373
	RESERVED
CVE-2018-17372
	RESERVED
CVE-2018-17371
	RESERVED
CVE-2018-17370
	RESERVED
CVE-2018-17369 (An issue was discovered in springboot_authority through 2017-03-06. Th ...)
	NOT-FOR-US: springboot_authority
CVE-2018-17368 (An issue was discovered in PublicCMS V4.0.180825. For an invalid login ...)
	NOT-FOR-US: PublicCMS
CVE-2018-17367
	RESERVED
CVE-2018-17366 (An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability t ...)
	NOT-FOR-US: MCMS
CVE-2018-17365 (SeaCMS 6.64 allows remote attackers to delete arbitrary files via the  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-17364 (OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via t ...)
	NOT-FOR-US: OTCMS
CVE-2018-17363
	RESERVED
CVE-2018-17362
	RESERVED
CVE-2018-17361 (Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attacker ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-17360 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181022-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23685
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf93e9c2cf8f8b2566f8fc86e961592b51b5980d
	NOTE: binutils not covered by security support
CVE-2018-17359 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181022-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102
	NOTE: binutils not covered by security support
CVE-2018-17358 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...)
	[experimental] - binutils 2.31.51.20181022-1
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102
	NOTE: binutils not covered by security support
CVE-2018-17357
	RESERVED
CVE-2018-17356
	RESERVED
CVE-2018-17355
	RESERVED
CVE-2018-17354
	RESERVED
CVE-2018-17353
	RESERVED
CVE-2018-17352
	RESERVED
CVE-2018-17351
	RESERVED
CVE-2018-17350
	RESERVED
CVE-2018-17349
	RESERVED
CVE-2018-17348
	RESERVED
CVE-2018-17347
	RESERVED
CVE-2018-17346
	RESERVED
CVE-2018-17345
	RESERVED
CVE-2018-17344
	RESERVED
CVE-2018-17343
	RESERVED
CVE-2018-17342
	RESERVED
CVE-2018-17341 (BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is  ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-17340
	RESERVED
CVE-2018-17339
	RESERVED
CVE-2018-17338 (An issue has been found in pdfalto through 0.2. It is a heap-based buf ...)
	NOT-FOR-US: pdfalto
CVE-2018-17337 (Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is r ...)
	NOT-FOR-US: Intelbras NPLUG
CVE-2018-17336 (UDisks 2.8.0 has a format string vulnerability in udisks_log in udisks ...)
	- udisks2 2.8.1-1 (bug #909607)
	[stretch] - udisks2 <not-affected> (Vulnerable code introduced later)
	[jessie] - udisks2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/storaged-project/udisks/issues/578
	NOTE: Fixed by: https://github.com/storaged-project/udisks/commit/e369a9b4b08e9373c814c05328b366c938284eb5
	NOTE: Introduced by: https://github.com/storaged-project/udisks/commit/ad2ce6714e911be58011dd6b838ec0f6fd0f950f (udisks-2.6.4)
CVE-2018-17335
	RESERVED
CVE-2018-17334 (An issue was discovered in libsvg2 through 2012-10-19. A stack-based b ...)
	NOT-FOR-US: libsvg2
CVE-2018-17333 (An issue was discovered in libsvg2 through 2012-10-19. A stack-based b ...)
	NOT-FOR-US: libsvg2
CVE-2018-17332 (An issue was discovered in libsvg2 through 2012-10-19. The svgGetNextP ...)
	NOT-FOR-US: libsvg2
CVE-2018-17331
	RESERVED
CVE-2018-17330
	RESERVED
CVE-2018-17329
	RESERVED
CVE-2018-17328
	RESERVED
CVE-2018-17327
	RESERVED
CVE-2018-17326
	RESERVED
CVE-2018-17325
	RESERVED
CVE-2018-17324
	RESERVED
CVE-2018-17323
	RESERVED
CVE-2018-17322 (Cross-site scripting (XSS) vulnerability in index.php/index/category/i ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-17321 (An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate ...)
	NOT-FOR-US: SeaCMS
CVE-2018-17320 (An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via ...)
	NOT-FOR-US: UCMS
CVE-2018-17319
	RESERVED
CVE-2018-17318
	RESERVED
CVE-2018-17317 (FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers  ...)
	NOT-FOR-US: FruityWifi
CVE-2018-17316 (On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabi ...)
	NOT-FOR-US: RICOH MP C6003 printer
CVE-2018-17315 (On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabi ...)
	NOT-FOR-US: RICOH MP C2003 printer
CVE-2018-17314 (On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vul ...)
	NOT-FOR-US: RICOH Aficio MP 305+ printer
CVE-2018-17313 (On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabil ...)
	NOT-FOR-US: RICOH MP C307 printer
CVE-2018-17312 (On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vuln ...)
	NOT-FOR-US: RICOH Aficio MP 301 printer
CVE-2018-17311 (On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vuln ...)
	NOT-FOR-US: RICOH MP C6503 Plus printer
CVE-2018-17310 (On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulne ...)
	NOT-FOR-US: RICOH MP C1803 JPN printer
CVE-2018-17309 (On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabi ...)
	NOT-FOR-US: RICOH MP C406Z printer
CVE-2018-17308
	RESERVED
CVE-2018-17307
	RESERVED
CVE-2018-17306
	RESERVED
CVE-2018-17305 (UiPath Orchestrator through 2018.2.4 allows any authenticated user to  ...)
	NOT-FOR-US: UiPath Orchestrator
CVE-2018-17304
	RESERVED
CVE-2018-17303
	RESERVED
CVE-2018-17302 (Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /# ...)
	NOT-FOR-US: EspoCRM
CVE-2018-17301 (Reflected XSS exists in client/res/templates/global-search/name-field. ...)
	NOT-FOR-US: EspoCRM
CVE-2018-17300 (Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/ ...)
	NOT-FOR-US: CuppaCMS
CVE-2018-17299
	RESERVED
CVE-2018-17298 (An issue was discovered in Enalean Tuleap before 10.5. Reset password  ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2018-17297 (The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remo ...)
	NOT-FOR-US: Hutool
CVE-2018-17296
	RESERVED
CVE-2018-17295
	RESERVED
CVE-2018-17294 (The matchCurrentInput function inside lou_translateString.c of Libloui ...)
	- liblouis 3.7.0-1
	[stretch] - liblouis <no-dsa> (Minor issue)
	[jessie] - liblouis <ignored> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/commit/5e4089659bb49b3095fa541fa6387b4c40d7396e
	NOTE: https://github.com/liblouis/liblouis/issues/635
CVE-2018-17293 (An issue was discovered in WAVM before 2018-09-16. The run function in ...)
	NOT-FOR-US: WAVM
CVE-2018-17292 (An issue was discovered in WAVM before 2018-09-16. The loadModule func ...)
	NOT-FOR-US: WAVM
CVE-2018-17291
	RESERVED
CVE-2018-17290
	RESERVED
CVE-2018-17289 (An XML external entity (XXE) vulnerability in Kofax Front Office Serve ...)
	NOT-FOR-US: Kofax Front Office Server Administration Console
CVE-2018-17288 (Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client an ...)
	NOT-FOR-US: Kofax Front Office Server
CVE-2018-17287 (In Kofax Front Office Server Administration Console 4.1.1.11.0.5212, s ...)
	NOT-FOR-US: Kofax Front Office Server Administration Console
CVE-2018-17286
	RESERVED
CVE-2018-17285
	RESERVED
CVE-2018-17284
	RESERVED
CVE-2018-17283 (Zoho ManageEngine OpManager before 12.3 Build 123196 does not require  ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-17282 (An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue: ...)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/457
	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/670fb73dd5ee8acab90971c4878de29f9fc43a02
	NOTE: Introduced with: https://github.com/Exiv2/exiv2/commit/afb98cbc6e288dc8ea75f3394a347fb9b37abc55
CVE-2018-17407 (An issue was discovered in t1_check_unusual_charstring functions in wr ...)
	{DSA-4299-1 DLA-1514-1}
	- texlive-bin 2018.20180907.48586-2 (bug #909317)
	NOTE: Fixed by: https://github.com/TeX-Live/texlive-source/commit/6ed0077520e2b0da1fd060c7f88db7b2e6068e4c
	NOTE: Introduced in: https://github.com/TeX-Live/texlive-source/commit/59cbb8f96b0543c2912d6370ce8021181661e1cf
CVE-2018-17281 (There is a stack consumption vulnerability in the res_http_websocket.s ...)
	{DSA-4320-1 DLA-1523-1}
	- asterisk 1:13.23.1~dfsg-1 (bug #909554)
	NOTE: https://downloads.asterisk.org/pub/security/AST-2018-009.html
	NOTE: :https://issues.asterisk.org/jira/browse/ASTERISK-28013
CVE-2018-17280
	REJECTED
CVE-2018-17279
	REJECTED
CVE-2018-17278
	REJECTED
CVE-2018-17277
	REJECTED
CVE-2018-17276
	REJECTED
CVE-2018-17275
	REJECTED
CVE-2018-17274
	REJECTED
CVE-2018-17273
	REJECTED
CVE-2018-17272
	REJECTED
CVE-2018-17271
	REJECTED
CVE-2018-17270
	REJECTED
CVE-2018-17269
	REJECTED
CVE-2018-17268
	REJECTED
CVE-2018-17267
	REJECTED
CVE-2018-17266
	REJECTED
CVE-2018-17265
	REJECTED
CVE-2018-17264
	REJECTED
CVE-2018-17263
	REJECTED
CVE-2018-17262
	REJECTED
CVE-2018-17261
	REJECTED
CVE-2018-17260
	REJECTED
CVE-2018-17259
	REJECTED
CVE-2018-17258
	REJECTED
CVE-2018-17257
	REJECTED
CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.1 ...)
	NOT-FOR-US: Umbraco CMS
CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter. ...)
	NOT-FOR-US: Navigate CMS
CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via th ...)
	NOT-FOR-US: JCK Editor component for Joomla!
CVE-2018-17253
	REJECTED
CVE-2018-17252
	REJECTED
CVE-2018-17251
	REJECTED
CVE-2018-17250
	REJECTED
CVE-2018-17249
	REJECTED
CVE-2018-17248
	REJECTED
CVE-2018-17247 (Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in ...)
	- elasticsearch <removed>
CVE-2018-17246 (Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file incl ...)
	- kibana <itp> (bug #700337)
CVE-2018-17245 (Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an ...)
	- kibana <itp> (bug #700337)
CVE-2018-17244 (Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the ...)
	- elasticsearch <removed>
CVE-2018-17243 (Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2018-17242
	RESERVED
CVE-2018-17241
	RESERVED
CVE-2018-17240
	RESERVED
CVE-2018-17239
	RESERVED
CVE-2018-17238
	RESERVED
CVE-2018-17237 (A SIGFPE signal is raised in the function H5D__chunk_set_info_real() o ...)
	- hdf5 1.10.6+repack-2 (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/blob/master/HDF5/README.md#divided-by-zero---h5d__chunk_set_info_real_div_by_zero
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10571 (not public)
	NOTE: does not appear in 1.10.5 release notes, but fixed in
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/4e31361dad4add06792b652dbe5b97e501f9031d
CVE-2018-17236 (The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally ...)
	- mp4v2 <removed> (bug #909277)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629453
CVE-2018-17235 (The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in li ...)
	- mp4v2 <removed> (bug #909278)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1629451
CVE-2018-17234 (Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in  ...)
	- hdf5 1.10.6+repack-2 (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10578 (not public)
	NOTE: does not appear in 1.10.5 release notes, but fixed in
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f4138013dbc6851e968ea3d37b32776538ef306b
CVE-2018-17233 (A SIGFPE signal is raised in the function H5D__create_chunk_file_map_h ...)
	- hdf5 1.10.6+repack-2 (low)
	[buster] - hdf5 <no-dsa> (Minor issue)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <ignored> (Minor issue)
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10577
	NOTE: fixed in 1.10.5, release notes: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.5/src/hdf5-1.10.5-RELEASE.txt
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/f891c38c6e724e9032a534512618b9650be76377
CVE-2018-17232 (SQL injection vulnerability in archivebot.py in docmarionum1 Slack Arc ...)
	NOT-FOR-US: docmarionum1 Slack ArchiveBot (slack-archive-bot)
CVE-2018-17231 (** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow atta ...)
	- telegram-desktop <unfixed> (unimportant)
	NOTE: Disputed as attack scenario does not cross a privilege boundary.
CVE-2018-17230 (Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to  ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/455
	NOTE: Introduced in: https://github.com/Exiv2/exiv2/commit/3d57bbc6e6036723df3c7da352e40267c90d1640
	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/afb98cbc6e288dc8ea75f3394a347fb9b37abc55
	NOTE: Some extra care needs to be applied when fixing isolately the issue in
	NOTE: experimental, as the commit afb98cbc6e288dc8ea75f3394a347fb9b37abc55
	NOTE: would introduce/uncover CVE-2018-17282.
CVE-2018-17229 (Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to c ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/453
	NOTE: Introduced in: https://github.com/Exiv2/exiv2/commit/3d57bbc6e6036723df3c7da352e40267c90d1640
	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/afb98cbc6e288dc8ea75f3394a347fb9b37abc55
	NOTE: Some extra care needs to be applied when fixing isolately the issue in
	NOTE: experimental, as the commit afb98cbc6e288dc8ea75f3394a347fb9b37abc55
	NOTE: would introduce/uncover CVE-2018-17282.
CVE-2018-17228 (nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell  ...)
	NOT-FOR-US: nmap4j
CVE-2018-17227
	RESERVED
CVE-2018-17226
	RESERVED
CVE-2018-17225
	RESERVED
CVE-2018-17224
	RESERVED
CVE-2018-17223
	RESERVED
CVE-2018-17222
	RESERVED
CVE-2018-17221
	RESERVED
CVE-2018-17220
	RESERVED
CVE-2018-17219
	RESERVED
CVE-2018-17218 (An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. The ...)
	NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-17217 (An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. The ...)
	NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-17216 (An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. The ...)
	NOT-FOR-US: PTC ThingWorx Platform
CVE-2018-17215 (An information-disclosure issue was discovered in Postman through 6.3. ...)
	NOT-FOR-US: Postman
CVE-2018-17214
	RESERVED
CVE-2018-17213 (An issue was discovered in PrinterOn Central Print Services (CPS) thro ...)
	NOT-FOR-US: PrinterOn Central Print Services
CVE-2018-17212
	RESERVED
CVE-2018-17211 (An issue was discovered in PrinterOn Central Print Services (CPS) thro ...)
	NOT-FOR-US: PrinterOn Central Print Services
CVE-2018-17210 (An issue was discovered in PrinterOn Central Print Services (CPS) thro ...)
	NOT-FOR-US: PrinterOn Central Print Services
CVE-2018-17209
	RESERVED
CVE-2018-17208 (Linksys Velop 1.1.2.187020 devices allow unauthenticated command injec ...)
	NOT-FOR-US: Linksys Velop
CVE-2018-17207 (An issue was discovered in Snap Creek Duplicator before 1.2.42. By acc ...)
	NOT-FOR-US: Snap Creek Duplicator
CVE-2018-17206 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The ...)
	{DLA-2571-1}
	- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
	[jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function)
	NOTE: https://github.com/openvswitch/ovs/commit/5026a263d7846077eee540de42192d27da513226 (master)
	NOTE: https://github.com/openvswitch/ovs/commit/20626d38c1a1d4cebb5a6911ea3cb6a7f4f993f8 (branch-2.8)
	NOTE: https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8 (branch-2.7)
	NOTE: https://github.com/openvswitch/ovs/commit/ee47d61ba1c97cf67a68f0191dec1f93bfafc0a0 (branch-2.6)
CVE-2018-17205 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...)
	- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
	[stretch] - openvswitch <not-affected> (Vulnerable code introduced later)
	[jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function)
	NOTE: https://github.com/openvswitch/ovs/commit/9a0ac025de9303334688ff08f01fc08604d2f624 (master)
	NOTE: https://github.com/openvswitch/ovs/commit/638d406e3b647359f3d82189d7a6ee56b4a54928 (branch-2.8)
	NOTE: https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6 (branch-2.7)
CVE-2018-17204 (An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, aff ...)
	{DLA-2571-1}
	- openvswitch 2.10.0+2018.08.28+git.8ca7c82b7d+ds1-1
	[jessie] - openvswitch <not-affected> (Vulnerable code does not exist; no such function)
	NOTE: https://github.com/openvswitch/ovs/commit/9740d81d94888cb158fa99a9366fe2b32b3e4aaa (master)
	NOTE: https://github.com/openvswitch/ovs/commit/8976ea1d680ab7a2d726a50e5666aa8fefd24168 (branch-2.8)
	NOTE: https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde (branch-2.7)
	NOTE: https://github.com/openvswitch/ovs/commit/fbe37f3ccc819a044a500fb5da13d3e53596c2a7 (branch-2.6)
	NOTE: ovs-vswitchd does not enable support for OpenFlow 1.5 by default.
CVE-2018-17203
	REJECTED
CVE-2018-17202 (Certain input files could make the code to enter into an infinite loop ...)
	NOTE: Apache Commons Imaging
CVE-2018-17201 (Certain input files could make the code hang when Apache Sanselan 0.97 ...)
	NOTE: Apache Commons Imaging
CVE-2018-17200 (The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngi ...)
	NOT-FOR-US: Apache OFBiz
CVE-2018-17199 (In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks ...)
	{DSA-4422-1 DLA-1647-1}
	- apache2 2.4.38-1 (low; bug #920303)
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/3
	NOTE: 2.4.x http://svn.apache.org/r1851409
	NOTE: 2.5.x http://svn.apache.org/r1850947
CVE-2018-17198 (Server-side Request Forgery (SSRF) and File Enumeration vulnerability  ...)
	NOT-FOR-US: Apache Roller
CVE-2018-17197 (A carefully crafted or corrupt sqlite file can cause an infinite loop  ...)
	- tika 1.20-1
	[jessie] - tika <not-affected> (Only affects 1.8 to 1.19.1)
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/22/2
CVE-2018-17196 (In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to ...)
	- kafka <itp> (bug #786460)
CVE-2018-17195 (The template upload API endpoint accepted requests from different doma ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-17194 (When a client request to a cluster node was replicated to other nodes  ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-17193 (The message-page.jsp error page used the value of the HTTP request hea ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-17192 (The X-Frame-Options headers were applied inconsistently on some HTTP r ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-17191 (Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PA ...)
	- netbeans 10.0-1
	[stretch] - netbeans <ignored> (Nashorn module is not enabled. Javascript support is incomplete)
	NOTE: Fixed upstream in version 10.0
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/30/1
CVE-2018-17190 (In all versions of Apache Spark, its standalone resource manager accep ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-17189 (In Apache HTTP server versions 2.4.37 and prior, by sending request bo ...)
	{DSA-4422-1}
	- apache2 2.4.38-1 (low; bug #920302)
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/22/2
	NOTE: https://svn.apache.org/r1851329
CVE-2018-17188 (Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configurat ...)
	- couchdb <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/17/1
CVE-2018-17187 (The Apache Qpid Proton-J transport includes an optional wrapper layer  ...)
	- qpid-proton 0.22.0-1 (unimportant)
	NOTE: https://qpid.apache.org/cves/CVE-2018-17187.html
	NOTE: https://issues.apache.org/jira/browse/PROTON-1962
	NOTE: https://github.com/apache/qpid-proton-j/commit/0cb8ca03cec42120dcfc434561592d89a89a805e
	NOTE: Up to 0.17.0-rc1 upstream proton-j was included in the qpid-proton distribution
	NOTE: but then moved out to a own repository.
	NOTE: Cf. https://github.com/apache/qpid-proton/commit/ccdcf32932f04b387da9d4dbd810da29cae223aa
CVE-2018-17186 (An administrator with workflow definition entitlements can use DTD to  ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-17185
	REJECTED
CVE-2018-17184 (A malicious user with enough administration entitlements can inject ht ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-17182 (An issue was discovered in the Linux kernel through 4.18.8. The vmacac ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.10-1
	NOTE: https://git.kernel.org/linus/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2
	NOTE: https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html
CVE-2018-17181 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection ...)
	NOT-FOR-US: OpenEMR
CVE-2018-17180 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. Directory Tra ...)
	NOT-FOR-US: OpenEMR
CVE-2018-17179 (An issue was discovered in OpenEMR before 5.0.1 Patch 7. There is SQL  ...)
	NOT-FOR-US: OpenEMR
CVE-2018-17178 (An issue was discovered on Neato Botvac Connected 2.2.0 devices. They  ...)
	NOT-FOR-US: Neato Botvac Connected devices
CVE-2018-17177 (An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85  ...)
	NOT-FOR-US: Neato Botvac Connected and Botvac 85 devices
CVE-2018-17176 (A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. ...)
	NOT-FOR-US: Neato Botvac Connected devices
CVE-2018-17175 (In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Py ...)
	- python-marshmallow 3.0.0b14-1 (bug #909140)
	NOTE: https://github.com/marshmallow-code/marshmallow/issues/772
CVE-2018-17174 (A stack-based buffer overflow was discovered in the xtimor NMEA librar ...)
	NOT-FOR-US: nmealib
CVE-2018-17173 (LG SuperSign CMS allows remote attackers to execute arbitrary code via ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-17172 (The web application on Xerox AltaLink B80xx before 100.008.028.05200,  ...)
	NOT-FOR-US: Xerox
CVE-2018-17171
	RESERVED
CVE-2018-17170 (Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allo ...)
	NOT-FOR-US: Grouptime Teamwire Desktop Client
CVE-2018-17169 (An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4  ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17168 (PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forger ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17167 (PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored  ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-17166
	RESERVED
CVE-2018-17165
	RESERVED
CVE-2018-17164
	RESERVED
CVE-2018-17163
	REJECTED
CVE-2018-17162
	REJECTED
CVE-2018-17161 (In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r ...)
	NOT-FOR-US: FreeBSD bootpd
CVE-2018-17160 (In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficie ...)
	NOT-FOR-US: FreeBSD bhyve
CVE-2018-17159 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS se ...)
	NOT-FOR-US: FreeBSD nfs server
CVE-2018-17158 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
	NOT-FOR-US: FreeBSD nfs server
CVE-2018-17157 (In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer ...)
	NOT-FOR-US: FreeBSD nfs server
CVE-2018-17156 (In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to inc ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-EN-18:13.icmp.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-17155 (In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE- ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-17154 (In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-1000802 (Python Software Foundation Python (CPython) version 2.7 contains a CWE ...)
	{DSA-4306-1 DLA-1520-1 DLA-1519-1}
	- python3.7 <not-affected> (Fixed before initial upload)
	- python3.6 <not-affected> (Fixed before initial upload)
	- python3.5 <not-affected> (Fixed before initial upload)
	- python3.4 <removed>
	- python2.7 2.7.15-5 (bug #909673)
	NOTE: https://bugs.python.org/issue34540
	NOTE: https://github.com/python/cpython/commit/d8b103b8b3ef9644805341216963a64098642435
	NOTE: Later versions did remove _call_external_zip with
	NOTE: https://github.com/python/cpython/commit/a0934b2c1b939fdebee8dc18d49a0f6c52324773
	NOTE: which used distutils.spawn.
	NOTE: PoC: https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig
CVE-2018-17153 (It was discovered that the Western Digital My Cloud device before 2.30 ...)
	NOT-FOR-US: Western Digital My Cloud device
CVE-2018-17152 (Intersystems Cache 2017.2.2.865.0 allows XXE. ...)
	NOT-FOR-US: Intersystems Cache
CVE-2018-17151 (Intersystems Cache 2017.2.2.865.0 has Incorrect Access Control. ...)
	NOT-FOR-US: Intersystems Cache
CVE-2018-17150 (Intersystems Cache 2017.2.2.865.0 allows XSS. ...)
	NOT-FOR-US: Intersystems Cache
CVE-2018-17149
	RESERVED
CVE-2018-17148 (An Insufficient Access Control vulnerability (leading to credential di ...)
	NOT-FOR-US: Nagios XI
CVE-2018-17147 (Nagios XI before 5.5.4 has XSS in the auto login admin management page ...)
	NOT-FOR-US: Nagios XI
CVE-2018-17146 (A cross-site scripting vulnerability exists in Nagios XI before 5.5.4  ...)
	NOT-FOR-US: Nagios XI
CVE-2018-17145 (Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16 ...)
	- bitcoin 0.16.2~dfsg-1
	NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145
CVE-2018-17144 (Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x be ...)
	- bitcoin 0.16.3~dfsg-1
	- litecoin 0.16.3-1
	NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17144
CVE-2018-17143 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles  ...)
	- golang-golang-x-net-dev <not-affected> (Vulnerable code introduced later)
	- golang-go.net-dev <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/golang/go/issues/27704
	NOTE: Fixed by: https://github.com/golang/net/commit/2f5d2388922f370f4355f327fcf4cfe9f5583908
	NOTE: Introduced by: https://github.com/golang/net/commit/500e7a4f953ddaf55d316b4d3adc516aa0379622
CVE-2018-17142 (The html package (aka x/net/html) through 2018-09-17 in Go mishandles  ...)
	- golang-golang-x-net-dev <not-affected> (Vulnerable code introduced later)
	- golang-go.net-dev <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/golang/go/issues/27702
	NOTE: Fixed by: https://github.com/golang/net/commit/cf3bd585ca2a5a21b057abd8be7eea2204af89d0
	NOTE: Introduced by: https://github.com/golang/net/commit/500e7a4f953ddaf55d316b4d3adc516aa0379622
CVE-2018-17141 (HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arb ...)
	{DSA-4298-1 DLA-1515-1}
	- hylafax 3:6.0.6-8.1 (bug #909161)
	NOTE: http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36
CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS v ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which leads to ...)
	NOT-FOR-US: UltimatePOS
CVE-2018-17138 (The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS v ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-17137 (Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 prese ...)
	NOT-FOR-US: Prezi Next
CVE-2018-17136 (zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php vi ...)
	NOT-FOR-US: zzcms
CVE-2018-17135
	RESERVED
CVE-2018-17134 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ar ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17133 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ar ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17132 (admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute  ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17131 (admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute ar ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17130 (PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header, ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-17129 (MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/a ...)
	NOT-FOR-US: MetInfo
CVE-2018-17128 (A Persistent XSS issue was discovered in the Visual Editor in MyBB bef ...)
	NOT-FOR-US: MyBB
CVE-2018-17127 (blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_327 ...)
	NOT-FOR-US: ASUS
CVE-2018-17126 (CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_ ...)
	NOT-FOR-US: CScms
CVE-2018-17125 (CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring ...)
	NOT-FOR-US: CScms
CVE-2018-17124
	RESERVED
CVE-2018-17123
	RESERVED
CVE-2018-17122
	RESERVED
CVE-2018-17121
	RESERVED
CVE-2018-17120
	RESERVED
CVE-2018-17119
	RESERVED
CVE-2018-17118
	RESERVED
CVE-2018-17117
	RESERVED
CVE-2018-17116
	RESERVED
CVE-2018-17115
	RESERVED
CVE-2018-17114
	RESERVED
CVE-2018-17113 (App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.s ...)
	NOT-FOR-US: EasyCMS
CVE-2018-17112
	RESERVED
CVE-2018-17111 (The onlyOwner modifier of a smart contract implementation for Coinlanc ...)
	NOT-FOR-US: onlyOwner modifier of a smart contract implementation for Coinlancer (CL)
CVE-2018-17110 (Simple POS 4.0.24 allows SQL Injection via a products/get_products/ co ...)
	NOT-FOR-US: Simple POS
CVE-2018-17109
	RESERVED
CVE-2018-17108 (The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Androi ...)
	NOT-FOR-US: SBIbuddy
CVE-2018-17107 (In Tgstation tgstation-server 3.2.4.0 through 3.2.1.0 (fixed in 3.2.5. ...)
	NOT-FOR-US: Tgstation tgstation-server
CVE-2018-17106 (In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable ...)
	NOT-FOR-US: Tinyftpd
CVE-2018-17105
	RESERVED
CVE-2018-17104 (An issue was discovered in Microweber 1.0.7. There is a CSRF attack (a ...)
	NOT-FOR-US: Microweber
CVE-2018-17103 (** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-17102 (An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta ...)
	NOT-FOR-US: QuickAppsCMS
CVE-2018-17101 (An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds  ...)
	{DSA-4349-1 DLA-1557-1}
	- tiff 4.0.9+git181026-1 (bug #909037)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2807
	NOTE: https://gitlab.com/libtiff/libtiff/commit/f1b94e8a3ba49febdd3361c0214a1d1149251577
CVE-2018-17100 (An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in ...)
	{DSA-4670-1 DLA-1557-1}
	- tiff 4.0.9+git181026-1 (low; bug #909038)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2810
	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/33/diffs?commit_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
	NOTE: https://gitlab.com/libtiff/libtiff/commit/6da1fb3f64d43be37e640efbec60400d1f1ac39e
CVE-2018-17099
	RESERVED
CVE-2018-17098 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...)
	- soundtouch 2.1.2+ds1-1 (low; bug #913894)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <ignored> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/14
CVE-2018-17097 (The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 ...)
	- soundtouch 2.1.2+ds1-1 (low; bug #913895)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <ignored> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/14
CVE-2018-17096 (The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parvia ...)
	- soundtouch 2.1.2+ds1-1 (low)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <ignored> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/14
CVE-2018-17183 (Artifex Ghostscript before 9.25 allowed a user-writable error exceptio ...)
	{DSA-4294-1 DLA-1527-1}
	- ghostscript 9.25~dfsg-1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699708
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624
CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka audiof ...)
	- audiofile 0.3.6-5 (low; bug #913166)
	[stretch] - audiofile 0.3.6-4+deb9u1
	[jessie] - audiofile <postponed> (Can be fixed along in future DLA)
	NOTE: https://github.com/mpruett/audiofile/issues/50
	NOTE: https://github.com/mpruett/audiofile/issues/51
CVE-2018-17094
	REJECTED
CVE-2018-17093
	REJECTED
CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/p ...)
	NOT-FOR-US: DonLinkage
CVE-2018-17091 (An issue was discovered in DonLinkage 6.6.8. It allows remote attacker ...)
	NOT-FOR-US: DonLinkage
CVE-2018-17090 (An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/b ...)
	NOT-FOR-US: DonLinkage
CVE-2018-17089
	RESERVED
CVE-2018-17087
	RESERVED
CVE-2018-17086 (An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switc ...)
	NOT-FOR-US: OTCMS
CVE-2018-17085 (An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php v ...)
	NOT-FOR-US: OTCMS
CVE-2018-17084
	RESERVED
CVE-2018-17083
	RESERVED
CVE-2018-17082 (The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x ...)
	{DSA-4353-1 DLA-1509-1}
	- php7.3 7.3.0~rc2-1
	- php7.2 <unfixed>
	- php7.1 <removed>
	- php7.0 7.0.32-1
	- php5 <removed>
	NOTE: Fixed in 5.6.38, 7.0.32, 7.1.22, 7.2.10, 7.3.0RC1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76582
	NOTE: https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e
CVE-2018-17081 (e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&amp;action=in ...)
	NOT-FOR-US: e107
CVE-2018-17080
	RESERVED
CVE-2018-17079 (An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerab ...)
	NOT-FOR-US: ZRLOG
CVE-2018-17078
	RESERVED
CVE-2018-17077 (An issue was discovered in yiqicms through 2016-11-20. There is stored ...)
	NOT-FOR-US: yiqicms
CVE-2018-17076 (GPP through 2.25 will try to use more memory space than is available o ...)
	- gpp 2.26-1 (unimportant; bug #908939)
	NOTE: https://github.com/logological/gpp/issues/26
	NOTE: https://github.com/logological/gpp/commit/329aa63a70d32d1e2ae529130a792e0c6ae4ce79
	NOTE: Crash in CLI tool, no security impact
CVE-2018-17075 (The html package (aka x/net/html) before 2018-07-13 in Go mishandles " ...)
	- golang-golang-x-net-dev <not-affected> (Vulnerable code introduced later)
	- golang-go.net-dev <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/golang/go/issues/27016
	NOTE: Fixed by: https://github.com/golang/net/commit/aaf60122140d3fcf75376d319f0554393160eb50
	NOTE: Introduced in: https://github.com/golang/net/commit/500e7a4f953ddaf55d316b4d3adc516aa0379622
CVE-2018-17074 (The Feed Statistics plugin before 4.0 for WordPress has an Open Redire ...)
	NOT-FOR-US: Feed Statistics plugin for WordPress
CVE-2018-17073 (wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via ...)
	NOT-FOR-US: bitmap
CVE-2018-17072 (JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json. ...)
	NOT-FOR-US: JSON++
CVE-2018-17071 (The fallback function of a simple lottery smart contract implementatio ...)
	NOT-FOR-US: fallback function of a simple lottery smart contract implementation for Lucky9io
CVE-2018-17070 (An issue was discovered in UNL-CMS 7.59. A CSRF attack can update the  ...)
	NOT-FOR-US: UNL-CMS
CVE-2018-17069 (An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new  ...)
	NOT-FOR-US: UNL-CMS
CVE-2018-17068 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
	NOT-FOR-US: D-Link
CVE-2018-17067 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very  ...)
	NOT-FOR-US: D-Link
CVE-2018-17066 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
	NOT-FOR-US: D-Link
CVE-2018-17065 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within  ...)
	NOT-FOR-US: D-Link
CVE-2018-17064 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
	NOT-FOR-US: D-Link
CVE-2018-17063 (An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP ...)
	NOT-FOR-US: D-Link
CVE-2018-17062 (An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-17061 (BullGuard Safe Browsing before 18.1.355.9 allows XSS on Google, Bing,  ...)
	NOT-FOR-US: BullGuard Safe Browsing
CVE-2018-17060 (Telerik Extensions for ASP.NET MVC (all versions) does not whitelist r ...)
	NOT-FOR-US: Telerik Extensions for ASP.NET MVC
CVE-2018-17059
	RESERVED
CVE-2018-17058 (An issue was discovered in JABA XPress Online Shop through 2018-09-14. ...)
	NOT-FOR-US: JABA
CVE-2018-17057 (An issue was discovered in TCPDF before 6.2.22. Attackers can trigger  ...)
	- tcpdf 6.2.26+dfsg-1 (bug #908866)
	[stretch] - tcpdf <no-dsa> (Minor issue)
	[jessie] - tcpdf <ignored> (Minor issue)
	NOTE: https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26e
	NOTE: Was considered minor for jessie since arbitrary deserialization
	NOTE: is still possible using http and https.
CVE-2018-17056 (Cross-site scripting (XSS) vulnerability in ServiceStack in Progress S ...)
	NOT-FOR-US: Progress Sitefinity CMS
CVE-2018-17055 (An arbitrary file upload vulnerability in Progress Sitefinity CMS vers ...)
	NOT-FOR-US: Progress Sitefinity CMS
CVE-2018-17054 (Cross-site scripting (XSS) vulnerability in Identity Server in Progres ...)
	NOT-FOR-US: Progress Sitefinity CMS
CVE-2018-17053 (Cross-site scripting (XSS) vulnerability in Identity Server in Progres ...)
	NOT-FOR-US: Progress Sitefinity CMS
CVE-2018-17052
	RESERVED
CVE-2018-17051 (K-Net Cisco Configuration Manager through 2014-11-19 has XSS via devic ...)
	NOT-FOR-US: K-Net Cisco Configuration Manager
CVE-2018-17050 (The mintToken function of a smart contract implementation for PolyAi ( ...)
	NOT-FOR-US: smart contract
CVE-2018-17049 (CQU-LANKERS through 2017-11-02 has XSS via the public/api.php callback ...)
	NOT-FOR-US: CQU-LANKERS
CVE-2018-17048 (admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content  ...)
	NOT-FOR-US: FDCMS
CVE-2018-17047
	RESERVED
CVE-2018-17046 (translate man before 2018-08-21 has XSS via containers/outputBox/outpu ...)
	NOT-FOR-US: translate-man
CVE-2018-17045 (An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vul ...)
	NOT-FOR-US: CMS MaeloStore
CVE-2018-17044 (In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_conf ...)
	NOT-FOR-US: YzmCMS
CVE-2018-17043 (An issue has been found in doc2txt through 2014-03-19. It is a heap-ba ...)
	NOT-FOR-US: doc2txt
CVE-2018-17042 (An issue has been found in dbf2txt through 2012-07-19. It is a infinit ...)
	NOT-FOR-US: doc2txt
CVE-2018-17041
	RESERVED
CVE-2018-17040
	RESERVED
CVE-2018-17039 (MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted ...)
	NOT-FOR-US: MiniCMS
CVE-2018-17038
	RESERVED
CVE-2018-17037 (user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escala ...)
	NOT-FOR-US: UCMS
CVE-2018-17036 (An issue was discovered in UCMS 1.4.6. It allows PHP code injection du ...)
	NOT-FOR-US: UCMS
CVE-2018-17035 (UCMS 1.4.6 has SQL injection during installation via the install/index ...)
	NOT-FOR-US: UCMS
CVE-2018-17034 (UCMS 1.4.6 has XSS via the install/index.php mysql_dbname parameter. ...)
	NOT-FOR-US: UCMS
CVE-2018-17033
	RESERVED
CVE-2018-17032
	RESERVED
CVE-2018-17031 (In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MI ...)
	NOT-FOR-US: Go Git Service
CVE-2018-17030 (BigTree CMS 4.2.23 allows remote authenticated users, if possessing pr ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-17029
	RESERVED
CVE-2018-17028
	RESERVED
CVE-2018-17027
	RESERVED
CVE-2018-17026 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_titl ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-17025 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_titl ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-17024 (admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_titl ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-17023 (Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 rout ...)
	NOT-FOR-US: ASUS GT-AC5300 routers
CVE-2018-17022 (Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0 ...)
	NOT-FOR-US: ASUS GT-AC5300 routers
CVE-2018-17021 (Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices wit ...)
	NOT-FOR-US: ASUS GT-AC5300 devices
CVE-2018-17020 (ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow r ...)
	NOT-FOR-US: ASUS GT-AC5300 devices
CVE-2018-17019 (In Bro through 2.5.5, there is a DoS in IRC protocol names command par ...)
	- bro 2.6.1+ds1-1 (bug #908779)
	[buster] - bro 2.5.5-1+deb10u1
	[stretch] - bro <ignored> (Minor issue)
	NOTE: https://github.com/bro/bro/commit/c2b18849f8bb833253538f5dfedb4ed1dc176a30
CVE-2018-17018 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17017 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17016 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17015 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17014 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17013 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17012 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17011 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17010 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17009 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17008 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17007 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17006 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17005 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17004 (An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7 ...)
	NOT-FOR-US: TP-Link
CVE-2018-17003 (In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discover ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-17002 (On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabil ...)
	NOT-FOR-US: RICOH
CVE-2018-17001 (On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerab ...)
	NOT-FOR-US: RICOH
CVE-2018-17000 (A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c ( ...)
	{DSA-4670-1 DLA-1680-1}
	- tiff 4.0.10-4 (bug #908778)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2811
	NOTE: Relates to http://bugzilla.maptools.org/show_bug.cgi?id=2833
	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/802d3cbf3043be5dce5317e140ccb1c17a6a2d39
CVE-2018-16999 (Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segment ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392508
	NOTE: https://github.com/netwide-assembler/nasm/commit/980dd658b521afe4a688c4195410c4449a8e2468
	NOTE: Crash in CLI tool, no security impact
CVE-2018-16998
	RESERVED
CVE-2018-16997
	RESERVED
CVE-2018-16996
	RESERVED
CVE-2018-16995
	RESERVED
CVE-2018-16994 (An issue was discovered on PHOENIX CONTACT AXL F BK PN &lt;=1.0.4, AXL ...)
	NOT-FOR-US: PHOENIX CONTACT AXL
CVE-2018-16993
	RESERVED
CVE-2018-16992
	RESERVED
CVE-2018-16991
	RESERVED
CVE-2018-16990
	RESERVED
CVE-2018-16989
	RESERVED
CVE-2018-16988 (An issue was discovered in Open XDMoD through 7.5.0. An authentication ...)
	NOT-FOR-US: Open XDMoD
CVE-2018-16987 (Squash TM through 1.18.0 presents the cleartext passwords of external  ...)
	NOT-FOR-US: Squash TM
CVE-2018-16986 (Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 de ...)
	NOT-FOR-US: Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices
CVE-2018-16985 (In Lizard (formerly LZ5) 2.0, use of an invalid memory address was dis ...)
	NOT-FOR-US: Lizard
CVE-2018-16984 (An issue was discovered in Django 2.1 before 2.1.2, in which unprivile ...)
	[experimental] - python-django 2:2.1.2-1
	- python-django <not-affected> (bug #910016; vulnerable code not present)
	NOTE: https://www.djangoproject.com/weblog/2018/oct/01/security-release/
	NOTE: https://github.com/django/django/commit/bf39978a53f117ca02e9a0c78b76664a41a54745 (master)
	NOTE: https://github.com/django/django/commit/c4bd5b597e0aa2432e4c867b86650f18af117851 (2.1)
CVE-2018-16983 (NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other  ...)
	- mozilla-noscript <unfixed> (unimportant)
	NOTE: This is not a security issue in NoScript by itself
CVE-2018-16982 (Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial ...)
	NOT-FOR-US: Open Chinese Convert (OpenCC)
CVE-2018-16981 (stb stb_image.h 2.19, as used in catimg, Emscripten, and other product ...)
	- libstb 0.0~git20190617.5.c72a95d-1
	[buster] - libstb <no-dsa> (Minor issue)
	NOTE: https://github.com/nothings/stb/issues/656
	NOTE: https://github.com/nothings/stb/commit/50b1bfba583b12ceb23ef949567bdd914461e524
	NOTE: Potentially affects libsixel, libsfml, love, mame, darknet, gem, ccextractor, zynaddsubfx, osgearth, goxel, yquake2, renderdoc, catimg, libstb, zam-plugins, retroarch
CVE-2018-16980 (dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/ ...)
	NOT-FOR-US: dotCMS
CVE-2018-16979 (Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16978 (Monstra CMS V3.0.4 has XSS when ones tries to register an account with ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16977 (Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUME ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16975 (An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Co ...)
	NOT-FOR-US: Elefant CMS
CVE-2018-16974 (An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Co ...)
	NOT-FOR-US: Elefant CMS
CVE-2018-16973
	RESERVED
CVE-2018-16972
	RESERVED
CVE-2018-16971 (Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direc ...)
	NOT-FOR-US: Wisetail Learning Ecosystem
CVE-2018-16970 (Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direc ...)
	NOT-FOR-US: Wisetail Learning Ecosystem
CVE-2018-16969 (Citrix ShareFile StorageZones Controller before 5.4.2 has Information  ...)
	NOT-FOR-US: Citrix ShareFile StorageZones Controller
CVE-2018-16968 (Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory ...)
	NOT-FOR-US: Citrix ShareFile StorageZones Controller
CVE-2018-16967 (There is an XSS vulnerability in the mndpsingh287 File Manager plugin  ...)
	NOT-FOR-US: mndpsingh287 File Manager plugin for WordPress
CVE-2018-16966 (There is a CSRF vulnerability in the mndpsingh287 File Manager plugin  ...)
	NOT-FOR-US: mndpsingh287 File Manager plugin for WordPress
CVE-2018-16965 (In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there i ...)
	NOT-FOR-US: Zoho
CVE-2018-16964
	RESERVED
CVE-2018-16963
	RESERVED
CVE-2018-16962 (Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to t ...)
	NOT-FOR-US: Webroot SecureAnywhere
CVE-2018-16961 (An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/ ...)
	NOT-FOR-US: Open XDMoD
CVE-2018-16960 (An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/ ...)
	NOT-FOR-US: Open XDMoD
CVE-2018-16959 (An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16958 (An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16957 (The Oracle WebCenter Interaction 10.3.3 search service queryd.exe bina ...)
	NOT-FOR-US: Oracle WebCenter Interaction
CVE-2018-16956 (The AjaxControl component of Oracle WebCenter Interaction Portal 10.3. ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16955 (The login function of Oracle WebCenter Interaction Portal 10.3.3 is vu ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16954 (An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16953 (The AjaxView::DisplayResponse() function of the portalpages.dll assemb ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16952 (The Oracle WebCenter Interaction Portal 10.3.3 does not implement prot ...)
	NOT-FOR-US: Oracle WebCenter Interaction Portal
CVE-2018-16976 (Gitolite before 3.6.9 does not (in certain configurations involving @a ...)
	- gitolite3 3.6.9-1 (bug #908699)
	[stretch] - gitolite3 <no-dsa> (Minor issue)
	[jessie] - gitolite3 <no-dsa> (Minor issue)
	- gitolite <removed>
	NOTE: https://groups.google.com/forum/#!topic/gitolite-announce/WrwDTYdbfRg
	NOTE: https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59
CVE-2018-16951 (xunfeng 0.2.0 allows command execution via CSRF because masscan.py mis ...)
	NOT-FOR-US: xunfeng
CVE-2018-16950 (Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attacke ...)
	NOT-FOR-US: Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices
CVE-2018-16946 (LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken ...)
	NOT-FOR-US: LG smart network camera device
CVE-2018-16945
	RESERVED
CVE-2018-16944
	RESERVED
CVE-2018-16943
	RESERVED
CVE-2018-16942
	RESERVED
CVE-2018-16941
	RESERVED
CVE-2018-16940
	RESERVED
CVE-2018-16939
	RESERVED
CVE-2018-16938
	RESERVED
CVE-2018-16937
	RESERVED
CVE-2018-16936
	REJECTED
CVE-2018-16935
	REJECTED
CVE-2018-16934
	REJECTED
CVE-2018-16933
	REJECTED
CVE-2018-16932
	REJECTED
CVE-2018-16931
	REJECTED
CVE-2018-16930
	REJECTED
CVE-2018-16929
	REJECTED
CVE-2018-16928
	REJECTED
CVE-2018-16927
	REJECTED
CVE-2018-16926
	REJECTED
CVE-2018-16925
	REJECTED
CVE-2018-16924
	REJECTED
CVE-2018-16923
	REJECTED
CVE-2018-16922
	REJECTED
CVE-2018-16921
	REJECTED
CVE-2018-16920
	REJECTED
CVE-2018-16919
	REJECTED
CVE-2018-16918
	REJECTED
CVE-2018-16917
	REJECTED
CVE-2018-16916
	REJECTED
CVE-2018-16915
	REJECTED
CVE-2018-16914
	REJECTED
CVE-2018-16913
	REJECTED
CVE-2018-16912
	REJECTED
CVE-2018-16911
	REJECTED
CVE-2018-16910
	REJECTED
CVE-2018-16909
	REJECTED
CVE-2018-16908
	REJECTED
CVE-2018-16907
	REJECTED
CVE-2018-16906
	REJECTED
CVE-2018-16905
	REJECTED
CVE-2018-16904
	REJECTED
CVE-2018-16903
	REJECTED
CVE-2018-16902
	REJECTED
CVE-2018-16901
	REJECTED
CVE-2018-16900
	REJECTED
CVE-2018-16899
	REJECTED
CVE-2018-16898
	REJECTED
CVE-2018-16897
	REJECTED
CVE-2018-16896
	REJECTED
CVE-2018-16895
	REJECTED
CVE-2018-16894
	REJECTED
CVE-2018-16893
	REJECTED
CVE-2018-16892
	REJECTED
CVE-2018-16891
	REJECTED
CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap  ...)
	{DSA-4386-1 DLA-1672-1}
	- curl 7.64.0-1
	NOTE: https://curl.haxx.se/docs/CVE-2018-16890.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
	NOTE: Introduced by: https://github.com/curl/curl/commit/86724581b6c02d160b52f817550cfdfc9c93af62
CVE-2018-16889 (Ceph does not properly sanitize encryption keys in debug logging for v ...)
	- ceph 12.2.11+dfsg1-1 (low; bug #918969)
	[stretch] - ceph <postponed> (Minor issue)
	[jessie] - ceph <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1665334
	NOTE: http://tracker.ceph.com/issues/37847
	NOTE: https://github.com/ceph/ceph/commit/ba55e2a96c9dfcc7aa2311431beaaa23cb05c30d
CVE-2018-16888 (It was discovered systemd does not correctly check the content of PIDF ...)
	- systemd 237-1 (low)
	[stretch] - systemd <ignored> (Minor issue, too intrusive to backport)
	[jessie] - systemd <no-dsa> (low priority because this is inherently a bug in the PID file logic, too intrusive to backport)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1662867
	NOTE: Upstream issue: https://github.com/systemd/systemd/issues/6632
	NOTE: Upstream patches: https://github.com/systemd/systemd/pull/7816
CVE-2018-16887 (A cross-site scripting (XSS) flaw was found in the katello component o ...)
	NOT-FOR-US: Katello
CVE-2018-16886 (etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerab ...)
	- etcd 3.2.26+dfsg-1 (bug #923008)
	NOTE: Introduced by: https://github.com/etcd-io/etcd/commit/0191509637546621d6f2e18e074e955ab8ef374d
	NOTE: Upstream issue: https://github.com/etcd-io/etcd/pull/10366
	NOTE: https://github.com/etcd-io/etcd/commit/bf9d0d8291dc71ecbfb2690612954e1a298154b2
	NOTE: https://github.com/etcd-io/etcd/commit/a9a9466fb8ba11ad7bb6a44d7446fbd072d59887
	NOTE: https://github.com/etcd-io/etcd/commit/99704e2a97e8710da942bdc737417fc9c9a2c03f
	NOTE: https://github.com/etcd-io/etcd/commit/83c051b701d33261eef91a719e4421c81b000ba4
CVE-2018-16885 (A flaw was found in the Linux kernel that allows the userspace to call ...)
	- linux 3.16.2-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1661503
	NOTE: https://git.kernel.org/linus/06ebb06d49486676272a3c030bfeef4bd969a8e6
CVE-2018-16884 (A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares ...)
	{DLA-1771-1 DLA-1731-1}
	- linux 4.19.16-1
	[stretch] - linux 4.9.161-1
	NOTE: https://patchwork.kernel.org/cover/10733767/
	NOTE: https://patchwork.kernel.org/patch/10733769/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1660375
CVE-2018-16883 (sssd versions from 1.13.0 to before 2.0.0 did not properly restrict ac ...)
	- sssd 2.2.0-1 (bug #916824)
	[buster] - sssd <no-dsa> (Minor issue)
	[stretch] - sssd <no-dsa> (Minor issue)
	[jessie] - sssd <not-affected> (Issue got introduced with 1.13.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1659862
	NOTE: Fixed in upstream 2.0.0 while refactoring code
	NOTE: Fixed by https://pagure.io/SSSD/sssd/c/fbe2476a3dd9be83ffa85c29dca26f734618d72d?branch=master
CVE-2018-16882 (A use-after-free issue was found in the way the Linux kernel's KVM hyp ...)
	- linux 4.19.13-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://marc.info/?l=kvm&m=154514994222809&w=2
	NOTE: Fixed by: https://git.kernel.org/linus/c2dd5146e9fe1f22c77c1b011adf84eea0245806
CVE-2018-16881 (A denial of service vulnerability was found in rsyslog in the imptcp m ...)
	- rsyslog 8.27.0-2
	[stretch] - rsyslog <no-dsa> (Minor issue; imptcp not enabled by default)
	[jessie] - rsyslog <not-affected> (Vulnerable code introduced in 8.13.1)
	NOTE: Fixed by: https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2
	NOTE: Introduced by: https://github.com/rsyslog/rsyslog/commit/6c52f29d593a27f934a1871d40eed84ebde3f3a6
CVE-2018-16880 (A flaw was found in the Linux kernel's handle_rx() function in the [vh ...)
	- linux 4.19.20-1
	[stretch] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1)
	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.16-rc1)
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/25/1
CVE-2018-16879 (Ansible Tower before version 3.3.3 does not set a secure channel as it ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-16878 (A flaw was found in pacemaker up to and including version 2.0.1. An in ...)
	{DLA-2519-1}
	- pacemaker 2.0.1-3 (bug #927714)
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
	NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
CVE-2018-16877 (A flaw was found in the way pacemaker's client-server authentication w ...)
	{DLA-2519-1}
	- pacemaker 2.0.1-3 (bug #927714)
	NOTE: https://www.openwall.com/lists/oss-security/2019/04/17/1
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1749 (master)
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1750 (1.1)
	NOTE: https://lists.clusterlabs.org/pipermail/users/2019-May/025822.html
CVE-2018-16876 (ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a infor ...)
	{DSA-4396-1}
	- ansible 2.7.6+dfsg-1 (bug #916102)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ansible/ansible/pull/49569
	NOTE: https://github.com/ansible/ansible/commit/4c6d714aefb05366cb329e139214c89ebb364899
CVE-2018-16875 (The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 d ...)
	- golang-1.11 1.11.3-1
	- golang-1.10 1.10.6-1
	- golang-1.8 <removed>
	- golang-1.7 <removed>
	NOTE: https://github.com/golang/go/issues/29233
	NOTE: https://github.com/golang/go/commit/df523969435b8945d939c7e2a849b50910ef4c25 (1.11.3)
	NOTE: https://github.com/golang/go/commit/0a4a37f1f0a36e55d8ae5c34210a79499f9f2a9d (1.10.6)
CVE-2018-16874 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
	- golang-1.11 1.11.3-1
	- golang-1.10 1.10.6-1
	- golang-1.8 <removed>
	- golang-1.7 <removed>
	NOTE: https://github.com/golang/go/issues/29231
	NOTE: See CVE-2018-16873 for patches and regression fix
CVE-2018-16873 (In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is  ...)
	- golang-1.11 1.11.3-1
	- golang-1.10 1.10.6-1
	- golang-1.8 <removed>
	- golang-1.7 <removed>
	NOTE: https://github.com/golang/go/issues/29230
	NOTE: https://github.com/golang/go/commit/8954addb3294a5e664a9833354bafa58f163fe8f (1.11.3)
	NOTE: https://github.com/golang/go/commit/5aedc8af94c0a8ffc58cbd09993192dea9b238db (1.11.3)
	NOTE: https://github.com/golang/go/commit/90d609ba6156299642d08afc06d85ab770a03972 (1.10.6)
	NOTE: https://github.com/golang/go/commit/7ef6ee2c5727f0d11206b4d1866c18e6ab4785be (1.10.6)
	NOTE: https://github.com/golang/go/issues/29241 (regression)
	NOTE: https://github.com/golang/go/commit/ef209c9eb1216252ee7a59d78156ad9dcccab656 (1.11.4)
	NOTE: https://github.com/golang/go/commit/25bee965c685e3f35c10076648685e22e59fd656 (1.10.7)
CVE-2018-16872 (A flaw was found in qemu Media Transfer Protocol (MTP). The code openi ...)
	{DSA-4454-1 DLA-1694-1}
	- qemu 1:3.1+dfsg-2 (bug #916397)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03135.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=bab9df35ce73d1c8e19a37e2737717ea1c984dc1
CVE-2018-16871 (A flaw was found in the Linux kernel's NFS implementation, all version ...)
	- linux 4.18.20-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/01310bb7c9c98752cc763b36532fab028e0f8f81
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1655162
CVE-2018-16870 (It was found that wolfssl before 3.15.7 is vulnerable to a new variant ...)
	- wolfssl 4.1.0+dfsg-1 (bug #918952)
	NOTE: https://github.com/wolfSSL/wolfssl/pull/1950
CVE-2018-16869 (A Bleichenbacher type side-channel based padding oracle attack was fou ...)
	- nettle 3.4.1~rc1-1
	[stretch] - nettle <no-dsa> (Minor issue)
	[jessie] - nettle <no-dsa> (Minor issue - https://lists.debian.org/debian-lts/2019/03/msg00021.html)
	NOTE: http://cat.eyalro.net/
	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007363.html
	NOTE: The upstream correction also makes a new public function that packages using
	NOTE: nettle should use. This means that fixing this CVE is a pre-requisite for
	NOTE: fixing other CVEs like CVE-2018-16868.
CVE-2018-16868 (A Bleichenbacher type side-channel based padding oracle attack was fou ...)
	[experimental] - gnutls28 3.6.5-1
	- gnutls28 3.6.5-2
	[stretch] - gnutls28 <no-dsa> (Minor issue)
	[jessie] - gnutls28 <ignored> (Too invasive to fix, requires newer nettle shared lib - https://lists.debian.org/debian-lts/2019/03/msg00021.html)
	- gnutls26 <removed>
	NOTE: http://cat.eyalro.net/
	NOTE: https://gitlab.com/gnutls/gnutls/issues/630
	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/832
	NOTE: CVE-2018-16869 must be fixed first and a new build dependency on this new
	NOTE: nettle version.
CVE-2018-16867 (A flaw was found in qemu Media Transfer Protocol (MTP) before version  ...)
	- qemu 1:3.1+dfsg-1 (bug #915884)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg00390.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c52d46e041b42bb1ee6f692e00a0abe37a9659f6 (master)
	NOTE: vulnerable code introduced in
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=88d5f381ecb2d2828fd77676572ff9a99da699fb
CVE-2018-16866 (An out of bounds read was discovered in systemd-journald in the way it ...)
	{DSA-4367-1}
	- systemd 240-1
	[jessie] - systemd <not-affected> (Vulnerable code not present)
	NOTE: Introduced in: https://github.com/systemd/systemd/commit/ec5ff4445cca6a1d786b8da36cf6fe0acc0b94c8 (v221)
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/a6aadf4ae0bae185dc4c414d492a4a781c80ffe5 (v240) [1/2]
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/8595102d3ddde6d25c282f965573a6de34ab4421 (v240) [2/2]
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/09/3
	NOTE: https://www.qualys.com/2019/01/09/system-down/system-down.txt
CVE-2018-16865 (An allocation of memory without limits, that could result in the stack ...)
	{DSA-4367-1 DLA-1639-1}
	- systemd 240-4 (bug #918848)
	NOTE: Intorduced in: https://github.com/systemd/systemd/commit/cf244689e9d1ab50082c9ddd0f3c4d1eb982badc (v38)
	NOTE: Exploitable since: https://github.com/systemd/systemd/commit/c4aa09b06f835c91cea9e021df4c3605cff2318d (v201)
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/052c57f132f04a3cf4148f87561618da1a6908b4
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/ef4d6abe7c7fab6cbff975b32e76b09feee56074
	NOTE: Fixes for master: https://github.com/systemd/systemd/pull/11374
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/09/3
	NOTE: https://www.qualys.com/2019/01/09/system-down/system-down.txt
CVE-2018-16864 (An allocation of memory without limits, that could result in the stack ...)
	{DSA-4367-1 DLA-1639-1}
	- systemd 240-4 (bug #918841)
	NOTE: Introduced in: https://github.com/systemd/systemd/commit/ae018d9bc900d6355dea4af05119b49c67945184 (v203)
	NOTE: Exploitable since: https://github.com/systemd/systemd/commit/ac2e41f5103ce2c679089c4f8fb6be61d7caec07 (v230)
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/084eeb865ca63887098e0945fb4e93c852b91b0f
	NOTE: Fixes for master: https://github.com/systemd/systemd/pull/11374
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/09/3
	NOTE: https://www.qualys.com/2019/01/09/system-down/system-down.txt
CVE-2018-16863 (It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An  ...)
	- ghostscript <not-affected> (Red Hat-specific issue)
	NOTE: Debian updates backported all fixes to released suites
CVE-2018-16862 (A security flaw was found in the Linux kernel in a way that the cleanc ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	NOTE: https://lore.kernel.org/patchwork/patch/1011367/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649017
	NOTE: Fixed by: https://git.kernel.org/linus/6ff38bd40230af35e446239396e5fc8ebd6a5248
CVE-2018-16861 (A cross-site scripting (XSS) flaw was found in the foreman component o ...)
	- foreman <itp> (bug #663101)
CVE-2018-16860 (A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x ...)
	{DSA-4455-1 DSA-4443-1 DLA-1788-1}
	- heimdal 7.5.0+dfsg-3 (bug #928966)
	[jessie] - heimdal <no-dsa> (Minor issue)
	- samba 2:4.9.5+dfsg-4
	NOTE: https://www.samba.org/samba/security/CVE-2018-16860.html
	NOTE: https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
CVE-2018-16859 (Execution of Ansible playbooks on Windows platforms with PowerShell Sc ...)
	- ansible <not-affected> (Only issue when executing Ansible playbooks on Windows platforms)
CVE-2018-16858 (It was found that libreoffice before versions 6.0.7 and 6.1.3 was vuln ...)
	{DSA-4381-1 DLA-1669-1}
	- libreoffice 1:6.1.3-1
	NOTE: https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
CVE-2018-16857 (Samba from version 4.9.0 and before version 4.9.3 that have AD DC conf ...)
	- samba 2:4.9.2+dfsg-2
	[stretch] - samba <not-affected> (Vulnerable code not present)
	[jessie] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2018-16857.html
CVE-2018-16856 (In a default Red Hat Openstack Platform Director installation, opensta ...)
	- octavia <not-affected> (Red Hat-specific, see bug #920769)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649165
CVE-2018-16855 (An issue has been found in PowerDNS Recursor before version 4.1.8 wher ...)
	- pdns-recursor 4.1.8-1
	[stretch] - pdns-recursor <not-affected> (Only affects 4.1.x)
	[jessie] - pdns-recursor <not-affected> (Only affects 4.1.x)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html
CVE-2018-16854 (A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=378731
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183
CVE-2018-16853 (Samba from version 4.7.0 has a vulnerability that allows a user in a S ...)
	- samba 2:4.9.2+dfsg-2 (unimportant)
	[stretch] - samba <not-affected> (Vulnerable code not present)
	[jessie] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2018-16853.html
	NOTE: Samba in Debian is built with the default Heimdal Kerberos build
CVE-2018-16852 (Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a N ...)
	- samba 2:4.9.2+dfsg-2
	[stretch] - samba <not-affected> (Vulnerable code not present)
	[jessie] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2018-16852.html
CVE-2018-16851 (Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is v ...)
	{DSA-4345-1 DLA-1607-1}
	- samba 2:4.9.2+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2018-16851.html
CVE-2018-16850 (postgresql before versions 11.1, 10.6 is vulnerable to a to SQL inject ...)
	- postgresql-11 11.1-1
	- postgresql-10 <removed>
	- postgresql-9.6 <not-affected> (Only affects 11.x and 10.x)
	- postgresql-9.4 <not-affected> (Only affects 11.x and 10.x)
	- postgresql-9.1 <not-affected> (Only affects 11.x and 10.x)
	NOTE: https://www.postgresql.org/about/news/1905/
	NOTE: Fixed in 11.1, 10.6
CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH private ...)
	- mistral 7.0.0-2 (low; bug #912714)
	[stretch] - mistral 3.0.0-4+deb9u1
	NOTE: https://bugs.launchpad.net/mistral/+bug/1783708
CVE-2018-16848 (A Denial of Service (DoS) condition is possible in OpenStack Mistral i ...)
	- mistral 10.0.0~rc1-2
	[buster] - mistral <no-dsa> (Minor issue)
	[stretch] - mistral <end-of-life> (OpenStack component; not supported in stretch LTS)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1645332
	NOTE: https://bugs.launchpad.net/mistral/%2Bbug/1785657
CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express Contr ...)
	- qemu 1:3.1+dfsg-1 (bug #912655)
	[stretch] - qemu <not-affected> (support for Controller Memory Buffers added later)
	[jessie] - qemu <not-affected> (support for Controller Memory Buffers added later)
	- qemu-kvm <not-affected> (support for Controller Memory Buffers added later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=87ad860c622cc8f8916b5232bd8728c08f938fce
CVE-2018-16846 (It was found in Ceph versions before 13.2.4 that authenticated ceph RG ...)
	{DLA-1696-1}
	- ceph 12.2.11+dfsg1-1 (bug #921947)
	NOTE: http://tracker.ceph.com/issues/35994
	NOTE: https://github.com/ceph/ceph/commit/4337e6a7d9f92c8549ebee20d0dd67a01e49857f
	NOTE: https://github.com/ceph/ceph/commit/ab29bed2fc9f961fe895de1086a8208e21ddaddc
	NOTE: Backport to 12.2.11: https://tracker.ceph.com/issues/37831
CVE-2018-16845 (nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_ht ...)
	{DSA-4335-1 DLA-1572-1}
	- nginx 1.14.1-1 (bug #913090)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
	NOTE: https://nginx.org/download/patch.2018.mp4.txt
	NOTE: http://hg.nginx.org/nginx/rev/fdc19a3289c1
	NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16844 (nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...)
	{DSA-4335-1}
	- nginx 1.14.1-1 (bug #913090)
	[jessie] - nginx <not-affected> (HTTP 2.0 support added later)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
	NOTE: http://hg.nginx.org/nginx/rev/9200b41db765
	NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16843 (nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the imp ...)
	{DSA-4335-1}
	- nginx 1.14.1-1 (bug #913090)
	[jessie] - nginx <not-affected> (HTTP 2.0 support added later)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html
	NOTE: http://hg.nginx.org/nginx/rev/d4448892a294
	NOTE: Fixed in 1.15.6, 1.14.1.
CVE-2018-16842 (Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buf ...)
	{DSA-4331-1 DLA-1568-1}
	- curl 7.62.0-1
	NOTE: https://curl.haxx.se/docs/CVE-2018-16842.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
CVE-2018-16841 (Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 a ...)
	{DSA-4345-1}
	- samba 2:4.9.2+dfsg-2
	[jessie] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2018-16841.html
CVE-2018-16840 (A heap use-after-free flaw was found in curl versions from 7.59.0 thro ...)
	- curl 7.62.0-1
	[stretch] - curl <not-affected> (Use-after-free issue introduced later)
	[jessie] - curl <not-affected> (Use-after-free issue introduced later)
	NOTE: https://curl.haxx.se/docs/CVE-2018-16840.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
	NOTE: Introduced by: https://github.com/curl/curl/commit/b46cfbc068ebe90f18e9777b9e877e4934c1b5e3
CVE-2018-16839 (Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun ...)
	{DSA-4331-1 DLA-1568-1}
	- curl 7.62.0-1
	NOTE: https://curl.haxx.se/docs/CVE-2018-16839.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
CVE-2018-16838 (A flaw was found in sssd Group Policy Objects implementation. When the ...)
	- sssd 2.2.0-1 (bug #931432)
	[buster] - sssd <no-dsa> (Minor issue)
	[stretch] - sssd <no-dsa> (Minor issue)
	[jessie] - sssd <not-affected> (GPO based access control introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640820
	NOTE: GPO based access control introduced in https://github.com/SSSD/sssd/commit/60cab26b12
	NOTE: seems to presuppose configuration mistake: if sssd is not given enough permissions
	NOTE: to read GPO, access is systematically granted instead of denied
	NOTE: https://pagure.io/SSSD/sssd/issue/3867
	NOTE: https://pagure.io/SSSD/sssd/c/ad058011b6b75b15c674be46a3ae9b3cc5228175
CVE-2018-16837 (Ansible "User" module leaks any data which is passed on as a parameter ...)
	{DSA-4396-1 DLA-1576-1}
	- ansible 2.7.1+dfsg-1 (bug #912297)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1640642
	NOTE: https://github.com/ansible/ansible/pull/47436
CVE-2018-16836 (Rubedo through 3.4.0 contains a Directory Traversal vulnerability in t ...)
	NOT-FOR-US: Rubedo CMS
CVE-2018-16835
	RESERVED
CVE-2018-16834
	RESERVED
CVE-2018-16833 (Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & ...)
	NOT-FOR-US: Zoho
CVE-2018-16832 (CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to ...)
	NOT-FOR-US: xunfeng
CVE-2018-16949 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...)
	{DSA-4302-1 DLA-1513-1}
	- openafs 1.8.2-1 (bug #908616)
	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-003.txt
CVE-2018-16948 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...)
	{DSA-4302-1 DLA-1513-1}
	- openafs 1.8.2-1 (bug #908616)
	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-002.txt
CVE-2018-16947 (An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8. ...)
	{DSA-4302-1 DLA-1513-1}
	- openafs 1.8.2-1 (bug #908616)
	NOTE: http://openafs.org/pages/security/OPENAFS-SA-2018-001.txt
CVE-2018-17458 (An improper update of the WebAssembly dispatch table in WebAssembly in ...)
	{DSA-4297-1}
	- chromium-browser 69.0.3497.92-1 (bug #908806)
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-17459 (Incorrect handling of clicks in the omnibox in Navigation in Google Ch ...)
	{DSA-4297-1}
	- chromium-browser 69.0.3497.92-1 (bug #908806)
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-1002009 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002008 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002007 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002006 (These vulnerabilities require administrative privileges to exploit. Th ...)
	NOTE: Wordpress plugin
CVE-2018-1002005 (These vulnerabilities require administrative privileges to exploit. Th ...)
	NOTE: Wordpress plugin
CVE-2018-1002004 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002003 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002002 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002001 (There is a reflected XSS vulnerability in WordPress Arigato Autorespon ...)
	NOTE: Wordpress plugin
CVE-2018-1002000 (There is blind SQL injection in WordPress Arigato Autoresponder and Ne ...)
	NOTE: Wordpress plugin
CVE-2018-16831 (Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir  ...)
	- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bug #908698)
	[stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - smarty3 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/smarty-php/smarty/issues/486
	NOTE: CVE is about the include tag as an attack vector.
	NOTE: vulnerable code introduced in realpath() rewrite (c09b05cbe) released in 3.1.28
CVE-2018-16830
	RESERVED
CVE-2018-16829
	RESERVED
CVE-2018-16828
	RESERVED
CVE-2018-16827
	RESERVED
CVE-2018-16826
	RESERVED
CVE-2018-16825
	RESERVED
CVE-2018-16824
	RESERVED
CVE-2018-16823
	RESERVED
CVE-2018-16822 (SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16821 (SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_ ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16820 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listin ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16819 (admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion vi ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16818
	RESERVED
CVE-2018-16817
	RESERVED
CVE-2018-16816
	RESERVED
CVE-2018-16815
	RESERVED
CVE-2018-16814
	RESERVED
CVE-2018-16813
	RESERVED
CVE-2018-16812
	RESERVED
CVE-2018-16811
	RESERVED
CVE-2018-16810
	RESERVED
CVE-2018-16809 (An issue was discovered in Dolibarr through 7.0.0. expensereport/card. ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/issues/9449
CVE-2018-16808 (An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/issues/9449
CVE-2018-16807 (In Bro through 2.5.5, there is a memory leak potentially leading to Do ...)
	- bro 2.6.1+ds1-1 (low; bug #908614)
	[buster] - bro 2.5.5-1+deb10u1
	[stretch] - bro <ignored> (Minor issue)
	NOTE: https://github.com/bro/bro/commit/34d0cf886ca16c665f673a299e295b2a2bc14533
CVE-2018-16806 (A Pektron Passive Keyless Entry and Start (PKES) system, as used on th ...)
	NOT-FOR-US: Tesla
CVE-2018-16805 (In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles  ...)
	NOT-FOR-US: b3log
CVE-2018-16804 (An issue was discovered in UCMS 1.4.6. There is XSS in the title bar,  ...)
	NOT-FOR-US: UCMS
CVE-2018-16803 (In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows  ...)
	NOT-FOR-US: CIMTechniques CIMScan
CVE-2018-16801
	RESERVED
CVE-2018-16800
	RESERVED
CVE-2018-16799
	RESERVED
CVE-2018-16798
	RESERVED
CVE-2018-16797 (A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.855 ...)
	NOT-FOR-US: PotPlayer
CVE-2018-16796 (HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files wit ...)
	NOT-FOR-US: HiScout GRC Suite
CVE-2018-16795 (OpenEMR 5.0.1.3 allows Cross-Site Request Forgery (CSRF) via library/a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-16794 (Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory  ...)
	NOT-FOR-US: Microsoft ADFS 4.0 Windows Server
CVE-2018-16793 (Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions ...)
	NOT-FOR-US: Rollup 18 for Microsoft Exchange Server
CVE-2018-16802 (An issue was discovered in Artifex Ghostscript before 9.25. Incorrect  ...)
	{DSA-4294-1 DLA-1504-1}
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24dbd002fb9c131313253c307cf3951b3d47
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5812b1b78fc4d36fdc293b7859de69241140d590
CVE-2018-16792 (SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via ...)
	NOT-FOR-US: SolarWinds SFTP/SCP server
CVE-2018-16791 (In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration fi ...)
	NOT-FOR-US: SolarWinds SFTP/SCP server
CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in  ...)
	- libbson <unfixed> (bug #913896)
	[stretch] - libbson <no-dsa> (Minor issue)
	- mongo-c-driver 1.13.0-1 (bug #913963)
	NOTE: https://jira.mongodb.org/browse/CDRIVER-2819
	NOTE: https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84
CVE-2018-16789 (libhttp/url.c in shellinabox through 2.20 has an implementation flaw i ...)
	- shellinabox 2.21 (low)
	[stretch] - shellinabox <no-dsa> (Minor issue)
	[jessie] - shellinabox <no-dsa> (Minor issue)
	NOTE: https://github.com/shellinabox/shellinabox/pull/446
CVE-2018-16788
	RESERVED
CVE-2018-16787
	RESERVED
CVE-2018-16786 (DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg pa ...)
	NOT-FOR-US: DedeCMS
CVE-2018-16785 (XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 ver ...)
	NOT-FOR-US: DedeCMS
CVE-2018-16784 (DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execut ...)
	NOT-FOR-US: DedeCMS
CVE-2018-16783
	RESERVED
CVE-2018-16782 (libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the ...)
	NOT-FOR-US: ImageWorsener
CVE-2018-16781 (ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to caus ...)
	NOT-FOR-US: Some Windows picture viewer using ffmpeg incorrectly
CVE-2018-16780 (Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. ...)
	NOT-FOR-US: Complete Responsive CMS Blog
CVE-2018-16779 (BlogCMS through 2016-10-25 has XSS via a comment. ...)
	NOT-FOR-US: BlogCMS
CVE-2018-16778 (Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9. ...)
	NOT-FOR-US: Jenzabar
CVE-2018-16777
	RESERVED
CVE-2018-16776 (wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" ...)
	NOT-FOR-US: wityCMS
CVE-2018-16775 (An issue was discovered in Victor CMS through 2018-05-10. There is XSS ...)
	NOT-FOR-US: Victor CMS
CVE-2018-16774 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file par ...)
	NOT-FOR-US: HongCMS
CVE-2018-16773 (EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTab ...)
	NOT-FOR-US: EasyCMS
CVE-2018-16772 (Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered ...)
	NOT-FOR-US: Hoosk
CVE-2018-16771 (Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided  ...)
	NOT-FOR-US: Hoosk
CVE-2018-16770 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16769 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16768 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16767 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16766 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16765 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16764 (In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Vir ...)
	NOT-FOR-US: WAVM
CVE-2018-16763 (FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-16762 (FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or sear ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-16761 (Eventum before 3.4.0 has an open redirect vulnerability. ...)
	NOT-FOR-US: Eventum
CVE-2018-16760
	RESERVED
CVE-2018-16759 (The removeXSS function in App/Common/common.php (called from App/Modul ...)
	NOT-FOR-US: EasyCMS
CVE-2018-16758 (Missing message authentication in the meta-protocol in Tinc VPN versio ...)
	{DSA-4312-1 DLA-1538-1}
	- tinc 1.0.35-1
	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
CVE-2018-16757
	RESERVED
CVE-2018-16756
	RESERVED
CVE-2018-16755
	RESERVED
CVE-2018-16754
	RESERVED
CVE-2018-16753
	RESERVED
CVE-2018-16752 (LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code ...)
	NOT-FOR-US: LINK-NET LW-N605R devices
CVE-2018-16751
	RESERVED
CVE-2018-16750 (In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfr ...)
	- imagemagick 8:6.9.10.2+dfsg-2 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1118
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/33d1b9590c401d4aee666ffd10b16868a38cf705
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/359331c61193138ce2b85331df25235b81499cfc
CVE-2018-16749 (In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJN ...)
	{DLA-2366-1 DLA-1530-1}
	- imagemagick 8:6.9.10.2+dfsg-2 (low)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1119
	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4
CVE-2018-16748
	RESERVED
CVE-2018-16747
	RESERVED
CVE-2018-16746
	RESERVED
CVE-2018-16745 (An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() i ...)
	- mgetty 1.2.1-1
	[stretch] - mgetty <no-dsa> (Minor issue)
	[jessie] - mgetty <no-dsa> (Minor issue)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
CVE-2018-16744 (An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() i ...)
	- mgetty 1.2.1-1
	[stretch] - mgetty <no-dsa> (Minor issue)
	[jessie] - mgetty <no-dsa> (Minor issue)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream commit: 750939dfcaea9aa93dcea99526c49da7cafafe7f (1.2.1)
CVE-2018-16743 (An issue was discovered in mgetty before 1.2.1. In contrib/next-login/ ...)
	- mgetty 1.2.1-1 (unimportant)
	NOTE: contrib/next-login/ not built in Debian packaging
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream commit: 5feff135626b8dde886213ce0c99cc4349028a7e (1.2.1)
CVE-2018-16742 (An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a  ...)
	- mgetty 1.2.1-1 (unimportant)
	NOTE: contrib/scrts not built in Debian packaging
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream removed contrib/scrts in 7d018d471f4c737f77ef281f5859a3b1c9ded42f (1.2.1)
CVE-2018-16741 (An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c,  ...)
	{DSA-4291-1 DLA-1502-1}
	- mgetty 1.2.1-1 (bug #910448)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
	NOTE: Upstream commit: 1a7b3a30f79bae4cfbc6404fe4648689cd0ade62 (1.2.1)
CVE-2018-16740
	RESERVED
CVE-2018-16739
	RESERVED
CVE-2018-16738 (tinc 1.0.30 through 1.0.34 has a broken authentication protocol, altho ...)
	{DSA-4312-1}
	- tinc 1.0.35-1
	[jessie] - tinc <not-affected> (Only affects 1.0.30 to 1.0.34)
	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
	NOTE: This CVE is specific for tinc versions which did had mitigations put
	NOTE: in place for the Sweet32 attack in tinc 1.0.30.
CVE-2018-16737 (tinc before 1.0.30 has a broken authentication protocol, without even  ...)
	{DLA-1538-1}
	- tinc 1.0.31-1
	NOTE: http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
CVE-2018-16736 (In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatf ...)
	NOT-FOR-US: rcfilters plugin for Roundcube
CVE-2018-16735
	RESERVED
CVE-2018-16734
	RESERVED
CVE-2018-16733 (In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer. ...)
	- golang-github-go-ethereum <itp> (bug #890541)
CVE-2018-16732 (\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via adm ...)
	NOT-FOR-US: CScms
CVE-2018-16731 (CScms 4.1 allows arbitrary file upload by (for example) adding the php ...)
	NOT-FOR-US: CScms
CVE-2018-16730 (\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name ...)
	NOT-FOR-US: CScms
CVE-2018-16729 (Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a S ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-16728 (feindura 2.0.7 allows XSS via the tags field of a new page created at  ...)
	NOT-FOR-US: feindura
CVE-2018-16727 (razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage with ...)
	NOT-FOR-US: razorCMS
CVE-2018-16726 (razorCMS 3.4.7 allows HTML injection via the description of the homepa ...)
	NOT-FOR-US: razorCMS
CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the assets/ween ...)
	NOT-FOR-US: baijiacms
CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...)
	NOT-FOR-US: baijiacms
CVE-2018-16723 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
	NOT-FOR-US: Jingyun Antivirus
CVE-2018-16722 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
	NOT-FOR-US: Jingyun Antivirus
CVE-2018-16721 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
	NOT-FOR-US: Jingyun Antivirus
CVE-2018-16720 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...)
	NOT-FOR-US: Jingyun Antivirus
CVE-2018-16719 (In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows  ...)
	NOT-FOR-US: Jingyun Antivirus
CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26  ...)
	NOT-FOR-US: NCBI ToolBox
CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 th ...)
	NOT-FOR-US: NCBI ToolBox
CVE-2018-16716 (A path traversal vulnerability exists in viewcgi.c in the 2.0.7 throug ...)
	NOT-FOR-US: NCBI ToolBox
CVE-2018-16715 (An issue was discovered in Absolute Software CTES Windows Agent throug ...)
	NOT-FOR-US: Absolute Software CTES Windows Agent
CVE-2018-16714
	RESERVED
CVE-2018-16713 (IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Mon ...)
	NOT-FOR-US: IObit Advanced SystemCare
CVE-2018-16712 (IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Mon ...)
	NOT-FOR-US: IObit Advanced SystemCare
CVE-2018-16711 (IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Mon ...)
	NOT-FOR-US: IObit Advanced SystemCare
CVE-2018-16710 (** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obta ...)
	- octoprint <itp> (bug #718591)
	NOTE: https://github.com/foosel/OctoPrint/issues/2814
CVE-2018-16709 (Fuji Xerox DocuCentre-V 3065, ApeosPort-VI C3371, ApeosPort-V C4475, A ...)
	NOT-FOR-US: Fuji Xerox devices
CVE-2018-16708
	RESERVED
CVE-2018-16707
	RESERVED
CVE-2018-16706 (LG SuperSign CMS allows TVs to be rebooted remotely without authentica ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-16705 (FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the  ...)
	NOT-FOR-US: FURUNO FELCOM 250 and 500 devices
CVE-2018-16704 (An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Di ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-16703 (A vulnerability in the Gleez CMS 1.2.0 login page could allow an unaut ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-16702
	RESERVED
CVE-2018-16701
	RESERVED
CVE-2018-16700
	RESERVED
CVE-2018-16699
	RESERVED
CVE-2018-16698
	RESERVED
CVE-2018-16697
	RESERVED
CVE-2018-16696
	RESERVED
CVE-2018-16695
	RESERVED
CVE-2018-16694
	RESERVED
CVE-2018-16693
	RESERVED
CVE-2018-16692
	RESERVED
CVE-2018-16691
	RESERVED
CVE-2018-16690
	RESERVED
CVE-2018-16689
	RESERVED
CVE-2018-16688
	RESERVED
CVE-2018-16687
	RESERVED
CVE-2018-16686
	RESERVED
CVE-2018-16685
	RESERVED
CVE-2018-16684
	RESERVED
CVE-2018-16683
	RESERVED
CVE-2018-16682
	RESERVED
CVE-2018-16681
	RESERVED
CVE-2018-16680
	RESERVED
CVE-2018-16679
	RESERVED
CVE-2018-16678
	RESERVED
CVE-2018-16677
	RESERVED
CVE-2018-16676
	RESERVED
CVE-2018-16675
	RESERVED
CVE-2018-16674
	RESERVED
CVE-2018-16673
	RESERVED
CVE-2018-16672 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to th ...)
	NOT-FOR-US: CIRCONTROL CirCarLife
CVE-2018-16671 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is  ...)
	NOT-FOR-US: CIRCONTROL CirCarLife
CVE-2018-16670 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is  ...)
	NOT-FOR-US: CIRCONTROL CirCarLife
CVE-2018-16669 (An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP ...)
	NOT-FOR-US: CIRCONTROL Open Charge Point Protocol
CVE-2018-16668 (An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is  ...)
	NOT-FOR-US: CIRCONTROL CirCarLife
CVE-2018-16667 (An issue was discovered in Contiki-NG through 4.1. There is a buffer o ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16666 (An issue was discovered in Contiki-NG through 4.1. There is a stack-ba ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16665 (An issue was discovered in Contiki-NG through 4.1. There is a buffer o ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16664 (An issue was discovered in Contiki-NG through 4.1. There is a buffer o ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16663 (An issue was discovered in Contiki-NG through 4.1. There is a stack-ba ...)
	NOT-FOR-US: Contiki Operating System
CVE-2018-16662
	RESERVED
CVE-2018-16661
	RESERVED
CVE-2018-16660 (A command injection vulnerability in PWS in Imperva SecureSphere 13.0. ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-16659 (An issue was discovered in Rausoft ID.prove 2.95. The login page allow ...)
	NOT-FOR-US: Rausoft ID.prove
CVE-2018-16657 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
	{DSA-4292-1 DLA-1503-1}
	- kamailio 5.1.4-1 (bug #908324)
	NOTE: https://skalatan.de/blog/advisory-hw-2018-06
	NOTE: https://github.com/kamailio/kamailio/commit/ad68e402ece8089f133c10de6ce319f9e28c0692 (master)
	NOTE: https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d (5.1)
	NOTE: https://github.com/kamailio/kamailio/commit/f07dabffef98c7088cdbc2bd695a4ae7a241b159 (5.0)
CVE-2018-16658 (An issue was discovered in the Linux kernel before 4.18.6. An informat ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 (4.19-rc2)
CVE-2018-16656 (DoBox_CstmBox_Info.model.htm on Kyocera TASKalfa 4002i and 6002i devic ...)
	NOT-FOR-US: Kyocera
CVE-2018-16655 (Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkExcep ...)
	NOT-FOR-US: Gxlcms
CVE-2018-16654 (Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/detai ...)
	NOT-FOR-US: Zurmo
CVE-2018-16653 (rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. ...)
	NOT-FOR-US: rejucms
CVE-2018-16652
	RESERVED
CVE-2018-16651 (The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in re ...)
	NOT-FOR-US: phpMyFAQ
CVE-2018-16650 (phpMyFAQ before 2.9.11 allows CSRF. ...)
	NOT-FOR-US: phpMyFAQ
CVE-2018-16649
	RESERVED
CVE-2018-16648 (In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c  ...)
	{DLA-2289-1}
	- mupdf 1.14.0+ds1-4 (bug #924351)
	[jessie] - mupdf <ignored> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699685
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?38f883fe129a5e89306252a4676eaaf4bc968824
CVE-2018-16647 (In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xr ...)
	{DLA-2289-1}
	- mupdf 1.14.0+ds1-4 (bug #924351)
	[jessie] - mupdf <ignored> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699686
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?351c99d8ce23bbf7099dbd52771a095f67e45a2c
CVE-2018-16646 (In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may caus ...)
	{DLA-2287-1 DLA-1562-3 DLA-1562-2 DLA-1562-1}
	- poppler 0.71.0-4 (low; bug #909802)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622951
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/91
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/3d35d209c19c1d3b09b794a0c863ba5de44a9c0a
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/89fccf45fc5bfca3756102e6bec1950ec1d436a9 (regression fix)
	NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/08572e1bdca03baed694dd9828bb2b878865e669 (regression fix)
CVE-2018-16645 (There is an excessive memory allocation issue in the functions ReadBMP ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910889)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecb31dbad39ccdc65868d5d2a37f0f0521250832
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1268
CVE-2018-16644 (There is a missing check for length in the functions ReadDCMImage of c ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910888)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/16916c8979c32765c542e216b31cee2671b7afe7
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/afa878a689870c28b6994ecf3bb8dbfb2b76d135
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/00ef0f1bbf9eb1efdf0f38f51c72ecb26cc9a306
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/01ca29604515fa4ddf3180870827df5c8ec93ada
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1269
CVE-2018-16643 (The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp ...)
	{DLA-2366-1 DLA-1530-1}
	- imagemagick 8:6.9.10.8+dfsg-1 (low)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/11d9dac3d991c62289d1ef7a097670166480e76c
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1199
CVE-2018-16642 (The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows  ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.2+dfsg-2
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cc4ac341f29fa368da6ef01c207deaf8c61f6a2e
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/97bb5dc5aad1584557057d5062601aa151bf9a13
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1162
CVE-2018-16641 (ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePh ...)
	- imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/256825d4eb33dc301496710d15cf5a7ae924088b
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1206
CVE-2018-16640 (ImageMagick 7.0.8-5 has a memory leak vulnerability in the function Re ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/76efa969342568841ecf320b5a041685a6d24e0b
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3449a06f0122d4d9e68b4739417a3eaad0b24265
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1201
CVE-2018-16639 (Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter duri ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-16638 (Evolution CMS 1.4.x allows XSS via the manager/ search parameter. ...)
	NOT-FOR-US: Evolution CMS
CVE-2018-16637 (Evolution CMS 1.4.x allows XSS via the page weblink title parameter to ...)
	NOT-FOR-US: Evolution CMS
CVE-2018-16636 (Nucleus CMS 3.70 allows HTML Injection via the index.php body paramete ...)
	NOT-FOR-US: Nucleus CMS
CVE-2018-16635 (Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page titl ...)
	NOT-FOR-US: Blackcat CMS
CVE-2018-16634 (Pluck v4.7.7 allows CSRF via admin.php?action=settings. ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-16633 (Pluck v4.7.7 allows XSS via the admin.php?action=editpage&amp;page= pa ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-16632 (Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/? ...)
	NOT-FOR-US: Mezzanine CMS
CVE-2018-16631 (Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SIT ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-16630 (Kirby v2.5.12 allows XSS by using the "site files" Add option to uploa ...)
	NOT-FOR-US: Kirby
CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG f ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
	NOT-FOR-US: Kirby
CVE-2018-16627 (panel/login in Kirby v2.5.12 allows Host header injection via the "for ...)
	NOT-FOR-US: Kirby
CVE-2018-16626 (index.php/Admin/Classes in Typesetter 5.1 allows XSS via the descripti ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-16625 (index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file  ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-16624 (panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a n ...)
	NOT-FOR-US: Kirby
CVE-2018-16623 (Kirby V2.5.12 is prone to a Persistent XSS attack via the Title of the ...)
	NOT-FOR-US: Kirby
CVE-2018-16622 (Multiple cross-site scripting (XSS) vulnerabilities in /api/content/ad ...)
	NOT-FOR-US: DoraCMS
CVE-2018-16621 (Sonatype Nexus Repository Manager before 3.14 allows Java Expression L ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-16620 (Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Con ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-16619 (Sonatype Nexus Repository Manager before 3.14 allows XSS. ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-16618 (VTech Storio Max before 56.D3JM6 allows remote command execution via s ...)
	NOT-FOR-US: VTech
CVE-2018-1000670 (KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (u ...)
	- koha <itp> (bug #702134)
	NOTE: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19086
CVE-2018-1000669 (KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (u ...)
	- koha <itp> (bug #702134)
	NOTE: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19117
CVE-2018-16617
	RESERVED
CVE-2018-16616
	RESERVED
CVE-2018-16615
	RESERVED
CVE-2018-16614
	RESERVED
CVE-2018-16613 (An issue was discovered in the update function in the wpForo Forum plu ...)
	NOT-FOR-US: update function in the wpForo Forum plugin for WordPress
CVE-2018-16612
	RESERVED
CVE-2018-16611
	RESERVED
CVE-2018-16610
	RESERVED
CVE-2018-16609
	RESERVED
CVE-2018-16608 (In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change  ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-16607 (Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudI ...)
	NOT-FOR-US: Orgs Page in Open-AudIT Professional
CVE-2018-16606 (In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allo ...)
	NOT-FOR-US: ProConf
CVE-2018-16605 (D-Link DIR-600M devices allow XSS via the Hostname and Username fields ...)
	NOT-FOR-US: D-Link DIR-600M devices
CVE-2018-16604 (An issue was discovered in Nibbleblog v4.0.5. With an admin's username ...)
	NOT-FOR-US: Nibbleblog
CVE-2018-16603 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16602 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16601 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16600 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16599 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16598 (An issue was discovered in Amazon Web Services (AWS) FreeRTOS through  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16597 (An issue was discovered in the Linux kernel before 4.8. Incorrect acce ...)
	- linux 4.8.5-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106512
	NOTE: https://git.kernel.org/linus/c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862
CVE-2018-16596 (A stack-based buffer overflow in the LAN UPnP service running on UDP p ...)
	NOT-FOR-US: Swisscom
CVE-2018-16595 (The Photo Sharing Plus component on Sony Bravia TV through 8.587 devic ...)
	NOT-FOR-US: Sony Bravia TV devices
CVE-2018-16594 (The Photo Sharing Plus component on Sony Bravia TV through 8.587 devic ...)
	NOT-FOR-US: Sony Bravia TV devices
CVE-2018-16593 (The Photo Sharing Plus component on Sony Bravia TV through 8.587 devic ...)
	NOT-FOR-US: Sony Bravia TV devices
CVE-2018-16592
	RESERVED
CVE-2018-16591 (FURUNO FELCOM 250 and 500 devices allow unauthenticated users to chang ...)
	NOT-FOR-US: FURUNO FELCOM 250 and 500 devices
CVE-2018-16590 (FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in l ...)
	NOT-FOR-US: FURUNO FELCOM
CVE-2018-16589
	RESERVED
CVE-2018-16588 (Privilege escalation can occur in the SUSE useradd.c code in useradd,  ...)
	- shadow <not-affected> (SuSE-specific patch)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1106914
	NOTE: The SUSE specific patch was a first iteration of https://github.com/shadow-maint/shadow/pull/2
CVE-2018-16587 (In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before ...)
	{DSA-4317-1 DLA-1521-1}
	- otrs2 6.0.11-1
	NOTE: https://community.otrs.com/security-advisory-2018-04-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/a4a1a01f84fac7ab032570ee50b660e2ebb15c01
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d9db0c6a15caafda7689320ecf61777993c33711
	NOTE: OTRS 4: https://github.com/OTRS/otrs/commit/d8cae00b0f78c2a07bb10cedb817304139395843
CVE-2018-16586 (In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before ...)
	{DSA-4317-1 DLA-1521-1}
	- otrs2 6.0.11-1
	NOTE: https://community.otrs.com/security-advisory-2018-05-security-update-for-otrs-framework/
	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/09e80c7752b0d9080688e4597c7495dd109e0963
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/a808859a75c59ae3b7568f5cc4708c53462aa4c7
	NOTE: OTRS 4: https://github.com/OTRS/otrs/commit/baa92df09145b8ae2702a3a0e85d8ba55ec96302
CVE-2018-16584
	REJECTED
CVE-2018-16583
	REJECTED
CVE-2018-16582
	REJECTED
CVE-2018-16581
	REJECTED
CVE-2018-16580
	REJECTED
CVE-2018-16579
	REJECTED
CVE-2018-16578
	REJECTED
CVE-2018-16577
	REJECTED
CVE-2018-16576
	REJECTED
CVE-2018-16575
	REJECTED
CVE-2018-16574
	REJECTED
CVE-2018-16573
	REJECTED
CVE-2018-16572
	REJECTED
CVE-2018-16571
	REJECTED
CVE-2018-16570
	REJECTED
CVE-2018-16569
	REJECTED
CVE-2018-16568
	REJECTED
CVE-2018-16567
	REJECTED
CVE-2018-16566
	REJECTED
CVE-2018-16565
	REJECTED
CVE-2018-16564
	REJECTED
CVE-2018-16563 (A vulnerability has been identified in Firmware variant IEC 61850 for  ...)
	NOT-FOR-US: Siemens
CVE-2018-16562
	REJECTED
CVE-2018-16561 (A vulnerability has been identified in SIMATIC S7-300 CPUs (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-16560
	REJECTED
CVE-2018-16559 (A vulnerability has been identified in SIMATIC S7-1500 CPU (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-16558 (A vulnerability has been identified in SIMATIC S7-1500 CPU (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-16557 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
	NOT-FOR-US: Siemens
CVE-2018-16556 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and ...)
	NOT-FOR-US: Siemens
CVE-2018-16555 (A vulnerability has been identified in SCALANCE S602 (All versions &lt ...)
	NOT-FOR-US: Siemens
CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversal vulner ...)
	{DSA-4303-1 DLA-1516-1}
	- okular 4:17.12.2-2.1 (bug #908168)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=398096
	NOTE: https://github.com/KDE/okular/commit/8ff7abc14d41906ad978b6bc67e69693863b9d47
CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...)
	NOT-FOR-US: zephyr-rtos
CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
	- wordpress <undetermined>
	NOTE: This CVE exists due to an incomplete fix in 4.9 for CVE-2017-1000600.
CVE-2018-1000673
	REJECTED
CVE-2018-1000671 (sympa version 6.2.16 and later contains a CWE-601: URL Redirection to  ...)
	{DLA-2441-1 DLA-1512-1}
	- sympa 6.2.36~dfsg-1 (bug #908165)
	NOTE: https://github.com/sympa-community/sympa/issues/268
	NOTE: https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1
	NOTE: https://github.com/sympa-community/sympa/commit/03314a9baf7f7903283253829877afd0ae50e325
CVE-2018-1000668 (jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vuln ...)
	NOT-FOR-US: jsish
CVE-2018-1000667 (NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392507
	NOTE: https://github.com/netwide-assembler/nasm/commit/c713b5f994cf7b29164c3b6838b91f0499591434
	NOTE: https://github.com/cyrillos/nasm/issues/3
	NOTE: Crash in CLI tool, no security impact
CVE-2018-1000666 (GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2 ...)
	NOT-FOR-US: GIG Technology NV JumpScale Portal
CVE-2018-1000665 (Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contai ...)
	- dojo 1.14.1+dfsg1-1 (unimportant)
	NOTE: https://github.com/dojo/dojo/pull/307
CVE-2018-1000664 (daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains  ...)
	NOT-FOR-US: daneren2005 DSub for Subsonic
CVE-2018-1000663 (jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in ...)
	NOT-FOR-US: jsish
CVE-2018-1000661 (jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vuln ...)
	NOT-FOR-US: jsish
CVE-2018-1000660 (TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. ...)
	NOT-FOR-US: TOCK
CVE-2018-1000659 (LimeSurvey version 3.14.4 and earlier contains a directory traversal i ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-1000658 (LimeSurvey version prior to 3.14.4 contains a file upload vulnerabilit ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-16553 (In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remot ...)
	NOT-FOR-US: Jspxcms
CVE-2018-16552 (MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/ ...)
	NOT-FOR-US: MicroPyramid Django-CRM
CVE-2018-16551 (LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/jo ...)
	NOT-FOR-US: LavaLite
CVE-2018-16550 (TeamViewer 10.x through 13.x allows remote attackers to bypass the bru ...)
	NOT-FOR-US: TeamViewer
CVE-2018-16549 (HScripts PHP File Browser Script v1.0 allows Directory Traversal via t ...)
	NOT-FOR-US: HScripts PHP File Browser Script
CVE-2018-16548 (An issue was discovered in ZZIPlib through 0.13.69. There is a memory  ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (low; bug #910335)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	NOTE: https://github.com/gdraheim/zziplib/issues/58
	NOTE: https://github.com/gdraheim/zziplib/commit/9411bde3e4a70a81ff3ffd256b71927b2d90dcbb
	NOTE: https://github.com/gdraheim/zziplib/commit/d2e5d5c53212e54a97ad64b793a4389193fec687
	NOTE: https://github.com/gdraheim/zziplib/commit/0e1dadb05c1473b9df2d7b8f298dab801778ef99
CVE-2018-16547
	RESERVED
CVE-2018-16546 (Amcrest networked devices use the same hardcoded SSL private key acros ...)
	NOT-FOR-US: Amcrest
CVE-2018-16545 (Kaizen Asset Manager (Enterprise Edition) and Training Manager (Enterp ...)
	NOT-FOR-US: Kaizen Asset Manager
CVE-2018-16544
	RESERVED
CVE-2018-16538
	REJECTED
CVE-2018-16537
	REJECTED
CVE-2018-16536
	REJECTED
CVE-2018-16535
	REJECTED
CVE-2018-16534
	REJECTED
CVE-2018-16533
	REJECTED
CVE-2018-16532
	REJECTED
CVE-2018-16531
	REJECTED
CVE-2018-16530 (A stack-based buffer overflow in Forcepoint Email Security version 8.5 ...)
	NOT-FOR-US: Forcepoint Email Security
CVE-2018-16529 (A password reset vulnerability has been discovered in Forcepoint Email ...)
	NOT-FOR-US: Forcepoint Email Security
CVE-2018-16528 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 allows remote attacke ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16527 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16526 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16525 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16524 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16523 (Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0 ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16522 (Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized  ...)
	NOT-FOR-US: FreeRTOS
CVE-2018-16521 (An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3 ...)
	NOT-FOR-US: OpenMRS
CVE-2018-16520
	RESERVED
CVE-2018-16519 (COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting (XSS) via URLs ...)
	NOT-FOR-US: COYO
CVE-2018-16518 (A directory traversal vulnerability with remote code execution in Prim ...)
	NOT-FOR-US: Prim'X Zed! FREE
CVE-2018-16517 (asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dere ...)
	- nasm 2.14-1 (unimportant)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392513
	NOTE: https://fakhrizulkifli.github.io/CVE-2018-16517.html
	NOTE: https://github.com/netwide-assembler/nasm/commit/e996d28c70d45008085322b442b44a9224308548
	NOTE: Crash in CLI tool, no security impact
CVE-2018-16516 (helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL. ...)
	- python-flask-admin <itp> (bug #765509)
CVE-2018-16514 (A cross-site scripting (XSS) vulnerability in the View Filters page (v ...)
	- mantis <removed>
	NOTE: https://mantisbt.org/bugs/view.php?id=24731
CVE-2018-17088 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...)
	{DLA-2054-1}
	- jhead 1:3.00-8 (bug #907925)
	[stretch] - jhead 1:3.00-4+deb9u1
CVE-2018-16554 (The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may al ...)
	{DLA-2054-1}
	- jhead 1:3.00-8 (bug #908176)
	[stretch] - jhead 1:3.00-4+deb9u1
CVE-2018-16515 (Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events ...)
	- matrix-synapse 0.33.3.1-1 (bug #908044)
	NOTE: https://matrix.org/blog/2018/09/05/pre-disclosure-upcoming-critical-security-fix-for-synapse/
	NOTE: https://matrix.org/blog/2018/09/06/critical-security-update-synapse-0-33-3-1/
	NOTE: https://github.com/matrix-org/synapse/issues/3796#event-1833126269
CVE-2018-16512
	RESERVED
CVE-2018-16508
	RESERVED
CVE-2018-16507
	RESERVED
CVE-2018-16506
	RESERVED
CVE-2018-16505
	RESERVED
CVE-2018-16504
	RESERVED
CVE-2018-16503
	RESERVED
CVE-2018-16502
	RESERVED
CVE-2018-16501
	RESERVED
CVE-2018-16500
	RESERVED
CVE-2018-16499
	RESERVED
CVE-2018-16498
	RESERVED
CVE-2018-16497
	RESERVED
CVE-2018-16496
	RESERVED
CVE-2018-16495
	RESERVED
CVE-2018-16494
	RESERVED
CVE-2018-16493 (A path traversal vulnerability was found in module static-resource-ser ...)
	NOT-FOR-US: node static-resource-server
CVE-2018-16492 (A prototype pollution vulnerability was found in module extend &lt;2.0 ...)
	- node-extend 3.0.2-1 (unimportant)
	NOTE: https://snyk.io/vuln/npm:extend:20180424
	NOTE: https://github.com/justmoon/node-extend/commit/0e68e71d93507fcc391e398bc84abd0666b28190
	NOTE: https://github.com/justmoon/node-extend/pull/48
	NOTE: nodejs not covered by security support
CVE-2018-16491 (A prototype pollution vulnerability was found in node.extend &lt;1.1.7 ...)
	- node-extend 3.0.2-1 (unimportant)
	NOTE: https://hackerone.com/reports/430831
	NOTE: nodejs not covered by security support
CVE-2018-16490 (A prototype pollution vulnerability was found in module mpath &lt;0.5. ...)
	NOT-FOR-US: node mpath
CVE-2018-16489 (A prototype pollution vulnerability was found in just-extend &lt;4.0.0 ...)
	NOT-FOR-US: node just-extend
CVE-2018-16488
	RESERVED
CVE-2018-16487 (A prototype pollution vulnerability was found in lodash &lt;4.17.11 wh ...)
	- node-lodash 4.17.11+dfsg-1 (unimportant)
	NOTE: https://hackerone.com/reports/380873
	NOTE: nodejs not covered by security support
CVE-2018-16486 (A prototype pollution vulnerability was found in defaults-deep &lt;=0. ...)
	NOT-FOR-US: node defaults-deep
CVE-2018-16485 (Path Traversal vulnerability in module m-server &lt;1.4.1 allows malic ...)
	NOT-FOR-US: node m-server
CVE-2018-16484 (A XSS vulnerability was found in module m-server &lt;1.4.2 that allows ...)
	NOT-FOR-US: node m-server
CVE-2018-16483 (A deficiency in the access control in module express-cart &lt;=1.1.5 a ...)
	NOT-FOR-US: node express-cart
CVE-2018-16482 (A server directory traversal vulnerability was found on node module mc ...)
	NOT-FOR-US: node mcstatic
CVE-2018-16481 (A XSS vulnerability was found in html-page &lt;=2.1.1 that allows mali ...)
	NOT-FOR-US: node html-page
CVE-2018-16480 (A XSS vulnerability was found in module public &lt;0.1.4 that allows m ...)
	NOT-FOR-US: node public
CVE-2018-16479 (Path traversal vulnerability in http-live-simulator &lt;1.0.7 causes u ...)
	NOT-FOR-US: node http-live-simulator
CVE-2018-16478 (A Path Traversal in simplehttpserver versions &lt;=0.2.1 allows to lis ...)
	NOT-FOR-US: simplehttpserver
CVE-2018-16477 (A bypass vulnerability in Active Storage &gt;= 5.2.0 for Google Cloud  ...)
	- rails 2:5.2.2+dfsg-1 (bug #914848)
	[stretch] - rails <not-affected> (Only affects >= 5.2.0; vulnerable code not present)
	[jessie] - rails <not-affected> (Only affects >= 5.2.0; vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/5
	NOTE: Originally no version was affected until 2:5.2.0+dfsg-2 was uploaded to unstable.
CVE-2018-16476 (A Broken Access Control vulnerability in Active Job versions &gt;= 4.2 ...)
	- rails 2:5.2.2+dfsg-1 (bug #914847)
	[stretch] - rails 2:4.2.7.1-1+deb9u1
	[jessie] - rails <not-affected> (only affects >= 4.2.0)
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/27/4
CVE-2018-16475 (A Path Traversal in Knightjs versions &lt;= 0.0.1 allows an attacker t ...)
	NOT-FOR-US: Knightjs
CVE-2018-16474 (A stored xss in tianma-static module versions &lt;=1.0.4 allows an att ...)
	NOT-FOR-US: tianma-static
CVE-2018-16473 (A path traversal in takeapeek module versions &lt;=0.2.2 allows an att ...)
	NOT-FOR-US: takeapeek
CVE-2018-16472 (A prototype pollution attack in cached-path-relative versions &lt;=1.0 ...)
	NOT-FOR-US: cached-path-relative
CVE-2018-16471 (There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. ...)
	{DLA-1585-1}
	- ruby-rack 1.6.4-6 (bug #913005)
	[stretch] - ruby-rack 1.6.4-4+deb9u1
	NOTE: Fixed by: https://github.com/rack/rack/commit/e5d58031b766e49687157b45edab1b8457d972bd (master)
	NOTE: Fixed by: https://github.com/rack/rack/commit/313dd6a05a5924ed6c82072299c53fed09e39ae7 (2.0.6)
	NOTE: Fixed by: https://github.com/rack/rack/commit/97ca63d87d88b4088fb1995b14103d4fe6a5e594 (1.6.11)
CVE-2018-16470 (There is a possible DoS vulnerability in the multipart parser in Rack  ...)
	[experimental] - ruby-rack 2.0.6-1 (bug #913003)
	- ruby-rack <not-affected> (Only affects >= 2.0.4)
	NOTE: Introduced by: https://github.com/rack/rack/commit/c43217a81917de03aa6ceb1aa485ae69b8bb4598 (2.0.4)
	NOTE: Fixed by: https://github.com/rack/rack/commit/37c1160b2360074d20858792f23a7eb3afeabebd (2.0.6)
CVE-2018-16469 (The merge.recursive function in the merge package &lt;1.2.1 can be tri ...)
	NOT-FOR-US: merge package v
CVE-2018-16468 (In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may ...)
	{DSA-4364-1}
	- ruby-loofah 2.2.3-1 (bug #912398)
	NOTE: https://github.com/flavorjones/loofah/issues/154
	NOTE: https://github.com/flavorjones/loofah/commit/71e4b5434fbcb2ad87643f0c9fecfc3a847943c4 (v2.2.3)
CVE-2018-16467 (A missing check in Nextcloud Server prior to 14.0.0 could give unautho ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16466 (Improper revalidation of permissions in Nextcloud Server prior to 14.0 ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16465 (Missing state in Nextcloud Server prior to 14.0.0 would not enforce th ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16464 (A missing access check in Nextcloud Server prior to 14.0.0 could lead  ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16463 (A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13 ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-16462 (A command injection vulnerability in the apex-publish-static-files npm ...)
	NOT-FOR-US: apex-publish-static-files npm
CVE-2018-16461 (A command injection vulnerability in libnmapp package for versions &lt ...)
	NOT-FOR-US: libnmapp
CVE-2018-16460 (A command Injection in ps package versions &lt;1.0.0 for Node.js allow ...)
	NOT-FOR-US: ps node module
CVE-2018-16459 (An unescaped payload in exceljs &lt;v1.6 allows a possible XSS via cel ...)
	NOT-FOR-US: exceljs
CVE-2018-1000672
	REJECTED
CVE-2018-1000662
	REJECTED
CVE-2018-16458 (An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=a ...)
	NOT-FOR-US: baigo CMS
CVE-2018-16457 (PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote at ...)
	NOT-FOR-US: PHP Scripts Mall Open Source Real-estate Script
CVE-2018-16456 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a keyword. NO ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-16455 (PHP Scripts Mall Market Place Script 1.0.1 allows XSS via a keyword. ...)
	NOT-FOR-US: PHP Scripts Mall Market Place Script
CVE-2018-16454 (PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attacke ...)
	NOT-FOR-US: PHP Scripts Mall Olx Clone
CVE-2018-16453 (PHP Scripts Mall Domain Lookup Script 3.0.5 allows XSS in the search b ...)
	NOT-FOR-US: PHP Scripts Mall Domain Lookup Script
CVE-2018-16452 (The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/24182d959f661327525a20d9a94c98a8ec016778
CVE-2018-16451 (The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print- ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/96480ab95308cd9234b4f09b175ebf60e17792c6
CVE-2018-16450 (CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. ...)
	NOT-FOR-US: CraftedWeb
CVE-2018-16449 (OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Cha ...)
	NOT-FOR-US: OneThink
CVE-2018-16448 (Cscms 4 allows CSRF for creating a member via upload/admin.php/user/sa ...)
	NOT-FOR-US: Cscms
CVE-2018-16447 (Frog CMS 0.9.5 has admin/?/user/edit/1 CSRF. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-16446 (An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.p ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16445 (An issue was discovered in SeaCMS through 6.61. SQL injection exists v ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16444 (An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSR ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16443
	RESERVED
CVE-2018-16442
	RESERVED
CVE-2018-16441
	RESERVED
CVE-2018-16440
	RESERVED
CVE-2018-16439
	RESERVED
CVE-2018-16438 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
	- hdf5 <undetermined>
	NOTE: H5L_extern_query@H5Lexternal.c:498-10___out-of-bounds-read
CVE-2018-16437 (Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable ...)
	NOT-FOR-US: Gxlcms
CVE-2018-16436 (Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an ...)
	NOT-FOR-US: Gxlcms
CVE-2018-16435 (Little CMS (aka Little Color Management System) 2.9 has an integer ove ...)
	{DSA-4289-1 DSA-4284-1 DLA-1496-1}
	- lcms2 2.9-3 (bug #907983)
	- lcms <removed>
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	NOTE: https://github.com/mm2/Little-CMS/issues/171
	NOTE: https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
CVE-2018-16434
	RESERVED
CVE-2018-16433
	RESERVED
CVE-2018-16432 (BlueCMS 1.6 allows SQL Injection via the user_name parameter to upload ...)
	NOT-FOR-US: BlueCMS
CVE-2018-16431 (admin/admin/adminsave.html in YFCMF v3.0 allows CSRF to add an adminis ...)
	NOT-FOR-US: YFCMF
CVE-2018-16430 (GNU Libextractor through 1.7 has an out-of-bounds read vulnerability i ...)
	{DSA-4290-1 DLA-1501-1}
	- libextractor 1:1.7-1 (bug #907987)
	NOTE: https://gnunet.org/bugs/view.php?id=5405
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7
CVE-2018-16429 (GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_ ...)
	{DLA-1866-1}
	- glib2.0 2.58.0-1 (low)
	[stretch] - glib2.0 2.50.3-2+deb9u1
	NOTE: https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b
	NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1361
CVE-2018-16428 (In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c  ...)
	{DLA-1866-1}
	- glib2.0 2.58.0-1 (low)
	[stretch] - glib2.0 <no-dsa> (Minor issue)
	NOTE: https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9
	NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1364
CVE-2018-16427 (Various out of bounds reads when handling responses in OpenSC before 0 ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/pull/1447/commits/8fe377e93b4b56060e5bbfb6f3142ceaeca744fa
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16426 (Endless recursion when handling responses from an IAS-ECC card in iase ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/03628449b75a93787eb2359412a3980365dda49b#diff-f8c0128e14031ed9307d47f10f601b54
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16425 (A double free when handling responses from an HSM Card in sc_pkcs15emu ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d643a0fa169471dbf2912f4866dc49c5
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16424 (A double free when handling responses in read_file in tools/egk-tool.c ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-476b3b2a03c4eef331b4b0bfece4b063
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16423 (A double free when handling responses from a smartcard in sc_file_set_ ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-db0cd89ff279ad8c7b3bb780cdf2770a
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16422 (A single byte buffer overflow when handling responses from an esteid C ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16421 (Several buffer overflows when handling responses from a CAC Card in ca ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-848b13147a344ba2c6361d91ca77feb1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16420 (Several buffer overflows when handling responses from an ePass 2003 Ca ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b36536074d13447fbbec061e0e64d15d
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16419 (Several buffer overflows when handling responses from a Cryptoflex car ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16418 (A buffer overflow when handling string concatenation in util_acl_to_st ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-628c8445c4e7ae92bbc4be08ba11a4c3
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16417 (Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11,  ...)
	NOT-FOR-US: Aruba Instant
CVE-2018-16416 (Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inl ...)
	NOT-FOR-US: FUEL CMS
CVE-2018-16415
	RESERVED
CVE-2018-16414
	RESERVED
CVE-2018-16413 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the Magi ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910887)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1249
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1251
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4745eb1047617330141e9abfd5ae01236a71ae12
CVE-2018-16412 (ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the code ...)
	{DSA-4316-1 DLA-1530-1}
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #910887)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250
	NOTE: Fixed with same patch as for issue #1249, as per upstream discussion at
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1250#issuecomment-422361868
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/17a1a6f97fd088a71931bdc422f4e96bb6ffc549
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4745eb1047617330141e9abfd5ae01236a71ae12
CVE-2018-16411
	RESERVED
CVE-2018-16410 (Vanilla before 2.6.1 allows SQL injection via an invitationID array to ...)
	NOT-FOR-US: Vanilla
CVE-2018-16409 (In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GE ...)
	NOT-FOR-US: Go Git Service
CVE-2018-16408 (D-Link DIR-846 devices with firmware 100.26 allow remote attackers to  ...)
	NOT-FOR-US: D-Link DIR-846 devices
CVE-2018-16407 (An issue was discovered in Mayan EDMS before 3.0.3. The Tags app has X ...)
	- mayan-edms <itp> (bug #718580)
CVE-2018-16406 (An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app h ...)
	- mayan-edms <itp> (bug #718580)
CVE-2018-16405 (An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app ...)
	- mayan-edms <itp> (bug #718580)
CVE-2018-16404
	RESERVED
CVE-2018-16403 (libdw in elfutils 0.173 checks the end of the attributes list incorrec ...)
	- elfutils 0.175-1 (low)
	[stretch] - elfutils <no-dsa> (Minor issue)
	[jessie] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23529
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda
CVE-2018-16402 (libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a  ...)
	- elfutils 0.175-1 (low)
	[stretch] - elfutils <no-dsa> (Minor issue)
	[jessie] - elfutils <not-affected> (vulnerable code introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23528
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=56b18521fb8d46d40fc090c0de9d11a08bc982fa
CVE-2018-16401
	RESERVED
CVE-2018-16400
	RESERVED
CVE-2018-16399
	RESERVED
CVE-2018-16398 (In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as  ...)
	NOT-FOR-US: Twistlock AuthZ Broker
CVE-2018-16397 (In LimeSurvey before 3.14.7, an admin user can leverage a "file upload ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-16396 (An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5. ...)
	{DSA-4332-1 DLA-1558-1}
	- ruby2.5 2.5.3-1 (bug #911920)
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
	NOTE: https://github.com/ruby/ruby/commit/a2958f6743664006d21fc0bafd4ca6214df1d429
CVE-2018-16395 (An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2 ...)
	{DSA-4332-1 DLA-1558-1}
	- ruby-openssl 2.1.2-1 (bug #911918)
	- ruby2.5 2.5.3-1 (bug #911919)
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
	NOTE: https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5
CVE-2018-16394
	RESERVED
CVE-2018-16393 (Several buffer overflows when handling responses from a Gemsafe V1 Sma ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16392 (Several buffer overflows when handling responses from a TCOS Card in t ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b2a356323a9ff2024d041cf2d7e89dd3
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16391 (Several buffer overflows when handling responses from a Muscle Card in ...)
	{DLA-1916-1}
	- opensc 0.19.0~rc1-1 (low; bug #909444)
	[stretch] - opensc 0.16.0-3+deb9u1
	NOTE: https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-477b7a40136bb418b10ce271c8664536
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/
CVE-2018-16390
	RESERVED
CVE-2018-16389 (e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ ...)
	NOT-FOR-US: e107
CVE-2018-16388 (e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers  ...)
	NOT-FOR-US: e107
CVE-2018-16387 (An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF v ...)
	NOT-FOR-US: Elefant CMS
CVE-2018-16386 (An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log i ...)
	NOT-FOR-US: SWIFT Alliance Web Platform
CVE-2018-16385 (ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index ...)
	NOT-FOR-US: ThinkPHP
CVE-2018-16384 (A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ...)
	- modsecurity-crs <unfixed> (low; bug #924352)
	[buster] - modsecurity-crs <no-dsa> (Minor issue)
	[stretch] - modsecurity-crs <no-dsa> (Minor issue)
	[jessie] - modsecurity-crs <no-dsa> (Minor issue)
	NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1167
CVE-2018-16383
	RESERVED
CVE-2018-16382 (Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regfla ...)
	- nasm 2.14-1 (unimportant; bug #907866)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392503
	NOTE: Duplicate of/relate to https://bugzilla.nasm.us/show_bug.cgi?id=3392447
	NOTE: https://github.com/netwide-assembler/nasm/commit/3c755dac88039b718d52ef56e8f74b5f65f3b55b
	NOTE: Crash in CLI tool, no security impact
CVE-2018-16381 (e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&amp;action=l ...)
	NOT-FOR-US: e107
CVE-2018-16380 (An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerab ...)
	NOT-FOR-US: Ogma CMS
CVE-2018-16379 (Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "T ...)
	NOT-FOR-US: Ogma CMS
CVE-2018-16378
	RESERVED
CVE-2018-16377
	RESERVED
CVE-2018-16376 (An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflo ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1127
	NOTE: We build with -DBUILD_MJ2:BOOL=OFF
CVE-2018-16375 (An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_i ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1126
	NOTE: We build with -DBUILD_JPWL:BOOL=OFF
CVE-2018-16374 (Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. ...)
	NOT-FOR-US: Frog CMS
CVE-2018-16373 (Frog CMS 0.9.5 has an Upload vulnerability that can create files via / ...)
	NOT-FOR-US: Frog CMS
CVE-2018-16372 (The issue was discovered in IdeaCMS through 2016-04-30. There is refle ...)
	NOT-FOR-US: IdeaCMS
CVE-2018-16371 (PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter ...)
	NOT-FOR-US: PESCMS Team
CVE-2018-16370 (In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP c ...)
	NOT-FOR-US: PESCMS Team
CVE-2018-16369 (XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a ...)
	- xpdf <unfixed> (unimportant)
	NOTE: Crash in GUI/CLI tool, no security impact
CVE-2018-16368 (SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows ...)
	- xpdf <unfixed> (unimportant)
	NOTE: Crash in GUI/CLI tool, no security impact
CVE-2018-16367 (In OnlineJudge 2.0, the sandbox has an incorrect access control vulner ...)
	NOT-FOR-US: OnlineJudge
CVE-2018-16366 (An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=us ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-16365 (An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=gr ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-16364 (A serialization vulnerability in Zoho ManageEngine Applications Manage ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-16363 (The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via th ...)
	NOT-FOR-US: mndpsingh287 File Manager plugin for WordPress
CVE-2018-16362 (An issue was discovered in the Source Integration plugin before 1.5.9  ...)
	NOT-FOR-US: Mantis plugin
CVE-2018-16361 (An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS vi ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-16360
	RESERVED
CVE-2018-16359 (Google gVisor before 2018-08-23, within the seccomp sandbox, permits a ...)
	NOT-FOR-US: gVisor
CVE-2018-16358 (A cross-site scripting (XSS) vulnerability in inc/core/class.dc.core.p ...)
	- dotclear <removed>
CVE-2018-16357 (An issue was discovered in PbootCMS. There is a SQL injection via the  ...)
	NOT-FOR-US: PbootCMS
CVE-2018-16356 (An issue was discovered in PbootCMS. There is a SQL injection via the  ...)
	NOT-FOR-US: PbootCMS
CVE-2018-16355
	RESERVED
CVE-2018-16354 (An issue was discovered in FHCRM through 2018-02-11. There is a SQL in ...)
	NOT-FOR-US: FHCRM
CVE-2018-16353 (An issue was discovered in FHCRM through 2018-02-11. There is a SQL in ...)
	NOT-FOR-US: FHCRM
CVE-2018-16352 (There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index. ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-16351
	RESERVED
CVE-2018-16350 (WUZHI CMS 4.1.0 has XSS via the index.php?m=core&amp;f=set&amp;v=basic ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-16349 (WUZHI CMS 4.1.0 has XSS via the index.php?m=link&amp;f=index&amp;v=add ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-16348 (SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, rela ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16347 (An issue was discovered in Gleez CMS v1.2.0. There is XSS via media/im ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-16346 (ChemCMS 1.0.6 has XSS via the "setting -&gt; website information" fiel ...)
	NOT-FOR-US: ChemCMS
CVE-2018-16345 (An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability  ...)
	NOT-FOR-US: EasyCMS
CVE-2018-16344 (An issue was discovered in zzcms 8.3. It allows remote attackers to de ...)
	NOT-FOR-US: zzcms
CVE-2018-16343 (SeaCMS 6.61 allows remote attackers to execute arbitrary code because  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-16342 (ShowDoc v1.8.0 has XSS via a new page. ...)
	NOT-FOR-US: ShowDoc
CVE-2018-16341
	RESERVED
CVE-2018-16340
	RESERVED
CVE-2018-16339 (An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerabilit ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-16338 (An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability  ...)
	NOT-FOR-US: AuraCMS
CVE-2018-16337 (An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability ...)
	NOT-FOR-US: Cscms
CVE-2018-16336 (Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote  ...)
	{DLA-1551-1}
	- exiv2 0.27.2-6 (bug #916081)
	[buster] - exiv2 0.25-4+deb10u1
	[stretch] - exiv2 0.25-3.1+deb9u2
	NOTE: https://github.com/Exiv2/exiv2/issues/400
	NOTE: https://github.com/Exiv2/exiv2/commit/35b3e596edacd2437c2c5d3dd2b5c9502626163d
CVE-2018-16335 (newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c  ...)
	{DSA-4349-1}
	- tiff 4.0.9-5 (bug #907795)
	[jessie] - tiff 4.0.3-12.3+deb8u6
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2809
	NOTE: Different issue than CVE-2017-11613 but adressed with same set of commits.
	NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8
	NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be
CVE-2018-16334 (An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V1 ...)
	NOT-FOR-US: Tenda
CVE-2018-16333 (An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19 ...)
	NOT-FOR-US: Tenda
CVE-2018-16332 (An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=art ...)
	NOT-FOR-US: iCMS
CVE-2018-16331 (admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the  ...)
	NOT-FOR-US: DamiCMS
CVE-2018-16330 (Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid ...)
	NOT-FOR-US: Pandao Editor.md
CVE-2018-16329 (In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in th ...)
	- imagemagick <not-affected> (Only affects 7.x)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1225
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2c75f301d9ac84f91071393b02d8c88c8341c91c
CVE-2018-16328 (In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in th ...)
	- imagemagick 8:6.9.10.8+dfsg-1
	[stretch] - imagemagick <not-affected> (Vulnerable code introduced later)
	[jessie] - imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1224
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/107ce8577e818cf4801e5a59641cb769d645cc95
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/68e4f4d22abaf97b61019ea85f74e2f639d0e93e
CVE-2018-16327 (There is Stored XSS in Subrion 4.2.1 via the admin panel URL configura ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-16326 (PHP Scripts Mall Olx Clone 3.4.2 has XSS. ...)
	NOT-FOR-US: PHP Scripts Mall Olx Clone
CVE-2018-16325 (There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title fie ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-16324 (In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ u ...)
	NOT-FOR-US: IceWarp Server
CVE-2018-16323 (ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data ...)
	- imagemagick 8:6.9.10.14+dfsg-1 (bug #907776)
	[stretch] - imagemagick <not-affected> (Introduced by b8c63b156bf26b52e710b1a0643c846a6cd01e56 which wasn't backported to stretch)
	[jessie] - imagemagick <not-affected> (Introduced by b8c63b156bf26b52e710b1a0643c846a6cd01e56 which wasn't backported to jessie)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/216d117f05bff87b9dc4db55a1b1fadb38bcb786
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/57565dace66d550042522e203f522da711d551a6
CVE-2018-16322
	RESERVED
CVE-2018-16321
	RESERVED
CVE-2018-16320 (idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Travers ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-16319
	RESERVED
CVE-2018-16318
	RESERVED
CVE-2018-16317
	RESERVED
CVE-2018-16316 (A stored Cross-site scripting (XSS) vulnerability in Portainer through ...)
	NOT-FOR-US: Portainer
CVE-2018-16315 (In waimai Super Cms 20150505, there is a CSRF vulnerability that can c ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-16314 (An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-16313 (Bludit 2.3.4 allows XSS via a user name. ...)
	NOT-FOR-US: Bludit
CVE-2018-16312
	RESERVED
CVE-2018-16311
	RESERVED
CVE-2018-16310 (** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers to ...)
	NOT-FOR-US: Technicolor
CVE-2018-16309
	REJECTED
CVE-2018-16308 (The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV inject ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-16307 (An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi X ...)
	NOT-FOR-US: Xiaomi
CVE-2018-16306
	RESERVED
CVE-2018-16305
	RESERVED
CVE-2018-16304
	RESERVED
CVE-2018-16303 (PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause  ...)
	NOT-FOR-US: PDF-XChange Editor
CVE-2018-16302 (MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted fil ...)
	NOT-FOR-US: MediaComm Zip-n-Go
CVE-2018-16301
	REJECTED
CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption in pri ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory Travers ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php ...)
	NOT-FOR-US: MiniCMS
CVE-2018-16297 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16296 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16295 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16294 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16293 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16292 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16291 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-16290
	RESERVED
CVE-2018-16289
	RESERVED
CVE-2018-16288 (LG SuperSign CMS allows reading of arbitrary files via signEzUI/playli ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-16287 (LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/ ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-16286 (LG SuperSign CMS allows authentication bypass because the CAPTCHA requ ...)
	NOT-FOR-US: LG SuperSign CMS
CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via the sho ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-16284
	RESERVED
CVE-2018-16283 (The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Dir ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-16282 (A command injection vulnerability in the web server functionality of M ...)
	NOT-FOR-US: Moxa
CVE-2018-16281 (The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Ji ...)
	NOT-FOR-US: DEISER
CVE-2018-16280
	RESERVED
CVE-2018-16279
	RESERVED
CVE-2018-16278 (phpkaiyuancms PhpOpenSourceCMS (POSCMS) V3.2.0 allows an unauthenticat ...)
	NOT-FOR-US: phpkaiyuancms PhpOpenSourceCMS (POSCMS)
CVE-2018-16277 (The Image Import function in XWiki through 10.7 has XSS. ...)
	NOT-FOR-US: XWiki
CVE-2018-16275 (OPSWAT MetaDefender before v4.11.2 allows CSV injection. ...)
	NOT-FOR-US: OPSWAT MetaDefender
CVE-2018-16276 (An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in t ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.8-1
	NOTE: Fixed by: https://git.kernel.org/linus/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 (4.18-rc5)
CVE-2018-16274
	RESERVED
CVE-2018-16273
	RESERVED
CVE-2018-16272 (The wpa_supplicant system service in Samsung Galaxy Gear series allows ...)
	NOT-FOR-US: Samsung
CVE-2018-16271 (The wemail_consumer_service (from the built-in application wemail) in  ...)
	NOT-FOR-US: Samsung
CVE-2018-16270 (Samsung Galaxy Gear series before build RE2 includes the hcidump utili ...)
	NOT-FOR-US: Samsung
CVE-2018-16269 (The wnoti system service in Samsung Galaxy Gear series allows an unpri ...)
	NOT-FOR-US: Samsung
CVE-2018-16268 (The SoundServer/FocusServer system services in Tizen allow an unprivil ...)
	NOT-FOR-US: Tizen
CVE-2018-16267 (The system-popup system service in Tizen allows an unprivileged proces ...)
	NOT-FOR-US: Tizen
CVE-2018-16266 (The Enlightenment system service in Tizen allows an unprivileged proce ...)
	NOT-FOR-US: Tizen
CVE-2018-16265 (The bt/bt_core system service in Tizen allows an unprivileged process  ...)
	NOT-FOR-US: Tizen
CVE-2018-16264 (The BlueZ system service in Tizen allows an unprivileged process to pa ...)
	NOT-FOR-US: Tizen
CVE-2018-16263 (The PulseAudio system service in Tizen allows an unprivileged process  ...)
	NOT-FOR-US: Tizen
CVE-2018-16262 (The pkgmgr system service in Tizen allows an unprivileged process to p ...)
	NOT-FOR-US: Tizen
CVE-2018-16261 (In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, the ...)
	NOT-FOR-US: Pulse Secure Pulse Desktop Client
CVE-2018-16260
	RESERVED
CVE-2018-16259 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16258 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16257 (** DISPUTED ** There are multiple XSS vulnerabilities in WP All Import ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16256 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16255 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16254 (** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3 ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-16253 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
	- axtls <not-affected> (Fixed before initial upload to Debian)
CVE-2018-16252 (FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML Exter ...)
	NOT-FOR-US: FsPro Labs Event Log Explorer
CVE-2018-16251 (A "search for user discovery" injection issue exists in Creatiwity wit ...)
	NOT-FOR-US: Creatiwity wityCMS
CVE-2018-16250 (The "utilisateur" menu in Creatiwity wityCMS 0.6.2 modifies the presen ...)
	NOT-FOR-US: Creatiwity wityCMS
CVE-2018-16249 (In Symphony before 3.3.0, there is XSS in the Title under Post. The ID ...)
	NOT-FOR-US: b3log
CVE-2018-16248 (b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles ...)
	NOT-FOR-US: b3log
CVE-2018-16247 (YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html ti ...)
	NOT-FOR-US: YzmCMS
CVE-2018-16246
	RESERVED
CVE-2018-16245
	RESERVED
CVE-2018-16244
	RESERVED
CVE-2018-16243 (SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074  ...)
	NOT-FOR-US: SolarWinds
CVE-2018-16242 (oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which  ...)
	NOT-FOR-US: oBike
CVE-2018-16241
	RESERVED
CVE-2018-16240
	RESERVED
CVE-2018-16239 (An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() ...)
	NOT-FOR-US: damiCMS
CVE-2018-16238 (An issue was discovered in damiCMS V6.0.1. Remote code execution can o ...)
	NOT-FOR-US: damiCMS
CVE-2018-16237 (An issue was discovered in damiCMS V6.0.1. There is Directory Traversa ...)
	NOT-FOR-US: damiCMS
CVE-2018-16236 (cPanel through 74 allows XSS via a crafted filename in the logs subdir ...)
	NOT-FOR-US: cPanel
CVE-2018-16235 (Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x bef ...)
	NOT-FOR-US: Telligent Community
CVE-2018-16234 (MorningStar WhatWeb 0.4.9 has XSS via JSON report files. ...)
	NOT-FOR-US: MorningStar WhatWeb
CVE-2018-16233 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter. ...)
	NOT-FOR-US: MiniCMS
CVE-2018-16232 (An authenticated command injection vulnerability exists in IPFire Fire ...)
	NOT-FOR-US: IPFire
CVE-2018-16231 (Michael Roth Software Personal FTP Server (PFTP) through 8.4f allows r ...)
	NOT-FOR-US: Michael Roth Software Personal FTP Server
CVE-2018-16230 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/13d52e9c0e7caf7e6325b0051bc90a49968be67f
CVE-2018-16229 (The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/211124b972e74f0da66bc8b16f181f78793e2f66
CVE-2018-16228 (The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/83a412a5275cac973c5841eca3511c766bed778d
CVE-2018-16227 (The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read  ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/4846b3c5d0a850e860baf4f07340495d29837d09
CVE-2018-16226 (A vulnerability in the web admin component of Mitel MiVoice Office 400 ...)
	NOT-FOR-US: Mitel
CVE-2018-16225 (The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network ...)
	NOT-FOR-US: QBee MultiSensor Camera
CVE-2018-16224 (Incorrect access control for the diagnostic files of the iSmartAlarm C ...)
	NOT-FOR-US: iSmartAlarm Cube One
CVE-2018-16223 (Insecure Cryptographic Storage of credentials in com.vestiacom.qbeecam ...)
	NOT-FOR-US: QBee Cam application for Android
CVE-2018-16222 (Cleartext Storage of credentials in the iSmartAlarmData.xml configurat ...)
	NOT-FOR-US: iSmartAlarm application for Android
CVE-2018-16221 (The diagnostics web interface in the Yeahlink Ultra-elegant IP Phone S ...)
	NOT-FOR-US: Yeahlink
CVE-2018-16220 (Cross Site Scripting in different input fields (domain field and perso ...)
	NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16219 (A missing password verification in the web interface in AudioCodes 405 ...)
	NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16218 (A CSRF (Cross Site Request Forgery) in the web interface of the Yeahli ...)
	NOT-FOR-US: Yeahlink
CVE-2018-16217 (The network diagnostic function (ping) in the Yeahlink Ultra-elegant I ...)
	NOT-FOR-US: Yeahlink
CVE-2018-16216 (A command injection (missing input validation, escaping) in the monito ...)
	NOT-FOR-US: AudioCodes 405HD VoIP phone
CVE-2018-16215
	RESERVED
CVE-2018-16214
	RESERVED
CVE-2018-16213
	RESERVED
CVE-2018-16212
	RESERVED
CVE-2018-16211
	RESERVED
CVE-2018-16210 (WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01 ...)
	NOT-FOR-US: WAGO
CVE-2018-16209
	RESERVED
CVE-2018-16208
	RESERVED
CVE-2018-16207 (PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows  ...)
	NOT-FOR-US: PowerAct Pro Master Agent for Windows
CVE-2018-16206 (Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-16205 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows  ...)
	NOT-FOR-US: GROWI
CVE-2018-16204 (Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0. ...)
	NOT-FOR-US: WordPress plugin google-sitemap-generator
CVE-2018-16203 (PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the logi ...)
	NOT-FOR-US: postgresql-pgpoolAdmin
CVE-2018-16202 (Directory traversal vulnerability in cordova-plugin-ionic-webview vers ...)
	NOT-FOR-US: cordova-plugin-ionic-webview
CVE-2018-16201 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
	NOT-FOR-US: Toshiba
CVE-2018-16200 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
	NOT-FOR-US: Toshiba
CVE-2018-16199 (Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1 ...)
	NOT-FOR-US: Toshiba
CVE-2018-16198 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
	NOT-FOR-US: Toshiba
CVE-2018-16197 (Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway ...)
	NOT-FOR-US: Toshiba
CVE-2018-16196 (Multiple Yokogawa products that contain Vnet/IP Open Communication Dri ...)
	NOT-FOR-US: Yokogawa
CVE-2018-16195 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 an ...)
	NOT-FOR-US: Aterm firmware
CVE-2018-16194 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 an ...)
	NOT-FOR-US: Aterm firmware
CVE-2018-16193 (Cross-site scripting vulnerability in Aterm WF1200CR and Aterm WG1200C ...)
	NOT-FOR-US: Aterm firmware
CVE-2018-16192 (Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 an ...)
	NOT-FOR-US: Aterm firmware
CVE-2018-16191 (Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1,  ...)
	NOT-FOR-US: EC-CUBE
CVE-2018-16190 (Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMeltin ...)
	NOT-FOR-US: Some Windows installer
CVE-2018-16189 (Untrusted search path vulnerability in Self-Extracting Archives create ...)
	NOT-FOR-US: Some Windows installer
CVE-2018-16188 (SQL injection vulnerability in the RICOH Interactive Whiteboard D2200  ...)
	NOT-FOR-US: RICOH
CVE-2018-16187 (The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2. ...)
	NOT-FOR-US: RICOH
CVE-2018-16186 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D ...)
	NOT-FOR-US: RICOH
CVE-2018-16185 (RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D ...)
	NOT-FOR-US: RICOH
CVE-2018-16184 (RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D ...)
	NOT-FOR-US: RICOH
CVE-2018-16183 (An unquoted search path vulnerability in some pre-installed applicatio ...)
	NOT-FOR-US: Panasonic PC applications
CVE-2018-16182 (Untrusted search path vulnerability in the installer of MARKET SPEED V ...)
	NOT-FOR-US: MARKET SPEED
CVE-2018-16181 (HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlie ...)
	NOT-FOR-US: i-FILTER
CVE-2018-16180 (Cross-site scripting vulnerability in i-FILTER Ver.9.50R05 and earlier ...)
	NOT-FOR-US: i-FILTER
CVE-2018-16179 (The Mizuho Direct App for Android version 3.13.0 and earlier does not  ...)
	NOT-FOR-US: Mizuho Direct App for Android
CVE-2018-16178 (Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-16177 (Untrusted search path vulnerability in The installer of Windows10 Fall ...)
	NOT-FOR-US: Random Windows installer
CVE-2018-16176 (Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1 ...)
	NOT-FOR-US: Random Windows installer
CVE-2018-16175 (SQL injection vulnerability in the LearnPress prior to version 3.1.0 a ...)
	NOT-FOR-US: LearnPress
CVE-2018-16174 (Open redirect vulnerability in LearnPress prior to version 3.1.0 allow ...)
	NOT-FOR-US: LearnPress
CVE-2018-16173 (Cross-site scripting vulnerability in LearnPress prior to version 3.1. ...)
	NOT-FOR-US: LearnPress
CVE-2018-16172 (Improper countermeasure against clickjacking attack in client certific ...)
	NOT-FOR-US: Cybozu Remote Service
CVE-2018-16171 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3. ...)
	NOT-FOR-US: Cybozu Remote Service
CVE-2018-16170 (Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3. ...)
	NOT-FOR-US: Cybozu Remote Service
CVE-2018-16169 (Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attac ...)
	NOT-FOR-US: Cybozu Remote Service
CVE-2018-16168 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct Pytho ...)
	NOT-FOR-US: LogonTracer
CVE-2018-16167 (LogonTracer 1.2.0 and earlier allows remote attackers to execute arbit ...)
	NOT-FOR-US: LogonTracer
CVE-2018-16166 (LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML E ...)
	NOT-FOR-US: LogonTracer
CVE-2018-16165 (Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier al ...)
	NOT-FOR-US: LogonTracer
CVE-2018-16164 (Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 ...)
	NOT-FOR-US: Event Calendar WD
CVE-2018-16163 (OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass ...)
	NOT-FOR-US: OpenDolphin
CVE-2018-16162 (OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain ...)
	NOT-FOR-US: OpenDolphin
CVE-2018-16161 (OpenDolphin 2.7.0 and earlier allows authenticated users to gain admin ...)
	NOT-FOR-US: OpenDolphin
CVE-2018-16160 (SecureCore Standard Edition Version 2.x allows an attacker to bypass t ...)
	NOT-FOR-US: SecureCore Standard Edition
CVE-2018-16159 (The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Inject ...)
	NOT-FOR-US: Gift Vouchers plugin for WordPress
CVE-2018-16048 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab <not-affected> (Only affects Enterprise edition)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49947
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16051 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/6012
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-XXXX [gitlab: Missing CSRF in System Hooks]
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16049 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 11.1.8+dfsg-2
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/46967
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49272
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16050 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 11.1 and 11.2)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/49085
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-XXXX [gitlab: Persistent XSS in Pipeline Tooltip]
	- gitlab 11.1.8+dfsg-2
	[stretch] - gitlab <not-affected> (Only affects 10.7 and later)
	NOTE: https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/
CVE-2018-16158 (Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10  ...)
	NOT-FOR-US: Eaton Power Xpert Meter
CVE-2018-16157 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-16156 (In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC ...)
	NOT-FOR-US: PaperStream IP (TWAIN)
CVE-2018-16155
	RESERVED
CVE-2018-16154
	RESERVED
CVE-2018-16153
	RESERVED
CVE-2018-16152 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp pl ...)
	{DSA-4305-1 DLA-1522-1}
	- strongswan 5.7.0-1
	NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
CVE-2018-16151 (In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp pl ...)
	{DSA-4305-1 DLA-1522-1}
	- strongswan 5.7.0-1
	NOTE: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
CVE-2018-16150 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
	- axtls <not-affected> (Fixed before initial upload to Debian)
CVE-2018-16149 (In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS# ...)
	- axtls <not-affected> (Fixed before initial upload to Debian)
CVE-2018-16148 (The diagnosticsb2ksy parameter of the /rest endpoint in Opsview Monito ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16147 (The data parameter of the /settings/api/router endpoint in Opsview Mon ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16146 (The web management console of Opsview Monitor 5.4.x before 5.4.2 provi ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16145 (The /etc/init.d/opsview-reporting-module script that runs at boot time ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16144 (The test connection functionality in the NetAudit section of Opsview M ...)
	NOT-FOR-US: Opsview Monitor
CVE-2018-16143
	RESERVED
CVE-2018-16142 (PHPOK 4.8.278 has a Reflected XSS vulnerability in framework/www/login ...)
	NOT-FOR-US: PHPOK
CVE-2018-16141 (ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in do_ava ...)
	NOT-FOR-US: ThinkCMF
CVE-2018-16140 (A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3. ...)
	{DLA-2073-1}
	- fig2dev 1:3.2.7a-3 (unimportant; bug #907660)
	- transfig <removed> (unimportant)
	NOTE: https://sourceforge.net/p/mcj/tickets/28/
	NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e0c4b02429116b15ad1568c2c425f06b95b95830
	NOTE: Crash in CLI tool, no security impact
CVE-2018-16139 (Cross-site scripting (XSS) vulnerability in BIBLIOsoft BIBLIOpac 2008  ...)
	NOT-FOR-US: BIBLIOsoft BIBLIOpac
CVE-2018-16138 (An issue was discovered in the administration page in IPBRICK OS 6.3.  ...)
	NOT-FOR-US: IPBRICK OS
CVE-2018-16137 (An issue was discovered in the Web Management Console in IPBRICK OS 6. ...)
	NOT-FOR-US: IPBRICK OS
CVE-2018-16136 (An issue was discovered in the administrator interface in IPBRICK OS 6 ...)
	NOT-FOR-US: IPBRICK OS
CVE-2018-16135
	RESERVED
CVE-2018-16134 (Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. ...)
	NOT-FOR-US: Cybrotech
CVE-2018-16133 (Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ i ...)
	NOT-FOR-US: Cybrotech
CVE-2018-16132 (The image rendering component (createGenericPreview) of the Open Whisp ...)
	NOT-FOR-US: Signal app (specific on iOS)
CVE-2018-16131 (The decodeRequest and decodeRequestWith directives in Lightbend Akka H ...)
	NOT-FOR-US: Lightbend Akka
CVE-2018-16130 (System command injection in request_mitv in Xiaomi Mi Router 3 version ...)
	NOT-FOR-US: Xiaomi Mi Router
CVE-2018-558213
	REJECTED
CVE-2018-16129
	RESERVED
CVE-2018-16128
	RESERVED
CVE-2018-16127
	RESERVED
CVE-2018-16126
	RESERVED
CVE-2018-16125
	RESERVED
CVE-2018-16124
	RESERVED
CVE-2018-16123
	RESERVED
CVE-2018-16122
	RESERVED
CVE-2018-16121
	RESERVED
CVE-2018-16120
	RESERVED
CVE-2018-16119 (Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (F ...)
	NOT-FOR-US: TP-Link
CVE-2018-16118 (A shell escape vulnerability in /webconsole/APIController in the API C ...)
	NOT-FOR-US: Sophos
CVE-2018-16117 (A shell escape vulnerability in /webconsole/Controller in Admin Portal ...)
	NOT-FOR-US: Sophos
CVE-2018-16116 (SQL injection vulnerability in AccountStatus.jsp in Admin Portal of So ...)
	NOT-FOR-US: Sophos
CVE-2018-16115 (Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modif ...)
	NOT-FOR-US: Lightbend Akka
CVE-2018-16114
	RESERVED
CVE-2018-16113
	REJECTED
CVE-2018-16112
	REJECTED
CVE-2018-16111
	REJECTED
CVE-2018-16110
	REJECTED
CVE-2018-16109
	REJECTED
CVE-2018-16108
	REJECTED
CVE-2018-16107
	REJECTED
CVE-2018-16106
	REJECTED
CVE-2018-16105
	REJECTED
CVE-2018-16104
	REJECTED
CVE-2018-16103
	REJECTED
CVE-2018-16102
	REJECTED
CVE-2018-16101
	REJECTED
CVE-2018-16100
	REJECTED
CVE-2018-16099
	REJECTED
CVE-2018-16098 (In some Lenovo ThinkPads, an unquoted search path vulnerability was fo ...)
	NOT-FOR-US: Lenovo
CVE-2018-16097 (LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Ce ...)
	NOT-FOR-US: LXCI (Lenovo XClarity Integrator)
CVE-2018-16096 (In System Management Module (SMM) versions prior to 1.06, the SMM web  ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16095 (In System Management Module (SMM) versions prior to 1.06, the SMM reco ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16094 (In System Management Module (SMM) versions prior to 1.06, an internal  ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16093 (In versions prior to 5.5, LXCI for VMware allows an authenticated user ...)
	NOT-FOR-US: LXCI (Lenovo XClarity Integrator)
CVE-2018-16092 (In System Management Module (SMM) versions prior to 1.06, the FFDC fea ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16091 (In System Management Module (SMM) versions prior to 1.06, the SMM cert ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16090 (In System Management Module (SMM) versions prior to 1.06, the SMM cert ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16089 (In System Management Module (SMM) versions prior to 1.06, a field in t ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16088 (A missing check for JS-simulated input events in Blink in Google Chrom ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16087 (Lack of proper state tracking in Permissions in Google Chrome prior to ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16086 (Insufficient policy enforcement in extensions API in Google Chrome pri ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16085 (A use after free in ResourceCoordinator in Google Chrome prior to 69.0 ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16084 (The default selected dialog button in CustomHandlers in Google Chrome  ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16083 (An out of bounds read in forward error correction code in WebRTC in Go ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16082 (An out of bounds read in Swiftshader in Google Chrome prior to 69.0.34 ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16081 (Allowing the chrome.debugger API to run on file:// URLs in DevTools in ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16080 (A missing check for popup window handling in Fullscreen in Google Chro ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16079 (A race condition between permission prompts and navigations in Prompts ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16078 (Unsafe handling of credit card details in Autofill in Google Chrome pr ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16077 (Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16076 (Missing bounds check in PDFium in Google Chrome prior to 69.0.3497.81  ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16075 (Insufficient file type enforcement in Blink in Google Chrome prior to  ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16074 (Insufficient policy enforcement in site isolation in Google Chrome pri ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16073 (Insufficient policy enforcement in site isolation in Google Chrome pri ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16072 (A missing origin check related to HLS manifests in Blink in Google Chr ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2018-16071 (A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allo ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16070 (Integer overflows in Skia in Google Chrome prior to 69.0.3497.81 allow ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16069 (Unintended floating-point error accumulation in SwiftShader in Google  ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16068 (Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allo ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16067 (A use after free in WebAudio in Google Chrome prior to 69.0.3497.81 al ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16066 (A use after free in Blink in Google Chrome prior to 69.0.3497.81 allow ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16065 (A Javascript reentrancy issues that caused a use-after-free in V8 in G ...)
	{DSA-4289-1}
	- chromium-browser 69.0.3497.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16064 (Insufficient data validation in Extensions API in Google Chrome prior  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-16063
	RESERVED
CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 201 ...)
	{DLA-1689-1}
	- elfutils 0.175-1 (bug #907562)
	[stretch] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9
CVE-2018-16061
	RESERVED
CVE-2018-16060
	RESERVED
CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...)
	NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the  ...)
	{DSA-4315-1 DLA-1634-1}
	- wireshark 2.6.3-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html
CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the  ...)
	{DSA-4315-1 DLA-1634-1}
	- wireshark 2.6.3-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html
CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the  ...)
	{DSA-4315-1}
	- wireshark 2.6.3-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-45.html
CVE-2018-16055 (An authenticated command injection vulnerability exists in status_inte ...)
	NOT-FOR-US: pfSense
CVE-2018-16054
	RESERVED
CVE-2018-16053
	RESERVED
CVE-2018-16052
	RESERVED
CVE-2018-16047 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16046 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16045 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16044 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16043 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16042 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16041 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16040 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16039 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16038 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16037 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16036 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16035 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16034 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16033 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16032 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16031 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16030 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16029 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16028 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16027 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16026 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16025 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16024 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16023 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16022 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16021 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16020 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16019 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16018 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2018-16017 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16016 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16015 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16014 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16013 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16012 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16011 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...)
	NOT-FOR-US: Adobe
CVE-2018-16010 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16009 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16008 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16007 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16006 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16005 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16004 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16003 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16002 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16001 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-16000 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15999 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15998 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15997 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15996 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15995 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15994 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15993 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15992 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15991 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15990 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15989 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15988 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15987 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15986 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15985 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15984 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-15983 (Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earli ...)
	NOT-FOR-US: Adobe
CVE-2018-15982 (Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earli ...)
	NOT-FOR-US: Adobe
CVE-2018-15981 (Flash Player versions 31.0.0.148 and earlier have a type confusion vul ...)
	NOT-FOR-US: Adobe
CVE-2018-15980 (Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds r ...)
	NOT-FOR-US: Adobe
CVE-2018-15979 (Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15978 (Flash Player versions 31.0.0.122 and earlier have an out-of-bounds rea ...)
	NOT-FOR-US: Adobe
CVE-2018-15977
	REJECTED
CVE-2018-15976 (Adobe Technical Communications Suite versions 1.0.5.1 and below have a ...)
	NOT-FOR-US: Adobe
CVE-2018-15975
	REJECTED
CVE-2018-15974 (Adobe Framemaker versions 1.0.5.1 and below have an insecure library l ...)
	NOT-FOR-US: Adobe
CVE-2018-15973 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
	NOT-FOR-US: Adobe
CVE-2018-15972 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
	NOT-FOR-US: Adobe
CVE-2018-15971 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a r ...)
	NOT-FOR-US: Adobe
CVE-2018-15970 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a r ...)
	NOT-FOR-US: Adobe
CVE-2018-15969 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a s ...)
	NOT-FOR-US: Adobe
CVE-2018-15968 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15967 (Adobe Flash Player versions 30.0.0.154 and earlier have a privilege es ...)
	NOT-FOR-US: Adobe
CVE-2018-15966 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15965 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15964 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15963 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15962 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15961 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15960 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15959 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15958 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15957 (Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6  ...)
	NOT-FOR-US: Adobe
CVE-2018-15956 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15955 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15954 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15953 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15952 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15951 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15950 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15949 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15948 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15947 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15946 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15945 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15944 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15943 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15942 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15941 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15940 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15939 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15938 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15937 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15936 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15935 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15934 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15933 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15932 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15931 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15930 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15929 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15928 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15927 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15926 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15925 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15924 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15923 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15922 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15921
	REJECTED
CVE-2018-15920 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-15918 (An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) a ...)
	NOT-FOR-US: Jorani
CVE-2018-15917 (Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow rem ...)
	NOT-FOR-US: Jorani
CVE-2018-15916
	RESERVED
CVE-2018-15915
	RESERVED
CVE-2018-15914
	RESERVED
CVE-2018-15913 (An issue was discovered in Cloudera Manager 5.x through 5.15.0. One ty ...)
	NOT-FOR-US: Cloudera
CVE-2018-15912 (An issue was discovered in manjaro-update-system.sh in manjaro-system  ...)
	NOT-FOR-US: manjaro-update-system.sh in manjaro-system on Manjaro Linux
CVE-2018-15919 (Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 co ...)
	- openssh <unfixed> (low; bug #907503)
	[buster] - openssh <ignored> (Minor issue)
	[stretch] - openssh <ignored> (Minor issue)
	[jessie] - openssh <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/27/2
CVE-2018-15911 (In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to suppl ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699665
	NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15910 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699656
	NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15909 (In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using  ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699660
	NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15908 (In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to s ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699657
	NOTE: https://www.kb.cert.org/vuls/id/332928
CVE-2018-15907 (** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote ...)
	NOT-FOR-US: Technicolor (formerly RCA) TC8305C devices
CVE-2018-15906 (SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users  ...)
	NOT-FOR-US: SolarWinds
CVE-2018-15905
	RESERVED
CVE-2018-15904 (A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P ...)
	NOT-FOR-US: A10 ACOS Web Application Firewall
CVE-2018-15903 (The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored ...)
	NOT-FOR-US: Claromentis
CVE-2018-15902
	RESERVED
CVE-2018-15901 (e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing d ...)
	NOT-FOR-US: e107
CVE-2018-15900
	RESERVED
CVE-2018-15899 (An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS ...)
	NOT-FOR-US: MiniCMS
CVE-2018-15898 (The Subsonic Music Streamer application 4.4 for Android has Improper C ...)
	NOT-FOR-US: Subsonic Music Streamer application for Android
CVE-2018-15897 (PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers t ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-15896 (PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Addr ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-15895 (An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because ...)
	NOT-FOR-US: iCMS
CVE-2018-15894 (A SQL injection was discovered in /coreframe/app/admin/pay/admin/index ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-15893 (A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-15892 (FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup  ...)
	NOT-FOR-US: FreePBX
CVE-2018-15891 (An issue was discovered in FreePBX core before 3.0.122.43, 14.0.18.34, ...)
	NOT-FOR-US: FreePBX
CVE-2018-15890 (An issue was discovered in EthereumJ 1.8.2. There is Unsafe Deserializ ...)
	NOT-FOR-US: EthereumJ
CVE-2018-15889
	REJECTED
CVE-2018-15888 (An issue was discovered in ASPCMS 2.5.6. When registering ordinary use ...)
	NOT-FOR-US: ASPCMS
CVE-2018-15887 (Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to  ...)
	NOT-FOR-US: ASUS DSL-N12E_C1
CVE-2018-15886 (Monstra CMS 3.0.4 does not properly restrict modified Snippet content, ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-15885 (Ovation FindMe 1.4-1083-1 is intended to support transmission of netwo ...)
	NOT-FOR-US: Ovation FindMe
CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/ad ...)
	NOT-FOR-US: RICOH MP C4504ex devices
CVE-2018-15883
	RESERVED
CVE-2018-15882 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks in ...)
	NOT-FOR-US: Joomla!
CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks re ...)
	NOT-FOR-US: Joomla!
CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate output fi ...)
	NOT-FOR-US: Joomla!
CVE-2018-15879
	REJECTED
CVE-2018-15878
	REJECTED
CVE-2018-16543 (In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolutio ...)
	{DSA-4288-1 DLA-1527-1}
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1 (bug #908303)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5b5536fa88a9e885032bc0df3852c3439399a5c0
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699670
CVE-2018-16542 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699668
CVE-2018-16541 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=241d91112771a6104de10b3948c3f350d6690c1d
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699664
CVE-2018-16540 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699661
CVE-2018-16539 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699658
	NOTE: To not break cups with https://github.com/apple/cups/issues/5392
	NOTE: an additional (no-security) followup fix is needed as:
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=150c8f69646b854a99f35f27edaae012eb2e900f
	NOTE: Cf. https://bugs.debian.org/908300
CVE-2018-16513 (In Artifex Ghostscript before 9.24, attackers able to supply crafted P ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b326a71659b7837d3acde954b18bda1a6f5e9498
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699655
CVE-2018-16511 (An issue was discovered in Artifex Ghostscript before 9.24. A type con ...)
	{DSA-4288-1 DLA-1504-1}
	- ghostscript 9.22~dfsg-3 (bug #907332)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0edd3d6c634a577db261615a9dc2719bca7f6e01
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699659
CVE-2018-16510 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect  ...)
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1 (bug #908304)
	[stretch] - ghostscript <not-affected> (Introduced in 9.22)
	[jessie] - ghostscript <not-affected> (vulnerable code is not present)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ea735ba37dc0fd5f5622d031830b9a559dec1cc9
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699671
CVE-2018-16509 (An issue was discovered in Artifex Ghostscript before 9.24. Incorrect  ...)
	{DSA-4294-1 DLA-1504-1}
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1 (bug #907332; bug #907703)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=78911a01b67d590b4a91afac2e8417360b934156
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5516c614dc33662a2afdc377159f70218e67bde5
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=79cccf641486a6595c43f1de1cd7ade696020a31
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=520bb0ea7519aa3e79db78aaf0589dae02103764
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699654
	NOTE: Partially fixed in 9.22~dfsg-3, see #907703
CVE-2018-16585 (** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9 ...)
	{DSA-4288-1 DLA-1504-1}
	[experimental] - ghostscript 9.25~dfsg-1~exp1
	- ghostscript 9.25~dfsg-1 (bug #908305)
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699663
CVE-2018-15877 (The Plainview Activity Monitor plugin before 20180826 for WordPress is ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-15876 (An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for W ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-15875 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20. ...)
	NOT-FOR-US: D-Link
CVE-2018-15874 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20. ...)
	NOT-FOR-US: D-Link
CVE-2018-15873 (A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid  ...)
	NOT-FOR-US: Sentrifugo
CVE-2018-15872
	RESERVED
CVE-2018-15871 (An invalid memory address dereference was discovered in decompileSingl ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/123
CVE-2018-15870 (An invalid memory address dereference was discovered in decompileGETVA ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/122
CVE-2018-15869 (An Amazon Web Services (AWS) developer who does not specify the --owne ...)
	- packer 1.3.1+dfsg-1 (low; bug #907298)
	[stretch] - packer <not-affected> (Vulnerable code added later)
	NOTE: https://github.com/hashicorp/packer/issues/6584
	NOTE: https://github.com/aws/aws-cli/issues/3629
CVE-2018-15868 (SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier  ...)
	NOT-FOR-US: ChronoScan
CVE-2018-15867
	RESERVED
CVE-2018-15866
	RESERVED
CVE-2018-15865 (The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerabil ...)
	NOT-FOR-US: Pulse Secure Desktop
CVE-2018-15864 (Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in  ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15863 (Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/co ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15862 (Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkb ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/4e2ee9c3f6050d773f8bbe05bc0edb17f1ff8371
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15861 (Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xk ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15860
	RESERVED
CVE-2018-15859 (Unchecked NULL pointer usage when parsing invalid atoms in ExprResolve ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html
CVE-2018-15858 (Unchecked NULL pointer usage when handling invalid aliases in CopyKeyA ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/badb428e63387140720f22486b3acbd3d738859f
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15857 (An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15856 (An infinite loop when reaching EOL unexpectedly in compose/parser.c (a ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/842e4351c2c97de6051cab6ce36b4a81e709a0e1
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15855 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used b ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/917636b1d0d70205a13f89062b95e3a0fc31d4ff
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15854 (Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used b ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/e3cacae7b1bfda0d839c280494f23284a1187adf
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15853 (Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcomm ...)
	- libxkbcommon 0.8.2-1 (low; bug #907302)
	[stretch] - libxkbcommon <ignored> (Minor issue)
	[jessie] - libxkbcommon <no-dsa> (Minor issue)
	NOTE: https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
	NOTE: https://lists.freedesktop.org/archives/wayland-devel/2018-August/039232.html
CVE-2018-15852 (** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to ...)
	NOT-FOR-US: Technicolor
CVE-2018-15851 (An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerabi ...)
	NOT-FOR-US: Flexo CMS
CVE-2018-15850 (An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerabi ...)
	NOT-FOR-US: REDAXO CMS
CVE-2018-15849 (An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update ...)
	NOT-FOR-US: portfolioCMS
CVE-2018-15848 (An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create ...)
	NOT-FOR-US: portfolioCMS
CVE-2018-15847 (An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability ...)
	NOT-FOR-US: puppyCMS
CVE-2018-15846 (An issue was discovered in fledrCMS through 2014-02-03. There is a CSR ...)
	NOT-FOR-US: fledrCMS
CVE-2018-15845 (There is a CSRF vulnerability that can add an administrator account in ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-15844 (An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerabili ...)
	NOT-FOR-US: DamiCMS
CVE-2018-15843 (GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" fie ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-15842 (WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. ...)
	NOT-FOR-US: WolfCMS
CVE-2018-15841
	RESERVED
CVE-2018-15840 (TP-Link TL-WR840N devices allow remote attackers to cause a denial of  ...)
	NOT-FOR-US: TP-Link
CVE-2018-15839 (D-Link DIR-615 devices have a buffer overflow via a long Authorization ...)
	NOT-FOR-US: D-Link DIR-615 devices
CVE-2018-15838
	RESERVED
CVE-2018-15837
	RESERVED
CVE-2018-15836 (In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan bef ...)
	- openswan <removed>
	NOTE: https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51
	NOTE: https://lists.openswan.org/pipermail/users/2018-August/023761.html
CVE-2018-15835 (Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID i ...)
	NOT-FOR-US: Android
CVE-2018-15834 (In radare2 before 2.9.0, a heap overflow vulnerability exists in the r ...)
	- radare2 2.9.0+dfsg-1
	[jessie] - radare2 <not-affected> (Vulnerable code added later in 0.9.8)
	NOTE: https://github.com/radare/radare2/issues/11274
	NOTE: https://github.com/radare/radare2/pull/11300
CVE-2018-15833 (In Vanilla before 2.6.1, the polling functionality allows Insecure Dir ...)
	NOT-FOR-US: Vanilla
CVE-2018-15832 (upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows re ...)
	NOT-FOR-US: upc.exe in Ubisoft Uplay Desktop Client
CVE-2018-15831
	RESERVED
CVE-2018-15830
	RESERVED
CVE-2018-15829
	RESERVED
CVE-2018-15828
	RESERVED
CVE-2018-15827
	RESERVED
CVE-2018-15826
	RESERVED
CVE-2018-15825
	RESERVED
CVE-2018-15824
	RESERVED
CVE-2018-15823
	RESERVED
CVE-2018-15822 (The flv_write_packet function in libavformat/flvenc.c in FFmpeg throug ...)
	{DSA-4449-1 DLA-1809-1}
	- ffmpeg 7:4.0.3-1 (low)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b67d7f05918f7a1ee8fc6ff21355d7e8736aa10
	- libav <removed>
CVE-2018-15821
	RESERVED
CVE-2018-15820 (EasyIO EasyIO-30P devices before 2.0.5.27 allow XSS via the dev.htm GD ...)
	NOT-FOR-US: EasyIO
CVE-2018-15819 (EasyIO EasyIO-30P devices before 2.0.5.27 have Incorrect Access Contro ...)
	NOT-FOR-US: EasyIO
CVE-2018-15818 (An issue was discovered in Repute ARForms 3.5.1 and prior. An attacker ...)
	NOT-FOR-US: Repute ARForms
CVE-2018-15817 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15816 (FastStone Image Viewer 6.5 has a Read Access Violation on Block Data M ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15815 (FastStone Image Viewer 6.5 has an Exception Handler Chain Corrupted is ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15814 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15813 (FastStone Image Viewer 6.5 has a User Mode Write AV starting at image0 ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-15812 (DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption ...)
	NOT-FOR-US: DNN
CVE-2018-15811 (DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorith ...)
	NOT-FOR-US: DNN
CVE-2018-15810 (Visiology Flipbox Software Suite before 2.7.0 allows directory travers ...)
	NOT-FOR-US: Visiology Flipbox Software Suite
CVE-2018-15809 (AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Mo ...)
	NOT-FOR-US: AccuPOS
CVE-2018-15808 (POSIM EVO 15.13 for Windows includes hardcoded database credentials fo ...)
	NOT-FOR-US: POSIM EVO for Windows
CVE-2018-15807 (POSIM EVO 15.13 for Windows includes an "Emergency Override" administr ...)
	NOT-FOR-US: POSIM EVO for Windows
CVE-2018-15806
	RESERVED
CVE-2018-15805 (Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML ex ...)
	NOT-FOR-US: Accusoft PrizmDoc HTML5 Document Viewer
CVE-2018-15804 (An issue was discovered in the MapR File System in MapR Converged Data ...)
	NOT-FOR-US: MapR File System
CVE-2018-15803
	REJECTED
CVE-2018-15802
	REJECTED
CVE-2018-15801 (Spring Security versions 5.1.x prior to 5.1.2 contain an authorization ...)
	- libspring-security-2.0-java <removed>
	[jessie] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2018-15800 (Cloud Foundry Bits Service, versions prior to 2.18.0, includes an info ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15799
	REJECTED
CVE-2018-15798 (Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow all ...)
	NOT-FOR-US: Pivotal
CVE-2018-15797 (Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15796 (Cloud Foundry Bits Service Release, versions prior to 2.14.0, uses an  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15795 (Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessa ...)
	NOT-FOR-US: Pivotal
CVE-2018-15794
	REJECTED
CVE-2018-15793
	REJECTED
CVE-2018-15792
	REJECTED
CVE-2018-15791
	REJECTED
CVE-2018-15790
	REJECTED
CVE-2018-15789
	REJECTED
CVE-2018-15788
	REJECTED
CVE-2018-15787
	REJECTED
CVE-2018-15786
	REJECTED
CVE-2018-15785
	REJECTED
CVE-2018-15784 (Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerabilit ...)
	NOT-FOR-US: Dell
CVE-2018-15783
	REJECTED
CVE-2018-15782 (The Quick Setup component of RSA Authentication Manager versions prior ...)
	NOT-FOR-US: RSA
CVE-2018-15781 (The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.0 ...)
	NOT-FOR-US: Dell
CVE-2018-15780 (RSA Archer versions prior to 6.5.0.1 contain an improper access contro ...)
	NOT-FOR-US: RSA Archer
CVE-2018-15779
	REJECTED
CVE-2018-15778 (Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by ...)
	NOT-FOR-US: Dell
CVE-2018-15777
	REJECTED
CVE-2018-15776 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an imprope ...)
	NOT-FOR-US: EMC iDRAC
CVE-2018-15775
	REJECTED
CVE-2018-15774 (Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 version ...)
	NOT-FOR-US: EMC iDRAC
CVE-2018-15773 (Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 a ...)
	NOT-FOR-US: Dell
CVE-2018-15772 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for V ...)
	NOT-FOR-US: EMC RecoverPoint
CVE-2018-15771 (Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for V ...)
	NOT-FOR-US: EMC RecoverPoint
CVE-2018-15770
	REJECTED
CVE-2018-15769 (RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x serie ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-15768 (Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/w ...)
	NOT-FOR-US: Dell OpenManage Network Manager
CVE-2018-15767 (The Dell OpenManage Network Manager virtual appliance versions prior t ...)
	NOT-FOR-US: Dell OpenManage Network Manager
CVE-2018-15766 (On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Se ...)
	NOT-FOR-US: Dell
CVE-2018-15765 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contain ...)
	NOT-FOR-US: EMC Secure Remote Services
CVE-2018-15764 (Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote c ...)
	NOT-FOR-US: EMC ESRS Policy Manager
CVE-2018-15763 (Pivotal Container Service, versions prior to 1.2.0, contains an inform ...)
	NOT-FOR-US: Pivotal Container Service
CVE-2018-15762 (Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2 ...)
	NOT-FOR-US: Pivotal
CVE-2018-15761 (Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15760
	REJECTED
CVE-2018-15759 (Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 c ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15758 (Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2 ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2018-15757
	REJECTED
CVE-2018-15756 (Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, version ...)
	- libspring-java 4.3.21-1 (bug #911786)
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <not-affected> (vulnerable code introduced in later version)
	NOTE: https://pivotal.io/security/cve-2018-15756
CVE-2018-15755 (Cloud Foundry CF Networking Release, versions 2.11.0 prior to 2.16.0,  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15754 (Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-15753 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) a ...)
	NOT-FOR-US: MensaMax application for Android
CVE-2018-15752 (An issue was discovered in the MensaMax (aka com.breustedt.mensamax) a ...)
	NOT-FOR-US: MensaMax application for Android
CVE-2018-15751 (SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remo ...)
	{DLA-2294-1}
	- salt 2018.3.3+dfsg1-1 (bug #913475)
	[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
	NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
	NOTE: minimal patch: https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
CVE-2018-15750 (Directory Traversal vulnerability in salt-api in SaltStack Salt before ...)
	{DLA-2294-1}
	- salt 2018.3.3+dfsg1-1 (bug #913476)
	[jessie] - salt <not-affected> (REST netapi code was first introduced with v2014.7)
	NOTE: Fixed in 2016.11.10, 2017.7.8, 2018.3.3
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2016.11.10.html#security-fix
	NOTE: minimal patch: https://github.com/saltstack/salt/compare/v2016.11.9..v2016.11.10
CVE-2018-15749 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Fo ...)
	NOT-FOR-US: Pulse Secure Desktop
CVE-2018-15748 (On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engi ...)
	NOT-FOR-US: Dell 2335dn printers
CVE-2018-15747 (The default configuration of glot-www through 2018-05-19 allows remote ...)
	NOT-FOR-US: glot-www
CVE-2018-15746 (qemu-seccomp.c in QEMU might allow local OS guest users to cause a den ...)
	- qemu 1:3.1+dfsg-1 (low; bug #907500)
	[stretch] - qemu <ignored> (Minor issue, too risky to backport, not enabled by default)
	[jessie] - qemu <ignored> (Minor issue, id. + patch requires Linux kernel >= 3.17 and libseccomp >= 2.2.0)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=70dfabeaa79ba4d7a3b699abe1a047c8012db114
CVE-2018-15745 (Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory ...)
	NOT-FOR-US: Argus Surveillance DVR
CVE-2018-15744
	RESERVED
CVE-2018-15743
	RESERVED
CVE-2018-15742
	RESERVED
CVE-2018-15741
	RESERVED
CVE-2018-15740 (Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delega ...)
	NOT-FOR-US: Zoho ManageEngine ADManager Plus
CVE-2018-15739
	RESERVED
CVE-2018-15738 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla AntiMalware
CVE-2018-15737 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15736 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15735 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15734 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15733 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15732 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15731 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15730 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15729 (An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver  ...)
	NOT-FOR-US: STOPzilla
CVE-2018-15728 (Couchbase Server exposed the '/diag/eval' endpoint which by default is ...)
	NOT-FOR-US: Couchbase
CVE-2018-15727 (Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows aut ...)
	- grafana <removed> (bug #907590)
	NOTE: https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/
CVE-2018-1999047 (A improper authorization vulnerability exists in Jenkins 2.137 and ear ...)
	- jenkins <removed>
CVE-2018-1999046 (A exposure of sensitive information vulnerability exists in Jenkins 2. ...)
	- jenkins <removed>
CVE-2018-1999045 (A improper authentication vulnerability exists in Jenkins 2.137 and ea ...)
	- jenkins <removed>
CVE-2018-1999044 (A denial of service vulnerability exists in Jenkins 2.137 and earlier, ...)
	- jenkins <removed>
CVE-2018-1999043 (A denial of service vulnerability exists in Jenkins 2.137 and earlier, ...)
	- jenkins <removed>
CVE-2018-1999042 (A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earli ...)
	- jenkins <removed>
CVE-2018-15726 (The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Pr ...)
	NOT-FOR-US: Pulse Secure Desktop
CVE-2018-15725
	RESERVED
CVE-2018-15724
	RESERVED
CVE-2018-15723 (The Logitech Harmony Hub before version 4.15.206 is vulnerable to appl ...)
	NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15722 (The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS c ...)
	NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15721 (The XMPP server in Logitech Harmony Hub before version 4.15.206 is vul ...)
	NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15720 (Logitech Harmony Hub before version 4.15.206 contained two hard-coded  ...)
	NOT-FOR-US: Logitech Harmony Hub
CVE-2018-15719 (Open Dental before version 18.4 installs a mysql database and uses the ...)
	NOT-FOR-US: Open Dental
CVE-2018-15718 (Open Dental before version 18.4 transmits the entire user database ove ...)
	NOT-FOR-US: Open Dental
CVE-2018-15717 (Open Dental before version 18.4 stores user passwords as base64 encode ...)
	NOT-FOR-US: Open Dental
CVE-2018-15716 (NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote comm ...)
	NOT-FOR-US: NUUO NVRMini2
CVE-2018-15715 (Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (befor ...)
	NOT-FOR-US: Zoom
CVE-2018-15714 (Nagios XI 5.5.6 allows reflected cross site scripting from remote unau ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15713 (Nagios XI 5.5.6 allows persistent cross site scripting from remote aut ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15712 (Nagios XI 5.5.6 allows reflected cross site scripting from remote unau ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15711 (Nagios XI 5.5.6 allows remote authenticated attackers to reset and reg ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15710 (Nagios XI 5.5.6 allows local authenticated attackers to escalate privi ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15709 (Nagios XI 5.5.6 allows remote authenticated attackers to execute arbit ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15708 (Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers  ...)
	NOT-FOR-US: Nagios XI
CVE-2018-15707 (Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scrip ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15706 (WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote a ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15705 (WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote a ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15704 (Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer ov ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15703 (Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflecte ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-15702 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerab ...)
	NOT-FOR-US: TP-Link
CVE-2018-15701 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerab ...)
	NOT-FOR-US: TP-Link
CVE-2018-15700 (The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerab ...)
	NOT-FOR-US: TP-Link
CVE-2018-15699 (ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a config ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15698 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15697 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15696 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15695 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15694 (ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-ad ...)
	NOT-FOR-US: ASUSTOR Data Master
CVE-2018-15693 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authen ...)
	NOT-FOR-US: Inova Partner
CVE-2018-15692 (Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authen ...)
	NOT-FOR-US: Inova Partner
CVE-2018-15691 (Insecure deserialization of a specially crafted serialized object, in  ...)
	NOT-FOR-US: CA Release Automation
CVE-2018-15690
	REJECTED
CVE-2018-15689
	REJECTED
CVE-2018-15688 (A buffer overflow vulnerability in the dhcp6 client of systemd allows  ...)
	{DLA-1580-1}
	- network-manager 1.14.4-2
	[stretch] - network-manager 1.6.2-3+deb9u2
	[jessie] - network-manager <not-affected> (vulnerable code not present)
	- systemd 239-11 (bug #912008)
	[stretch] - systemd 232-25+deb9u6
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1639067
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921
	NOTE: https://github.com/systemd/systemd/commit/49653743f69658aeeebdb14faf1ab158f1f2cb20
	NOTE: systemd-networkd not enabled by default in Debian
	NOTE: NetworkManager: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=01ca2053bbea09f35b958c8cc7631e15469acb79
CVE-2018-15687 (A race condition in chown_one() of systemd allows an attacker to cause ...)
	- systemd 239-11 (bug #912007)
	[stretch] - systemd <not-affected> (Vulnerable code introduced later in v235)
	[jessie] - systemd <not-affected> (Vulnerable code introduced later in v235)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1689
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796692
	NOTE: https://github.com/systemd/systemd/pull/10517
CVE-2018-15686 (A vulnerability in unit_deserialize of systemd allows an attacker to s ...)
	{DLA-1580-1}
	- systemd 239-12 (bug #912005)
	[stretch] - systemd 232-25+deb9u10
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1687
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1796402
	NOTE: https://github.com/systemd/systemd/pull/10519
	NOTE: https://github.com/systemd/systemd/commit/9f1c81d80a435d15ca1bd536a6d043c18c81c047
CVE-2018-15685 (GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain sce ...)
	- electron <itp> (bug #842420)
CVE-2018-15684 (An issue was discovered in BTITeam XBTIT. PHP error logs are stored in ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15683 (An issue was discovered in BTITeam XBTIT. The "returnto" parameter of  ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15682 (An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site  ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15681 (An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, t ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15680 (An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords s ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15679 (An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" paramet ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15678 (An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15677 (The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15676 (An issue was discovered in BTITeam XBTIT. By using String.replace and  ...)
	NOT-FOR-US: BTITeam XBTIT
CVE-2018-15675
	RESERVED
CVE-2018-15674
	RESERVED
CVE-2018-15673
	RESERVED
CVE-2018-15672
	REJECTED
CVE-2018-15671 (An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stac ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10557
CVE-2018-15670 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
	NOT-FOR-US: Bloop Airmail
CVE-2018-15669 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primar ...)
	NOT-FOR-US: Bloop Airmail
CVE-2018-15668 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" ...)
	NOT-FOR-US: Bloop Airmail
CVE-2018-15667 (An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registe ...)
	NOT-FOR-US: Bloop Airmail
CVE-2018-15666
	RESERVED
CVE-2018-15665 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2. ...)
	NOT-FOR-US: Cloudera
CVE-2018-15664 (In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker ...)
	- docker.io 18.09.1+dfsg1-7.1 (bug #929662)
	NOTE: https://www.openwall.com/lists/oss-security/2019/05/28/1
	NOTE: https://github.com/moby/moby/pull/39252
CVE-2018-15663
	RESERVED
CVE-2018-15662
	RESERVED
CVE-2018-15661 (** DISPUTED ** An issue was discovered in the Ola Money (aka com.olaca ...)
	NOT-FOR-US: Ola Money application for Android
CVE-2018-15660 (** DISPUTED ** An issue was discovered in the Ola Money (aka com.olaca ...)
	NOT-FOR-US: Ola Money application for Android
CVE-2018-15659 (An issue was discovered in 42Gears SureMDM before 2018-11-27, related  ...)
	NOT-FOR-US: 42Gears
CVE-2018-15658 (An issue was discovered in 42Gears SureMDM before 2018-11-27. By visit ...)
	NOT-FOR-US: 42Gears
CVE-2018-15657 (An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via  ...)
	NOT-FOR-US: 42Gears
CVE-2018-15656 (An issue was discovered in the registration API endpoint in 42Gears Su ...)
	NOT-FOR-US: 42Gears
CVE-2018-15655 (An issue was discovered in 42Gears SureMDM before 2018-11-27, related  ...)
	NOT-FOR-US: 42Gears
CVE-2018-15654
	RESERVED
CVE-2018-15653
	RESERVED
CVE-2018-15652
	RESERVED
CVE-2018-15651
	RESERVED
CVE-2018-15650
	RESERVED
CVE-2018-15649
	RESERVED
CVE-2018-15648
	RESERVED
CVE-2018-15647
	RESERVED
CVE-2018-15646
	RESERVED
CVE-2018-15645 (Improper access control in message routing in Odoo Community 12.0 and  ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/63705
CVE-2018-15644
	RESERVED
CVE-2018-15643
	RESERVED
CVE-2018-15642
	RESERVED
CVE-2018-15641 (Cross-site scripting (XSS) issue in web module in Odoo Community 11.0  ...)
	- odoo 14.0.0+dfsg.2-1
	NOTE: https://github.com/odoo/odoo/issues/63704
CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...)
	- odoo <not-affected> (Only in enterprise version)
	NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15639
	RESERVED
CVE-2018-15638 (Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/63703
CVE-2018-15637
	RESERVED
CVE-2018-15636
	RESERVED
CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32515
CVE-2018-15634 (Cross-site scripting (XSS) issue in attachment management in Odoo Comm ...)
	- odoo 14.0.0+dfsg.2-1
	NOTE: https://github.com/odoo/odoo/issues/63702
CVE-2018-15633 (Cross-site scripting (XSS) issue in "document" module in Odoo Communit ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/63701
CVE-2018-15632 (Improper input validation in database creation logic in Odoo Community ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/63700
CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and  ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15630
	RESERVED
CVE-2018-15629
	REJECTED
CVE-2018-15628
	REJECTED
CVE-2018-15627
	REJECTED
CVE-2018-15626
	REJECTED
CVE-2018-15625
	REJECTED
CVE-2018-15624
	REJECTED
CVE-2018-15623
	REJECTED
CVE-2018-15622
	REJECTED
CVE-2018-15621
	REJECTED
CVE-2018-15620
	REJECTED
CVE-2018-15619
	REJECTED
CVE-2018-15618
	REJECTED
CVE-2018-15617 (A vulnerability in the "capro" (Call Processor) process component of A ...)
	NOT-FOR-US: Avaya
CVE-2018-15616 (A vulnerability in the Web UI component of Avaya Aura System Platform  ...)
	NOT-FOR-US: Avaya Aura System Platform
CVE-2018-15615 (A vulnerability in the Supervisor component of Avaya Call Management S ...)
	NOT-FOR-US: Avaya
CVE-2018-15614 (A vulnerability in the one-x Portal component of IP Office could allow ...)
	NOT-FOR-US: IP Office
CVE-2018-15613 (A cross-site scripting (XSS) vulnerability in the Runtime Config compo ...)
	NOT-FOR-US: Avaya
CVE-2018-15612 (A CSRF vulnerability in the Runtime Config component of Avaya Aura Orc ...)
	NOT-FOR-US: Avaya
CVE-2018-15611 (A vulnerability in the local system administration component of Avaya  ...)
	NOT-FOR-US: Avaya Aura Communication Manager
CVE-2018-15610 (A vulnerability in the one-X Portal component of Avaya IP Office allow ...)
	NOT-FOR-US: Avaya
CVE-2018-15609
	RESERVED
CVE-2018-15608 (Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "A ...)
	NOT-FOR-US: Zoho ManageEngine ADManager Plus
CVE-2018-15607 (In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x3 ...)
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1255
	NOTE: This is mitigated by the default policies, if anyone modifies those they need
	NOTE: be tuned to the deployment's memory buildout
CVE-2018-15606 (An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 ...)
	NOT-FOR-US: SuiteCRM
CVE-2018-15605 (An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scrip ...)
	- phpmyadmin <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-5/
	NOTE: Introduced by: https://github.com/phpmyadmin/phpmyadmin/commit/9404287ac09415b627b6fa68c7d04a13f7ef41e2
	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1
CVE-2018-XXXX [security issue with the PASS command and duplicate server instances]
	- charybdis 4.1.1-1 (bug #906879)
	[stretch] - charybdis <not-affected> (Vulnerable code added later)
	[jessie] - charybdis <not-affected> (Vulnerable code added later)
	NOTE: partial fix: https://github.com/charybdis-ircd/charybdis/commit/d4b2529a61fb48ebcd54bc0fcc6f400f97bfe251
CVE-2018-15604
	RESERVED
CVE-2018-15603 (An issue was discovered in Victor CMS through 2018-05-10. There is XSS ...)
	NOT-FOR-US: Victor CMS
CVE-2018-15602 (Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerabil ...)
	NOT-FOR-US: Zyxel
CVE-2018-15601 (apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 perform ...)
	NOT-FOR-US: Elefant CMS
CVE-2018-15600
	RESERVED
CVE-2018-15599 (The recv_msg_userauth_request function in svr-auth.c in Dropbear throu ...)
	{DLA-1476-1}
	- dropbear 2018.76-4 (bug #906890)
	[stretch] - dropbear 2016.74-5+deb9u1
	NOTE: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
	NOTE: https://hg.ucc.asn.au/dropbear/rev/5d2d1021ca00
CVE-2018-15598 (Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the ...)
	NOT-FOR-US: Traefik
CVE-2018-15597
	RESERVED
CVE-2018-15596 (An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17 ...)
	NOT-FOR-US: MyBB
CVE-2018-1000226 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but c ...)
	- cobbler <removed>
CVE-2018-1000225 (Cobbler version Verified as present in Cobbler versions 2.6.11+, but c ...)
	- cobbler <removed>
CVE-2018-1000224 (Godot Engine version All versions prior to 2.1.5, all 3.0 versions pri ...)
	- godot <not-affected> (Fixed with initial upload to Debian)
	NOTE: https://github.com/godotengine/godot/issues/20558
CVE-2018-1000222 (Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability ...)
	{DLA-1651-1}
	- libgd2 2.2.5-4.1 (low; bug #906886)
	[stretch] - libgd2 2.2.4-2+deb9u3
	NOTE: https://github.com/libgd/libgd/issues/447
	NOTE: https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
CVE-2018-1000221 (pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerabilit ...)
	- pkgconf <not-affected> (Vulnerable code introduced post 1.5.0)
	NOTE: Fixed by: https://github.com/pkgconf/pkgconf/commit/9b7affe0b1e6512c6c73d19e1220c94fdb5c8159
	NOTE: Introduced by: https://github.com/pkgconf/pkgconf/commit/b46bb93cd1fe221dc4d6ff5e3ce99feda4ea31f1
CVE-2018-1000220
	REJECTED
CVE-2018-1000219 (OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnera ...)
	NOT-FOR-US: OpenEMR
CVE-2018-1000218 (OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnera ...)
	NOT-FOR-US: OpenEMR
CVE-2018-1000217 (Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use Af ...)
	- cjson <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/DaveGamble/cJSON/issues/248
CVE-2018-1000216 (Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double ...)
	- cjson <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/DaveGamble/cJSON/issues/241
CVE-2018-1000215 (Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnera ...)
	- cjson 1.7.7-1
	NOTE: https://github.com/DaveGamble/cJSON/issues/267
CVE-2018-1000214
	REJECTED
CVE-2018-1000213
	REJECTED
CVE-2018-1000212
	REJECTED
CVE-2018-15595
	RESERVED
CVE-2018-15593 (An issue was discovered in Ivanti Workspace Control before 10.3.10.0 a ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2018-15592 (An issue was discovered in Ivanti Workspace Control before 10.3.10.0 a ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2018-15591 (An issue was discovered in Ivanti Workspace Control before 10.3.10.0 a ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2018-15590 (An issue was discovered in Ivanti Workspace Control before 10.3.0.0 an ...)
	NOT-FOR-US: Ivanti Workspace Control
CVE-2018-15589
	RESERVED
CVE-2018-15588 (MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in  ...)
	NOT-FOR-US: MailMate
CVE-2018-15587 (GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being sp ...)
	{DSA-4457-1 DLA-1766-1}
	- evolution 3.30.5-1.1 (bug #924616)
	NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/120
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796424
	NOTE: https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311325f5905d8b8403b96607e46cf343f21 (evolution)
	NOTE: https://gitlab.gnome.org/GNOME/evolution/commit/f66cd3e1db301d264563b4222a3574e2e58e2b85 (evolution)
CVE-2018-15586 (Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed  ...)
	- enigmail 2:2.0.6.1-2
	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
	NOTE: https://sourceforge.net/p/enigmail/bugs/849/
CVE-2018-1000657 (Rust Programming Language Rust standard library version Commit bfa0e1f ...)
	- rustc 1.22.1+dfsg1-1 (bug #906585)
	NOTE: Introduced by: https://github.com/rust-lang/rust/commit/bfa0e1f58acf1c28d500c34ed258f09ae021893e (1.3.0)
	NOTE: Fixed by: https://github.com/rust-lang/rust/commit/f71b37bc28326e272a37b938e835d4f99113eec2 (1.22.0)
	NOTE: https://github.com/rust-lang/rust/issues/44800
CVE-2018-1000656 (The Pallets Project flask version Before 0.12.3 contains a CWE-20: Imp ...)
	{DLA-1892-1}
	- flask 1.0.2-1
	[stretch] - flask <no-dsa> (Minor issue)
	NOTE: https://github.com/pallets/flask/pull/2691
CVE-2018-1000655 (Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vuln ...)
	NOT-FOR-US: Jsish
CVE-2018-1000654 (GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 c ...)
	[experimental] - libtasn1-6 4.14-1
	- libtasn1-6 4.14-2 (unimportant; bug #906768)
	- libtasn1-3 <removed>
	NOTE: https://gitlab.com/gnutls/libtasn1/issues/4
	NOTE: No security impact, does not affect libtasn, but only the asn1Parser from
	NOTE: libtasn1-bin
CVE-2018-1000653 (zzcms version 8.3 and earlier contains a SQL Injection vulnerability i ...)
	NOT-FOR-US: zzcms
CVE-2018-1000652 (JabRef version &lt;=4.3.1 contains a XML External Entity (XXE) vulnera ...)
	- jabref 3.8.2+ds-12 (low; bug #921772)
	[stretch] - jabref 3.8.1+ds-3+deb9u1
	[jessie] - jabref <no-dsa> (Minor issue)
	NOTE: https://github.com/JabRef/jabref/issues/4229
	NOTE: https://github.com/JabRef/jabref/commit/89f855d76713b4cd25ac0830c719cd61c511851e
CVE-2018-1000651 (Stroom version &lt;5.4.5 contains a XML External Entity (XXE) vulnerab ...)
	NOT-FOR-US: Stroom
CVE-2018-1000650 (LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulner ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000649 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrest ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000648 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrest ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000647 (LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrest ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000646 (LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unres ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000645 (LibreHealthIO lh-ehr version &lt;REL-2.0.0 contains an Authenticated L ...)
	NOT-FOR-US: LibreHealthIO
CVE-2018-1000644 (Eclipse RDF4j version &lt; 2.4.0 Milestone 2 contains a XML External E ...)
	NOT-FOR-US: Eclipse RDF4j
CVE-2018-1000643
	REJECTED
CVE-2018-1000642 (FlightAirMap version &lt;=v1.0-beta.21 contains a Cross Site Scripting ...)
	NOT-FOR-US: FlightAirMap
CVE-2018-1000641 (YesWiki version &lt;= cercopitheque beta 1 contains a PHP Object Injec ...)
	NOT-FOR-US: YesWiki
CVE-2018-1000640 (OpenCart-Overclocked version &lt;=1.11.1 contains a Cross Site Scripti ...)
	NOT-FOR-US: OpenCart-Overclocked
CVE-2018-1000639 (LatexDraw version &lt;=4.0 contains a XML External Entity (XXE) vulner ...)
	NOT-FOR-US: LatexDraw
CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerabilit ...)
	NOT-FOR-US: MiniCMS
CVE-2018-1000636 (JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726 ...)
	- iotjs 1.0+715-1
	[buster] - iotjs <no-dsa> (Minor issue)
	NOTE: https://github.com/jerryscript-project/jerryscript/issues/2435
	NOTE: https://github.com/jerryscript-project/jerryscript/commit/87897849f6879df10e8ad68a41bf8cf507edf710
CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...)
	NOT-FOR-US: Open Microscopy Environment
CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...)
	NOT-FOR-US: Open Microscopy Environment
CVE-2018-1000633 (The Open Microscopy Environment OMERO.web version prior to 5.4.7 conta ...)
	NOT-FOR-US: Open Microscopy Environment
CVE-2018-1000632 (dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection  ...)
	{DLA-1517-1}
	- dom4j 2.1.1-1 (low)
	[stretch] - dom4j 1.6.1+dfsg.3-2+deb9u1
	NOTE: https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
	NOTE: https://github.com/dom4j/dom4j/issues/48
CVE-2018-15585 (Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD ...)
	NOT-FOR-US: GNU Board
CVE-2018-15584 (Cross-Site Scripting (XSS) vulnerability in adm/boardgroup_form_update ...)
	NOT-FOR-US: GNU Board
CVE-2018-15583 (Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD ...)
	NOT-FOR-US: GNU Board
CVE-2018-15582 (Cross-Site Scripting (XSS) vulnerability in adm/sms_admin/num_book_wri ...)
	NOT-FOR-US: GNU Board
CVE-2018-15581 (Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.ph ...)
	NOT-FOR-US: GNU Board
CVE-2018-15580 (Cross-Site Scripting (XSS) vulnerability in adm/contentformupdate.php  ...)
	NOT-FOR-US: GNU Board
CVE-2018-15579
	RESERVED
CVE-2018-15578
	RESERVED
CVE-2018-15577
	RESERVED
CVE-2018-15576 (An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php  ...)
	NOT-FOR-US: EasyLogin Pro
CVE-2018-15575
	RESERVED
CVE-2018-15574 (** DISPUTED ** An issue was discovered in the license editor in Repris ...)
	NOT-FOR-US: Reprise License Manager
CVE-2018-15573 (** DISPUTED ** An issue was discovered in Reprise License Manager (RLM ...)
	NOT-FOR-US: Reprise License Manager
CVE-2018-15594 (arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandle ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.15-1
	NOTE: https://twitter.com/grsecurity/status/1029324426142199808
	NOTE: https://git.kernel.org/linus/5800dc5c19f34e6e03b5adab1282535cb102fafd
CVE-2018-15572 (The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs. ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.15-1
	NOTE: https://git.kernel.org/linus/fdf82a7856b32d905c39afc85e34364491e46346
CVE-2018-15571 (The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV  ...)
	NOT-FOR-US: Export Users to CSV plugin for WordPress
CVE-2018-15570 (In waimai Super Cms 20150505, there is stored XSS via the /admin.php/F ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-15569 (my little forum 2.4.12 allows CSRF for deletion of users. ...)
	NOT-FOR-US: my little forum
CVE-2018-15568 (tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. ...)
	NOT-FOR-US: tp5cms
CVE-2018-15567 (CMSUno before 1.5.3 has XSS via the title field. ...)
	NOT-FOR-US: CMSUno
CVE-2018-15566 (tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html ...)
	NOT-FOR-US: tp5cms
CVE-2018-15565 (An issue was discovered in daveismyname simple-cms through 2014-03-11. ...)
	NOT-FOR-US: simple-cms
CVE-2018-15564 (An issue was discovered in daveismyname simple-cms through 2014-03-11. ...)
	NOT-FOR-US: simple-cms
CVE-2018-15563 (_core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-15562 (CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiR ...)
	NOT-FOR-US: CMS ISWEB
CVE-2018-15561
	RESERVED
CVE-2018-15560 (PyCryptodome before 3.6.6 has an integer overflow in the data_len vari ...)
	- pycryptodome <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Legrandin/pycryptodome/issues/198
	NOTE: Introduced by: https://github.com/Legrandin/pycryptodome/commit/e1c7272f732abf3f2e2ea1326444ccbd339d17f2 (3.6.2)
	NOTE: Fixed by: https://github.com/Legrandin/pycryptodome/commit/d1739c62b9b845f8a5b342de08d6bf6e2722d247 (3.6.6)
CVE-2018-15559 (The editor in Xiuno BBS 4.0.4 allows stored XSS. ...)
	NOT-FOR-US: Xiuno BBS
CVE-2018-15558
	RESERVED
CVE-2018-15557 (An issue was discovered in the Quantenna WiFi Controller on Telus Acti ...)
	NOT-FOR-US: Telus Actiontec WEB6000Q devices
CVE-2018-15556 (The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 a ...)
	NOT-FOR-US: Telus Actiontec WEB6000Q devices
CVE-2018-15555 (On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login  ...)
	NOT-FOR-US: Telus Actiontec WEB6000Q devices
CVE-2018-15554
	RESERVED
CVE-2018-15553 (fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allo ...)
	NOT-FOR-US: Telus
CVE-2018-15552 (The "PayWinner" function of a simplelottery smart contract implementat ...)
	NOT-FOR-US: simplelottery smart contract implementation for The Ethereum Lottery
CVE-2018-15551
	RESERVED
CVE-2018-15550
	RESERVED
CVE-2018-15549
	RESERVED
CVE-2018-15548
	RESERVED
CVE-2018-15547
	RESERVED
CVE-2018-15546 (Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Sit ...)
	NOT-FOR-US: Accusoft PrizmDoc
CVE-2018-15545
	RESERVED
CVE-2018-15544
	RESERVED
CVE-2018-15543 (** DISPUTED ** An issue was discovered in the org.telegram.messenger a ...)
	NOT-FOR-US: org.telegram.messenger for Android
CVE-2018-15542 (** DISPUTED ** An issue was discovered in the org.telegram.messenger a ...)
	NOT-FOR-US: org.telegram.messenger for Android
CVE-2018-15541
	RESERVED
CVE-2018-15540 (Agentejo Cockpit performs actions on files without appropriate validat ...)
	NOT-FOR-US: Agentejo Cockpit
CVE-2018-15539 (Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an att ...)
	NOT-FOR-US: Agentejo Cockpit
CVE-2018-15538 (Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. ...)
	NOT-FOR-US: Agentejo Cockpit
CVE-2018-15537 (Unrestricted file upload (with remote code execution) in OCS Inventory ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-15536 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9 ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-15535 (/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9 ...)
	NOT-FOR-US: tecrail Responsive FileManager
CVE-2018-15534 (Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauth ...)
	NOT-FOR-US: Geutebrueck
CVE-2018-15533 (A reflected cross-site scripting vulnerability exists in Geutebrueck r ...)
	NOT-FOR-US: Geutebrueck
CVE-2018-15532 (SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local ...)
	NOT-FOR-US: Synaptics Touchpad drivers
CVE-2018-15531 (JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javam ...)
	NOT-FOR-US: JavaMelody
CVE-2018-15530 (Cross-site scripting (XSS) in the web interface of the Xerox ColorQube ...)
	NOT-FOR-US: Xerox
CVE-2018-15529 (A command injection vulnerability in maintenance.cgi in Mutiny "Monito ...)
	NOT-FOR-US: Mutiny appliance
CVE-2018-15528 (Reflected Cross-Site Scripting exists in the Java System Solutions SSO ...)
	NOT-FOR-US: Java System Solutions SSO plugin
CVE-2018-15527
	RESERVED
CVE-2018-15526
	RESERVED
CVE-2018-15525
	RESERVED
CVE-2018-15524
	RESERVED
CVE-2018-15523
	RESERVED
CVE-2018-15522
	RESERVED
CVE-2018-15521
	RESERVED
CVE-2018-15520 (Various Lexmark devices have a Buffer Overflow (issue 2 of 2). ...)
	NOT-FOR-US: Lexmark devices
CVE-2018-15519 (Various Lexmark devices have a Buffer Overflow (issue 1 of 2). ...)
	NOT-FOR-US: Lexmark devices
CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption dur ...)
	{DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1}
	[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
	- qtbase-opensource-src 5.11.3+dfsg-2
	- qt4-x11 4:4.8.7+dfsg-18 (low)
	NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
	NOTE: https://codereview.qt-project.org/#/c/236691/
CVE-2018-15517 (The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r00 ...)
	NOT-FOR-US: D-Link
CVE-2018-15516 (The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devic ...)
	NOT-FOR-US: D-Link
CVE-2018-15515 (The CaptivelPortal service on D-Link Central WiFiManager CWM-100 1.03  ...)
	NOT-FOR-US: D-Link
CVE-2018-15514 (HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 ( ...)
	NOT-FOR-US: Docker for Windows
CVE-2018-15513 (Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs o ...)
	NOT-FOR-US: totemomail
CVE-2018-15512 (Cross-site scripting (XSS) vulnerability in the 'Authorisation Service ...)
	NOT-FOR-US: totemomail
CVE-2018-15511 (Cross-site scripting (XSS) vulnerability in the 'Notification template ...)
	NOT-FOR-US: totemomail
CVE-2018-15510 (Cross-site scripting (XSS) vulnerability in the 'Certificate' feature  ...)
	NOT-FOR-US: totemomail
CVE-2018-15509 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 ...)
	NOT-FOR-US: Five9 Agent Desktop Plus
CVE-2018-15508 (Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control allowing ...)
	NOT-FOR-US: Five9 Agent Desktop Plus
CVE-2018-15507
	RESERVED
CVE-2018-15506 (In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP func ...)
	NOT-FOR-US: BubbleUPnP
CVE-2018-15505 (An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb b ...)
	NOT-FOR-US: Embedthis GoAhead
CVE-2018-15504 (An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb b ...)
	NOT-FOR-US: Embedthis GoAhead
CVE-2018-15503 (The unpack implementation in Swoole version 4.0.4 lacks correct size c ...)
	NOT-FOR-US: Swoole
CVE-2018-15502 (Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13  ...)
	NOT-FOR-US: Lone Wolf Technologies loadingDOCS
CVE-2018-15501 (In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27. ...)
	{DLA-1477-1}
	- libgit2 0.27.4+dfsg.1-0.1 (low)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9406
	NOTE: https://github.com/libgit2/libgit2/commit/1f9a8510e1d2f20ed7334eeeddb92c4dd8e7c649
CVE-2018-15500
	RESERVED
CVE-2018-15499 (GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow lo ...)
	NOT-FOR-US: GEAR Software
CVE-2018-15498 (YSoft SafeQ Server 6 allows a replay attack. ...)
	NOT-FOR-US: YSoft SafeQ
CVE-2018-15497 (The Mitel MiVoice 5330e VoIP device is affected by memory corruption f ...)
	NOT-FOR-US: Mitel
CVE-2018-15496
	RESERVED
CVE-2018-15495 (/filemanager/upload.php in Responsive FileManager before 9.13.3 allows ...)
	NOT-FOR-US: Responsive FileManager
CVE-2018-15494 (In Dojo Toolkit before 1.14, there is unescaped string injection in do ...)
	{DLA-1492-1}
	- dojo 1.14.1+dfsg1-1 (bug #906540)
	NOTE: https://github.com/dojo/dojox/pull/283
CVE-2018-15493 (vBulletin 5.4.3 has an Open Redirect. ...)
	NOT-FOR-US: vBulletin
CVE-2018-15492 (A vulnerability in the lservnt.exe component of Sentinel License Manag ...)
	NOT-FOR-US: Sentinel License Manager
CVE-2018-15491 (A vulnerability in the permission and encryption implementation of Zem ...)
	NOT-FOR-US: Zemana Anti-Logger
CVE-2018-15490 (An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe proces ...)
	NOT-FOR-US: ExpressVPN
CVE-2018-15489
	RESERVED
CVE-2018-15488
	RESERVED
CVE-2018-15487
	RESERVED
CVE-2018-15486 (An issue was discovered on KONE Group Controller (KGC) devices before  ...)
	NOT-FOR-US: KONE Group Controller (KGC) devices
CVE-2018-15485 (An issue was discovered on KONE Group Controller (KGC) devices before  ...)
	NOT-FOR-US: KONE Group Controller (KGC) devices
CVE-2018-15484 (An issue was discovered on KONE Group Controller (KGC) devices before  ...)
	NOT-FOR-US: KONE Group Controller (KGC) devices
CVE-2018-15483 (An issue was discovered on KONE Group Controller (KGC) devices before  ...)
	NOT-FOR-US: KONE Group Controller (KGC) devices
CVE-2018-15482 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
	NOT-FOR-US: LG devices specific issue
CVE-2018-15481 (Improper input sanitization within the restricted administration shell ...)
	NOT-FOR-US: UCOPIA
CVE-2018-15480 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Sw ...)
	NOT-FOR-US: myStrom
CVE-2018-15479 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Sw ...)
	NOT-FOR-US: myStrom
CVE-2018-15478 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Sw ...)
	NOT-FOR-US: myStrom
CVE-2018-15477 (myStrom WiFi Switch V1 devices before 2.66 did not sanitize a paramete ...)
	NOT-FOR-US: myStrom
CVE-2018-15476 (An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Sw ...)
	NOT-FOR-US: myStrom
CVE-2018-15475
	RESERVED
CVE-2018-15474 (** DISPUTED ** CSV Injection (aka Excel Macro Injection or Formula Inj ...)
	NOTE: Dokuwiki non-issue
CVE-2018-15472 [Diff formatter DoS in Sidekiq jobs]
	RESERVED
	[experimental] - gitlab 11.1.8+dfsg-1
	- gitlab 11.1.8+dfsg-2
	NOTE: https://about.gitlab.com/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
CVE-2018-15467 (A vulnerability in the web-based management interface of Cisco TelePre ...)
	NOT-FOR-US: Cisco
CVE-2018-15466 (A vulnerability in the Graphite web interface of the Policy and Chargi ...)
	NOT-FOR-US: Cisco
CVE-2018-15465 (A vulnerability in the authorization subsystem of Cisco Adaptive Secur ...)
	NOT-FOR-US: Cisco
CVE-2018-15464 (A vulnerability in Cisco 900 Series Aggregation Services Router (ASR)  ...)
	NOT-FOR-US: Cisco
CVE-2018-15463 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-15462 (A vulnerability in the TCP ingress handler for the data interfaces tha ...)
	NOT-FOR-US: Cisco
CVE-2018-15461 (A vulnerability in the MyWebex component of Cisco Webex Business Suite ...)
	NOT-FOR-US: Cisco
CVE-2018-15460 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2018-15459 (A vulnerability in the administrative web interface of Cisco Identity  ...)
	NOT-FOR-US: Cisco
CVE-2018-15458 (A vulnerability in the Shell Access Filter feature of Cisco Firepower  ...)
	NOT-FOR-US: Cisco
CVE-2018-15457 (A vulnerability in the web-based management interface of Cisco Prime I ...)
	NOT-FOR-US: Cisco
CVE-2018-15456 (A vulnerability in the Admin Portal of Cisco Identity Services Engine  ...)
	NOT-FOR-US: Cisco
CVE-2018-15455 (A vulnerability in the logging component of Cisco Identity Services En ...)
	NOT-FOR-US: Cisco
CVE-2018-15454 (A vulnerability in the Session Initiation Protocol (SIP) inspection en ...)
	NOT-FOR-US: Cisco
CVE-2018-15453 (A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S ...)
	NOT-FOR-US: Cisco
CVE-2018-15452 (A vulnerability in the DLL loading component of Cisco Advanced Malware ...)
	NOT-FOR-US: Cisco
CVE-2018-15451 (A vulnerability in the web-based management interface of Cisco Prime S ...)
	NOT-FOR-US: Cisco
CVE-2018-15450 (A vulnerability in the web-based UI of Cisco Prime Collaboration Assur ...)
	NOT-FOR-US: Cisco
CVE-2018-15449 (A vulnerability in the web-based management interface of Cisco Video S ...)
	NOT-FOR-US: Cisco
CVE-2018-15448 (A vulnerability in the user management functions of Cisco Registered E ...)
	NOT-FOR-US: Cisco
CVE-2018-15447 (A vulnerability in the web framework code of Cisco Integrated Manageme ...)
	NOT-FOR-US: Cisco
CVE-2018-15446 (A vulnerability in Cisco Meeting Server could allow an unauthenticated ...)
	NOT-FOR-US: Cisco
CVE-2018-15445 (A vulnerability in the web-based management interface of Cisco Energy  ...)
	NOT-FOR-US: Cisco
CVE-2018-15444 (A vulnerability in the web-based user interface of Cisco Energy Manage ...)
	NOT-FOR-US: Cisco
CVE-2018-15443 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-15442 (A vulnerability in the update service of Cisco Webex Meetings Desktop  ...)
	NOT-FOR-US: Cisco
CVE-2018-15441 (A vulnerability in the web framework code of Cisco Prime License Manag ...)
	NOT-FOR-US: Cisco
CVE-2018-15440 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-15439 (A vulnerability in the Cisco Small Business Switches software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-15438 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2018-15437 (A vulnerability in the system scanning component of Cisco Immunet and  ...)
	NOT-FOR-US: Cisco
CVE-2018-15436 (A vulnerability in the web-based management interface of Cisco Webex E ...)
	NOT-FOR-US: Cisco
CVE-2018-15435 (A vulnerability in the web-based management interface of Cisco SocialM ...)
	NOT-FOR-US: Cisco
CVE-2018-15434 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-15433 (A vulnerability in the server backup function of Cisco Prime Infrastru ...)
	NOT-FOR-US: Cisco
CVE-2018-15432 (A vulnerability in the server backup function of Cisco Prime Infrastru ...)
	NOT-FOR-US: Cisco
CVE-2018-15431 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15430 (A vulnerability in the administrative web interface of Cisco Expresswa ...)
	NOT-FOR-US: Cisco
CVE-2018-15429 (A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platfor ...)
	NOT-FOR-US: Cisco
CVE-2018-15428 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
	NOT-FOR-US: Cisco
CVE-2018-15427 (A vulnerability in Cisco Video Surveillance Manager (VSM) Software run ...)
	NOT-FOR-US: Cisco
CVE-2018-15426 (A vulnerability in the web-based interface of Cisco Unity Connection c ...)
	NOT-FOR-US: Cisco
CVE-2018-15425 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-15424 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-15423 (A vulnerability in the web UI of Cisco HyperFlex Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2018-15422 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15421 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15420 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15419 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15418 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15417 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15416 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15415 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15414 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15413 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15412 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15411 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15410 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15409 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15408 (A vulnerability in the Cisco Webex Network Recording Player for Micros ...)
	NOT-FOR-US: Cisco
CVE-2018-15407 (A vulnerability in the installation process of Cisco HyperFlex Softwar ...)
	NOT-FOR-US: Cisco
CVE-2018-15406 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
	NOT-FOR-US: Cisco
CVE-2018-15405 (A vulnerability in the web interface for specific feature sets of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-15404 (A vulnerability in the web interface of Cisco Integrated Management Co ...)
	NOT-FOR-US: Cisco
CVE-2018-15403 (A vulnerability in the web interface of Cisco Emergency Responder, Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-15402 (A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS ...)
	NOT-FOR-US: Cisco
CVE-2018-15401 (A vulnerability in the web-based management interface of Cisco Hosted  ...)
	NOT-FOR-US: Cisco
CVE-2018-15400 (A vulnerability in the web-based management interface of Cisco Cloud S ...)
	NOT-FOR-US: Cisco
CVE-2018-15399 (A vulnerability in the TCP syslog module of Cisco Adaptive Security Ap ...)
	NOT-FOR-US: Cisco
CVE-2018-15398 (A vulnerability in the per-user-override feature of Cisco Adaptive Sec ...)
	NOT-FOR-US: Cisco
CVE-2018-15397 (A vulnerability in the implementation of Traffic Flow Confidentiality  ...)
	NOT-FOR-US: Cisco
CVE-2018-15396 (A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity  ...)
	NOT-FOR-US: Cisco
CVE-2018-15395 (A vulnerability in the authentication and authorization checking mecha ...)
	NOT-FOR-US: Cisco
CVE-2018-15394 (A vulnerability in the Stealthwatch Management Console (SMC) of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-15393 (A vulnerability in the web-based management interface of Cisco Content ...)
	NOT-FOR-US: Cisco
CVE-2018-15392 (A vulnerability in the DHCP service of Cisco Industrial Network Direct ...)
	NOT-FOR-US: Cisco
CVE-2018-15391 (A vulnerability in certain IPv4 fragment-processing functions of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-15390 (A vulnerability in the FTP inspection engine of Cisco Firepower Threat ...)
	NOT-FOR-US: Cisco
CVE-2018-15389 (A vulnerability in the install function of Cisco Prime Collaboration P ...)
	NOT-FOR-US: Cisco
CVE-2018-15388 (A vulnerability in the WebVPN login process of Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2018-15387 (A vulnerability in the Cisco SD-WAN Solution could allow an unauthenti ...)
	NOT-FOR-US: Cisco
CVE-2018-15386 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
	NOT-FOR-US: Cisco
CVE-2018-15385
	RESERVED
CVE-2018-15384
	RESERVED
CVE-2018-15383 (A vulnerability in the cryptographic hardware accelerator driver of Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-15382 (A vulnerability in Cisco HyperFlex Software could allow an unauthentic ...)
	NOT-FOR-US: Cisco
CVE-2018-15381 (A Java deserialization vulnerability in Cisco Unity Express (CUE) coul ...)
	NOT-FOR-US: Cisco
CVE-2018-15380 (A vulnerability in the cluster service manager of Cisco HyperFlex Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-15379 (A vulnerability in which the HTTP web server for Cisco Prime Infrastru ...)
	NOT-FOR-US: Cisco
CVE-2018-15378 (A vulnerability in ClamAV versions prior to 0.100.2 could allow an att ...)
	{DLA-1553-1}
	- clamav 0.100.2+dfsg-1 (bug #910430)
	[stretch] - clamav 0.100.2+dfsg-0+deb9u1
	NOTE: https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html
	NOTE: http://lists.clamav.net/pipermail/clamav-announce/2018/000033.html
CVE-2018-15377 (A vulnerability in the Cisco Network Plug and Play agent, also referre ...)
	NOT-FOR-US: Cisco
CVE-2018-15376 (A vulnerability in the embedded test subsystem of Cisco IOS Software f ...)
	NOT-FOR-US: Cisco
CVE-2018-15375 (A vulnerability in the embedded test subsystem of Cisco IOS Software f ...)
	NOT-FOR-US: Cisco
CVE-2018-15374 (A vulnerability in the Image Verification feature of Cisco IOS XE Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-15373 (A vulnerability in the implementation of Cisco Discovery Protocol func ...)
	NOT-FOR-US: Cisco
CVE-2018-15372 (A vulnerability in the MACsec Key Agreement (MKA) using Extensible Aut ...)
	NOT-FOR-US: Cisco
CVE-2018-15371 (A vulnerability in the shell access request mechanism of Cisco IOS XE  ...)
	NOT-FOR-US: Cisco
CVE-2018-15370 (A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco C ...)
	NOT-FOR-US: Cisco
CVE-2018-15369 (A vulnerability in the TACACS+ client subsystem of Cisco IOS Software  ...)
	NOT-FOR-US: Cisco
CVE-2018-15368 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-15367 (A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalatio ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15366 (A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulner ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15365 (A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro De ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15364 (A Named Pipe Request Processing Out-of-Bounds Read Information Disclos ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15363 (An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micr ...)
	NOT-FOR-US: Trend Micro
CVE-2018-15362 (XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 ...)
	NOT-FOR-US: GE Proficy Cimplicity GDS
CVE-2018-15361 (UltraVNC revision 1198 has a buffer underflow vulnerability in VNC cli ...)
	NOT-FOR-US: UltraVNC
CVE-2018-15360 (An attacker without authentication can login with default credentials  ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15359 (An authenticated attacker with low privileges can use insecure sudo co ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15358 (An authenticated attacker with low privileges can activate high privil ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15357 (An authenticated attacker with low privileges can extract password has ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15356 (An authenticated attacker can execute arbitrary code using command eje ...)
	NOT-FOR-US: Eltex ESP-200 firmware
CVE-2018-15355 (Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraft ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15354 (A Buffer Overflow exploited through web interface by remote attacker c ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15353 (A Buffer Overflow exploited through web interface by remote attacker c ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15352 (An attacker with low privileges can cause denial of service in Kraftwa ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15351 (Denial of service via crafting malicious link and sending it to a priv ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15350 (Router Default Credentials in Kraftway 24F2XG Router firmware version  ...)
	NOT-FOR-US: Kraftway 24F2XG Router firmware
CVE-2018-15473 (OpenSSH through 7.7 is prone to a user enumeration vulnerability due t ...)
	{DSA-4280-1 DLA-1474-1}
	- openssh 1:7.7p1-4 (bug #906236)
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/15/5
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=74287f5df9966a0648b4a68417451dd18f079ab8
	NOTE: https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
	NOTE: PoC at https://bugfuzz.com/stuff/ssh-check-username.py
CVE-2018-15349
	REJECTED
CVE-2018-15348
	REJECTED
CVE-2018-15347
	REJECTED
CVE-2018-15346
	REJECTED
CVE-2018-15345
	REJECTED
CVE-2018-15344
	REJECTED
CVE-2018-15343
	REJECTED
CVE-2018-15342
	REJECTED
CVE-2018-15341
	REJECTED
CVE-2018-15340
	REJECTED
CVE-2018-15339
	REJECTED
CVE-2018-15338
	REJECTED
CVE-2018-15337
	REJECTED
CVE-2018-15336
	REJECTED
CVE-2018-15335 (When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM be ...)
	NOT-FOR-US: F5
CVE-2018-15334 (A cross-site request forgery (CSRF) vulnerability in the APM webtop 11 ...)
	NOT-FOR-US: F5
CVE-2018-15333 (On versions 11.2.1. and greater, unrestricted Snapshot File Access all ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15332 (The svpn component of the F5 BIG-IP APM client prior to version 7.1.7. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15331 (On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15330 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15329 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Ent ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15328 (On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15327 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15326 (In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15325 (In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15324 (On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15323 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, in certain circumstances ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15322 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15321 (When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15320 (On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patt ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15319 (On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malici ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15318 (In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15317 (In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15316 (In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15315 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a reflected ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15314 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Refle ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15313 (On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Refle ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15312 (On F5 BIG-IP 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, a reflected Cross-Si ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15311 (When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-15310 (A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-XXXX [libykneomgr memory corruption]
	- libykneomgr <removed> (low; bug #906138)
	[stretch] - libykneomgr <no-dsa> (Minor issue)
	[jessie] - libykneomgr <no-dsa> (Minor issue)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/
CVE-2018-15470 (An issue was discovered in Xen through 4.11.x. The logic in oxenstored ...)
	{DSA-4274-1 DLA-1577-1}
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2 (unimportant)
	NOTE: https://xenbits.xen.org/xsa/advisory-272.html
CVE-2018-15471 (An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen- ...)
	{DSA-4313-1 DLA-1715-1}
	- linux 4.18.10-2
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://xenbits.xen.org/xsa/advisory-270.html
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1607
CVE-2018-15468 (An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contai ...)
	{DSA-4274-1}
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
	[jessie] - xen <not-affected> (Only affects 4.6 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-269.html
CVE-2018-15469 (An issue was discovered in Xen through 4.11.x. ARM never properly impl ...)
	{DSA-4274-1 DLA-1577-1}
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
	NOTE: https://xenbits.xen.org/xsa/advisory-268.html
CVE-2018-15309
	RESERVED
CVE-2018-15308
	RESERVED
CVE-2018-15307
	RESERVED
CVE-2018-15306
	RESERVED
CVE-2018-15305
	RESERVED
CVE-2018-15304
	RESERVED
CVE-2018-15303
	RESERVED
CVE-2018-15302
	RESERVED
CVE-2018-15301
	RESERVED
CVE-2018-15300
	RESERVED
CVE-2018-15299
	RESERVED
CVE-2018-15298
	RESERVED
CVE-2018-15297
	RESERVED
CVE-2018-15296
	RESERVED
CVE-2018-15295
	RESERVED
CVE-2018-15294
	RESERVED
CVE-2018-15293
	RESERVED
CVE-2018-15292
	RESERVED
CVE-2018-15291
	RESERVED
CVE-2018-15290
	RESERVED
CVE-2018-15289
	RESERVED
CVE-2018-15288
	RESERVED
CVE-2018-15287
	RESERVED
CVE-2018-15286
	RESERVED
CVE-2018-15285
	RESERVED
CVE-2018-15284
	RESERVED
CVE-2018-15283
	RESERVED
CVE-2018-15282
	RESERVED
CVE-2018-15281
	RESERVED
CVE-2018-15280
	RESERVED
CVE-2018-15279
	RESERVED
CVE-2018-15278
	RESERVED
CVE-2018-15277
	RESERVED
CVE-2018-15276
	RESERVED
CVE-2018-15275
	RESERVED
CVE-2018-15274
	RESERVED
CVE-2018-15273
	RESERVED
CVE-2018-15272
	RESERVED
CVE-2018-15271
	RESERVED
CVE-2018-15270
	RESERVED
CVE-2018-15269
	RESERVED
CVE-2018-15268
	RESERVED
CVE-2018-15267
	RESERVED
CVE-2018-15266
	RESERVED
CVE-2018-15265
	RESERVED
CVE-2018-15264
	RESERVED
CVE-2018-15263
	RESERVED
CVE-2018-15262
	RESERVED
CVE-2018-15261
	RESERVED
CVE-2018-15260
	RESERVED
CVE-2018-15259
	RESERVED
CVE-2018-15258
	RESERVED
CVE-2018-15257
	RESERVED
CVE-2018-15256
	RESERVED
CVE-2018-15255
	RESERVED
CVE-2018-15254
	RESERVED
CVE-2018-15253
	RESERVED
CVE-2018-15252
	RESERVED
CVE-2018-15251
	RESERVED
CVE-2018-15250
	RESERVED
CVE-2018-15249
	RESERVED
CVE-2018-15248
	RESERVED
CVE-2018-15247
	RESERVED
CVE-2018-15246
	RESERVED
CVE-2018-15245
	RESERVED
CVE-2018-15244
	RESERVED
CVE-2018-15243
	RESERVED
CVE-2018-15242
	RESERVED
CVE-2018-15241
	RESERVED
CVE-2018-15240
	RESERVED
CVE-2018-15239
	RESERVED
CVE-2018-15238
	RESERVED
CVE-2018-15237
	RESERVED
CVE-2018-15236
	RESERVED
CVE-2018-15235
	RESERVED
CVE-2018-15234
	RESERVED
CVE-2018-15233
	RESERVED
CVE-2018-15232
	RESERVED
CVE-2018-15231
	RESERVED
CVE-2018-15230
	RESERVED
CVE-2018-15229
	RESERVED
CVE-2018-15228
	RESERVED
CVE-2018-15227
	RESERVED
CVE-2018-15226
	RESERVED
CVE-2018-15225
	RESERVED
CVE-2018-15224
	RESERVED
CVE-2018-15223
	RESERVED
CVE-2018-15222
	RESERVED
CVE-2018-15221
	RESERVED
CVE-2018-15220
	RESERVED
CVE-2018-15219
	RESERVED
CVE-2018-15218
	RESERVED
CVE-2018-15217
	RESERVED
CVE-2018-15216
	RESERVED
CVE-2018-15215
	RESERVED
CVE-2018-15214
	RESERVED
CVE-2018-15213
	RESERVED
CVE-2018-15212
	RESERVED
CVE-2018-15211
	RESERVED
CVE-2018-15210
	RESERVED
CVE-2018-15209 (ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows ...)
	{DSA-4349-1}
	- tiff 4.0.9-5 (bug #905798)
	[jessie] - tiff <not-affected> (Cannot reproduce with crash file)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2808
	NOTE: Different issue than CVE-2017-11613 but adressed with same set of commits.
	NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8
	NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be
CVE-2018-15208 (BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter. ...)
	NOT-FOR-US: BPC SmartVista
CVE-2018-15207 (BPC SmartVista 2 has Improper Access Control in the SVFE module, where ...)
	NOT-FOR-US: BPC SmartVista
CVE-2018-15206 (BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.js ...)
	NOT-FOR-US: BPC SmartVista
CVE-2018-15205
	RESERVED
CVE-2018-15204
	RESERVED
CVE-2018-15203 (An issue was discovered in Ignited CMS through 2017-02-19. ign/index.p ...)
	NOT-FOR-US: Ignited CMS
CVE-2018-15202 (An issue was discovered in Juunan06 eCommerce through 2018-08-05. Ther ...)
	NOT-FOR-US: Juunan06 eCommerce
CVE-2018-15201
	RESERVED
CVE-2018-15200
	RESERVED
CVE-2018-15199 (AuraCMS 2.3 allows XSS via a Bukutamu -&gt; AddGuestbook action. ...)
	NOT-FOR-US: AuraCMS
CVE-2018-15198 (An issue was discovered in OneThink v1.1. There is a CSRF vulnerabilit ...)
	NOT-FOR-US: OneThink
CVE-2018-15197 (An issue was discovered in OneThink v1.1. There is a CSRF vulnerabilit ...)
	NOT-FOR-US: OneThink
CVE-2018-15196
	RESERVED
CVE-2018-15195
	RESERVED
CVE-2018-15194
	RESERVED
CVE-2018-15193 (A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows ...)
	NOT-FOR-US: Go Git Service
CVE-2018-15192 (An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs  ...)
	- gitea <removed>
	NOTE: https://github.com/go-gitea/gitea/issues/4624
CVE-2018-15191 (PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15190 (PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First N ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15189 (PHP Scripts Mall advanced-real-estate-script has XSS via the Name fiel ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15188 (PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attac ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15187 (PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-p ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15186 (PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15185 (PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows re ...)
	NOT-FOR-US: PHP Scripts Mall
CVE-2018-15184 (PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Store ...)
	NOT-FOR-US: PHP Scripts Mall Naukri / Shine / Jobsite Clone Script
CVE-2018-15183 (PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 ...)
	NOT-FOR-US: PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script
CVE-2018-15182 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2018-15181 (JioFi 4G Hotspot M2S devices allow attackers to cause a denial of serv ...)
	NOT-FOR-US: JioFi 4G Hotspot M2S devices
CVE-2018-15180 (qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect vi ...)
	NOT-FOR-US: QASymphony qTest Manager
CVE-2018-15179
	RESERVED
CVE-2018-15178 (Open redirect vulnerability in Gogs before 0.12 allows remote attacker ...)
	NOT-FOR-US: Go Git Service
CVE-2018-15177 (In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can a ...)
	NOT-FOR-US: Gxlcms
CVE-2018-15176 (XnView 2.45 allows remote attackers to cause a denial of service (User ...)
	NOT-FOR-US: XnView
CVE-2018-15175 (XnView 2.45 allows remote attackers to cause a denial of service (User ...)
	NOT-FOR-US: XnView
CVE-2018-15174 (XnView 2.45 allows remote attackers to cause a denial of service (Read ...)
	NOT-FOR-US: XnView
CVE-2018-15173 (Nmap through 7.70, when the -sV option is used, allows remote attacker ...)
	- nmap <unfixed> (unimportant)
	NOTE: No security impact
CVE-2018-15172 (TP-Link WR840N devices have a buffer overflow via a long Authorization ...)
	NOT-FOR-US: TP-Link WR840N devices
CVE-2018-15171
	RESERVED
CVE-2018-15170
	RESERVED
CVE-2018-15169 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEng ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-15168 (A SQL Injection vulnerability exists in the Zoho ManageEngine Applicat ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-15167
	RESERVED
CVE-2018-15166
	RESERVED
CVE-2018-15165
	RESERVED
CVE-2018-15164
	RESERVED
CVE-2018-15163
	RESERVED
CVE-2018-15162
	RESERVED
CVE-2018-15161 (** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ...)
	NOTE: Disputed libesedb issues
	NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15160 (** DISPUTED ** The libesedb_catalog_definition_read function in libese ...)
	NOTE: Disputed libesedb issues
	NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15159 (** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ...)
	NOTE: Disputed libesedb issues
	NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15158 (** DISPUTED ** The libesedb_page_read_values function in libesedb_page ...)
	NOTE: Disputed libesedb issues
	NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15157 (** DISPUTED ** The libfsclfs_block_read function in libfsclfs_block.c  ...)
	NOT-FOR-US: libfsclfs
CVE-2018-15156 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15155 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15154 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15153 (OS command injection occurring in versions of OpenEMR before 5.0.1.4 a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15152 (Authentication bypass vulnerability in portal/account/register.php in  ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15151 (SQL injection vulnerability in interface/de_identification_forms/find_ ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15150 (SQL injection vulnerability in interface/de_identification_forms/de_id ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15149 (SQL injection vulnerability in interface/forms/eye_mag/php/Anything_si ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15148 (SQL injection vulnerability in interface/patient_file/encounter/search ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15147 (SQL injection vulnerability in interface/forms_admin/forms_admin.php f ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15146 (SQL injection vulnerability in interface/de_identification_forms/find_ ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15145 (Multiple SQL injection vulnerabilities in portal/add_edit_event_user.p ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15144 (SQL injection vulnerability in interface/de_identification_forms/find_ ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15143 (Multiple SQL injection vulnerabilities in portal/find_appt_popup_user. ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15142 (Directory traversal in portal/import_template.php in versions of OpenE ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15141 (Directory traversal in portal/import_template.php in versions of OpenE ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15140 (Directory traversal in portal/import_template.php in versions of OpenE ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15139 (Unrestricted file upload in interface/super/manage_site_files.php in v ...)
	NOT-FOR-US: OpenEMR
CVE-2018-15138 (Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/down ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS 30M
CVE-2018-15137 (CeLa Link CLR-M20 devices allow unauthorized users to upload any file  ...)
	NOT-FOR-US: CeLa Link CLR-M20 devices
CVE-2018-15136 (TitanHQ SpamTitan before 7.01 has Improper input validation. This allo ...)
	NOT-FOR-US: TitanHQ
CVE-2018-15135
	RESERVED
CVE-2018-15134
	RESERVED
CVE-2018-15133 (In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote c ...)
	NOT-FOR-US: Laravel
CVE-2018-15132 (An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ...)
	- php7.2 <not-affected> (Windows-specific)
	- php7.1 <not-affected> (Windows-specific)
	- php7.0 <not-affected> (Windows-specific)
	- php5 <not-affected> (Windows-specific)
	NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76459
	NOTE: https://github.com/php/php-src/commit/f151e048ed27f6f4eef729f3310d053ab5da71d4
CVE-2018-15131 (An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x be ...)
	NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2018-15130 (ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&amp;a ...)
	NOT-FOR-US: ThinkSAAS
CVE-2018-15129 (ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&amp ...)
	NOT-FOR-US: ThinkSAAS
CVE-2018-15128 (An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, H ...)
	NOT-FOR-US: Polycom Group Series
CVE-2018-20750 (LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerabilit ...)
	{DLA-1979-1 DLA-1652-1}
	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
	[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
	- italc <removed>
	[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
	NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-20749 (LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ...)
	{DLA-1979-1 DLA-1652-1}
	- libvncserver 0.9.11+dfsg-1.3 (bug #920941)
	[stretch] - libvncserver <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
	- italc <removed>
	[stretch] - italc <not-affected> (Incomplete fix for CVE-2018-15127 not applied)
	NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
CVE-2018-15127 (LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains ...)
	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	NOTE: https://github.com/LibVNC/libvncserver/issues/243
	NOTE: https://github.com/LibVNC/libvncserver/commit/502821828ed00b4a2c4bef90683d0fd88ce495de
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/
	NOTE: When fixing this issue make sure to not open CVE-2018-20749 and CVE-2018-20750
	NOTE: Additional commits:
	NOTE: https://github.com/LibVNC/libvncserver/commit/15bb719c03cc70f14c36a843dcb16ed69b405707
	NOTE: https://github.com/LibVNC/libvncserver/commit/09e8fc02f59f16e2583b34fe1a270c238bd9ffec
CVE-2018-15126 (LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains ...)
	{DSA-4383-1 DLA-1979-1 DLA-1652-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	NOTE: https://github.com/LibVNC/libvncserver/issues/242
	NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/162d716b4c095a87aab2261857d583d68e3b3ea6 (merge of fix-#242)
	NOTE: Individual commits:
	NOTE: https://github.com/LibVNC/libvncserver/commit/89419fb1a0cef42b63528e6930f4e545cfef4c95
	NOTE: https://github.com/LibVNC/libvncserver/commit/f8912fee5a58fb3975eda2589f6d4686f0c1ae68
	NOTE: https://github.com/LibVNC/libvncserver/commit/73cb96fec028a576a5a24417b57723b55854ad7b (main part of the fix)
	NOTE: https://github.com/LibVNC/libvncserver/commit/2d939267a176bf4976dbad36399638956ad8cc34
	NOTE: https://github.com/LibVNC/libvncserver/commit/495ffa3f3a213ab058eee1d7da48fa5ef71914d8
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/
CVE-2018-15125 (Sensitive Information Disclosure in Zipato Zipabox Smart Home Controll ...)
	NOT-FOR-US: Zipato
CVE-2018-15124 (Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD R ...)
	NOT-FOR-US: Zipato
CVE-2018-15123 (Insecure configuration storage in Zipato Zipabox Smart Home Controller ...)
	NOT-FOR-US: Zipato
CVE-2018-15122 (An issue found in Progress Telerik JustAssembly through 2018.1.323.2 a ...)
	NOT-FOR-US: Telerik
CVE-2018-15121 (An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. A ...)
	NOT-FOR-US: Auth0 auth0-aspnet
CVE-2018-15120 (libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other  ...)
	- pango1.0 1.42.4-1 (low)
	[stretch] - pango1.0 <not-affected> (Vulnerable code not present)
	[jessie] - pango1.0 <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
CVE-2018-15119
	RESERVED
CVE-2018-15118
	RESERVED
CVE-2018-15117
	RESERVED
CVE-2018-15116
	RESERVED
CVE-2018-15115
	RESERVED
CVE-2018-15114
	RESERVED
CVE-2018-15113
	RESERVED
CVE-2018-15112
	RESERVED
CVE-2018-15111
	RESERVED
CVE-2018-15110
	RESERVED
CVE-2018-15109
	RESERVED
CVE-2018-15108
	RESERVED
CVE-2018-15107
	RESERVED
CVE-2018-15106
	RESERVED
CVE-2018-15105
	RESERVED
CVE-2018-15104
	RESERVED
CVE-2018-15103
	RESERVED
CVE-2018-15102
	RESERVED
CVE-2018-15101
	RESERVED
CVE-2018-15100
	RESERVED
CVE-2018-15099
	RESERVED
CVE-2018-15098
	RESERVED
CVE-2018-15097
	RESERVED
CVE-2018-15096
	RESERVED
CVE-2018-15095
	RESERVED
CVE-2018-15094
	RESERVED
CVE-2018-15093
	RESERVED
CVE-2018-15092
	RESERVED
CVE-2018-15091
	RESERVED
CVE-2018-15090
	RESERVED
CVE-2018-15089
	RESERVED
CVE-2018-15088
	RESERVED
CVE-2018-15087
	RESERVED
CVE-2018-15086
	RESERVED
CVE-2018-15085
	RESERVED
CVE-2018-15084
	RESERVED
CVE-2018-15083
	RESERVED
CVE-2018-15082
	RESERVED
CVE-2018-15081
	RESERVED
CVE-2018-15080
	RESERVED
CVE-2018-15079
	RESERVED
CVE-2018-15078
	RESERVED
CVE-2018-15077
	RESERVED
CVE-2018-15076
	RESERVED
CVE-2018-15075
	RESERVED
CVE-2018-15074
	RESERVED
CVE-2018-15073
	RESERVED
CVE-2018-15072
	RESERVED
CVE-2018-15071
	RESERVED
CVE-2018-15070
	RESERVED
CVE-2018-15069
	RESERVED
CVE-2018-15068
	RESERVED
CVE-2018-15067
	RESERVED
CVE-2018-15066
	RESERVED
CVE-2018-15065
	RESERVED
CVE-2018-15064
	RESERVED
CVE-2018-15063
	RESERVED
CVE-2018-15062
	RESERVED
CVE-2018-15061
	RESERVED
CVE-2018-15060
	RESERVED
CVE-2018-15059
	RESERVED
CVE-2018-15058
	RESERVED
CVE-2018-15057
	RESERVED
CVE-2018-15056
	RESERVED
CVE-2018-15055
	RESERVED
CVE-2018-15054
	RESERVED
CVE-2018-15053
	RESERVED
CVE-2018-15052
	RESERVED
CVE-2018-15051
	RESERVED
CVE-2018-15050
	RESERVED
CVE-2018-15049
	RESERVED
CVE-2018-15048
	RESERVED
CVE-2018-15047
	RESERVED
CVE-2018-15046
	RESERVED
CVE-2018-15045
	RESERVED
CVE-2018-15044
	RESERVED
CVE-2018-15043
	RESERVED
CVE-2018-15042
	RESERVED
CVE-2018-15041
	RESERVED
CVE-2018-15040
	RESERVED
CVE-2018-15039
	RESERVED
CVE-2018-15038
	RESERVED
CVE-2018-15037
	RESERVED
CVE-2018-15036
	RESERVED
CVE-2018-15035
	RESERVED
CVE-2018-15034
	RESERVED
CVE-2018-15033
	RESERVED
CVE-2018-15032
	RESERVED
CVE-2018-15031
	RESERVED
CVE-2018-15030
	RESERVED
CVE-2018-15029
	RESERVED
CVE-2018-15028
	RESERVED
CVE-2018-15027
	RESERVED
CVE-2018-15026
	RESERVED
CVE-2018-15025
	RESERVED
CVE-2018-15024
	RESERVED
CVE-2018-15023
	RESERVED
CVE-2018-15022
	RESERVED
CVE-2018-15021
	RESERVED
CVE-2018-15020
	RESERVED
CVE-2018-15019
	RESERVED
CVE-2018-15018
	RESERVED
CVE-2018-15017
	RESERVED
CVE-2018-15016
	RESERVED
CVE-2018-15015
	RESERVED
CVE-2018-15014
	RESERVED
CVE-2018-15013
	RESERVED
CVE-2018-15012
	RESERVED
CVE-2018-15011
	RESERVED
CVE-2018-15010
	RESERVED
CVE-2018-15009
	RESERVED
CVE-2018-15008
	RESERVED
CVE-2018-15007 (The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x60 ...)
	NOT-FOR-US: Sky Elite
CVE-2018-15006 (The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917 ...)
	NOT-FOR-US: ZTE
CVE-2018-15005 (The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917 ...)
	NOT-FOR-US: ZTE
CVE-2018-15004 (The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/ ...)
	NOT-FOR-US: Coolpad
CVE-2018-15003 (The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:us ...)
	NOT-FOR-US: Coolpad
CVE-2018-15002 (The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2 ...)
	NOT-FOR-US: Vivo V7 device
CVE-2018-15001 (The Vivo V7 Android device with a build fingerprint of vivo/1718/1718: ...)
	NOT-FOR-US: Vivo V7 device
CVE-2018-15000 (The Vivo V7 Android device with a build fingerprint of vivo/1718/1718: ...)
	NOT-FOR-US: Vivo V7 device
CVE-2018-14999 (The Leagoo P1 device with a build fingerprint of sp7731c_1h10_32v4_bir ...)
	NOT-FOR-US: Leagoo P1 Android device
CVE-2018-14998 (The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_ ...)
	NOT-FOR-US: Leagoo P1 Android device
CVE-2018-14997 (The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_ ...)
	NOT-FOR-US: Leagoo P1 Android device
CVE-2018-14996 (The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CP ...)
	NOT-FOR-US: Oppo F5
CVE-2018-14995 (The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z ...)
	NOT-FOR-US: ZTE
CVE-2018-14994 (The Essential Phone Android device with a build fingerprint of essenti ...)
	NOT-FOR-US: Essential Phone
CVE-2018-14993 (The ASUS Zenfone V Live Android device with a build fingerprint of asu ...)
	NOT-FOR-US: ASUS ZenFone 3 Max Android device
CVE-2018-14992 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
	NOT-FOR-US: ASUS ZenFone 3 Max Android device
CVE-2018-14991 (The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a ...)
	NOT-FOR-US: Coolpad Defiant
CVE-2018-14990 (The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a ...)
	NOT-FOR-US: Coolpad Defiant
CVE-2018-14989 (The Plum Compass Android device with a build fingerprint of PLUM/c179_ ...)
	NOT-FOR-US: Plum Compass
CVE-2018-14988 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m2 ...)
	NOT-FOR-US: MXQ TV Box
CVE-2018-14987 (The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m2 ...)
	NOT-FOR-US: MXQ TV Box
CVE-2018-14986 (The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10 ...)
	NOT-FOR-US: Leagoo Z5C Android device
CVE-2018-14985 (The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10 ...)
	NOT-FOR-US: Leagoo Z5C Android device
CVE-2018-14984 (The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10 ...)
	NOT-FOR-US: Leagoo Z5C Android device
CVE-2018-14983 (The Sony Xperia L1 Android device with a build fingerprint of Sony/G33 ...)
	NOT-FOR-US: Sony Xperia
CVE-2018-14982 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
	NOT-FOR-US: LG devices specific issue
CVE-2018-14981 (Certain LG devices based on Android 6.0 through 8.1 have incorrect acc ...)
	NOT-FOR-US: LG devices specific issue
CVE-2018-14980 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
	NOT-FOR-US: ASUS ZenFone 3 Max Android device
CVE-2018-14979 (The ASUS ZenFone 3 Max Android device with a build fingerprint of asus ...)
	NOT-FOR-US: ASUS ZenFone 3 Max Android device
CVE-2018-14978 (An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/use ...)
	NOT-FOR-US: QCMS
CVE-2018-14977 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest. ...)
	NOT-FOR-US: QCMS
CVE-2018-14976 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14975 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMSQCMS
CVE-2018-14974 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14973 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14972 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14971 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14970 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14969 (An issue was discovered in QCMS 3.0.1. upload/System/Controller/backen ...)
	NOT-FOR-US: QCMS
CVE-2018-14968 (An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.add ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14967 (An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.use ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14966 (An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=u ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14965 (An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=a ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14964 (An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/uploa ...)
	NOT-FOR-US: EMLsoft
CVE-2018-14963 (zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. ...)
	NOT-FOR-US: zzcms
CVE-2018-14962 (zzcms 8.3 has stored XSS related to the content variable in user/manag ...)
	NOT-FOR-US: zzcms
CVE-2018-14961 (dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql paramete ...)
	NOT-FOR-US: zzcms
CVE-2018-14960 (Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. ...)
	NOT-FOR-US: Xiao5uCompany
CVE-2018-14959 (An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-14958 (An issue was discovered in WeaselCMS v0.3.5. CSRF can update the websi ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-14957 (CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file do ...)
	NOT-FOR-US: CMS ISWEB
CVE-2018-14956 (CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An atta ...)
	NOT-FOR-US: CMS ISWEB
CVE-2018-14949
	RESERVED
CVE-2018-14948 (An issue has been found in dilawar sound through 2017-11-27. The end o ...)
	NOT-FOR-US: dilawar
CVE-2018-14947 (An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlF ...)
	NOT-FOR-US: PDF2JSON
CVE-2018-14946 (An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgO ...)
	NOT-FOR-US: PDF2JSON
CVE-2018-14945 (An issue has been found in jpeg_encoder through 2015-11-27. It is a he ...)
	NOT-FOR-US: jpeg_encoder
CVE-2018-14944 (An issue has been found in jpeg_encoder through 2015-11-27. It is a SE ...)
	NOT-FOR-US: jpeg_encoder
CVE-2018-14943 (Harmonic NSG 9000 devices have a default password of nsgadmin for the  ...)
	NOT-FOR-US: Harmonic NSG 9000 devices
CVE-2018-14942 (Harmonic NSG 9000 devices allow remote authenticated users to conduct  ...)
	NOT-FOR-US: Harmonic NSG 9000 devices
CVE-2018-14941 (Harmonic NSG 9000 devices allow remote authenticated users to read the ...)
	NOT-FOR-US: Harmonic NSG 9000 devices
CVE-2018-14940 (PHPCMS 9 allows remote attackers to cause a denial of service (resourc ...)
	NOT-FOR-US: PHPCMS
CVE-2018-14939 (The get_app_path function in desktop/unx/source/start.c in LibreOffice ...)
	- libreoffice <not-affected> (Doesn't affect LibreOffice running on glibc)
CVE-2018-1000637 (zutils version prior to version 1.8-pre2 contains a Buffer Overflow vu ...)
	{DLA-1505-1}
	- zutils 1.7-3 (bug #902936; bug #904819)
	[stretch] - zutils 1.5-5+deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/05/1
	NOTE: https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
	NOTE: Fixed by: upstream/0001-zcat-buffer-overrun.patch (in 1.7-3)
CVE-2018-14938 (An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1. ...)
	{DLA-2468-1}
	- tcpflow 1.5.0+repack1-1 (bug #905483)
	[jessie] - tcpflow <no-dsa> (Minor issue)
	NOTE: https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb
	NOTE: https://github.com/simsong/tcpflow/issues/182
CVE-2018-14937 (The Add page option in my little forum 2.4.12 allows XSS via the Menu  ...)
	NOT-FOR-US: My Little Forum
CVE-2018-14936 (The Add page option in my little forum 2.4.12 allows XSS via the Title ...)
	NOT-FOR-US: My Little Forum
CVE-2018-14935 (The Web administration console on Polycom Trio devices with software b ...)
	NOT-FOR-US: Polycom Trio
CVE-2018-14934 (The Bluetooth subsystem on Polycom Trio devices with software before 5 ...)
	NOT-FOR-US: Polycom Trio
CVE-2018-14933 (upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execu ...)
	NOT-FOR-US: NUUO NVRmini devices
CVE-2018-14932
	RESERVED
CVE-2018-14931 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
	NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14930 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
	NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14929 (Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonst ...)
	NOT-FOR-US: Metara
CVE-2018-14928 (/contingency/servlet/ServletFileDownload executes as root and provides ...)
	NOT-FOR-US: Metara
CVE-2018-14927 (Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to ...)
	NOT-FOR-US: Metara
CVE-2018-14926 (Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/ ...)
	NOT-FOR-US: Metara
CVE-2018-14925 (Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstra ...)
	NOT-FOR-US: Metara
CVE-2018-14924 (Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrat ...)
	NOT-FOR-US: Metara
CVE-2018-14923 (A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to e ...)
	NOT-FOR-US: EZPlayer
CVE-2018-14922 (Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0 ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-14921
	RESERVED
CVE-2018-14920
	RESERVED
CVE-2018-14919 (LOYTEC LGATE-902 6.3.2 devices allow XSS. ...)
	NOT-FOR-US: LOYTEC LGATE-902 devices
CVE-2018-14918 (LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal. ...)
	NOT-FOR-US: LOYTEC LGATE-902 devices
CVE-2018-14917
	REJECTED
CVE-2018-14916 (LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. ...)
	NOT-FOR-US: LOYTEC LGATE-902 devices
CVE-2018-14915
	REJECTED
CVE-2018-1000223 (soundtouch version up to and including 2.0.0 contains a Buffer Overflo ...)
	- soundtouch 2.1.2+ds1-1 (bug #905491)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/6
CVE-2018-14914
	RESERVED
CVE-2018-14913
	RESERVED
CVE-2018-14912 (cgit_clone_objects in CGit before 1.2.1 has a directory traversal vuln ...)
	{DSA-4263-1 DLA-1459-1}
	- cgit 1.1+git2.10.2-3.1 (bug #905382)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1627
	NOTE: https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html
	NOTE: https://git.zx2c4.com/cgit/commit/?id=53efaf30b50f095cad8c160488c74bba3e3b2680
CVE-2018-14911 (A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vu ...)
	NOT-FOR-US: ukcms
CVE-2018-14910 (SeaCMS v6.61 allows Remote Code execution by placing PHP code in an al ...)
	NOT-FOR-US: SeaCMS
CVE-2018-14909
	RESERVED
CVE-2018-14908 (Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every r ...)
	NOT-FOR-US: Samsung Syncthru Web Service
CVE-2018-14907 (The Web server in 3CX version 15.5.8801.3 is vulnerable to Information ...)
	NOT-FOR-US: 3CX
CVE-2018-14906 (The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected X ...)
	NOT-FOR-US: 3CX
CVE-2018-14905 (The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected X ...)
	NOT-FOR-US: 3CX
CVE-2018-14904 (Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauth ...)
	NOT-FOR-US: Samsung Syncthru Web Service
CVE-2018-14903 (EPSON WF-2750 printers with firmware JP02I2 do not properly validate f ...)
	NOT-FOR-US: EPSON WF-2750 printers
CVE-2018-14902 (The ContentProvider in the EPSON iPrint application 6.6.3 for Android  ...)
	NOT-FOR-US: EPSON iPrint application for Android
CVE-2018-14901 (The EPSON iPrint application 6.6.3 for Android contains hard-coded API ...)
	NOT-FOR-US: EPSON iPrint application for Android
CVE-2018-14900 (On EPSON WF-2750 printers with firmware JP02I2, there is no filtering  ...)
	NOT-FOR-US: EPSON WF-2750 printers
CVE-2018-14899 (On the EPSON WF-2750 printer with firmware JP02I2, the Web interface A ...)
	NOT-FOR-US: EPSON WF-2750 printer
CVE-2018-14898
	RESERVED
CVE-2018-14897
	RESERVED
CVE-2018-14896
	RESERVED
CVE-2018-14895
	RESERVED
CVE-2018-14894 (CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an a ...)
	NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2018-14893 (A system command injection vulnerability in zyshclient in ZyXEL NSA325 ...)
	NOT-FOR-US: ZyXEL
CVE-2018-14892 (Missing protections against Cross-Site Request Forgery in the web appl ...)
	NOT-FOR-US: ZyXEL
CVE-2018-14891 (Management Console in Vectra Networks Cognito Brain and Sensor before  ...)
	NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
CVE-2018-14890 (Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-s ...)
	NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
CVE-2018-14889 (CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contain ...)
	NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin be ...)
	NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
CVE-2018-14887 (Improper Host header sanitization in the dbfilter routing component in ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32511
CVE-2018-14886 (The module-description renderer in Odoo Community 11.0 and earlier and ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32513
CVE-2018-14885 (Incorrect access control in the database manager component in Odoo Com ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32512
CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ...)
	- php7.2 7.2.1-1
	- php7.1 7.1.13-1
	- php7.0 7.0.27-1
	- php5 <not-affected> (vulnerable code not present)
	NOTE: Fixed in 7.0.27, 7.1.13, 7.2.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75535
	NOTE: Fixed by: https://github.com/php/php-src/commit/0e097f2c96ce31b16fa371981045f224e5a37160
	NOTE: Introduced in: https://github.com/php/php-src/commit/5146d9f8ac170d8ba7109370d732d56dc0777578
CVE-2018-14883 (An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1 ...)
	{DSA-4353-1 DLA-1490-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.20-1
	- php7.0 7.0.31-1
	- php5 <removed>
	NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76423
CVE-2018-14882 (The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d7505276842e85bfd067fa21cdb32b8a2dc3c5e4
CVE-2018-14881 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/86326e880d31b328a151d45348c35220baa9a1ff
CVE-2018-14880 (The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e01c9bf76740802025c9328901b55ee4a0c49ed6
CVE-2018-14879 (The command-line argument parser in tcpdump before 4.9.3 has a buffer  ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
CVE-2018-XXXX [DSA verification crashes OpenSSL on invalid combinations of key content]
	- xml-security-c 2.0.2-2 (bug #913136)
	[stretch] - xml-security-c 1.7.3-4+deb9u2
	[jessie] - xml-security-c 1.7.2-3+deb8u2
	NOTE: temporary entry for DLA-1594-1
	NOTE: https://issues.apache.org/jira/browse/SANTUARIO-496
	NOTE: patch 1/2: http://svn.apache.org/r1843562
	NOTE: patch 2/2: http://svn.apache.org/r1843566
CVE-2018-XXXX [Default KeyInfo resolver doesn't check for empty element content.]
	[experimental] - xml-security-c 2.0.1-1
	- xml-security-c 1.7.3-4+deb9u1 (bug #905332)
	[stretch] - xml-security-c 1.7.3-4+deb9u1
	[jessie] - xml-security-c 1.7.2-3+deb8u1
	NOTE: https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
	NOTE: https://shibboleth.net/community/advisories/secadv_20180803.txt
CVE-2018-14878 (JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 ...)
	NOT-FOR-US: JetBrains dotPeek
CVE-2018-14877 (An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Langu ...)
	NOT-FOR-US: WeaselCMS
CVE-2018-14876 (An issue was discovered in image_save_png in image/image-png.cpp in Fr ...)
	- flif <removed>
	NOTE: https://github.com/FLIF-hub/FLIF/issues/520
CVE-2018-14875 (An issue was discovered in the Core and Portal modules in Polaris FT I ...)
	NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14874 (An issue was discovered in the Armor module in Polaris FT Intellect Co ...)
	NOT-FOR-US: Polaris FT Intellect Core Banking
CVE-2018-14873 (An issue was discovered in Rincewind 0.1. There is a cross-site script ...)
	NOT-FOR-US: Rincewind
CVE-2018-14872 (An issue was discovered in Rincewind 0.1. A reinstall vulnerability ex ...)
	NOT-FOR-US: Rincewind
CVE-2018-14871
	RESERVED
CVE-2018-14870
	RESERVED
CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Add ...)
	NOT-FOR-US: PHP Template Store Script
CVE-2018-14868 (Incorrect access control in the Password Encryption module in Odoo Com ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32507
CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo Commun ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32503
CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32509
CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo  ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32501
CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32502
CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo Community 8.0 th ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32508
CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo Communi ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32504
CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0 and Odoo  ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32506
CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo Community 11 ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32505
CVE-2018-14859 (Incorrect access control in the password reset component in Odoo Commu ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/odoo/odoo/issues/32510
CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-14857 (Unrestricted file upload (with remote code execution) in require/mail/ ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-14856 (Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wi ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14855 (Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wir ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14854 (Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wi ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14853 (A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/n ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14852 (Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcm ...)
	NOT-FOR-US: Samsung wifi driver for Android
CVE-2018-14851 (exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, ...)
	{DSA-4353-1 DLA-1490-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.20-1
	- php7.0 7.0.31-1
	- php5 <removed>
	NOTE: Fixed in 5.6.37, 7.0.31, 7.1.20, 7.2.8
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76557
CVE-2018-14850 (Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow a ...)
	- tikiwiki <removed>
	NOTE: https://sourceforge.net/p/tikiwiki/code/66990
CVE-2018-14849 (Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related  ...)
	- tikiwiki <removed>
	NOTE: https://sourceforge.net/p/tikiwiki/code/66809
CVE-2018-14848
	RESERVED
CVE-2018-14847 (MikroTik RouterOS through 6.42 allows unauthenticated remote attackers ...)
	NOT-FOR-US: Winbox for MikroTik RouterOS
CVE-2018-14846 (The Mondula Multi Step Form plugin before 1.2.8 for WordPress has mult ...)
	NOT-FOR-US: Mondula Multi Step Form plugin for WordPress
CVE-2018-14845
	RESERVED
CVE-2018-14844
	RESERVED
CVE-2018-14843
	RESERVED
CVE-2018-14842
	RESERVED
CVE-2018-14841
	RESERVED
CVE-2018-14840 (uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not  ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-14839 (LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The imp ...)
	NOT-FOR-US: LG N1A1 NAS
CVE-2018-14838 (rejucms 2.1 has stored XSS via the admin/book.php content parameter. ...)
	NOT-FOR-US: rejucms
CVE-2018-14837 (Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/a ...)
	NOT-FOR-US: Wolf CMS
CVE-2018-14836 (Subrion 4.2.1 is vulnerable to Improper Access control because user gr ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-14835 (Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping  ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-14834
	RESERVED
CVE-2018-14833 (Intuit Lacerte 2017 has Incorrect Access Control. ...)
	NOT-FOR-US: Intuit
CVE-2018-14832
	RESERVED
CVE-2018-14831 (An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote a ...)
	NOT-FOR-US: DamiCMS
CVE-2018-14830
	RESERVED
CVE-2018-14829 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vu ...)
	NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2018-14828 (Advantech WebAccess 8.3.1 and earlier has an improper privilege manage ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-14827 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remot ...)
	NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2018-14826 (Entes EMG12 versions 2.57 and prior The application uses a web interfa ...)
	NOT-FOR-US: Entes EMG12
CVE-2018-14825 (On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 runni ...)
	NOT-FOR-US: Honeywell
CVE-2018-14824 (Delta Electronics Delta Industrial Automation PMSoft v2.11 or prior ha ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation PMSoft
CVE-2018-14823 (Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflo ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14822 (Entes EMG12 versions 2.57 and prior an information exposure through qu ...)
	NOT-FOR-US: Entes EMG12
CVE-2018-14821 (Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vu ...)
	NOT-FOR-US: Rockwell Automation RSLinx Classic
CVE-2018-14820 (Advantech WebAccess 8.3.1 and earlier has a .dll component that is sus ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-14819 (Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulner ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14818 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and  ...)
	NOT-FOR-US: PI Studio HMI
CVE-2018-14817 (Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnera ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14816 (Advantech WebAccess 8.3.1 and earlier has several stack-based buffer o ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-14815 (Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write  ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14814 (WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio  ...)
	NOT-FOR-US: WECON
CVE-2018-14813 (Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14812 (An uncontrolled search path element (DLL Hijacking) vulnerability has  ...)
	NOT-FOR-US: Fuji
CVE-2018-14811 (Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer d ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14810 (WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and  ...)
	NOT-FOR-US: PI Studio HMI
CVE-2018-14809 (Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerabili ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2018-14808 (Emerson AMS Device Manager v12.0 to v13.5.  Non-administrative users a ...)
	NOT-FOR-US: Emerson AMS Device Manager
CVE-2018-14807 (A stack-based buffer overflow vulnerability in Opto 22 PAC Control Bas ...)
	NOT-FOR-US: Opto
CVE-2018-14806 (Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerabili ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-14805 (ABB eSOMS version 6.0.2 may allow unauthorized access to the system wh ...)
	NOT-FOR-US: ABB eSOMS
CVE-2018-14804 (Emerson AMS Device Manager v12.0 to v13.5.  A specially crafted script ...)
	NOT-FOR-US: Emerson AMS Device Manager
CVE-2018-14803 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips e-Alert Unit
CVE-2018-14802 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14801 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all v ...)
	NOT-FOR-US: Philips PageWriter
CVE-2018-14800 (Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, b ...)
	NOT-FOR-US: Delta Electronics ISPSoft
CVE-2018-14799 (In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all v ...)
	NOT-FOR-US: Philips PageWriter
CVE-2018-14798 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14797 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a ...)
	NOT-FOR-US: Emerson DeltaV DCS
CVE-2018-14796 (Tec4Data SmartCooler, all versions prior to firmware 180806, the devic ...)
	NOT-FOR-US: Tec4Data SmartCooler
CVE-2018-14795 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable d ...)
	NOT-FOR-US: DeltaV
CVE-2018-14794 (Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. The device d ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14793 (DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable t ...)
	NOT-FOR-US: DeltaV
CVE-2018-14792 (WECON PLC Editor version 1.3.3U may allow an attacker to execute code  ...)
	NOT-FOR-US: WECON
CVE-2018-14791 (Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may all ...)
	NOT-FOR-US: Emerson DeltaV DCS
CVE-2018-14790 (Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14789 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version  ...)
	NOT-FOR-US: Philips
CVE-2018-14788 (Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer ove ...)
	NOT-FOR-US: Fuji Electric
CVE-2018-14787 (In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version  ...)
	NOT-FOR-US: Philips
CVE-2018-14786 (Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps ( ...)
	NOT-FOR-US: medical pumps
CVE-2018-14785 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmw ...)
	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
CVE-2018-14784 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmw ...)
	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
CVE-2018-14783 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmw ...)
	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
CVE-2018-14782 (NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmw ...)
	NOT-FOR-US: NetComm Wireless G LTE Light Industrial M2M Router
CVE-2018-14781 (Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL- ...)
	NOT-FOR-US: Medtronic
CVE-2018-14780 (An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 sma ...)
	- yubico-piv-tool 1.6.1-1 (low; bug #906128)
	[stretch] - yubico-piv-tool 1.4.2-2+deb9u1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/
CVE-2018-14779 (A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartca ...)
	- yubico-piv-tool 1.6.1-1 (low; bug #906128)
	[stretch] - yubico-piv-tool 1.4.2-2+deb9u1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/
CVE-2018-14778
	RESERVED
CVE-2018-14777 (An issue was discovered in DataLife Engine (DLE) through 13.0. An atta ...)
	NOT-FOR-US: DataLife Engine
CVE-2018-1000631 (Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000630 (Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authen ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000629 (Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused b ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000628 (Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass securit ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000627 (Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensiti ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000626 (Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass securit ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000625 (Battelle V2I Hub 2.5.1 contains hard-coded credentials for the adminis ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-1000624 (Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by ...)
	NOT-FOR-US: Battelle V2I Hub
CVE-2018-14776 (Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authen ...)
	NOT-FOR-US: Click Studios Passwordstate
CVE-2018-14775 (tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Loc ...)
	NOT-FOR-US: OpenBSD
CVE-2018-14774 (An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, ...)
	- symfony 3.4.14+dfsg-1
	[stretch] - symfony <no-dsa> (Minor issue)
	[jessie] - symfony <not-affected> (Vulnerable code not present, introduced later in commit 4c8a25a6e2)
	NOTE: https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
CVE-2018-14773 (An issue was discovered in Http Foundation in Symfony 2.7.0 through 2. ...)
	{DSA-4441-1 DLA-1707-1}
	- symfony 3.4.14+dfsg-1
	NOTE: https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
CVE-2018-14772 (Pydio 4.2.1 through 8.2.1 has an authenticated remote code execution v ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-14771 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
	NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14770 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers ...)
	NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14769 (VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF. ...)
	NOT-FOR-US: VIVOTEK FD8177 devices
CVE-2018-14768 (Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*,  ...)
	NOT-FOR-US: VIVOTEK devices
CVE-2018-1999025 (A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TE ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999026 (A server-side request forgery vulnerability exists in Jenkins TraceTro ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999027 (An exposure of sensitive information vulnerability exists in Jenkins S ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999028 (An exposure of sensitive information vulnerability exists in Jenkins A ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999029 (A cross-site scripting vulnerability exists in Jenkins Shelve Project  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999041 (An exposure of sensitive information vulnerability exists in Jenkins T ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999040 (An exposure of sensitive information vulnerability exists in Jenkins K ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999039 (A server-side request forgery vulnerability exists in Jenkins Confluen ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999038 (A confused deputy vulnerability exists in Jenkins Publisher Over CIFS  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999037 (A data modification vulnerability exists in Jenkins Resource Disposer  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999036 (An exposure of sensitive information vulnerability exists in Jenkins S ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999030 (An exposure of sensitive information vulnerability exists in Jenkins M ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999031 (An exposure of sensitive information vulnerability exists in Jenkins m ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999032 (A data modification vulnerability exists in Jenkins Agiletestware Pang ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999033 (An exposure of sensitive information vulnerability exists in Jenkins A ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999034 (A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1999035 (A man in the middle vulnerability exists in Jenkins Inedo BuildMaster  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-14767 (In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message ...)
	{DSA-4267-1 DLA-1471-1}
	- kamailio 5.1.4-1
	NOTE: https://skalatan.de/blog/advisory-hw-2018-05
	NOTE: https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamailio-core/
	NOTE: https://github.com/kamailio/kamailio/commit/281a6c6b6eaaf30058b603325e8ded20b99e1456
CVE-2018-14766
	RESERVED
CVE-2018-14765
	RESERVED
CVE-2018-14764
	RESERVED
CVE-2018-14763
	RESERVED
CVE-2018-14762
	RESERVED
CVE-2018-14761
	RESERVED
CVE-2018-14760
	RESERVED
CVE-2018-14759
	RESERVED
CVE-2018-14758
	RESERVED
CVE-2018-14757
	RESERVED
CVE-2018-14756
	RESERVED
CVE-2018-14755
	RESERVED
CVE-2018-14754
	RESERVED
CVE-2018-14753
	RESERVED
CVE-2018-14752
	RESERVED
CVE-2018-14751
	RESERVED
CVE-2018-14750
	RESERVED
CVE-2018-14749 (Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 b ...)
	NOT-FOR-US: QNAP
CVE-2018-14748 (Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS  ...)
	NOT-FOR-US: QNAP
CVE-2018-14747 (NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QT ...)
	NOT-FOR-US: QNAP
CVE-2018-14746 (Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 ...)
	NOT-FOR-US: QNAP
CVE-2018-14955 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14954 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14953 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14952 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14951 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14950 (The mail message display page in SquirrelMail through 1.4.22 has XSS v ...)
	{DLA-1484-1}
	- squirrelmail <removed> (bug #905023)
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2831/
CVE-2018-14745 (Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver  ...)
	NOT-FOR-US: bcmdhd4538 wifi driver (not in mainline)
CVE-2018-14744 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14743 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14742 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14741 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14740 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14739 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14738 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14737 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. ...)
	NOT-FOR-US: cloudwu PBC
CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command Suite  ...)
	NOT-FOR-US: Hitachi
CVE-2018-14733 (The Odoo Community Association (OCA) dbfilter_from_header module makes ...)
	- odoo <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/OCA/server-tools/issues/1335
CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 all ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.14-1
	NOTE: https://git.kernel.org/linus/cb2595c1393b4a5211534e6f0a0fbad369e21ad8 (4.18-rc1)
CVE-2018-14732 (An issue was discovered in lib/Server.js in webpack-dev-server before  ...)
	NOT-FOR-US: webpack-dev-server
CVE-2018-14731 (An issue was discovered in HMRServer.js in Parcel parcel-bundler. Atta ...)
	NOT-FOR-US: parcel-bundler
CVE-2018-14730 (An issue was discovered in Browserify-HMR. Attackers are able to steal ...)
	NOT-FOR-US: Browserify-HMR
CVE-2018-14729 (The database backup feature in upload/source/admincp/admincp_db.php in ...)
	NOT-FOR-US: Discuz!
CVE-2018-14728 (upload.php in Responsive FileManager 9.13.1 allows SSRF via the url pa ...)
	NOT-FOR-US: Responsive FileManager
CVE-2018-14727
	RESERVED
CVE-2018-14726
	RESERVED
CVE-2018-14725
	RESERVED
CVE-2018-14724 (In the Ban List plugin 1.0 for MyBB, any forum user with mod privilege ...)
	NOT-FOR-US: MyBB plugin
CVE-2018-14723
	RESERVED
CVE-2018-14722 (An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenanc ...)
	- btrfsmaintenance 0.4.1-2 (bug #906131)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1102721
CVE-2018-14721 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote attacke ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14720 (FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to c ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14719 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote attacke ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14718 (FasterXML jackson-databind 2.x before 2.9.7 might allow remote attacke ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/87d29af25e82a249ea15858e2d4ecbf64091db44
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2097
CVE-2018-14717
	RESERVED
CVE-2018-14716 (A Server Side Template Injection (SSTI) was discovered in the SEOmatic ...)
	NOT-FOR-US: SEOmatic plugin for Craft CMS
CVE-2018-14715 (The endCoinFlip function and throwSlammer function of the smart contra ...)
	NOT-FOR-US: smart contract implementations for Cryptogs
CVE-2018-14714 (System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0 ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14713 (Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3. ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14712 (Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50 ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14711 (Missing cross-site request forgery protection in appGet.cgi on ASUS RT ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14710 (Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.3 ...)
	NOT-FOR-US: ASUS RT-AC3200
CVE-2018-14709 (Incorrect access control in the Dashboard API on Drobo 5N2 NAS version ...)
	NOT-FOR-US: Dashboard API on Drobo 5N2 NAS
CVE-2018-14708 (An insecure transport protocol used by Drobo Dashboard API on Drobo 5N ...)
	NOT-FOR-US: Drobo Dashboard API on Drobo 5N2 NAS
CVE-2018-14707 (Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS  ...)
	NOT-FOR-US: Drobo Pix web application on Drobo 5N2 NAS
CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo endpoint o ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14705 (In Drobo 5N2 4.0.5, all optional applications lack any form of authent ...)
	NOT-FOR-US: Drobo 5N2
CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS vers ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data endpoint in D ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14702 (Incorrect access control in the /drobopix/api/drobo.php endpoint in Dr ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14701 (System command injection in the /DroboAccess/delete_user endpoint in D ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14700 (Incorrect access control in the /mysql/api/logfile.php endpoint in Dro ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14699 (System command injection in the /DroboAccess/enable_user endpoint in D ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14698 (Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14697 (Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14696 (Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14695 (Incorrect access control in the /mysql/api/diags.php endpoint in Drobo ...)
	NOT-FOR-US: Drobo 5N2 NAS
CVE-2018-14694
	RESERVED
CVE-2018-14693
	RESERVED
CVE-2018-14692
	RESERVED
CVE-2018-14691 (An issue was discovered in Subsonic 6.1.1. The music tags feature is a ...)
	NOT-FOR-US: Subsonic
CVE-2018-14690 (An issue was discovered in Subsonic 6.1.1. The general settings are af ...)
	NOT-FOR-US: Subsonic
CVE-2018-14689 (An issue was discovered in Subsonic 6.1.1. The transcoding settings ar ...)
	NOT-FOR-US: Subsonic
CVE-2018-14688 (An issue was discovered in Subsonic 6.1.1. The radio settings are affe ...)
	NOT-FOR-US: Subsonic
CVE-2018-14687
	RESERVED
CVE-2018-14686 (system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do. ...)
	NOT-FOR-US: XYCMS
CVE-2018-14685 (The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gx ...)
	NOT-FOR-US: Gxlcms
CVE-2018-14684
	RESERVED
CVE-2018-14683 (PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2018-14678 (An issue was discovered in the Linux kernel through 4.17.11, as used i ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.14-1
	NOTE: https://xenbits.xen.org/xsa/advisory-274.html
	NOTE: https://git.kernel.org/linus/b3681dd548d06deb2e1573890829dff4b15abf46
CVE-2018-14677
	RESERVED
CVE-2018-14676
	RESERVED
CVE-2018-14675
	RESERVED
CVE-2018-14674
	RESERVED
CVE-2018-14673
	RESERVED
CVE-2018-14672 (In ClickHouse before 18.12.13, functions for loading CatBoost models a ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14671 (In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary share ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14670 (Incorrect configuration in deb package in ClickHouse before 1.1.54131  ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14669 (ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14668 (In ClickHouse before 1.1.54388, "remote" table function allowed arbitr ...)
	NOT-FOR-US: ClickHouse
CVE-2018-14679 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
	{DSA-4260-1 DLA-1460-1}
	- libmspack 0.7-1 (bug #904802)
	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14680 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
	{DSA-4260-1 DLA-1460-1}
	- libmspack 0.7-1 (bug #904801)
	NOTE: https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14682 (An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. ...)
	{DSA-4260-1 DLA-1460-1}
	- libmspack 0.7-1 (bug #904800)
	NOTE: https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c in lib ...)
	{DSA-4260-1 DLA-1460-1}
	- libmspack 0.7-1 (bug #904799)
	NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/26/1
CVE-2018-14667 (The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression  ...)
	NOT-FOR-US: RichFaces
CVE-2018-14666 (An improper authorization flaw was found in the Smart Class feature of ...)
	- foreman <itp> (bug #663101)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1638156
CVE-2018-14665 (A flaw was found in xorg-x11-server before 1.20.3. An incorrect permis ...)
	{DSA-4328-1}
	- xorg-server 2:1.20.3-1
	[jessie] - xorg-server <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7d04d47814a5b3a9fdd162249fea74c (1.19.0)
	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
CVE-2018-14664 (A flaw was found in foreman from versions 1.18. A stored cross-site sc ...)
	- foreman <itp> (bug #663101)
CVE-2018-14663 (An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a re ...)
	- dnsdist 1.3.3-1 (bug #913231)
	[stretch] - dnsdist <no-dsa> (Minor issue)
	NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html
CVE-2018-14662 (It was found Ceph versions before 13.2.4 that authenticated ceph users ...)
	{DLA-1696-1}
	- ceph 12.2.11+dfsg1-1 (bug #921948)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1637327
	NOTE: https://github.com/ceph/ceph/commit/a2acedd2a7e12d58af6db35edbd8a9d29c557578
CVE-2018-14661 (It was found that usage of snprintf function in feature/locks translat ...)
	{DLA-1565-1}
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1636880
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21532/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=74dbf0a9aac4b960832029ec122685b5b5009127
CVE-2018-14660 (A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2  ...)
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - glusterfs <not-affected> (vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635926
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21531/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=c2c70552188ee1b15bb748b4f2272062505c7696
CVE-2018-14659 (The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable ...)
	{DLA-1565-1}
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1635929
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21530/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=be1e1785e2e4f3d6345ea5b5b684a1429784a01c
CVE-2018-14658 (A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for b ...)
	NOT-FOR-US: Keycloak
CVE-2018-14657 (A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabl ...)
	NOT-FOR-US: Keycloak
CVE-2018-14656 (A missing address check in the callers of the show_opcodes() in the Li ...)
	- linux 4.18.6-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/342db04ae71273322f0011384a9ed414df8bdae4
CVE-2018-14655 (A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Wh ...)
	NOT-FOR-US: Keycloak
CVE-2018-14654 (The Gluster file system through version 4.1.4 is vulnerable to abuse o ...)
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - glusterfs <not-affected> (vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1631576
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21534/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5f4ae8a80543332a2e92dfa5c7f833ae7b93a664 (release-4.1)
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=dc775c4ae052d1e9d0f61ace3be999f73f0ffa23 (release-5)
CVE-2018-14653 (The Gluster file system through versions 4.1.4 and 3.12 is vulnerable  ...)
	{DLA-1565-1}
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1633431
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21528/
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21529/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=d3ec5f5a089edb68206b5d4a469358867340d4f7
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2712fbd38477e736f157c9dbfbbae9c253b6c13
CVE-2018-14652 (The Gluster file system through versions 3.12 and 4.1.4 is vulnerable  ...)
	{DLA-1565-1}
	- glusterfs 5.0-1 (bug #912997)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632974
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21535/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e2c195712a9ecbda4fa02f5308138a1257a2558a
CVE-2018-14651 (It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018 ...)
	{DLA-1565-1}
	- glusterfs 5.1-1 (bug #912997)
	[stretch] - glusterfs <not-affected> (Incomplete fixes for CVE-2018-109{26,27,28,29,30} not applied)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/31/5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1632557
	NOTE: https://review.gluster.org/#/c/glusterfs/+/21527/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=5fdb7ae37f602894f81a2cadc5a4c609a4c85427
CVE-2018-14650 (It was discovered that sos-collector does not properly set the default ...)
	NOT-FOR-US: sos-collector (not same as sosreport itself, additional tool to sosreport)
CVE-2018-14649 (It was found that ceph-isci-cli package as shipped by Red Hat Ceph Sto ...)
	NOT-FOR-US: ceph-iscsi-cli
CVE-2018-14648 (A flaw was found in 389 Directory Server. A specially crafted search q ...)
	{DLA-1554-1}
	- 389-ds-base 1.4.0.18-1
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1630668
	NOTE: https://pagure.io/389-ds-base/c/a49bd03d6 (1.4.0.17)
	NOTE: 1.3.7: https://pagure.io/389-ds-base/c/c8ec6e58c
	NOTE: 1.3.8: https://pagure.io/389-ds-base/c/5fc374b43
	NOTE: Note that these patches are incomplete and cause a regression (crash). Bundle with
	NOTE: https://pagure.io/389-ds-base/c/a6369790c (1.4.0.17)
	NOTE: 1.3.7: https://pagure.io/389-ds-base/c/722a6f867
	NOTE: 1.3.8: https://pagure.io/389-ds-base/c/bdb1af66c
	NOTE: see https://pagure.io/389-ds-base/issue/49969
CVE-2018-14647 (Python's elementtree C accelerator failed to initialise Expat's hash s ...)
	{DSA-4307-1 DSA-4306-1 DLA-1835-1 DLA-1834-1}
	- python3.7 3.7.0-7
	- python3.6 3.6.7~rc1-1
	- python3.5 <removed>
	- python3.4 <removed>
	[jessie] - python3.4 <postponed> (minor issue)
	- python2.7 2.7.15-5 (bug #921039)
	NOTE: https://bugs.python.org/issue34623
	NOTE: master: https://github.com/python/cpython/commit/cb5778f00ce48631c7140f33ba242496aaf7102b
	NOTE: 3.7: https://github.com/python/cpython/commit/470a435f3b42c9be5fdb7f7b04f3df5663ba7305
	NOTE: 3.6: https://github.com/python/cpython/commit/f7666e828cc3d5873136473ea36ba2013d624fa1
	NOTE: 2.7: https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2
CVE-2018-14646 (The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL  ...)
	- linux <not-affected> (Vulnerable code not present in any version released; apart experimental)
	NOTE: Fixed by: https://git.kernel.org/linus/f428fe4a04cc339166c8bbd489789760de3a0cee
CVE-2018-14645 (A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14,  ...)
	- haproxy 1.8.13-2
	[stretch] - haproxy <not-affected> (Only affects 1.8.x)
	[jessie] - haproxy <not-affected> (Only affects 1.8.x)
	NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=b4e05a3daa30f657db01ec144a0e48850c48f813
CVE-2018-14644 (An issue has been found in PowerDNS Recursor from 4.0.0 up to and incl ...)
	- pdns-recursor 4.1.7-1 (bug #913162)
	[stretch] - pdns-recursor 4.0.4-1+deb9u4
	[jessie] - pdns-recursor <ignored> (Minor issue)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
	NOTE: https://downloads.powerdns.com/patches/2018-07/
	NOTE: Patch backported for jessie https://git.fosscommunity.in/bhe/patches/raw/master/CVE-2018-14644.patch
CVE-2018-14643 (An authentication bypass flaw was found in the smart_proxy_dynflow com ...)
	- foreman <itp> (bug #663101)
	NOTE: Issue in a foreman component: smart_proxy_dynflow, which might land in separate source.
CVE-2018-14642 (An information leak vulnerability was found in Undertow. If all header ...)
	- undertow 2.0.23-1 (bug #911796)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1628702
CVE-2018-14641 (A security flaw was found in the ip_frag_reasm() function in net/ipv4/ ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/18/1
	NOTE: Fixed by: https://git.kernel.org/linus/5d407b071dc369c26a38398326ee2be53651cfe4
CVE-2018-14640
	RESERVED
CVE-2018-14639
	RESERVED
CVE-2018-14638 (A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ...)
	- 389-ds-base 1.4.0.18-1 (bug #908859)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	[jessie] - 389-ds-base <not-affected> (Vulnerable code not present)
	NOTE: https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73
CVE-2018-14637 (The SAML broker consumer endpoint in Keycloak before version 4.6.0.Fin ...)
	NOT-FOR-US: Keycloak
CVE-2018-14636 (Live-migrated instances are briefly able to inspect traffic for other  ...)
	- neutron 2:13.0.0-1 (low)
	[stretch] - neutron <ignored> (Minor issue)
	[jessie] - neutron <ignored> (Minor issue)
CVE-2018-14635 (When using the Linux bridge ml2 driver, non-privileged tenants are abl ...)
	- neutron 2:13.0.0-1
	[stretch] - neutron <ignored> (Minor issue)
	[jessie] - neutron <ignored> (Minor issue)
	NOTE: https://bugs.launchpad.net/neutron/+bug/1757482
	NOTE: https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d
CVE-2018-14634 (An integer overflow flaw was found in the Linux kernel's create_elf_ta ...)
	{DLA-1529-1}
	- linux 4.12.6-1
	[stretch] - linux 4.9.47-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/25/4
CVE-2018-14633 (A security flaw was found in the chap_server_compute_md5() function in ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.10-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/24/2
CVE-2018-14632 (An out of bound write can occur when patching an Openshift object usin ...)
	NOT-FOR-US: OpenShift
CVE-2018-14631 (moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost th ...)
	- moodle <removed>
CVE-2018-14630 (moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an ...)
	- moodle <removed>
CVE-2018-14629 (A denial of service vulnerability was discovered in Samba's LDAP serve ...)
	{DSA-4345-1 DLA-1607-1}
	- samba 2:4.9.2+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2018-14629.html
CVE-2018-14628
	RESERVED
CVE-2018-14627 (The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not h ...)
	- wildfly <itp> (bug #752018)
	NOTE: https://issues.jboss.org/browse/WFLY-9107
	NOTE: https://github.com/wildfly/wildfly/pull/10675
CVE-2018-14626 (PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS ...)
	- pdns 4.1.5-1 (bug #913163)
	[stretch] - pdns <not-affected> (Vulnerable code present only in >=  4.1.0)
	[jessie] - pdns <not-affected> (Vulnerable code not present)
	- pdns-recursor 4.1.7-1 (bug #913162)
	[stretch] - pdns-recursor 4.0.4-1+deb9u4
	[jessie] - pdns-recursor <not-affected> (Vulnerable code not present)
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html
	NOTE: https://downloads.powerdns.com/patches/2018-05/
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html
	NOTE: https://downloads.powerdns.com/patches/2018-06/
CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to  ...)
	{DLA-1771-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.161-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://syzkaller.appspot.com/bug?extid=bd391451452fb0b93039
CVE-2018-14624 (A vulnerability was discovered in 389-ds-base through versions 1.3.7.1 ...)
	{DLA-1526-1}
	- 389-ds-base 1.4.0.18-1 (bug #907778)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://pagure.io/389-ds-base/issue/49937
	NOTE: https://pagure.io/389-ds-base/c/8ff8cb850 (master)
	NOTE: https://pagure.io/389-ds-base/c/c5e78249d (389-ds-base-1.3.8)
	NOTE: https://pagure.io/389-ds-base/c/9f28620d2 (389-ds-base-1.3.7)
CVE-2018-14623 (A SQL injection flaw was found in katello's errata-related API. An aut ...)
	NOT-FOR-US: Katello
CVE-2018-14622 (A null-pointer dereference vulnerability was found in libtirpc before  ...)
	{DLA-1487-1}
	[experimental] - libtirpc 1.0.2-0.1
	- libtirpc 0.2.5-1.3 (bug #907608)
	[stretch] - libtirpc 0.2.5-1.2+deb9u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620293
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=968175
	NOTE: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0
CVE-2018-14621 (An infinite loop vulnerability was found in libtirpc before version 1. ...)
	- libtirpc <not-affected> (Vulnerable code not in a released version)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1620290
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=968175
	NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (0.3.3-rc3)
	NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=fce98161d9815ea016855d9f00274276452c2c4b
CVE-2018-14620 (The OpenStack RabbitMQ container image insecurely retrieves the rabbit ...)
	NOT-FOR-US: Insecure Red Hat container config
CVE-2018-14619 (A flaw was found in the crypto subsystem of the Linux kernel before ve ...)
	- linux 4.14.12-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/b32a7dc8aef1882fbf983eb354837488cc9d54dc
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/28/1
CVE-2018-14618 (curl before version 7.61.1 is vulnerable to a buffer overrun in the NT ...)
	{DSA-4286-1 DLA-1498-1}
	- curl 7.62.0-1 (bug #908327)
	NOTE: https://curl.haxx.se/docs/CVE-2018-14618.html
	NOTE: https://github.com/curl/curl/issues/2756
	NOTE: https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243
CVE-2018-14617 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.8-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200297
	NOTE: https://www.spinics.net/lists/linux-fsdevel/msg130021.html
CVE-2018-14616 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200465
CVE-2018-14615 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	- linux 4.19.9-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200421
CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200419
CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-2241-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199849
	NOTE: https://patchwork.kernel.org/patch/10503147/
CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-2241-1 DLA-1715-1}
	- linux 4.18.8-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199847
	NOTE: https://patchwork.kernel.org/patch/10503403/
	NOTE: https://patchwork.kernel.org/patch/10503413/
CVE-2018-14611 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-2241-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199839
	NOTE: https://patchwork.kernel.org/patch/10503099/
CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DLA-2241-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837
	NOTE: https://patchwork.kernel.org/patch/10503415/
CVE-2018-14609 (An issue was discovered in the Linux kernel through 4.17.10. There is  ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.8-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199833
	NOTE: https://patchwork.kernel.org/patch/10500521/
CVE-2018-14608 (Thomson Reuters UltraTax CS 2017 on Windows has a password protection  ...)
	NOT-FOR-US: Thomson Reuters UltraTax CS 2017
CVE-2018-14607 (Thomson Reuters UltraTax CS 2017 on Windows, in a client/server config ...)
	NOT-FOR-US: Thomson Reuters UltraTax CS 2017
CVE-2018-14600 (An issue was discovered in libX11 through 1.6.5. The function XListExt ...)
	{DLA-1482-1}
	- libx11 2:1.6.6-1 (low)
	[stretch] - libx11 2:1.6.4-3+deb9u1
	[wheezy] - libx11 <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/dbf72805fd9d7b1846fe9a11b46f3994bfc27fea
CVE-2018-14599 (An issue was discovered in libX11 through 1.6.5. The function XListExt ...)
	{DLA-1482-1}
	- libx11 2:1.6.6-1 (low)
	[stretch] - libx11 2:1.6.4-3+deb9u1
	[wheezy] - libx11 <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/b469da1430cdcee06e31c6251b83aede072a1ff0
CVE-2018-14598 (An issue was discovered in XListExtensions in ListExt.c in libX11 thro ...)
	{DLA-1482-1}
	- libx11 2:1.6.6-1 (low)
	[stretch] - libx11 2:1.6.4-3+deb9u1
	[wheezy] - libx11 <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/commit/e83722768fd5c467ef61fa159e8c6278770b45c2
CVE-2018-14606 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 10.6 and later)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14605 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 10.7 and later)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14604 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 10.7 and later)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14603 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14602 (An issue was discovered in GitLab Community and Enterprise Edition bef ...)
	- gitlab 10.8.7+dfsg-1
	[stretch] - gitlab <not-affected> (Affects 9.0 and later only)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14601 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...)
	- gitlab <not-affected> (11.1.0 specific regression)
	NOTE: https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/
CVE-2018-14597 (CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA  ...)
	NOT-FOR-US: CA Technologies Identity Governance
CVE-2018-1002208 (SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...)
	- mono 5.18.0.240+dfsg-1
	[stretch] - mono <no-dsa> (Minor issue)
	[jessie] - mono <no-dsa> (Minor issue)
	- mono-reference-assemblies <unfixed> (unimportant)
	NOTE: https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247
	NOTE: https://github.com/icsharpcode/SharpZipLib/issues/232
	NOTE: https://github.com/mono/mono/issues/11492
CVE-2018-1002207 (mholt/archiver golang package before e4ef56d48eb029648b0e895bb0b6a393e ...)
	NOT-FOR-US: golang-github-mholt-archiver
CVE-2018-1002206 (SharpCompress before 0.21.0 is vulnerable to directory traversal, allo ...)
	NOT-FOR-US: SharpCompress library (for .NET Standard 1.0)
CVE-2018-1002205 (DotNetZip.Semvered before 1.11.0 is vulnerable to directory traversal, ...)
	NOT-FOR-US: DotNetZip.Semvered library (.NET)
CVE-2018-1002203 (unzipper npm library before 0.8.13 is vulnerable to directory traversa ...)
	NOT-FOR-US: unzipper nodejs module
CVE-2018-14596 (wancms 1.0 through 5.0 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: wancms
CVE-2018-14595
	RESERVED
CVE-2018-14594
	RESERVED
CVE-2018-14593 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...)
	{DSA-4317-1 DLA-1473-1}
	- otrs2 6.0.10-1
	NOTE: https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/
	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/57cda14db8fdbcbfb8cabb32d85fbc89fde48c62
	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/7b6802723e1f5d1764b617e9fcf0a8dd21e96216
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/78331ea187181d6130189d4563a50b4c30256320
CVE-2018-14592 (The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW  ...)
	NOT-FOR-US: CWJoomla
CVE-2018-14591
	RESERVED
CVE-2018-14590 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in  ...)
	NOT-FOR-US: Bento4
CVE-2018-14589 (An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParse ...)
	NOT-FOR-US: Bento4
CVE-2018-14588 (An issue has been discovered in Bento4 1.5.1-624. A NULL pointer deref ...)
	NOT-FOR-US: Bento4
CVE-2018-14587 (An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream ...)
	NOT-FOR-US: Bento4
CVE-2018-14586 (An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in  ...)
	NOT-FOR-US: Bento4
CVE-2018-14585 (An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE  ...)
	NOT-FOR-US: Bento4
CVE-2018-14584 (An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create ...)
	NOT-FOR-US: Bento4
CVE-2018-14583 (xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a backgroun ...)
	NOT-FOR-US: XYHCMS
CVE-2018-14582 (index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a ...)
	NOT-FOR-US: BageCMS
CVE-2018-14581 (Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12 ...)
	NOT-FOR-US: Redgate .NET Reflector and SmartAssembly
CVE-2018-14580
	RESERVED
CVE-2018-14579 (GolemCMS through 2008-12-24, if the install/ directory remains active  ...)
	NOT-FOR-US: GolemCMS
CVE-2018-14578
	RESERVED
CVE-2018-14577
	RESERVED
CVE-2018-14576 (The mintToken function of a smart contract implementation for SunContr ...)
	NOT-FOR-US: smart contract implementation for SunContract
CVE-2018-14575 (Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a t ...)
	NOT-FOR-US: MyBB plugin
CVE-2018-14574 (django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11 ...)
	{DSA-4264-1}
	- python-django 1:1.11.15-1 (bug #905216)
	[jessie] - python-django <not-affected> (Vulnerable code not present)
	NOTE: https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
	NOTE: https://github.com/django/django/commit/a656a681272f8f3734b6eb38e9a88aa0d91806f1 (master)
	NOTE: https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c (2.1 release branch)
	NOTE: https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff (1.11 release branch)
	NOTE: https://github.com/django/django/commit/434d309ef6dbecbfd2b322d3a1da78aa5cb05fa8 (vuln. introduced here?)
CVE-2018-14573 (A Local File Inclusion (LFI) vulnerability exists in the Web Interface ...)
	NOT-FOR-US: TightRope Media Carousel Digital Signage
CVE-2018-14572 (In conference-scheduler-cli, a pickle.load call on imported data allow ...)
	NOT-FOR-US: conference-scheduler-cli
CVE-2018-14571
	RESERVED
CVE-2018-14570 (A file upload vulnerability in application/shop/controller/member.php  ...)
	NOT-FOR-US: Niushop B2B2C Multi-business basic
CVE-2018-14569
	RESERVED
CVE-2018-1999024 (MathJax version prior to version 2.7.4 contains a Cross Site Scripting ...)
	- mathjax 2.7.4+dfsg-1
	[stretch] - mathjax <no-dsa> (Minor issue)
	[jessie] - mathjax <no-dsa> (Minor issue)
	NOTE: https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1
CVE-2018-1999021 (Gleezcms Gleez Cms version 1.3.0 contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: Gleezcms Gleez Cms
CVE-2018-1999020 (Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier versi ...)
	NOT-FOR-US: ONOS
CVE-2018-1999019 (Chamilo LMS version 11.x contains an Unserialization vulnerability in  ...)
	NOT-FOR-US: Chamilo LMS
CVE-2018-1999018 (Pydio version 8.2.1 and prior contains an Unvalidated user input leadi ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-1999017 (Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-1999016 (Pydio version 8.2.0 and earlier contains a Cross Site Scripting (XSS)  ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2018-1999015 (FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains ...)
	- ffmpeg 7:4.0.2-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/5aba5b89d0b1d73164d3b81764828bb8b20ff32
CVE-2018-1999014 (FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains ...)
	- ffmpeg 7:4.0.2-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/bab0716c7f4793ec42e05a5aa7e80d82a0dd4e7
CVE-2018-1999013 (FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains ...)
	{DSA-4249-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a7e032a277452366771951e29fd0bf2bd5c029f
CVE-2018-1999012 (FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains ...)
	{DSA-4249-1 DLA-1740-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9807d3976be0e92e4ece3b4b1701be894cd7c2e
CVE-2018-1999011 (FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains ...)
	{DSA-4449-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a58286
CVE-2018-1999010 (FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ...)
	{DSA-4249-1 DLA-1630-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e
CVE-2018-1999009 (October CMS version prior to Build 437 contains a Local File Inclusion ...)
	NOT-FOR-US: October CMS
CVE-2018-1999008 (October CMS version prior to build 437 contains a Cross Site Scripting ...)
	NOT-FOR-US: October CMS
CVE-2018-14568 (Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from  ...)
	- suricata 1:4.0.5-1
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345
	NOTE: https://redmine.openinfosecfoundation.org/issues/2501
CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is used, allows remote attackers to caus ...)
	{DLA-2369-1 DLA-1524-1}
	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
	- libxml2 2.9.10+dfsg-2
	[buster] - libxml2 2.9.4+dfsg1-7+deb10u1
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
CVE-2018-14566
	RESERVED
CVE-2018-14565 (An issue was discovered in libthulac.so in THULAC through 2018-02-25.  ...)
	NOT-FOR-US: THULAC
CVE-2018-14564 (An issue was discovered in libthulac.so in THULAC through 2018-02-25.  ...)
	NOT-FOR-US: THULAC
CVE-2018-14563 (An issue was discovered in libthulac.so in THULAC through 2018-02-25.  ...)
	NOT-FOR-US: THULAC
CVE-2018-14562 (An issue was discovered in libthulac.so in THULAC through 2018-02-25.  ...)
	NOT-FOR-US: THULAC
CVE-2018-14561
	RESERVED
CVE-2018-14560
	RESERVED
CVE-2018-14559 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
	NOT-FOR-US: Tenda AC7 devices
CVE-2018-14558 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
	NOT-FOR-US: Tenda AC7 devices
CVE-2018-14557 (An issue was discovered on Tenda AC7 devices with firmware through V15 ...)
	NOT-FOR-US: Tenda AC7 devices
CVE-2018-14556
	RESERVED
CVE-2018-14555
	RESERVED
CVE-2018-14554
	RESERVED
CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL point ...)
	{DLA-2106-1}
	- libgd2 2.3.0-1 (low; bug #951287)
	[buster] - libgd2 <no-dsa> (Minor issue)
	[stretch] - libgd2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1599032
	NOTE: https://github.com/libgd/libgd/commit/a93eac0e843148dc2d631c3ba80af17e9c8c860f
	NOTE: https://github.com/libgd/libgd/pull/580
CVE-2018-14552
	RESERVED
CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 use ...)
	{DLA-2333-1}
	- imagemagick 8:6.9.10.8+dfsg-1 (bug #904713)
	[jessie] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1221
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/389ecc365a7c61404ba078a72c3fa5a3cf1b4101
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/db7a4be592328af06d776ce3bab24b8c6de5be20
CVE-2018-14550 (An issue has been found in third-party PNM decoding associated with li ...)
	[experimental] - libpng1.6 1.6.37-1~exp1
	- libpng1.6 1.6.37-1 (unimportant)
	- libpng <removed> (unimportant)
	NOTE: https://github.com/glennrp/libpng/issues/246
	NOTE: https://github.com/glennrp/libpng/commit/1f0221fad7e7888ada87eda511dcbfd701de7d21
CVE-2018-14549 (An issue has been found in libwav through 2017-04-20. It is a SEGV in  ...)
	NOT-FOR-US: libwav
CVE-2018-14548
	RESERVED
CVE-2018-14547
	RESERVED
CVE-2018-14546
	RESERVED
CVE-2018-14545 (There exists one invalid memory read bug in AP4_SampleDescription::Get ...)
	NOT-FOR-US: Bento4
CVE-2018-14544 (There exists one invalid memory read bug in AP4_SampleDescription::Get ...)
	NOT-FOR-US: Bento4
CVE-2018-14543 (There exists one NULL pointer dereference vulnerability in AP4_JsonIns ...)
	NOT-FOR-US: Bento4
CVE-2018-14542
	RESERVED
CVE-2018-14541 (PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS v ...)
	NOT-FOR-US: PHP Scripts Mall Basic B2B Script
CVE-2018-14540
	RESERVED
CVE-2018-14539
	RESERVED
CVE-2018-14538
	RESERVED
CVE-2018-14537
	RESERVED
CVE-2018-14536
	RESERVED
CVE-2018-14535
	RESERVED
CVE-2018-14534
	RESERVED
CVE-2018-14533 (read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privil ...)
	NOT-FOR-US: Inteno IOPSYS
CVE-2018-14532 (An issue was discovered in Bento4 1.5.1-624. There is a heap-based buf ...)
	NOT-FOR-US: Bento4
CVE-2018-14531 (An issue was discovered in Bento4 1.5.1-624. There is an unspecified " ...)
	NOT-FOR-US: Bento4
CVE-2018-14530
	RESERVED
CVE-2018-14529 (Invoxia NVX220 devices allow access to /bin/sh via escape from a restr ...)
	NOT-FOR-US: Invoxia NVX220 devices
CVE-2018-14528 (Invoxia NVX220 devices allow TELNET access as admin with a default pas ...)
	NOT-FOR-US: Invoxia NVX220 devices
CVE-2018-14527 (Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection m ...)
	NOT-FOR-US: Xiao5uCompany
CVE-2018-14526 (An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 throug ...)
	{DLA-1462-1}
	- wpa 2:2.6-18 (bug #905739)
	[stretch] - wpa 2:2.4-1+deb9u2
	NOTE: https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
	NOTE: https://w1.fi/security/2018-1/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
	NOTE: https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
CVE-2018-14525
	RESERVED
CVE-2018-14524 (dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a doubl ...)
	- libredwg <itp> (bug #595191)
CVE-2018-14523 (An issue was discovered in aubio 0.4.6. A buffer over-read can occur i ...)
	- aubio 0.4.6-1 (bug #904906)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	NOTE: https://github.com/aubio/aubio/issues/189
CVE-2018-14522 (An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aub ...)
	- aubio 0.4.6-1 (bug #904907)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	NOTE: https://github.com/aubio/aubio/issues/188
CVE-2018-14521 (An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aub ...)
	- aubio 0.4.6-1 (bug #904908)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	NOTE: https://github.com/aubio/aubio/issues/187
CVE-2018-14520
	RESERVED
CVE-2018-14519
	RESERVED
CVE-2018-14518
	RESERVED
CVE-2018-14517 (SeaCMS 6.61 has two XSS issues in the admin_config.php file via certai ...)
	NOT-FOR-US: SeaCMS
CVE-2018-14516
	RESERVED
CVE-2018-14515 (A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote a ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-14514 (An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that al ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-14513 (An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persi ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-14512 (An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persi ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-14511
	RESERVED
CVE-2018-14510
	RESERVED
CVE-2018-14509
	RESERVED
CVE-2018-14508
	RESERVED
CVE-2018-14507
	RESERVED
CVE-2018-14506
	RESERVED
CVE-2018-14504 (An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x ...)
	- mantis <removed>
	NOTE: http://github.com/mantisbt/mantisbt/commit/8b5fa243dbf04344a55fe880135ec149fc1f439f
	NOTE: https://mantisbt.org/blog/archives/mantisbt/602
	NOTE: https://mantisbt.org/bugs/view.php?id=24608
CVE-2018-14503 (Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Corem ...)
	NOT-FOR-US: Coremail XT
CVE-2018-14502 (controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 ...)
	NOT-FOR-US: Kiboko Chained Quiz plugin for WordPress
CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demo ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-14500 (joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.p ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-1999023 (The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a ...)
	- wesnoth-1.14 1:1.14.4-1
	- wesnoth-1.12 <removed>
	[stretch] - wesnoth-1.12 1:1.12.6-1+deb9u1
	- wesnoth-1.10 <removed>
	[jessie] - wesnoth-1.10 <end-of-life> (Games are not supported in Jessie)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/20/1
	NOTE: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318 (1.14.x)
CVE-2018-14505 (mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to t ...)
	- mitmproxy 3.0.4-1 (bug #904293)
	[stretch] - mitmproxy <ignored> (Minor issue)
	[jessie] - mitmproxy <ignored> (Minor issue)
	NOTE: https://github.com/mitmproxy/mitmproxy/issues/3234
	NOTE: https://github.com/mitmproxy/mitmproxy/pull/3243
CVE-2018-14499 (An issue was found in HYBBS through 2016-03-08. There is an XSS vulner ...)
	NOT-FOR-US: HYBBS
CVE-2018-14498 (get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG th ...)
	{DLA-2302-1 DLA-1719-1}
	- libjpeg-turbo 1:2.0.5-1 (low; bug #924678)
	[buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
	- mozjpeg <itp> (bug #741487)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
	NOTE: https://github.com/mozilla/mozjpeg/issues/299
CVE-2018-14497 (Tenda D152 ADSL routers allow XSS via a crafted SSID. ...)
	NOT-FOR-US: Tenda D152 ADSL routers
CVE-2018-14496 (** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption a ...)
	NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14495 (** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection,  ...)
	NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14494 (** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection,  ...)
	NOT-FOR-US: Vivotek FD8136 devices
CVE-2018-14493 (Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Au ...)
	NOT-FOR-US: Open-Audit Community
CVE-2018-14492 (Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN,  ...)
	NOT-FOR-US: Tenda devices
CVE-2018-1999022 (PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) ...)
	- civicrm 5.3.1+dfsg-1 (bug #904215)
	NOTE: https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform
CVE-2018-14491
	RESERVED
CVE-2018-14490
	RESERVED
CVE-2018-14489
	RESERVED
CVE-2018-14488
	RESERVED
CVE-2018-14487
	RESERVED
CVE-2018-14486 (DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via  ...)
	NOT-FOR-US: DNN
CVE-2018-14485 (BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog. ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2018-14484
	RESERVED
CVE-2018-14483
	RESERVED
CVE-2018-14482
	RESERVED
CVE-2018-14481 (Osclass 3.7.4 has XSS via the query string to index.php, a different v ...)
	NOT-FOR-US: Osclass
CVE-2018-14480
	RESERVED
CVE-2018-14479
	RESERVED
CVE-2018-14478 (ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sen ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2018-14477
	RESERVED
CVE-2018-14476 (GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step  ...)
	NOT-FOR-US: GeniXCMS
CVE-2018-14475
	RESERVED
CVE-2018-14474 (views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the ne ...)
	NOT-FOR-US: Orange Forum
CVE-2018-14473 (OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing ...)
	- ocsinventory-server 2.5+dfsg-1 (unimportant; bug #905396)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-14472 (An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is cor ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-14471 (dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0 ...)
	- libredwg <itp> (bug #595191)
CVE-2018-14470 (The Babel parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/12f66f69f7bf1ec1266ddbee90a7616cbf33696b
CVE-2018-14469 (The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in pri ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/396e94ff55a80d554b1fe46bf107db1e91008d6c
CVE-2018-14468 (The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in pr ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa3e54f594385ce7e1e319b0c84999e51192578b
CVE-2018-14467 (The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e3f3b445e2d20ac5d5b7fcb7559ce6beb55da0c9
CVE-2018-14466 (The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print- ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/c24922e692a52121e853a84ead6b9337f4c08a94
CVE-2018-14465 (The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/bea2686c296b79609060a104cc139810785b0739
CVE-2018-14464 (The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d97e94223720684c6aa740ff219e0d19426c2220
CVE-2018-14463 (The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/3de07c772166b7e8e8bb4b9d1d078f1d901b570b
CVE-2018-14462 (The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in prin ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/1a1bce0526a77b62e41531b00f8bb5e21fd4f3a3
CVE-2018-14461 (The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/aa5c6b710dfd8020d2c908d6b3bd41f1da719b3b
CVE-2018-14460 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README3.md
CVE-2018-14459 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14458 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14457 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14456 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14455 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds wri ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14454 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14453 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14452 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14451 (An issue was discovered in libgig 4.1.0. There is a heap-based buffer  ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14450 (An issue was discovered in libgig 4.1.0. There is an out-of-bounds rea ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14449 (An issue was discovered in libgig 4.1.0. There is an out of bounds rea ...)
	- libgig <unfixed> (unimportant; bug #931309)
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/libgig/README-1008.md
	NOTE: Negligible security impact
CVE-2018-14448 (Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL poi ...)
	- untrunc <itp> (bug #702476)
CVE-2018-14447 (trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds r ...)
	{DLA-1470-1}
	- confuse 3.2.1+dfsg-5 (bug #904159)
	[stretch] - confuse 3.0+dfsg-2+deb9u1
	NOTE: https://github.com/martinh/libconfuse/issues/109
CVE-2018-14446 (MP4Integer32Property::Read in atom_avcC.cpp in MP4v2 2.1.0 allows remo ...)
	- mp4v2 <removed> (bug #904896)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: https://github.com/TechSmith/mp4v2/issues/20
CVE-2018-14445 (In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remo ...)
	NOT-FOR-US: Bento4
CVE-2018-14444 (libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18  ...)
	NOT-FOR-US: libdxfrw
CVE-2018-14443 (get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote ...)
	- libredwg <itp> (bug #595191)
CVE-2018-14442 (Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Fre ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14441 (An issue was discovered in cckevincyh SSH CompanyWebsite through 2018- ...)
	NOT-FOR-US: cckevincyh SSH CompanyWebsite
CVE-2018-14440 (An issue was discovered in cckevincyh SSH CompanyWebsite through 2018- ...)
	NOT-FOR-US: cckevincyh SSH CompanyWebsite
CVE-2018-14439 (espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 misha ...)
	NOT-FOR-US: eos4j
CVE-2018-14438 (In Wireshark through 2.6.2, the create_app_running_mutex function in w ...)
	- wireshark <not-affected> (Problem with SetSecurityDescriptorDacl() is Windows specific issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14921
CVE-2018-14437 (ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c. ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1190
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/082223fb992448dbb574747deac9a30f986c116e
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/0812674565df667b1b3e4122ad259096de311c6c
CVE-2018-14436 (ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff. ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1191
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b352c0be410ad900469a079e389178f878aded8
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ae3eecad2f59e27123c1a6c891be75d06fc03656
CVE-2018-14435 (ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c. ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1193
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/957b6397b958a5881005df27eb97319b3175a3c9
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e8f4f5e776002aa6ed490d7c6f65e10fa67359dd
CVE-2018-14434 (ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage  ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1192
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/98a2cceae0dceccbfe54051167c2c80be1f13c3f
CVE-2018-14433
	RESERVED
CVE-2018-14432 (In the Federation component of OpenStack Keystone before 11.0.4, 12.0. ...)
	{DSA-4275-1}
	- keystone 2:13.0.0-7 (bug #904616)
	[jessie] - keystone <end-of-life> (Not supported in Jessie)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/25/2
	NOTE: https://bugs.launchpad.net/keystone/+bug/1779205
CVE-2018-14431
	RESERVED
CVE-2018-14430 (The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows  ...)
	NOT-FOR-US: Mondula Multi Step Form plugin for WordPress
CVE-2018-14429 (man-cgi before 1.16 allows Local File Inclusion via absolute path trav ...)
	NOT-FOR-US: man-cgi
CVE-2018-14428
	RESERVED
CVE-2018-14427
	RESERVED
CVE-2018-14426
	RESERVED
CVE-2018-14425 (There is a Persistent XSS vulnerability in the briefcase component of  ...)
	NOT-FOR-US: Synacor Zimbra Collaboration Suite
CVE-2018-14424 (The daemon in GDM through 3.29.1 does not properly unexport display ob ...)
	{DSA-4270-1 DLA-1494-1}
	- gdm3 3.28.2-4
	NOTE: https://gitlab.gnome.org/GNOME/gdm/issues/401
	NOTE: https://gitlab.gnome.org/GNOME/gdm/commit/6060db704a19b0db68f2e9e6a2d020c0c78b6bba
	NOTE: https://gitlab.gnome.org/GNOME/gdm/commit/765b306c364885dd89d47fe9fe8618ce6a467bc1
CVE-2018-14423 (Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_nex ...)
	{DSA-4405-1 DLA-1614-1}
	- openjpeg2 2.3.0-2 (low; bug #904873)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1123
	NOTE: https://github.com/uclouvain/openjpeg/commit/bd88611ed9ad7144ec4f3de54790cd848175891b
CVE-2018-14422 (blog/index.php in SansCMS 0.7 has XSS via the q parameter. ...)
	NOT-FOR-US: SansCMS
CVE-2018-14421 (SeaCMS v6.61 allows Remote Code execution by placing PHP code in a mov ...)
	NOT-FOR-US: SeaCMS
CVE-2018-14420 (MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsa ...)
	NOT-FOR-US: MetInfo
CVE-2018-14419 (MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on  ...)
	NOT-FOR-US: MetInfo
CVE-2018-14418 (In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. ...)
	NOT-FOR-US: Msvod Cms
CVE-2018-14417 (A command injection vulnerability was found in the web administration  ...)
	NOT-FOR-US: SoftNAS
CVE-2018-14416
	RESERVED
CVE-2018-14415 (An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists v ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-14414
	RESERVED
CVE-2018-14413
	RESERVED
CVE-2018-14412
	RESERVED
CVE-2018-14411
	RESERVED
CVE-2018-14410
	RESERVED
CVE-2018-14409
	RESERVED
CVE-2018-14408
	RESERVED
CVE-2018-14407
	RESERVED
CVE-2018-14406
	RESERVED
CVE-2018-14405
	RESERVED
CVE-2018-14404 (A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPat ...)
	{DLA-2369-1 DLA-1524-1}
	[experimental] - libxml2 2.9.9+dfsg1-1~exp1
	- libxml2 2.9.10+dfsg-2 (low; bug #901817)
	[buster] - libxml2 2.9.4+dfsg1-7+deb10u1
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10
	NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
CVE-2018-14403 (MP4NameFirstMatches in mp4util.cpp in MP4v2 2.0.0 mishandles substring ...)
	- mp4v2 <removed> (bug #904897)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/3
CVE-2018-14402 (axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::p ...)
	NOT-FOR-US: axmldec
CVE-2018-14401 (CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out- ...)
	NOT-FOR-US: AXML Parser
CVE-2018-14400
	REJECTED
CVE-2018-14399 (libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attack ...)
	NOT-FOR-US: PHPCMS
CVE-2018-14398 (An issue was discovered in Creme CRM 1.6.12. The value of the cancel b ...)
	NOT-FOR-US: Creme CRM
CVE-2018-14397 (An issue was discovered in Creme CRM 1.6.12. The organization creation ...)
	NOT-FOR-US: Creme CRM
CVE-2018-14396 (An issue was discovered in Creme CRM 1.6.12. The salesman creation pag ...)
	NOT-FOR-US: Creme CRM
CVE-2018-14395 (libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause ...)
	{DSA-4258-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	[jessie] - libav <not-affected> (only version 2 is supported)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582
CVE-2018-14394 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause  ...)
	{DSA-4249-1 DLA-1630-1}
	- ffmpeg 7:4.0.2-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3a2d21bc5f97aa0161db3ae731fc2732be6108b8
CVE-2018-14393
	RESERVED
CVE-2018-14392 (The New Threads plugin before 1.2 for MyBB has XSS. ...)
	NOT-FOR-US: New Threads plugin for MyBB
CVE-2018-14391
	RESERVED
CVE-2018-14390
	RESERVED
CVE-2018-1999001 (A unauthorized modification of configuration vulnerability exists in J ...)
	- jenkins <removed>
CVE-2018-1999002 (A arbitrary file read vulnerability exists in Jenkins 2.132 and earlie ...)
	- jenkins <removed>
CVE-2018-1999003 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...)
	- jenkins <removed>
CVE-2018-1999004 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...)
	- jenkins <removed>
CVE-2018-1999005 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...)
	- jenkins <removed>
CVE-2018-1999006 (A exposure of sensitive information vulnerability exists in Jenkins 2. ...)
	- jenkins <removed>
CVE-2018-1999007 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...)
	- jenkins <removed>
CVE-2018-14389 (joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-14388 (joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_de ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-14387 (An issue was discovered in WonderCMS before 2.5.2. An attacker can cre ...)
	NOT-FOR-US: WonderCMS
CVE-2018-14386
	RESERVED
CVE-2018-14385
	RESERVED
CVE-2018-14384 (The Website Manager module in SEO Panel 3.13.0 and earlier is affected ...)
	NOT-FOR-US: SEO Panel
CVE-2018-14383 (The Transition Technologies "The Scheduler" app 5.1.3 for Jira allows  ...)
	NOT-FOR-US: Transition Technologies "The Scheduler" app for Jira
CVE-2018-14382 (InstantCMS 2.10.1 has /redirect?url= XSS. ...)
	NOT-FOR-US: InstantCMS
CVE-2018-14381 (Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulner ...)
	NOT-FOR-US: Pagekit CMS
CVE-2018-14380 (In Graylog before 2.4.6, XSS was possible in typeahead components, rel ...)
	- graylog2 <itp> (bug #652273)
CVE-2018-14379 (MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP ...)
	- mp4v2 <removed> (bug #904898)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/17/1
CVE-2018-14378
	REJECTED
CVE-2018-14377
	RESERVED
CVE-2018-14376
	RESERVED
CVE-2018-14375
	REJECTED
CVE-2018-14374
	REJECTED
CVE-2018-14373
	REJECTED
CVE-2018-14372
	RESERVED
CVE-2018-14371 (The getLocalePrefix function in ResourceManager.java in Eclipse Mojarr ...)
	- mojarra <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
CVE-2018-14370 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protoc ...)
	- wireshark 2.6.2-1
	[stretch] - wireshark <not-affected> (Vulnerable code not present)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b1446124eebc3ea5591d18e719c2a5cff3630638
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-43.html
CVE-2018-14369 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-41.html
CVE-2018-14368 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-40.html
CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol diss ...)
	- wireshark 2.6.2-1
	[stretch] - wireshark <not-affected> (Vulnerable code not present)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14966
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-42.html
CVE-2018-14366 (download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13  ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-14365
	RESERVED
CVE-2018-14364 (GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 1 ...)
	- gitlab 10.7.7+dfsg-2 (bug #904026)
	NOTE: https://about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/
CVE-2018-14363 (An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does no ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.9.1-1
	NOTE: https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
	NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code without neomutt patchset
	NOTE: previous versions ship a neomutt patchset.
CVE-2018-14362 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e
	NOTE: https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
CVE-2018-14361 (An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds  ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.9.1-1
	NOTE: https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585
	NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code without neomutt patchset
	NOTE: previous versions ship a neomutt patchset.
CVE-2018-14360 (An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group i ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.9.1-1
	NOTE: https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3
	NOTE: src:mutt 1.9.1-1 switches to official mutt.org source code without neomutt patchset
	NOTE: previous versions ship a neomutt patchset.
CVE-2018-14359 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85
	NOTE: https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14358 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
	NOTE: https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14357 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725
	NOTE: https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14356 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82
	NOTE: https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14355 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d
	NOTE: https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14354 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb
	NOTE: https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14353 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23
	NOTE: https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14352 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4
	NOTE: https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14351 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741
	NOTE: https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14350 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485
	NOTE: https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14349 (An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018- ...)
	{DSA-4277-1 DLA-1455-1}
	- neomutt 20180716+dfsg.1-1 (bug #904021)
	- mutt 1.10.1-1 (bug #904051)
	NOTE: https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1
	NOTE: https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14348 (libcgroup up to and including 0.41 creates /var/log/cgred with mode 06 ...)
	{DLA-1472-1}
	- libcgroup 0.41-8.1 (low; bug #906308)
	[stretch] - libcgroup 0.41-8+deb9u1
	NOTE: https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
	NOTE: cgred not enabled by default, shipped example config logs to syslog by default
CVE-2018-14347 (GNU Libextractor before 1.7 contains an infinite loop vulnerability in ...)
	{DSA-4290-1 DLA-1478-1}
	- libextractor 1:1.7-1 (bug #904905)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00000.html
	NOTE: https://gnunet.org/bugs/view.php?id=5399
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=f033468cd36e2b8bf92d747fbd683b2ace8da394
CVE-2018-14346 (GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_re ...)
	{DSA-4290-1 DLA-1478-1}
	- libextractor 1:1.7-1 (bug #904903)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2018-07/msg00001.html
	NOTE: https://git.gnunet.org/libextractor.git/commit/?id=ad19e7fe0adc99d5710eff1ed48d91a7b75a950e
CVE-2018-14345 (An issue was discovered in SDDM through 0.17.0. If configured with Reu ...)
	- sddm 0.18.0-1
	[stretch] - sddm <not-affected> (Re-use session feature introduced in 0.16.0)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1101450
	NOTE: https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98
CVE-2018-14344 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	- wireshark 2.6.2-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present, introduced in v1.99.1rc0-224-g6720c80bab)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14672
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f7153685b39a164aea09ba7f96ebb648b8328ae
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-35.html
CVE-2018-14343 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14682
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9402f2f80c6bc7d25178a0875c5a1f5ee36361db
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-37.html
CVE-2018-14342 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13741
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=36af43dbb7673495948cd65d0346e8b9812b941c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-34.html
CVE-2018-14341 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e716c32be6aa20e1813b0002878853e71f8b2f4
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-39.html
CVE-2018-14340 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, diss ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14675
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=672d882a53f96730e4ef1e5b1639c585823b0df8
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-36.html
CVE-2018-14339 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the  ...)
	{DLA-1451-1}
	- wireshark 2.6.2-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14738
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b77c0a596a8071aebc1de71e3f79e5e15e919ca
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-38.html
CVE-2018-14338 (samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realp ...)
	- exiv2 <unfixed> (unimportant)
	NOTE: https://github.com/Exiv2/exiv2/issues/382
	NOTE: Issue in example code of Exiv2
CVE-2018-14337 (The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1  ...)
	- mruby 2.0.0-1 (low; bug #903985)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/issues/4062
	NOTE: https://github.com/mruby/mruby/commit/695f29cd604787f43be1af16e38d13610bf8312b
	NOTE: https://github.com/mruby/mruby/commit/adb1eae912659d680a9c5b7832e22cf73d36a69a
CVE-2018-14336 (TP-Link WR840N devices allow remote attackers to cause a denial of ser ...)
	NOT-FOR-US: TP-Link
CVE-2018-14335 (An issue was discovered in H2 1.4.197. Insecure handling of permission ...)
	NOT-FOR-US: H2 (different from src:python-h2)
CVE-2018-14334 (manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file u ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-14333 (TeamViewer through 13.1.1548 stores a password in Unicode format withi ...)
	NOT-FOR-US: TeamViewer
CVE-2018-14332 (An issue was discovered in Clementine Music Player 1.3.1. Clementine.e ...)
	- clementine <unfixed> (unimportant)
	NOTE: https://github.com/clementine-player/Clementine/issues/6078
	NOTE: https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332
	NOTE: Crash in enduser tool, no security impact
CVE-2018-14331 (An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulne ...)
	NOT-FOR-US: XiaoCms
CVE-2018-14330
	RESERVED
CVE-2018-14329 (In HTSlib 1.8, a race condition in cram/cram_io.c might allow local us ...)
	- htslib <unfixed> (unimportant)
	NOTE: https://github.com/samtools/htslib/issues/736
	NOTE: Neutralised by kernel hardening
CVE-2018-14328 (Brynamics "Online Trade - Online trading and cryptocurrency investment ...)
	NOT-FOR-US: Brynamics "Online Trade - Online trading and cryptocurrency investment system"
CVE-2018-14327 (The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40V ...)
	NOT-FOR-US: Alcatel
CVE-2018-14324 (The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP p ...)
	- glassfish <not-affected> (Vulnerable code not included, only builds a few classes)
CVE-2018-14323
	RESERVED
CVE-2018-14322
	RESERVED
CVE-2018-14321
	RESERVED
CVE-2018-14320 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	- libpodofo 0.9.6+dfsg-4 (bug #916240)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-18-1046/
	NOTE: https://sourceforge.net/p/podofo/code/1953
CVE-2018-14319
	RESERVED
CVE-2018-14318 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Samsung
CVE-2018-14317 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14316 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14315 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14314 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14313 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14312 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14311 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14310 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14309 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14308 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14307 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14306 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14305 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14304 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14303 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14302 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14301 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14300 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14299 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14298 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14297 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14296 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14295 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-14294 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14293 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14292 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14291 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14290 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14289 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14288 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14287 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14286 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14285 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14284 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14283 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14282 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14281 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14280 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14279 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14278 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14277 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14276 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14275 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14274 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14273 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14272 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14271 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14270 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14269 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14268 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14267 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14266 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14265 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14264 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14263 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14262 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14261 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14260 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14259 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14258 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14257 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14256 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14255 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14254 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14253 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14252 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14251 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14250 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14249 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14248 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14247 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14246 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14245 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14244 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14243 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14242 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14241 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-14326 (In MP4v2 2.0.0, there is an integer overflow (with resultant memory co ...)
	- mp4v2 <removed> (bug #904900)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14325 (In MP4v2 2.0.0, there is an integer underflow (with resultant memory c ...)
	- mp4v2 <removed> (bug #904901)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/16/1
CVE-2018-14240
	RESERVED
CVE-2018-14239
	RESERVED
CVE-2018-14238
	RESERVED
CVE-2018-14237
	RESERVED
CVE-2018-14236
	RESERVED
CVE-2018-14235
	RESERVED
CVE-2018-14234
	RESERVED
CVE-2018-14233
	RESERVED
CVE-2018-14232
	RESERVED
CVE-2018-14231
	RESERVED
CVE-2018-14230
	RESERVED
CVE-2018-14229
	RESERVED
CVE-2018-14228
	RESERVED
CVE-2018-14227
	RESERVED
CVE-2018-14226
	RESERVED
CVE-2018-14225
	RESERVED
CVE-2018-14224
	RESERVED
CVE-2018-14223
	RESERVED
CVE-2018-14222
	RESERVED
CVE-2018-14221
	RESERVED
CVE-2018-14220
	RESERVED
CVE-2018-14219
	RESERVED
CVE-2018-14218
	RESERVED
CVE-2018-14217
	RESERVED
CVE-2018-14216
	RESERVED
CVE-2018-14215
	RESERVED
CVE-2018-14214
	RESERVED
CVE-2018-14213
	RESERVED
CVE-2018-14212
	RESERVED
CVE-2018-14211
	RESERVED
CVE-2018-14210
	RESERVED
CVE-2018-14209
	RESERVED
CVE-2018-14208
	RESERVED
CVE-2018-14207
	RESERVED
CVE-2018-14206
	RESERVED
CVE-2018-14205
	RESERVED
CVE-2018-14204
	RESERVED
CVE-2018-14203
	RESERVED
CVE-2018-14202
	RESERVED
CVE-2018-14201
	RESERVED
CVE-2018-14200
	RESERVED
CVE-2018-14199
	RESERVED
CVE-2018-14198
	RESERVED
CVE-2018-14197
	RESERVED
CVE-2018-14196
	RESERVED
CVE-2018-14195
	RESERVED
CVE-2018-14194
	RESERVED
CVE-2018-14193
	RESERVED
CVE-2018-14192
	RESERVED
CVE-2018-14191
	RESERVED
CVE-2018-14190
	RESERVED
CVE-2018-14189
	RESERVED
CVE-2018-14188
	RESERVED
CVE-2018-14187
	RESERVED
CVE-2018-14186
	RESERVED
CVE-2018-14185
	RESERVED
CVE-2018-14184
	RESERVED
CVE-2018-14183
	RESERVED
CVE-2018-14182
	RESERVED
CVE-2018-14181
	RESERVED
CVE-2018-14180
	RESERVED
CVE-2018-14179
	RESERVED
CVE-2018-14178
	RESERVED
CVE-2018-14177
	RESERVED
CVE-2018-14176
	RESERVED
CVE-2018-14175
	RESERVED
CVE-2018-14174
	RESERVED
CVE-2018-14173
	RESERVED
CVE-2018-14172
	RESERVED
CVE-2018-14171
	RESERVED
CVE-2018-14170
	RESERVED
CVE-2018-14169
	RESERVED
CVE-2018-14168
	RESERVED
CVE-2018-14167
	RESERVED
CVE-2018-14166
	RESERVED
CVE-2018-14165
	RESERVED
CVE-2018-14164
	RESERVED
CVE-2018-14163
	RESERVED
CVE-2018-14162
	RESERVED
CVE-2018-14161
	RESERVED
CVE-2018-14160
	RESERVED
CVE-2018-14159
	RESERVED
CVE-2018-14158
	RESERVED
CVE-2018-14157
	RESERVED
CVE-2018-14156
	RESERVED
CVE-2018-14155
	RESERVED
CVE-2018-14154
	RESERVED
CVE-2018-14153
	RESERVED
CVE-2018-14152
	RESERVED
CVE-2018-14151
	RESERVED
CVE-2018-14150
	RESERVED
CVE-2018-14149
	RESERVED
CVE-2018-14148
	RESERVED
CVE-2018-14147
	RESERVED
CVE-2018-14146
	RESERVED
CVE-2018-14145
	RESERVED
CVE-2018-14144
	RESERVED
CVE-2018-14143
	RESERVED
CVE-2018-14142
	RESERVED
CVE-2018-14141
	RESERVED
CVE-2018-14140
	RESERVED
CVE-2018-14139
	RESERVED
CVE-2018-14138
	RESERVED
CVE-2018-14137
	RESERVED
CVE-2018-14136
	RESERVED
CVE-2018-14135
	RESERVED
CVE-2018-14134
	RESERVED
CVE-2018-14133
	RESERVED
CVE-2018-14132
	RESERVED
CVE-2018-14131
	RESERVED
CVE-2018-14130
	RESERVED
CVE-2018-14129
	RESERVED
CVE-2018-14128
	RESERVED
CVE-2018-14127
	RESERVED
CVE-2018-14126
	RESERVED
CVE-2018-14125
	RESERVED
CVE-2018-14124
	RESERVED
CVE-2018-14123
	RESERVED
CVE-2018-14122
	RESERVED
CVE-2018-14121
	RESERVED
CVE-2018-14120
	RESERVED
CVE-2018-14119
	RESERVED
CVE-2018-14118
	RESERVED
CVE-2018-14117
	RESERVED
CVE-2018-14116
	RESERVED
CVE-2018-14115
	RESERVED
CVE-2018-14114
	RESERVED
CVE-2018-14113
	RESERVED
CVE-2018-14112
	RESERVED
CVE-2018-14111
	RESERVED
CVE-2018-14110
	RESERVED
CVE-2018-14109
	RESERVED
CVE-2018-14108
	RESERVED
CVE-2018-14107
	RESERVED
CVE-2018-14106
	RESERVED
CVE-2018-14105
	RESERVED
CVE-2018-14104
	RESERVED
CVE-2018-14103
	RESERVED
CVE-2018-14102
	RESERVED
CVE-2018-14101
	RESERVED
CVE-2018-14100
	RESERVED
CVE-2018-14099
	RESERVED
CVE-2018-14098
	RESERVED
CVE-2018-14097
	RESERVED
CVE-2018-14096
	RESERVED
CVE-2018-14095
	RESERVED
CVE-2018-14094
	RESERVED
CVE-2018-14093
	RESERVED
CVE-2018-14092
	RESERVED
CVE-2018-14091
	RESERVED
CVE-2018-14090
	RESERVED
CVE-2018-14089 (An issue was discovered in a smart contract implementation for Virgo_Z ...)
	NOT-FOR-US: smart contract implementation for Virgo_ZodiacToken
CVE-2018-14088 (An issue was discovered in a smart contract implementation for STeX Wh ...)
	NOT-FOR-US: smart contract implementation for STeX White List (STE(WL))
CVE-2018-14087 (An issue was discovered in a smart contract implementation for EUC (EU ...)
	NOT-FOR-US: smart contract implementation for EUC (EUC)
CVE-2018-14086 (An issue was discovered in a smart contract implementation for Singapo ...)
	NOT-FOR-US: smart contract implementation for SingaporeCoinOrigin (SCO)
CVE-2018-14085 (An issue was discovered in a smart contract implementation for UserWal ...)
	NOT-FOR-US: smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42
CVE-2018-14084 (An issue was discovered in a smart contract implementation for MKCB, a ...)
	NOT-FOR-US: smart contract implementation for MKCB
CVE-2018-14083 (LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain se ...)
	NOT-FOR-US: LICA miniCMTS E8K(u/i/...) devices
CVE-2018-14082 (PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Script ...)
	NOT-FOR-US: PHP Scripts Mall JOB SITE (aka Job Portal)
CVE-2018-14081 (An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through  ...)
	NOT-FOR-US: D-Link
CVE-2018-14080 (An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through  ...)
	NOT-FOR-US: D-Link
CVE-2018-14079 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attack ...)
	NOT-FOR-US: Wi2be SMART HP WMT
CVE-2018-14078 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attack ...)
	NOT-FOR-US: Wi2be SMART HP WMT
CVE-2018-14077 (Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attack ...)
	NOT-FOR-US: Wi2be SMART HP WMT
CVE-2018-14076
	RESERVED
CVE-2018-14075
	RESERVED
CVE-2018-14074
	RESERVED
CVE-2018-14073 (libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c ...)
	- libsixel 1.8.2-1 (low; bug #903858)
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <postponed> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926
	NOTE: https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
CVE-2018-14072 (libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, ...)
	- libsixel 1.8.2-1 (low; bug #903858)
	[stretch] - libsixel 1.5.2-2+deb9u1
	[jessie] - libsixel <postponed> (Minor issue)
	NOTE: https://github.com/saitoha/libsixel/issues/67#issue-341198610
	NOTE: https://github.com/saitoha/libsixel/commit/f94bc6fec696abd77be275226f28409602bd1f27
CVE-2018-14071 (The Geo Mashup plugin before 1.10.4 for WordPress has insufficient san ...)
	NOT-FOR-US: Geo Mashup plugin for WordPress
CVE-2018-14070
	RESERVED
CVE-2018-14069 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
	NOT-FOR-US: SRCMS
CVE-2018-14068 (An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability ...)
	NOT-FOR-US: SRCMS
CVE-2018-14067 (Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injec ...)
	NOT-FOR-US: Green Packet WiMax DV-360 devices
CVE-2018-14066 (The content://wappush content provider in com.android.provider.telepho ...)
	NOT-FOR-US: Lenovo
CVE-2018-14065 (XMLReader.php in PHPOffice Common before 0.2.9 allows XXE. ...)
	NOT-FOR-US: PHPOffice
CVE-2018-14064 (The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices all ...)
	NOT-FOR-US: VelotiSmart WiFi B-380 camera devices
CVE-2018-14063 (The increaseApproval function of a smart contract implementation for T ...)
	NOT-FOR-US: smart contract
CVE-2018-14062 (The COSPAS-SARSAT protocol allows remote attackers to forge messages,  ...)
	NOT-FOR-US: COSPAS-SARSAT protocol
CVE-2018-14061
	RESERVED
CVE-2018-14060 (OS command injection in the AP mode settings feature in /cgi-bin/luci  ...)
	NOT-FOR-US: Xiaomi R3D
CVE-2018-14059 (Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails,  ...)
	NOT-FOR-US: Pimcore
CVE-2018-14058 (Pimcore before 5.3.0 allows SQL Injection via the REST web service API ...)
	NOT-FOR-US: Pimcore
CVE-2018-14057 (Pimcore before 5.3.0 allows remote attackers to conduct cross-site req ...)
	NOT-FOR-US: Pimcore
CVE-2018-14055 (ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming ...)
	{DSA-4252-1 DLA-1427-1}
	- znc 1.7.1-1 (bug #903787)
	NOTE: https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
	NOTE: https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/4
CVE-2018-14056 (ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a we ...)
	{DSA-4252-1 DLA-1427-1}
	- znc 1.7.1-1 (bug #903788)
	NOTE: https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/5
CVE-2018-14053
	RESERVED
CVE-2018-14052 (An issue has been found in libwav through 2017-04-20. It is a SEGV in  ...)
	NOT-FOR-US: libwav
CVE-2018-14051 (The function wav_read in libwav.c in libwav through 2017-04-20 has an  ...)
	NOT-FOR-US: libwav
CVE-2018-14050 (An issue has been found in libwav through 2017-04-20. It is a SEGV in  ...)
	NOT-FOR-US: libwav
CVE-2018-14049 (An issue has been found in libwav through 2017-04-20. It is a SEGV in  ...)
	NOT-FOR-US: libwav
CVE-2018-14048 (An issue has been found in libpng 1.6.34. It is a SEGV in the function ...)
	[experimental] - libpng1.6 1.6.37-1~exp1
	- libpng1.6 1.6.37-1 (unimportant)
	- libpng <removed> (unimportant)
	NOTE: https://github.com/glennrp/libpng/issues/238
	NOTE: Issue in use of libpng in pnm2png not shipped in binary packages.
CVE-2018-14047 (** DISPUTED ** An issue has been found in PNGwriter 0.7.0. It is a SEG ...)
	- pngwriter <removed>
	NOTE: https://github.com/pngwriter/pngwriter/issues/129
CVE-2018-14046 (Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunk ...)
	- exiv2 <not-affected> (Vulnerable code not present; only affecte experimental; bug #903763)
	NOTE: https://github.com/Exiv2/exiv2/issues/378
	NOTE: https://github.com/D4N/exiv2/commit/49bfe84b4b7277cc425572fb68db23c8820181c1
CVE-2018-14045 (The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSou ...)
	- soundtouch 2.1.2+ds1-1 (low; bug #905504)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/7
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md
CVE-2018-14044 (The RateTransposer::setChannels function in RateTransposer.cpp in libS ...)
	- soundtouch 2.1.2+ds1-1 (low; bug #905504)
	[stretch] - soundtouch <no-dsa> (Minor issue)
	[jessie] - soundtouch <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/soundtouch/soundtouch/issues/7
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md
CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file ac ...)
	NOT-FOR-US: mstdlib
CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container prope ...)
	- twitter-bootstrap <removed>
	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
	- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
	NOTE: https://github.com/twbs/bootstrap/issues/26423
	NOTE: https://github.com/twbs/bootstrap/issues/26628
	NOTE: https://github.com/twbs/bootstrap/pull/26630
	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
	NOTE: https://github.com/twbs/bootstrap/commit/2d90d369bbc2bd2647620246c55cec8c4705e3d0 (v4.1.2)
	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
	- twitter-bootstrap <not-affected> (Vulnerable code not present)
	- twitter-bootstrap3 <not-affected> (Vulnerable code not present)
	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
	NOTE: https://github.com/twbs/bootstrap/issues/26423
	NOTE: https://github.com/twbs/bootstrap/issues/26627
	NOTE: https://github.com/twbs/bootstrap/pull/26630
	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628
	NOTE: https://snyk.io/vuln/npm:bootstrap:20160627
	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
	NOTE: https://github.com/twbs/bootstrap/commit/cc61edfa8af7b5ec9d4888c59bf94377e499b78b (v4.1.2)
CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...)
	{DLA-1479-1}
	- twitter-bootstrap <removed>
	[stretch] - twitter-bootstrap <no-dsa> (Minor issue)
	[jessie] - twitter-bootstrap <no-dsa> (Minor issue)
	- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
	[stretch] - twitter-bootstrap3 3.3.7+dfsg-2+deb9u1
	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
	NOTE: https://github.com/twbs/bootstrap/issues/26423
	NOTE: https://github.com/twbs/bootstrap/issues/26625
	NOTE: https://github.com/twbs/bootstrap/pull/26630
	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621
	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
	NOTE: https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0 (v4.1.2)
	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
CVE-2018-14039
	RESERVED
CVE-2018-14038
	REJECTED
CVE-2018-14037 (Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v ...)
	NOT-FOR-US: Progress Kendo UI Editor
CVE-2018-1000211 (Doorkeeper version 4.2.0 and later contains a Incorrect Access Control ...)
	- ruby-doorkeeper 4.4.2-1 (bug #903980)
	[stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/891
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1119
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1031
CVE-2018-1000210 (YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object ...)
	NOT-FOR-US: YamlDotNet
CVE-2018-1000209 (Sensu, Inc. Sensu Core version Before version 1.4.2-3 contains a Insec ...)
	NOT-FOR-US: Sensu
CVE-2018-1000208 (MODX Revolution version &lt;=2.6.4 contains a Directory Traversal vuln ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-1000207 (MODX Revolution version &lt;=2.6.4 contains a Incorrect Access Control ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-1000206 (JFrog Artifactory version since 5.11 contains a Cross ite Request Forg ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2018-14054 (A double free exists in the MP4StringProperty class in mp4property.cpp ...)
	- mp4v2 <removed> (bug #903859)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/13/1
CVE-2018-14036 (Directory Traversal with ../ sequences occurs in AccountsService befor ...)
	- accountsservice 0.6.45-2 (low; bug #903828)
	[stretch] - accountsservice <no-dsa> (Minor issue)
	[jessie] - accountsservice <ignored> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/02/2
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=107085
	NOTE: https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/f9abd359f71a5bce421b9ae23432f539a067847a
CVE-2018-14035 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
CVE-2018-14034 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
CVE-2018-14033 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
CVE-2018-14032
	REJECTED
CVE-2018-14031 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md
CVE-2018-14030
	RESERVED
CVE-2018-14029 (CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allo ...)
	NOT-FOR-US: Creatiwity wityCMS
CVE-2018-14028 (In WordPress 4.9.7, plugins uploaded via the admin area are not verifi ...)
	- wordpress <unfixed> (bug #906565)
	[buster] - wordpress <postponed> (Minor issue, revisit when fixed upstream)
	[stretch] - wordpress <postponed> (Minor issue, no sanctioned patch)
	[jessie] - wordpress <postponed> (Minor issue, no sanctioned patch)
	NOTE: https://core.trac.wordpress.org/ticket/44710
	NOTE: https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/
CVE-2018-14027 (Digisol Wireless Wifi Home Router HR-3300 allows XSS via the userid or ...)
	NOT-FOR-US: Digisol Wireless Wifi Home Router HR-3300
CVE-2018-14026
	RESERVED
CVE-2018-14025
	RESERVED
CVE-2018-14024
	RESERVED
CVE-2018-14023 (Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows  ...)
	- signal-desktop <itp> (bug #842943)
CVE-2018-14022
	RESERVED
CVE-2018-14021
	RESERVED
CVE-2018-14020 (An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and ...)
	NOT-FOR-US: Paymorrow module for OXID shop
CVE-2018-14019
	RESERVED
CVE-2018-14018
	RESERVED
CVE-2018-14017 (The r_bin_java_annotation_new function in shlr/java/class.c in radare2 ...)
	- radare2 2.8.0+dfsg-1 (bug #903726)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152
	NOTE: https://github.com/radare/radare2/issues/10498
CVE-2018-14016 (The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7. ...)
	- radare2 2.8.0+dfsg-1 (bug #903725)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/eb7deb281df54771fb8ecf5890dc325a7d22d3e2
	NOTE: https://github.com/radare/radare2/issues/10464
CVE-2018-14015 (The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote  ...)
	- radare2 2.8.0+dfsg-1 (bug #903724)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/d37d2b858ac47f2f108034be0bcecadaddfbc8b3
	NOTE: https://github.com/radare/radare2/issues/10465
CVE-2018-14014 (In waimai Super Cms 20150505, there is a CSRF vulnerability that can a ...)
	NOT-FOR-US: waimai Super Cms
CVE-2018-14013 (Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS ...)
	NOT-FOR-US: Zimbra
CVE-2018-14012 (WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the defaul ...)
	NOT-FOR-US: WolfSight CMS
CVE-2018-14011
	RESERVED
CVE-2018-14010 (OS command injection in the guest Wi-Fi settings feature in /cgi-bin/l ...)
	NOT-FOR-US: Xiaomi
CVE-2018-14009 (Codiad through 2.8.4 allows Remote Code Execution, a different vulnera ...)
	NOT-FOR-US: Codiad
CVE-2018-14008 (Arista EOS through 4.21.0F allows a crash because 802.1x authenticatio ...)
	NOT-FOR-US: Arista EOS
CVE-2018-14007 (Citrix XenServer 7.1 and newer allows Directory Traversal. ...)
	NOT-FOR-US: xapi
CVE-2018-14006 (An integer overflow vulnerability exists in the function multipleTrans ...)
	NOT-FOR-US: Neo Genesis Token (NGT)
CVE-2018-14005 (An integer overflow vulnerability exists in the function transferAny o ...)
	NOT-FOR-US: Malaysia coins (Xmc)
CVE-2018-14004 (An integer overflow vulnerability exists in the function transfer_toke ...)
	NOT-FOR-US: GlobeCoin (GLB)
CVE-2018-14003 (An integer overflow vulnerability exists in the function batchTransfer ...)
	NOT-FOR-US: WeMediaChain (WMC)
CVE-2018-14002 (An integer overflow vulnerability exists in the function distribute of ...)
	NOT-FOR-US: MP3 Coin (MP3)
CVE-2018-14001 (An integer overflow vulnerability exists in the function batchTransfer ...)
	NOT-FOR-US: SHARKTECH (SKT)
CVE-2018-14000
	RESERVED
CVE-2018-13999 (Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorVal ...)
	NOT-FOR-US: Catfish CMS
CVE-2018-13998 (ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Securit ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-13997 (Genann through 2018-07-08 has a SEGV in genann_run in genann.c. ...)
	NOT-FOR-US: Genann
CVE-2018-13996 (Genann through 2018-07-08 has a stack-based buffer over-read in genann ...)
	NOT-FOR-US: Genann
CVE-2018-13995
	RESERVED
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13994 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13993 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13992 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13991 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions 1.0 t ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13990 (The WebUI of PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, 48xx versions prior ...)
	NOT-FOR-US: Phoenix Contact FL switch
CVE-2018-13989 (Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST ...)
	NOT-FOR-US: Grundig Smart Inter@ctive TV 3.0 devices
CVE-2018-13988 (Poppler through 0.62 contains an out of bounds read vulnerability due  ...)
	{DLA-1562-1}
	- poppler 0.69.0-2 (low; bug #904922)
	[stretch] - poppler <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602838
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee (poppler-0.67.0)
CVE-2018-13987
	RESERVED
CVE-2018-13986
	RESERVED
CVE-2018-13985
	RESERVED
CVE-2018-13984
	RESERVED
CVE-2018-13983 (ImpressCMS 1.3.10 has XSS via the PATH_INFO to htdocs/install/index.ph ...)
	NOT-FOR-US: ImpressCMS
CVE-2018-13982 (Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...)
	- smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1
	[stretch] - smarty3 <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - smarty3 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe
	NOTE: https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8
	NOTE: https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50
	NOTE: https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/17/4
	NOTE: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal
	NOTE: CVE is about the fetch tag as an attack vector.
	NOTE: vulnerable code introduced in realpath() rewrite (c09b05cbe) released in 3.1.28
CVE-2018-13981 (The websites that were built from Zeta Producer Desktop CMS before 14. ...)
	NOT-FOR-US: Zeta Producer Desktop CMS
CVE-2018-13980 (The websites that were built from Zeta Producer Desktop CMS before 14. ...)
	NOT-FOR-US: Zeta Producer Desktop CMS
CVE-2018-13979
	RESERVED
CVE-2018-13978
	RESERVED
CVE-2018-13977
	RESERVED
CVE-2018-13976
	RESERVED
CVE-2018-13975
	RESERVED
CVE-2018-13974
	RESERVED
CVE-2018-13973
	RESERVED
CVE-2018-13972
	RESERVED
CVE-2018-13971
	RESERVED
CVE-2018-13970
	RESERVED
CVE-2018-13969
	RESERVED
CVE-2018-13968
	RESERVED
CVE-2018-13967
	RESERVED
CVE-2018-13966
	RESERVED
CVE-2018-13965
	RESERVED
CVE-2018-13964
	RESERVED
CVE-2018-13963
	RESERVED
CVE-2018-13962
	RESERVED
CVE-2018-13961
	RESERVED
CVE-2018-13960
	RESERVED
CVE-2018-13959
	RESERVED
CVE-2018-13958
	RESERVED
CVE-2018-13957
	RESERVED
CVE-2018-13956
	RESERVED
CVE-2018-13955
	RESERVED
CVE-2018-13954
	RESERVED
CVE-2018-13953
	RESERVED
CVE-2018-13952
	RESERVED
CVE-2018-13951
	RESERVED
CVE-2018-13950
	RESERVED
CVE-2018-13949
	RESERVED
CVE-2018-13948
	RESERVED
CVE-2018-13947
	RESERVED
CVE-2018-13946
	RESERVED
CVE-2018-13945
	RESERVED
CVE-2018-13944
	RESERVED
CVE-2018-13943
	RESERVED
CVE-2018-13942
	RESERVED
CVE-2018-13941
	RESERVED
CVE-2018-13940
	RESERVED
CVE-2018-13939
	RESERVED
CVE-2018-13938
	RESERVED
CVE-2018-13937
	RESERVED
CVE-2018-13936
	RESERVED
CVE-2018-13935
	RESERVED
CVE-2018-13934
	RESERVED
CVE-2018-13933
	RESERVED
CVE-2018-13932
	RESERVED
CVE-2018-13931
	RESERVED
CVE-2018-13930
	RESERVED
CVE-2018-13929
	RESERVED
CVE-2018-13928
	RESERVED
CVE-2018-13927 (Debug policy with invalid signature can be loaded when the debug polic ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13926
	RESERVED
CVE-2018-13925 (Error in parsing PMT table frees the memory allocated for the map sect ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13924 (Lack of check to prevent the buffer length taking negative values can  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13923
	RESERVED
CVE-2018-13922
	RESERVED
CVE-2018-13921
	RESERVED
CVE-2018-13920 (Use-after-free condition due to Improper handling of hrtimers when the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13919 (Use-after-free vulnerability will occur if reset of the routing table  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13918 (kernel could return a received message length higher than expected, wh ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13917
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13916 (Out-of-bounds memory access in Qurt kernel function when using the ide ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13915
	RESERVED
CVE-2018-13914 (Lack of input validation for data received from user space can lead to ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13913 (Improper validation of array index can lead to unauthorized access whi ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13912 (Arbitrary write issue can occur when user provides kernel address in c ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13911 (Out of bounds memory read and access may lead to unexpected behavior i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13910 (Out-of-Bounds access in TZ due to invalid index calculated to check ag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13909 (Metadata verification and partial hash system calls by bootloader may  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13908 (Truncated access authentication token leads to weakened access control ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13907 (While deserializing any key blob during key operations, buffer overflo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13906 (The HMAC authenticating the message from QSEE is vulnerable to timing  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13905 (KGSL syncsource lock not handled properly during syncsource cleanup ca ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ can l ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13903 (u'Error in UE due to race condition in EPCO handling' in Snapdragon Au ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13902 (Out of bounds memory read and access due to improper array index valid ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13901 (Due to missing permissions in Android Manifest file, Sensitive informa ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13900 (Use-after-free vulnerability will occur as there is no protection for  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13899 (Processing messages after error may result in user after free memory f ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13898 (Out-of-Bounds write due to incorrect array index check in PMIC in Snap ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13897 (Clients hostname gets added to DNS record on device which is running d ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13896 (XBL_SEC image authentication and other crypto related validations are  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-13895 (Due to the missing permissions on several content providers of the RCS ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13894
	RESERVED
CVE-2018-13893 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13892
	RESERVED
CVE-2018-13891
	RESERVED
CVE-2018-13890
	RESERVED
CVE-2018-13889 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-13888 (There is potential for memory corruption in the RIL daemon due to de r ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13887 (Untrusted header fields in GNSS XTRA3 function can lead to integer ove ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13886 (Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then bu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13885 (Possible memory overread may be lead to access of sensitive data in Sn ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-13884
	REJECTED
CVE-2018-13883
	RESERVED
CVE-2018-13882
	RESERVED
CVE-2018-13881
	RESERVED
CVE-2018-13880
	RESERVED
CVE-2018-13879 (A reflected XSS issue was discovered in the registration form in Rocke ...)
	NOT-FOR-US: Rocket.Chat
CVE-2018-13878 (An XSS issue was discovered in packages/rocketchat-mentions/Mentions.j ...)
	NOT-FOR-US: Rocket.Chat
CVE-2018-13877 (The doPayouts() function of the smart contract implementation for Mega ...)
	NOT-FOR-US: MegaCryptoPolis
CVE-2018-13876 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13875 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13874 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13873 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a buf ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13872 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13871 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13870 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13869 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a mem ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13868 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a hea ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13867 (An issue was discovered in the HDF HDF5 1.8.20 library. There is an ou ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13866 (An issue was discovered in the HDF HDF5 1.8.20 library. There is a sta ...)
	- hdf5 <undetermined>
	NOTE: https://github.com/TeamSeri0us/pocs/tree/master/hdf5
CVE-2018-13865 (An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the c ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-13864 (A directory traversal vulnerability has been found in the Assets contr ...)
	NOT-FOR-US: Play Framework
CVE-2018-13862 (Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09 ...)
	NOT-FOR-US: Touchpad / Trivum WebTouch Setup
CVE-2018-13861 (Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09 ...)
	NOT-FOR-US: Touchpad / Trivum WebTouch Setup
CVE-2018-13860 (MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Pro ...)
	NOT-FOR-US: MusicCenter / Trivum Multiroom Setup
CVE-2018-13859 (MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Pro ...)
	NOT-FOR-US: MusicCenter / Trivum Multiroom Setup
CVE-2018-13858 (MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Pro ...)
	NOT-FOR-US: MusicCenter / Trivum Multiroom Setup
CVE-2018-13863 (The MongoDB bson JavaScript module (also known as js-bson) versions 0. ...)
	- node-mongodb 3.1.10+~3.1.9-1
	NOTE: https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a (1.0.5)
CVE-2018-13857
	RESERVED
CVE-2018-13856
	RESERVED
CVE-2018-13855
	RESERVED
CVE-2018-13854
	RESERVED
CVE-2018-13853
	RESERVED
CVE-2018-13852
	RESERVED
CVE-2018-13851
	RESERVED
CVE-2018-13850 (The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component s ...)
	NOT-FOR-US: Firebase Cloud Messaging
CVE-2018-13849 (edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XS ...)
	NOT-FOR-US: yTakkar Instagram-clone
CVE-2018-13848 (An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszA ...)
	NOT-FOR-US: Bento4
CVE-2018-13847 (An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoA ...)
	NOT-FOR-US: Bento4
CVE-2018-13846 (An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStr ...)
	NOT-FOR-US: Bento4
CVE-2018-13845 (An issue has been found in HTSlib 1.8. It is a buffer over-read in sam ...)
	- htslib 1.9-2 (low)
	[stretch] - htslib <no-dsa> (Minor issue)
	[jessie] - htslib <no-dsa> (Minor issue)
	NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403681105
CVE-2018-13844 (An issue has been found in HTSlib 1.8. It is a memory leak in fai_read ...)
	- htslib 1.9-2 (low)
	[stretch] - htslib <no-dsa> (Minor issue)
	[jessie] - htslib <no-dsa> (Minor issue)
	NOTE: https://github.com/samtools/htslib/issues/731#issuecomment-403675330
CVE-2018-13843 (** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory l ...)
	- htslib 1.9-2 (low)
	[stretch] - htslib <no-dsa> (Minor issue)
	[jessie] - htslib <no-dsa> (Minor issue)
	NOTE: https://github.com/samtools/htslib/issues/731#issue-339662537
CVE-2018-13842
	RESERVED
CVE-2018-13841
	RESERVED
CVE-2018-13840
	RESERVED
CVE-2018-13839
	RESERVED
CVE-2018-13838
	RESERVED
CVE-2018-13837
	RESERVED
CVE-2018-13836 (An integer overflow vulnerability exists in the function multiTransfer ...)
	NOT-FOR-US: Rocket Coin (XRC)
CVE-2018-13835
	RESERVED
CVE-2018-13834
	RESERVED
CVE-2018-13833 (An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFi ...)
	NOT-FOR-US: cmft
CVE-2018-13832 (Multiple Persistent cross-site scripting (XSS) issues in the Techotron ...)
	NOT-FOR-US: Techotronic all-in-one-favicon (aka All In One Favicon) plugin for WordPress
CVE-2018-13831
	RESERVED
CVE-2018-13830
	RESERVED
CVE-2018-13829
	REJECTED
CVE-2018-13828
	REJECTED
CVE-2018-13827
	REJECTED
CVE-2018-13826 (An XML external entity vulnerability in the XOG functionality, in CA P ...)
	NOT-FOR-US: CA PPM
CVE-2018-13825 (Insufficient input validation in the gridExcelExport functionality, in ...)
	NOT-FOR-US: CA PPM
CVE-2018-13824 (Insufficient input sanitization of two parameters in CA PPM 14.3 and b ...)
	NOT-FOR-US: CA PPM
CVE-2018-13823 (An XML external entity vulnerability in the XOG functionality, in CA P ...)
	NOT-FOR-US: CA PPM
CVE-2018-13822 (Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15. ...)
	NOT-FOR-US: CA PPM
CVE-2018-13821 (A lack of authentication, in CA Unified Infrastructure Management 8.5. ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13820 (A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13819 (A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2018-13818 (** DISPUTED ** Twig before 2.4.4 allows Server-Side Template Injection ...)
	- twig 2.4.4-2 (unimportant)
	NOTE: Fixed upstream in 2.4.4
	NOTE: Vendor of Twig disputes issue as Twig itself is not a web application and
	NOTE: it is the repsonsibility of the web applications using Twig to properly wrap
	NOTE: input to it.
CVE-2018-13817
	REJECTED
CVE-2018-13816 (A vulnerability has been identified in TIM 1531 IRC (All version &lt;  ...)
	NOT-FOR-US: Siemens TIM 1531 IRC Modules
CVE-2018-13815 (A vulnerability has been identified in SIMATIC S7-1200 (All versions), ...)
	NOT-FOR-US: Siemens
CVE-2018-13814 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
	NOT-FOR-US: Siemens
CVE-2018-13813 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
	NOT-FOR-US: Siemens
CVE-2018-13812 (A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - ...)
	NOT-FOR-US: Siemens
CVE-2018-13811 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (Al ...)
	NOT-FOR-US: Siemens
CVE-2018-13810 (A vulnerability has been identified in CP 1604 (All versions), CP 1616 ...)
	NOT-FOR-US: Siemens
CVE-2018-13809 (A vulnerability has been identified in CP 1604 (All versions), CP 1616 ...)
	NOT-FOR-US: Siemens
CVE-2018-13808 (A vulnerability has been identified in CP 1604 (All versions), CP 1616 ...)
	NOT-FOR-US: Siemens
CVE-2018-13807 (A vulnerability has been identified in SCALANCE X300 (All versions &lt ...)
	NOT-FOR-US: Siemens
CVE-2018-13806 (A vulnerability has been identified in SIEMENS TD Keypad Designer (All ...)
	NOT-FOR-US: Siemens
CVE-2018-13805 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...)
	NOT-FOR-US: SIMATIC
CVE-2018-13804 (A vulnerability has been identified in SIMATIC IT LMS (All versions),  ...)
	NOT-FOR-US: Siemens
CVE-2018-13803
	REJECTED
CVE-2018-13802 (A vulnerability has been identified in ROX II (All versions &lt; V2.12 ...)
	NOT-FOR-US: Siemens / ROX II
CVE-2018-13801 (A vulnerability has been identified in ROX II (All versions &lt; V2.12 ...)
	NOT-FOR-US: Siemens / ROX II
CVE-2018-13800 (A vulnerability has been identified in SIMATIC S7-1200 CPU family vers ...)
	NOT-FOR-US: SIMATIC
CVE-2018-13799 (A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prio ...)
	NOT-FOR-US: SIMATIC
CVE-2018-13798 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-13796 (An issue was discovered in GNU Mailman before 2.1.28. A crafted URL ca ...)
	{DLA-1442-1}
	- mailman 1:2.1.27-1.1 (bug #903674)
	[stretch] - mailman 1:2.1.23-1+deb9u4
	NOTE: Fixed in 2.1.28; Regression fix in 2.1.29
	NOTE: https://mail.python.org/pipermail/mailman-users/2018-July/083536.html
	NOTE: https://bugs.launchpad.net/mailman/+bug/1780874
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1796
	NOTE: Needs as well a further regression fix as per
	NOTE: https://bugs.launchpad.net/mailman/+bug/1783417
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1798
CVE-2018-13797 (The macaddress module before 0.2.9 for Node.js is prone to an arbitrar ...)
	- node-macaddress 0.2.9-1 (unimportant)
	NOTE: https://github.com/scravy/node-macaddress/pull/20
	NOTE: nodejs not covered by security support
CVE-2018-13795 (Gravity before 0.5.1 does not support a maximum recursion depth. ...)
	NOT-FOR-US: Gravity
CVE-2018-13794 (A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_imag ...)
	- catimg 2.5.0-1 (bug #903711)
	NOTE: https://github.com/posva/catimg/issues/34
	NOTE: Upstream fixed the issue by updating the stb_image copy to v2.19.
	NOTE: https://github.com/posva/catimg/pull/41
CVE-2018-13793 (Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP ...)
	NOT-FOR-US: ABBYY FlexiCapture
CVE-2018-13792 (Multiple SQL injection vulnerabilities in the monitoring feature in th ...)
	NOT-FOR-US: ABBYY FlexiCapture
CVE-2018-13791 (The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows ...)
	NOT-FOR-US: ABBYY FlexiCapture
CVE-2018-13790 (A Server Side Request Forgery (SSRF) vulnerability in tools/files/impo ...)
	NOT-FOR-US: concrete5
CVE-2018-13789 (An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauth ...)
	NOT-FOR-US: Descor Infocad FM
CVE-2018-13788
	RESERVED
CVE-2018-1000623 (JFrog JFrog Artifactory version Prior to version 6.0.3, since version  ...)
	NOT-FOR-US: JFrog JFrog Artifactory
CVE-2018-1000621 (Mycroft AI mycroft-core version 18.2.8b and earlier contains a Incorre ...)
	NOT-FOR-US: Mycroft AI mycroft-core
CVE-2018-1000620 (Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insuff ...)
	NOT-FOR-US: Eran Hammer cryptiles
CVE-2018-1000619 (Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input  ...)
	NOT-FOR-US: Ovidentia
CVE-2018-1000618 (EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2 ...)
	NOT-FOR-US: EOSIO/eos
CVE-2018-1000617 (Atlassian Floodlight Atlassian Floodlight Controller version 1.2 and e ...)
	NOT-FOR-US: Atlassian Floodlight Atlassian Floodlight Controller
CVE-2018-1000616 (ONOS ONOS controller version 1.13.1 and earlier contains a XML Externa ...)
	NOT-FOR-US: ONOS
CVE-2018-1000615 (ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of S ...)
	NOT-FOR-US: ONOS
CVE-2018-1000614 (ONOS ONOS Controller version 1.13.1 and earlier contains a XML Externa ...)
	NOT-FOR-US: ONOS
CVE-2018-1000613 (Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptogra ...)
	- bouncycastle 1.60-1 (low)
	[stretch] - bouncycastle <not-affected> (XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57)
	[jessie] - bouncycastle <not-affected> (XMSS/XMSS^MT algorithms were first introduced in BC >= 1.57)
	NOTE: https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574
	NOTE: https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc
CVE-2018-1000611 (SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross ...)
	NOT-FOR-US: SURFnet OpenConext EngineBlock
CVE-2018-1000622 (The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 c ...)
	- rustc 1.27.1+dfsg1-1~exp1
	[stretch] - rustc <ignored> (Minor issue, can be fixed along in future rustc update for ESR69)
	[jessie] - rustc <ignored> (Minor issue)
	NOTE: https://groups.google.com/forum/#!topic/rustlang-security-announcements/4ybxYLTtXuM
CVE-2018-13787 (Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and  ...)
	NOT-FOR-US: Supermicro
CVE-2018-13786
	RESERVED
CVE-2018-13785 (In libpng 1.6.34, a wrong calculation of row_factor in the png_check_c ...)
	- libpng1.6 1.6.34-2 (bug #903430)
	[stretch] - libpng1.6 <not-affected> (Issue with wrong calculation of row_factor introduced after 1.6.32beta08)
	NOTE: https://github.com/glennrp/libpng/commit/8a05766cb74af05c04c53e6c9d60c13fc4d59bf2
	NOTE: https://sourceforge.net/p/libpng/bugs/278/
CVE-2018-13784 (PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie  ...)
	NOT-FOR-US: PrestaShop
CVE-2018-1000612
	REJECTED
CVE-2018-13783 (The mintToken function of a smart contract implementation for JiucaiTo ...)
	NOT-FOR-US: smart contract implementation for JiucaiToken
CVE-2018-13782 (The mintToken function of a smart contract implementation for ENTER (E ...)
	NOT-FOR-US: smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin)
CVE-2018-13781 (The mintToken function of a smart contract implementation for MyYLC, a ...)
	NOT-FOR-US: smart contract implementation for MyYLC
CVE-2018-13780 (The mintToken function of a smart contract implementation for ESH, an  ...)
	NOT-FOR-US: smart contract implementation for ESH
CVE-2018-13779 (The mintToken function of a smart contract implementation for YLCToken ...)
	NOT-FOR-US: smart contract implementation for YLCToken
CVE-2018-13778 (The mintToken function of a smart contract implementation for CGCToken ...)
	NOT-FOR-US: smart contract implementation for CGCToken
CVE-2018-13777 (The mintToken function of a smart contract implementation for RRToken, ...)
	NOT-FOR-US: smart contract implementation for RRToken
CVE-2018-13776 (The mintToken function of a smart contract implementation for AppleTok ...)
	NOT-FOR-US: smart contract implementation for AppleToken
CVE-2018-13775 (The mintToken function of a smart contract implementation for RCKT_Coi ...)
	NOT-FOR-US: smart contract implementation for RCKT_Coin
CVE-2018-13774 (The mintToken function of a smart contract implementation for Bitstart ...)
	NOT-FOR-US: smart contract implementation for Bitstarti
CVE-2018-13773 (The mintToken function of a smart contract implementation for Enterpri ...)
	NOT-FOR-US: smart contract implementation for Enterprise Token Ecosystem (ETE) (Contract Name: NetkillerToken)
CVE-2018-13772 (The mintToken function of a smart contract implementation for TheFlash ...)
	NOT-FOR-US: smart contract implementation for TheFlashToken
CVE-2018-13771 (The mintToken function of a smart contract implementation for ExacoreC ...)
	NOT-FOR-US: smart contract implementation for ExacoreContract
CVE-2018-13770 (The mintToken function of a smart contract implementation for Ultimate ...)
	NOT-FOR-US: smart contract implementation for UltimateCoin
CVE-2018-13769 (The mintToken function of a smart contract implementation for JeansTok ...)
	NOT-FOR-US: smart contract implementation for JeansToken
CVE-2018-13768 (The mintToken function of a smart contract implementation for ZToken,  ...)
	NOT-FOR-US: smart contract implementation for ZToken
CVE-2018-13767 (The mintToken function of a smart contract implementation for Cornerst ...)
	NOT-FOR-US: smart contract implementation for Cornerstone
CVE-2018-13766 (The mintToken function of a smart contract implementation for Easticoi ...)
	NOT-FOR-US: smart contract implementation for Easticoin
CVE-2018-13765 (The mintToken function of a smart contract implementation for LandCoin ...)
	NOT-FOR-US: smart contract implementation for LandCoin
CVE-2018-13764 (The mintToken function of a smart contract implementation for BiquToke ...)
	NOT-FOR-US: smart contract implementation for BiquToken
CVE-2018-13763 (The mintToken function of a smart contract implementation for Ublasti, ...)
	NOT-FOR-US: smart contract implementation for Ublasti
CVE-2018-13762 (The mintToken function of a smart contract implementation for Yumerium ...)
	NOT-FOR-US: smart contract implementation for Yumerium
CVE-2018-13761 (The mintToken function of a smart contract implementation for Netkille ...)
	NOT-FOR-US: smart contract implementation for NetkillerAdvancedTokenAirDrop
CVE-2018-13760 (The mintToken function of a smart contract implementation for MoneyCha ...)
	NOT-FOR-US: smart contract implementation for MoneyChainNet (MCN)
CVE-2018-13759 (The mintToken function of a smart contract implementation for BIGCAdva ...)
	NOT-FOR-US: smart contract implementation for BIGCAdvancedToken
CVE-2018-13758 (The mintToken function of a smart contract implementation for LoliCoin ...)
	NOT-FOR-US: smart contract implementation for LoliCoin
CVE-2018-13757 (The mintToken function of a smart contract implementation for Coinquer ...)
	NOT-FOR-US: smart contract implementation for Coinquer
CVE-2018-13756 (The mintToken function of a smart contract implementation for CherryCo ...)
	NOT-FOR-US: smart contract implementation for CherryCoinFoundation
CVE-2018-13755 (The mintToken function of a smart contract implementation for OTAKUTok ...)
	NOT-FOR-US: smart contract implementation for OTAKUToken
CVE-2018-13754 (The mintToken function of a smart contract implementation for Cryptosi ...)
	NOT-FOR-US: smart contract implementation for CryptosisToken
CVE-2018-13753 (The mintToken function of a smart contract implementation for DeWeiSec ...)
	NOT-FOR-US: smart contract implementation for DeWeiSecurityServiceToken
CVE-2018-13752 (The mintToken function of a smart contract implementation for Thread,  ...)
	NOT-FOR-US: smart contract implementation for Thread
CVE-2018-13751 (The mintToken function of a smart contract implementation for JustWall ...)
	NOT-FOR-US: smart contract implementation for JustWallet
CVE-2018-13750 (The mintToken function of a smart contract implementation for RichiumT ...)
	NOT-FOR-US: smart contract implementation for RichiumToken
CVE-2018-13749 (The mintToken function of a smart contract implementation for FinalTok ...)
	NOT-FOR-US: smart contract implementation for FinalToken
CVE-2018-13748 (The mintToken function of a smart contract implementation for CarToken ...)
	NOT-FOR-US: smart contract implementation for CarToken
CVE-2018-13747 (The mintToken function of a smart contract implementation for VanMinhC ...)
	NOT-FOR-US: smart contract implementation for VanMinhCoin
CVE-2018-13746 (The mintToken function of a smart contract implementation for kBit, an ...)
	NOT-FOR-US: smart contract implementation for kBit
CVE-2018-13745 (The mintToken function of a smart contract implementation for STCToken ...)
	NOT-FOR-US: smart contract implementation for STCToken
CVE-2018-13744 (The mintToken function of a smart contract implementation for Crowdnex ...)
	NOT-FOR-US: smart contract implementation for Crowdnext (CNX)
CVE-2018-13743 (The mintToken function of a smart contract implementation for SuperEne ...)
	NOT-FOR-US: smart contract implementation for SuperEnergy (SEC)
CVE-2018-13742 (The mintToken function of a smart contract implementation for tickets  ...)
	NOT-FOR-US: smart contract implementation for tickets (TKT)
CVE-2018-13741 (The mintToken function of a smart contract implementation for ABLGenes ...)
	NOT-FOR-US: smart contract implementation for ABLGenesisToken
CVE-2018-13740 (The mintToken function of a smart contract implementation for OneChain ...)
	NOT-FOR-US: smart contract implementation for OneChain
CVE-2018-13739 (The mintToken function of a smart contract implementation for dopnetwo ...)
	NOT-FOR-US: smart contract implementation for dopnetwork
CVE-2018-13738 (The mintToken function of a smart contract implementation for PELOCoin ...)
	NOT-FOR-US: smart contract implementation for PELOCoinToken
CVE-2018-13737 (The mintToken function of a smart contract implementation for AnovaBac ...)
	NOT-FOR-US: smart contract implementation for AnovaBace
CVE-2018-13736 (The mintToken function of a smart contract implementation for ELearnin ...)
	NOT-FOR-US: smart contract implementation for ELearningCoinERC
CVE-2018-13735 (The mintToken function of a smart contract implementation for ENTER (E ...)
	NOT-FOR-US: smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken)
CVE-2018-13734 (The mintToken function of a smart contract implementation for AZTToken ...)
	NOT-FOR-US: smart contract implementation for AZTToken
CVE-2018-13733 (The mintToken function of a smart contract implementation for ProjectJ ...)
	NOT-FOR-US: smart contract implementation for ProjectJ
CVE-2018-13732 (The mintToken function of a smart contract implementation for RiptideC ...)
	NOT-FOR-US: smart contract implementation for RiptideCoin (RIPT)
CVE-2018-13731 (The mintToken function of a smart contract implementation for TokenMAC ...)
	NOT-FOR-US: smart contract implementation for TokenMACHU
CVE-2018-13730 (The mintToken function of a smart contract implementation for HEY, an  ...)
	NOT-FOR-US: smart contract implementation for HEY
CVE-2018-13729 (The mintToken function of a smart contract implementation for JPMD100B ...)
	NOT-FOR-US: smart contract implementation for JPMD100B
CVE-2018-13728 (The mintToken function of a smart contract implementation for JixoCoin ...)
	NOT-FOR-US: smart contract implementation for JixoCoin
CVE-2018-13727 (The mintToken function of a smart contract implementation for Eastcoin ...)
	NOT-FOR-US: smart contract implementation for Eastcoin
CVE-2018-13726 (The mintToken function of a smart contract implementation for ISeeVoic ...)
	NOT-FOR-US: smart contract implementation for ISeeVoiceToken
CVE-2018-13725 (The mintToken function of a smart contract implementation for GlobalSu ...)
	NOT-FOR-US: smart contract implementation for GlobalSuperGameToken
CVE-2018-13724 (The mint function of a smart contract implementation for HYIPCrowdsale ...)
	NOT-FOR-US: smart contract implementation for HYIPCrowdsale1
CVE-2018-13723 (The mintToken function of a smart contract implementation for SERVVIZI ...)
	NOT-FOR-US: smart contract implementation for SERVVIZIOToken
CVE-2018-13722 (The mint function of a smart contract implementation for HYIPToken, an ...)
	NOT-FOR-US: smart contract implementation for HYIPToken
CVE-2018-13721 (The mintToken function of a smart contract implementation for GoMineWo ...)
	NOT-FOR-US: smart contract implementation for GoMineWorld
CVE-2018-13720 (The mintToken function of a smart contract implementation for Antoken, ...)
	NOT-FOR-US: smart contract implementation for Antoken
CVE-2018-13719 (The mintToken function of a smart contract implementation for BiteduTo ...)
	NOT-FOR-US: smart contract implementation for BiteduToken
CVE-2018-13718 (The mintToken function of a smart contract implementation for FuturXe, ...)
	NOT-FOR-US: smart contract implementation for FuturXe
CVE-2018-13717 (The mintToken function of a smart contract implementation for Hormitec ...)
	NOT-FOR-US: smart contract implementation for HormitechToken
CVE-2018-13716 (The mintToken function of a smart contract implementation for sexhdsol ...)
	NOT-FOR-US: smart contract implementation for sexhdsolo
CVE-2018-13715 (The mintToken function of a smart contract implementation for BpsToken ...)
	NOT-FOR-US: smart contract implementation for BpsToken
CVE-2018-13714 (The mintToken function of a smart contract implementation for CM, an E ...)
	NOT-FOR-US: smart contract implementation for CM
CVE-2018-13713 (The mintToken function of a smart contract implementation for Tradesma ...)
	NOT-FOR-US: smart contract implementation for Tradesman
CVE-2018-13712 (The mintToken function of a smart contract implementation for PMET, an ...)
	NOT-FOR-US: smart contract implementation for PMET
CVE-2018-13711 (The mintToken function of a smart contract implementation for Databits ...)
	NOT-FOR-US: smart contract implementation for Databits
CVE-2018-13710 (The mintToken function of a smart contract implementation for Mjolnir, ...)
	NOT-FOR-US: smart contract implementation for Mjolnir
CVE-2018-13709 (The mintToken function of a smart contract implementation for Tube, an ...)
	NOT-FOR-US: smart contract implementation for Tube
CVE-2018-13708 (The mintToken function of a smart contract implementation for Order (E ...)
	NOT-FOR-US: smart contract implementation for Order (ETH) (Contract Name: BuyToken)
CVE-2018-13707 (The mintToken function of a smart contract implementation for YSS, an  ...)
	NOT-FOR-US: smart contract implementation for YSS
CVE-2018-13706 (The mintToken function of a smart contract implementation for IdeaCoin ...)
	NOT-FOR-US: smart contract implementation for IdeaCoin
CVE-2018-13705 (The mintToken function of a smart contract implementation for PMHToken ...)
	NOT-FOR-US: smart contract implementation for PMHToken
CVE-2018-13704 (The mintToken function of a smart contract implementation for eddToken ...)
	NOT-FOR-US: smart contract implementation for eddToken
CVE-2018-13703 (The mintToken function of a smart contract implementation for CERB_Coi ...)
	NOT-FOR-US: smart contract implementation for CERB_Coin
CVE-2018-13702 (The mintToken function of a smart contract implementation for Essence, ...)
	NOT-FOR-US: smart contract implementation for Essence
CVE-2018-13701 (The mintToken function of a smart contract implementation for KissMe,  ...)
	NOT-FOR-US: smart contract implementation for KissMe
CVE-2018-13700 (The mintToken function of a smart contract implementation for IPMCoin, ...)
	NOT-FOR-US: smart contract implementation for IPMCoin
CVE-2018-13699 (The mintToken function of a smart contract implementation for DestiNee ...)
	NOT-FOR-US: smart contract implementation for DestiNeed (DSN)
CVE-2018-13698 (The mintTokens function of a smart contract implementation for Play2Li ...)
	NOT-FOR-US: smart contract implementation for Play2LivePromo
CVE-2018-13697 (The mintToken function of a smart contract implementation for RobotBTC ...)
	NOT-FOR-US: smart contract implementation for RobotBTC
CVE-2018-13696 (The mintToken function of a smart contract implementation for RedTicke ...)
	NOT-FOR-US: smart contract implementation for RedTicket
CVE-2018-13695 (The mint function of a smart contract implementation for CTest7, an Et ...)
	NOT-FOR-US: smart contract implementation for CTest7
CVE-2018-13694 (The mintToken function of a smart contract implementation for GMile, a ...)
	NOT-FOR-US: smart contract implementation for GMile
CVE-2018-13693 (The mintToken function of a smart contract implementation for GreenEne ...)
	NOT-FOR-US: smart contract implementation for GreenEnergyToken
CVE-2018-13692 (The mintToken function of a smart contract implementation for MehdiTAZ ...)
	NOT-FOR-US: smart contract implementation for MehdiTAZIToken
CVE-2018-13691 (The mintToken function of a smart contract implementation for R Time T ...)
	NOT-FOR-US: smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain)
CVE-2018-13690 (The mintToken function of a smart contract implementation for Instacoc ...)
	NOT-FOR-US: smart contract implementation for Instacocoa
CVE-2018-13689 (The mintToken function of a smart contract implementation for CJXToken ...)
	NOT-FOR-US: smart contract implementation for CJXToken
CVE-2018-13688 (The mintToken function of a smart contract implementation for MallToke ...)
	NOT-FOR-US: smart contract implementation for MallToken
CVE-2018-13687 (The mintToken function of a smart contract implementation for normikai ...)
	NOT-FOR-US: smart contract implementation for normikaivo
CVE-2018-13686 (The mintToken function of a smart contract implementation for ICO Doll ...)
	NOT-FOR-US: smart contract implementation for ICO Dollar (ICOD)
CVE-2018-13685 (The mintToken function of a smart contract implementation for Vornox ( ...)
	NOT-FOR-US: smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken)
CVE-2018-13684 (The mintToken function of a smart contract implementation for ZIP, an  ...)
	NOT-FOR-US: smart contract implementation for ZIP
CVE-2018-13683 (The mintToken function of a smart contract implementation for exsulcoi ...)
	NOT-FOR-US: smart contract implementation for exsulcoin
CVE-2018-13682 (The mintToken function of a smart contract implementation for ViteMone ...)
	NOT-FOR-US: smart contract implementation for ViteMoneyCoin
CVE-2018-13681 (The mintToken function of a smart contract implementation for SOSCoin, ...)
	NOT-FOR-US: smart contract implementation for SOSCoin
CVE-2018-13680 (The mintToken function of a smart contract implementation for LexitTok ...)
	NOT-FOR-US: smart contract implementation for LexitToken
CVE-2018-13679 (The mintToken function of a smart contract implementation for ZPEcoin, ...)
	NOT-FOR-US: smart contract implementation for ZPEcoin
CVE-2018-13678 (The mintToken function of a smart contract implementation for Lottery, ...)
	NOT-FOR-US: smart contract implementation for Lottery
CVE-2018-13677 (The mintToken function of a smart contract implementation for Goochain ...)
	NOT-FOR-US: smart contract implementation for Goochain
CVE-2018-13676 (The mintToken function of a smart contract implementation for Orderboo ...)
	NOT-FOR-US: smart contract implementation for Orderbook Presale Token (OBP)
CVE-2018-13675 (The mintToken function of a smart contract implementation for YAMBYO,  ...)
	NOT-FOR-US: smart contract implementation for YAMBYO
CVE-2018-13674 (The mintToken function of a smart contract implementation for ComBillA ...)
	NOT-FOR-US: smart contract implementation for ComBillAdvancedToken
CVE-2018-13673 (The mintToken function of a smart contract implementation for GoldToke ...)
	NOT-FOR-US: smart contract implementation for GoldTokenERC20
CVE-2018-13672 (The mintToken function of a smart contract implementation for OBTCoin, ...)
	NOT-FOR-US: smart contract implementation for OBTCoin
CVE-2018-13671 (The mintToken function of a smart contract implementation for Dinstein ...)
	NOT-FOR-US: smart contract implementation for DinsteinCoin
CVE-2018-13670 (The mintToken function of a smart contract implementation for GFCB, an ...)
	NOT-FOR-US: smart contract implementation for GFCB
CVE-2018-13669 (The mintToken function of a smart contract implementation for NCU, an  ...)
	NOT-FOR-US: smart contract implementation for NCU
CVE-2018-13668 (The mintToken function of a smart contract implementation for BTPCoin, ...)
	NOT-FOR-US: smart contract implementation for BTPCoin
CVE-2018-13667 (The mintToken function of a smart contract implementation for UTBToken ...)
	NOT-FOR-US: smart contract implementation for UTBTokenTest
CVE-2018-13666 (The mintToken function of a smart contract implementation for Eristica ...)
	NOT-FOR-US: smart contract implementation for EristicaICO
CVE-2018-13665 (The mintToken function of a smart contract implementation for BCaaS, a ...)
	NOT-FOR-US: smart contract implementation for BCaaS
CVE-2018-13664 (The mintToken function of a smart contract implementation for CWS, an  ...)
	NOT-FOR-US: smart contract implementation for CWS
CVE-2018-13663 (The mintToken function of a smart contract implementation for BSCToken ...)
	NOT-FOR-US: smart contract implementation for BSCToken
CVE-2018-13662 (The mintToken function of a smart contract implementation for WorldOpc ...)
	NOT-FOR-US: smart contract implementation for WorldOpctionChain
CVE-2018-13661 (The mintToken function of a smart contract implementation for APP, an  ...)
	NOT-FOR-US: smart contract implementation for APP
CVE-2018-13660 (The mint function of a smart contract implementation for BillionReward ...)
	NOT-FOR-US: smart contract implementation for BillionRewardsToken
CVE-2018-13659 (The mintToken function of a smart contract implementation for BrianCoi ...)
	NOT-FOR-US: smart contract implementation for BrianCoin
CVE-2018-13658 (The mintToken function of a smart contract implementation for TheGoDgi ...)
	NOT-FOR-US: smart contract implementation for TheGoDgital
CVE-2018-13657 (The mintToken function of a smart contract implementation for Rice, an ...)
	NOT-FOR-US: smart contract implementation for Rice
CVE-2018-13656 (The mintToken function of a smart contract implementation for Sample T ...)
	NOT-FOR-US: smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable)
CVE-2018-13655 (The mintToken function of a smart contract implementation for GFC, an  ...)
	NOT-FOR-US: smart contract implementation for GFC
CVE-2018-13654 (The mintToken function of a smart contract implementation for ESTSToke ...)
	NOT-FOR-US: smart contract implementation for ESTSToken
CVE-2018-13653 (The mintToken function of a smart contract implementation for ipshoots ...)
	NOT-FOR-US: smart contract implementation for ipshoots
CVE-2018-13652 (The mintToken function of a smart contract implementation for TheGoDig ...)
	NOT-FOR-US: smart contract implementation for TheGoDigital
CVE-2018-13651 (The mintToken function of a smart contract implementation for MicoinNe ...)
	NOT-FOR-US: smart contract implementation for MicoinNetworkToken
CVE-2018-13650 (The mintToken function of a smart contract implementation for Bitmaxer ...)
	NOT-FOR-US: smart contract implementation for BitmaxerToken
CVE-2018-13649 (The mintToken function of a smart contract implementation for Deploy,  ...)
	NOT-FOR-US: smart contract implementation for Deploy
CVE-2018-13648 (The mintToken function of a smart contract implementation for BGC, an  ...)
	NOT-FOR-US: smart contract implementation for BGC
CVE-2018-13647 (The mintToken function of a smart contract implementation for TrueGold ...)
	NOT-FOR-US: smart contract implementation for TrueGoldCoinToken
CVE-2018-13646 (The mintToken function of a smart contract implementation for Datiac,  ...)
	NOT-FOR-US: smart contract implementation for Datiac
CVE-2018-13645 (The mintToken function of a smart contract implementation for Fiocoin, ...)
	NOT-FOR-US: smart contract implementation for Fiocoin
CVE-2018-13644 (The mintToken function of a smart contract implementation for RoyalCla ...)
	NOT-FOR-US: smart contract implementation for RoyalClassicCoin
CVE-2018-13643 (The mintToken function of a smart contract implementation for GCRToken ...)
	NOT-FOR-US: smart contract implementation for GCRTokenERC20
CVE-2018-13642 (The mintToken function of a smart contract implementation for SECoin,  ...)
	NOT-FOR-US: smart contract implementation for SECoin
CVE-2018-13641 (The mintToken function of a smart contract implementation for MVGcoin, ...)
	NOT-FOR-US: smart contract implementation for MVGcoin
CVE-2018-13640 (The mintToken function of a smart contract implementation for Ethereum ...)
	NOT-FOR-US: smart contract implementation for EthereumSmart
CVE-2018-13639 (The mintToken function of a smart contract implementation for Virtual  ...)
	NOT-FOR-US: smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20)
CVE-2018-13638 (The mintToken function of a smart contract implementation for Bitpark, ...)
	NOT-FOR-US: smart contract implementation for Bitpark
CVE-2018-13637 (The mintToken function of a smart contract implementation for CikkaCoi ...)
	NOT-FOR-US: smart contract implementation for CikkaCoin
CVE-2018-13636 (The mintToken function of a smart contract implementation for TurdCoin ...)
	NOT-FOR-US: smart contract implementation for TurdCoin
CVE-2018-13635 (The mintToken function of a smart contract implementation for HBCM, an ...)
	NOT-FOR-US: smart contract implementation for HBCM
CVE-2018-13634 (The mintToken function of a smart contract implementation for MediaCub ...)
	NOT-FOR-US: smart contract implementation for MediaCubeToken
CVE-2018-13633 (The mintToken function of a smart contract implementation for Martcoin ...)
	NOT-FOR-US: smart contract implementation for Martcoin
CVE-2018-13632 (The mintToken function of a smart contract implementation for NEXPARA, ...)
	NOT-FOR-US: smart contract implementation for NEXPARA
CVE-2018-13631 (The mintToken function of a smart contract implementation for doccoin, ...)
	NOT-FOR-US: smart contract implementation for doccoin
CVE-2018-13630 (The mintToken function of a smart contract implementation for DoccoinP ...)
	NOT-FOR-US: smart contract implementation for DoccoinPreICO
CVE-2018-13629 (The mintToken function of a smart contract implementation for CrimsonS ...)
	NOT-FOR-US: smart contract implementation for CrimsonShilling
CVE-2018-13628 (The mintToken function of a smart contract implementation for Momentum ...)
	NOT-FOR-US: smart contract implementation for MomentumToken
CVE-2018-13627 (The mintToken function of a smart contract implementation for MyOffer, ...)
	NOT-FOR-US: smart contract implementation for MyOffer
CVE-2018-13626 (The mintToken function of a smart contract implementation for SemainTo ...)
	NOT-FOR-US: smart contract implementation for SemainToken
CVE-2018-13625 (The mintlvlToken function of a smart contract implementation for Krown ...)
	NOT-FOR-US: smart contract implementation for Krown
CVE-2018-13624 (The mintToken function of a smart contract implementation for WXSLToke ...)
	NOT-FOR-US: smart contract implementation for WXSLToken
CVE-2018-13623 (The mintToken function of a smart contract implementation for Airdropp ...)
	NOT-FOR-US: smart contract implementation for AirdropperCryptics
CVE-2018-13622 (The mintToken function of a smart contract implementation for ObjectTo ...)
	NOT-FOR-US: smart contract implementation for ObjectToken (OBJ)
CVE-2018-13621 (The mintToken function of a smart contract implementation for SoundTri ...)
	NOT-FOR-US: smart contract implementation for SoundTribeToken
CVE-2018-13620 (The mintToken function of a smart contract implementation for TripCash ...)
	NOT-FOR-US: smart contract implementation for TripCash
CVE-2018-13619 (The mintToken function of a smart contract implementation for MicoinTo ...)
	NOT-FOR-US: smart contract implementation for MicoinToken
CVE-2018-13618 (The mintToken function of a smart contract implementation for VICETOKE ...)
	NOT-FOR-US: smart contract implementation for VICETOKEN_ICO_IS_A_SCAM
CVE-2018-13617 (The mintToken function of a smart contract implementation for CAPTOZ,  ...)
	NOT-FOR-US: smart contract implementation for CAPTOZ
CVE-2018-13616 (The mintToken function of a smart contract implementation for IOCT_Coi ...)
	NOT-FOR-US: smart contract implementation for IOCT_Coin
CVE-2018-13615 (The mintToken function of a smart contract implementation for MJCToken ...)
	NOT-FOR-US: smart contract implementation for MJCToken
CVE-2018-13614 (The mintToken function of a smart contract implementation for MAVCash, ...)
	NOT-FOR-US: smart contract implementation for MAVCash
CVE-2018-13613 (The mintToken function of a smart contract implementation for CON0217, ...)
	NOT-FOR-US: smart contract implementation for CON0217
CVE-2018-13612 (The mintToken function of a smart contract implementation for Robincoi ...)
	NOT-FOR-US: smart contract implementation for Robincoin
CVE-2018-13611 (The mintToken function of a smart contract implementation for CDcurren ...)
	NOT-FOR-US: smart contract implementation for CDcurrency
CVE-2018-13610 (The mintToken function of a smart contract implementation for Medicayu ...)
	NOT-FOR-US: smart contract implementation for MedicayunLink
CVE-2018-13609 (The mintToken function of a smart contract implementation for CSAToken ...)
	NOT-FOR-US: smart contract implementation for CSAToken
CVE-2018-13608 (The mintToken function of a smart contract implementation for archerco ...)
	NOT-FOR-US: smart contract implementation for archercoin
CVE-2018-13607 (The mintToken function of a smart contract implementation for Residual ...)
	NOT-FOR-US: smart contract implementation for ResidualShare
CVE-2018-13606 (The mintToken function of a smart contract implementation for ARChain, ...)
	NOT-FOR-US: smart contract implementation for ARChain
CVE-2018-13605 (The mintToken function of a smart contract implementation for Extreme  ...)
	NOT-FOR-US: smart contract implementation for Extreme Coin (XT) (Contract Name: ExtremeToken)
CVE-2018-13604 (The mintToken function of a smart contract implementation for wellieat ...)
	NOT-FOR-US: smart contract implementation for wellieat
CVE-2018-13603 (The mintToken function of a smart contract implementation for Briant2T ...)
	NOT-FOR-US: smart contract implementation for Briant2Token
CVE-2018-13602 (The mint function of a smart contract implementation for MiningToken,  ...)
	NOT-FOR-US: smart contract implementation for MiningToken
CVE-2018-13601 (The mintToken function of a smart contract implementation for Galactic ...)
	NOT-FOR-US: smart contract implementation for GalacticX
CVE-2018-13600 (The mintToken function of a smart contract implementation for AMToken, ...)
	NOT-FOR-US: smart contract implementation for AMToken
CVE-2018-13599 (The mintToken function of a smart contract implementation for Residual ...)
	NOT-FOR-US: smart contract implementation for ResidualValue
CVE-2018-13598 (The mintToken function of a smart contract implementation for SendMe,  ...)
	NOT-FOR-US: smart contract implementation for SendMe
CVE-2018-13597 (The mintToken function of a smart contract implementation for testcoin ...)
	NOT-FOR-US: smart contract implementation for testcoin
CVE-2018-13596 (The mintToken function of a smart contract implementation for TESTAhih ...)
	NOT-FOR-US: smart contract implementation for TESTAhihi
CVE-2018-13595 (The mintToken function of a smart contract implementation for BitStore ...)
	NOT-FOR-US: smart contract implementation for BitStore
CVE-2018-13594 (The mintToken function of a smart contract implementation for CardFact ...)
	NOT-FOR-US: smart contract implementation for CardFactory
CVE-2018-13593 (The mintToken function of a smart contract implementation for CardToke ...)
	NOT-FOR-US: smart contract implementation for CardToken
CVE-2018-13592 (The mintToken function of a smart contract implementation for RajTest, ...)
	NOT-FOR-US: smart contract implementation for RajTest
CVE-2018-13591 (The mintToken function of a smart contract implementation for KAPcoin, ...)
	NOT-FOR-US: smart contract implementation for KAPcoin
CVE-2018-13590 (The mintToken function of a smart contract implementation for SIPCOIN, ...)
	NOT-FOR-US: smart contract implementation for SIPCOIN
CVE-2018-13589 (The mintToken function of a smart contract implementation for MooAdvTo ...)
	NOT-FOR-US: smart contract implementation for MooAdvToken
CVE-2018-13588 (The mintToken function of a smart contract implementation for Code47 ( ...)
	NOT-FOR-US: smart contract implementation for Code47 (C47)
CVE-2018-13587 (The mintToken function of a smart contract implementation for DECToken ...)
	NOT-FOR-US: smart contract implementation for DECToken
CVE-2018-13586 (The mintToken function of a smart contract implementation for Nectar ( ...)
	NOT-FOR-US: smart contract implementation for Nectar (NCTR)
CVE-2018-13585 (The mintToken function of a smart contract implementation for CHERRYCO ...)
	NOT-FOR-US: smart contract implementation for CHERRYCOIN
CVE-2018-13584 (The mintToken function of a smart contract implementation for yasudem, ...)
	NOT-FOR-US: smart contract implementation for yasudem
CVE-2018-13583 (The mintToken function of a smart contract implementation for Shmoo, a ...)
	NOT-FOR-US: smart contract implementation for Shmoo
CVE-2018-13582 (The mintToken function of a smart contract implementation for My2Token ...)
	NOT-FOR-US: smart contract implementation for My2Token
CVE-2018-13581 (The mintToken function of a smart contract implementation for TravelCo ...)
	NOT-FOR-US: smart contract implementation for TravelCoin (TRV)
CVE-2018-13580 (The mintToken function of a smart contract implementation for Providen ...)
	NOT-FOR-US: smart contract implementation for ProvidenceCasino (PVE)
CVE-2018-13579 (The mintToken function of a smart contract implementation for ForeverC ...)
	NOT-FOR-US: smart contract implementation for ForeverCoin
CVE-2018-13578 (The mintToken function of a smart contract implementation for GalaxyCo ...)
	NOT-FOR-US: smart contract implementation for GalaxyCoin
CVE-2018-13577 (The mintToken function of a smart contract implementation for ShitCoin ...)
	NOT-FOR-US: smart contract implementation for ShitCoin (SHITC) (Contract Name: AdvancedShit)
CVE-2018-13576 (The mintToken function of a smart contract implementation for Escut (E ...)
	NOT-FOR-US: smart contract implementation for Escut (ESCT) (Contract Name: JuntsPerCreixer)
CVE-2018-13575 (The mintToken function of a smart contract implementation for YESToken ...)
	NOT-FOR-US: smart contract implementation for YESToken
CVE-2018-13574 (The mintToken function of a smart contract implementation for DataShie ...)
	NOT-FOR-US: smart contract implementation for DataShieldCoin
CVE-2018-13573 (The mintToken function of a smart contract implementation for TripPay, ...)
	NOT-FOR-US: smart contract implementation for TripPay
CVE-2018-13572 (The mintToken function of a smart contract implementation for PGM_Coin ...)
	NOT-FOR-US: smart contract implementation for PGM_Coin
CVE-2018-13571 (The mintToken function of a smart contract implementation for GoramCoi ...)
	NOT-FOR-US: smart contract implementation for GoramCoin
CVE-2018-13570 (The mint function of a smart contract implementation for kkTestCoin1 ( ...)
	NOT-FOR-US: smart contract implementation for kkTestCoin1 (KTC1)
CVE-2018-13569 (The mintToken function of a smart contract implementation for HitToken ...)
	NOT-FOR-US: smart contract implementation for HitToken
CVE-2018-13568 (The mintToken function of a smart contract implementation for MktCoin, ...)
	NOT-FOR-US: smart contract implementation for MktCoin
CVE-2018-13567 (The mintToken function of a smart contract implementation for SDR, an  ...)
	NOT-FOR-US: smart contract implementation for SDR
CVE-2018-13566 (The mintToken function of a smart contract implementation for RETNToke ...)
	NOT-FOR-US: smart contract implementation for RETNToken
CVE-2018-13565 (The mintToken function of a smart contract implementation for Co2Bit,  ...)
	NOT-FOR-US: smart contract implementation for Co2Bit
CVE-2018-13564 (The mintToken function of a smart contract implementation for GATcoin, ...)
	NOT-FOR-US: smart contract implementation for GATcoin
CVE-2018-13563 (The mintToken function of a smart contract implementation for UPayToke ...)
	NOT-FOR-US: smart contract implementation for UPayToken
CVE-2018-13562 (The mintToken function of a smart contract implementation for BMVCoin, ...)
	NOT-FOR-US: smart contract implementation for BMVCoin
CVE-2018-13561 (The mintToken function of a smart contract implementation for YourCoin ...)
	NOT-FOR-US: smart contract implementation for YourCoin (ICO) (Contract Name: ETH033)
CVE-2018-13560 (The mintToken function of a smart contract implementation for KelvinTo ...)
	NOT-FOR-US: smart contract implementation for KelvinToken
CVE-2018-13559 (The mintToken function of a smart contract implementation for UTCT, an ...)
	NOT-FOR-US: smart contract implementation for UTCT
CVE-2018-13558 (The mintToken function of a smart contract implementation for rhovit,  ...)
	NOT-FOR-US: smart contract implementation for rhovit
CVE-2018-13557 (The mintToken function of a smart contract implementation for Trabet_C ...)
	NOT-FOR-US: smart contract implementation for Trabet_Coin
CVE-2018-13556 (The mintToken function of a smart contract implementation for COSMOTok ...)
	NOT-FOR-US: smart contract implementation for COSMOTokenERC20
CVE-2018-13555 (The mintToken function of a smart contract implementation for JaxBox,  ...)
	NOT-FOR-US: smart contract implementation for JaxBox
CVE-2018-13554 (The mintToken function of a smart contract implementation for MoneyTre ...)
	NOT-FOR-US: smart contract implementation for MoneyTree (TREE)
CVE-2018-13553 (The mintToken function of a smart contract implementation for Micro BT ...)
	NOT-FOR-US: smart contract implementation for Micro BTC (MBTC)
CVE-2018-13552 (The mintToken function of a smart contract implementation for Trabet_C ...)
	NOT-FOR-US: smart contract implementation for Trabet_Coin_PreICO
CVE-2018-13551 (The mintToken function of a smart contract implementation for Bgamecoi ...)
	NOT-FOR-US: smart contract implementation for Bgamecoin
CVE-2018-13550 (The mintToken function of a smart contract implementation for Coquinho ...)
	NOT-FOR-US: smart contract implementation for Coquinho Coin (CQNC) (Contract Name: CoquinhoERC20)
CVE-2018-13549 (The mintToken function of a smart contract implementation for NeuroTok ...)
	NOT-FOR-US: smart contract implementation for NeuroToken
CVE-2018-13548 (The mintToken function of a smart contract implementation for Mimicoin ...)
	NOT-FOR-US: smart contract implementation for Mimicoin
CVE-2018-13547 (The mintToken function of a smart contract implementation for Providen ...)
	NOT-FOR-US: smart contract implementation for Providence Crypto Casino (PVE) (Contract Name: ProvidenceCasinoToken)
CVE-2018-13546 (The mintToken function of a smart contract implementation for CCASH, a ...)
	NOT-FOR-US: smart contract implementation for CCASH
CVE-2018-13545 (The mintToken function of a smart contract implementation for HashShie ...)
	NOT-FOR-US: smart contract implementation for HashShield
CVE-2018-13544 (The mintToken function of a smart contract implementation for Numisma, ...)
	NOT-FOR-US: smart contract implementation for Numisma
CVE-2018-13543 (The mintToken function of a smart contract implementation for Gemstone ...)
	NOT-FOR-US: smart contract implementation for GemstoneToken
CVE-2018-13542 (The mintToken function of a smart contract implementation for ZIBToken ...)
	NOT-FOR-US: smart contract implementation for ZIBToken
CVE-2018-13541 (The mintToken function of a smart contract implementation for CryptoLe ...)
	NOT-FOR-US: smart contract implementation for CryptoLeu
CVE-2018-13540 (The mintToken function of a smart contract implementation for GSI, an  ...)
	NOT-FOR-US: smart contract implementation for GSI
CVE-2018-13539 (The mintToken function of a smart contract implementation for Bcxss, a ...)
	NOT-FOR-US: smart contract implementation for Bcxss
CVE-2018-13538 (The mintToken function of a smart contract implementation for SIPCToke ...)
	NOT-FOR-US: smart contract implementation for SIPCToken
CVE-2018-13537 (The mintToken function of a smart contract implementation for Ethereum ...)
	NOT-FOR-US: smart contract implementation for EthereumLegit
CVE-2018-13536 (The mintToken function of a smart contract implementation for ERC20_IC ...)
	NOT-FOR-US: smart contract implementation for ERC20_ICO
CVE-2018-13535 (The mintToken function of a smart contract implementation for PACCOIN, ...)
	NOT-FOR-US: smart contract implementation for PACCOIN
CVE-2018-13534 (The mintToken function of a smart contract implementation for SpeedCas ...)
	NOT-FOR-US: smart contract implementation for SpeedCashLite (SCSL)
CVE-2018-13533 (The mintToken function of a smart contract implementation for ALUXToke ...)
	NOT-FOR-US: smart contract implementation for ALUXToken
CVE-2018-13532 (The mintToken function of a smart contract implementation for Mindexco ...)
	NOT-FOR-US: smart contract implementation for Mindexcoin
CVE-2018-13531 (The mintToken function of a smart contract implementation for MaxHouse ...)
	NOT-FOR-US: smart contract implementation for MaxHouse
CVE-2018-13530 (The mintToken function of a smart contract implementation for HunterCo ...)
	NOT-FOR-US: smart contract implementation for HunterCoin
CVE-2018-13529 (The mintToken function of a smart contract implementation for BetterTh ...)
	NOT-FOR-US: smart contract implementation for BetterThanAdrien
CVE-2018-13528 (The mintToken function of a smart contract implementation for DhaCoin, ...)
	NOT-FOR-US: smart contract implementation for DhaCoin
CVE-2018-13527 (The mintToken function of a smart contract implementation for ElevateC ...)
	NOT-FOR-US: smart contract implementation for ElevateCoin
CVE-2018-13526 (The mintToken function of a smart contract implementation for WangWang ...)
	NOT-FOR-US: smart contract implementation for WangWangToken
CVE-2018-13525 (The mintToken function of a smart contract implementation for Flow, an ...)
	NOT-FOR-US: smart contract implementation for Flow
CVE-2018-13524 (The mintToken function of a smart contract implementation for PornCoin ...)
	NOT-FOR-US: smart contract implementation for PornCoin (PRNC)
CVE-2018-13523 (The mintToken function of a smart contract implementation for SmartPay ...)
	NOT-FOR-US: smart contract implementation for SmartPayment
CVE-2018-13522 (The mintToken function of a smart contract implementation for EXGROUP, ...)
	NOT-FOR-US: smart contract implementation for EXGROUP
CVE-2018-13521 (The mintToken function of a smart contract implementation for PinkyTok ...)
	NOT-FOR-US: smart contract implementation for PinkyToken
CVE-2018-13520 (The mintToken function of a smart contract implementation for Topscoin ...)
	NOT-FOR-US: smart contract implementation for TopscoinAdvanced
CVE-2018-13519 (The mint function of a smart contract implementation for DigitalCloudT ...)
	NOT-FOR-US: smart contract implementation for DigitalCloudToken
CVE-2018-13518 (The mintToken function of a smart contract implementation for TCash, a ...)
	NOT-FOR-US: smart contract implementation for TCash
CVE-2018-13517 (The mintToken function of a smart contract implementation for C3 Token ...)
	NOT-FOR-US: smart contract implementation for C3 Token (C3)
CVE-2018-13516 (The mintToken function of a smart contract implementation for Super Co ...)
	NOT-FOR-US: smart contract implementation for Super Cool Awesome Money (SCAM)
CVE-2018-13515 (The mintToken function of a smart contract implementation for aman, an ...)
	NOT-FOR-US: smart contract implementation for aman
CVE-2018-13514 (The mintToken function of a smart contract implementation for esportz, ...)
	NOT-FOR-US: smart contract implementation for esportz
CVE-2018-13513 (The mintToken function of a smart contract implementation for Ubiou, a ...)
	NOT-FOR-US: smart contract implementation for Ubiou
CVE-2018-13512 (The mintToken function of a smart contract implementation for SmartHom ...)
	NOT-FOR-US: smart contract implementation for SmartHomeCoin
CVE-2018-13511 (The mintToken function of a smart contract implementation for CorelliC ...)
	NOT-FOR-US: smart contract implementation for CorelliCoin
CVE-2018-13510 (The mintToken function of a smart contract implementation for Welfare  ...)
	NOT-FOR-US: smart contract implementation for Welfare Token Fund (WTF)
CVE-2018-13509 (The mintToken function of a smart contract implementation for IamRich, ...)
	NOT-FOR-US: smart contract implementation for IamRich
CVE-2018-13508 (The mintToken function of a smart contract implementation for VITToken ...)
	NOT-FOR-US: smart contract implementation for VITToken
CVE-2018-13507 (The mintToken function of a smart contract implementation for SLCAdvan ...)
	NOT-FOR-US: smart contract implementation for SLCAdvancedToken
CVE-2018-13506 (The mintToken function of a smart contract implementation for SDR22, a ...)
	NOT-FOR-US: smart contract implementation for SDR22
CVE-2018-13505 (The mintToken function of a smart contract implementation for ecogreen ...)
	NOT-FOR-US: smart contract implementation for ecogreenhouse
CVE-2018-13504 (The mintToken function of a smart contract implementation for MMCoin,  ...)
	NOT-FOR-US: smart contract implementation for MMCoin
CVE-2018-13503 (The mintToken function of a smart contract implementation for South Pa ...)
	NOT-FOR-US: smart contract implementation for South Park Token Token (SPTKN)
CVE-2018-13502 (The mintToken function of a smart contract implementation for HeliumNe ...)
	NOT-FOR-US: smart contract implementation for HeliumNetwork
CVE-2018-13501 (The mintToken function of a smart contract implementation for HRWtoken ...)
	NOT-FOR-US: smart contract implementation for HRWtoken
CVE-2018-13500 (The mintToken function of a smart contract implementation for MSXAdvan ...)
	NOT-FOR-US: smart contract implementation for MSXAdvanced
CVE-2018-13499 (The mintToken function of a smart contract implementation for Crowdsal ...)
	NOT-FOR-US: smart contract implementation for Crowdsale
CVE-2018-13498 (The mintToken function of a smart contract implementation for KAPAYcoi ...)
	NOT-FOR-US: smart contract implementation for KAPAYcoin
CVE-2018-13497 (The mintToken function of a smart contract implementation for COBToken ...)
	NOT-FOR-US: smart contract implementation for COBToken
CVE-2018-13496 (The mintToken function of a smart contract implementation for RajTestI ...)
	NOT-FOR-US: smart contract implementation for RajTestICO
CVE-2018-13495 (The mintToken function of a smart contract implementation for KMCToken ...)
	NOT-FOR-US: smart contract implementation for KMCToken
CVE-2018-13494 (The mintToken function of a smart contract implementation for SusanTok ...)
	NOT-FOR-US: smart contract implementation for SusanTokenERC20
CVE-2018-13493 (The mintToken function of a smart contract implementation for DaddyTok ...)
	NOT-FOR-US: smart contract implementation for DaddyToken
CVE-2018-13492 (The mintToken function of a smart contract implementation for naga, an ...)
	NOT-FOR-US: smart contract implementation for naga
CVE-2018-13491 (The mintToken function of a smart contract implementation for Carrot,  ...)
	NOT-FOR-US: smart contract implementation for Carrot
CVE-2018-13490 (The mintToken function of a smart contract implementation for FILM, an ...)
	NOT-FOR-US: smart contract implementation for FILM
CVE-2018-13489 (The mintToken function of a smart contract implementation for OllisCoi ...)
	NOT-FOR-US: smart contract implementation for OllisCoin
CVE-2018-13488 (The mintToken function of a smart contract implementation for Crypto A ...)
	NOT-FOR-US: smart contract implementation for Crypto Alley Shares (CAST)
CVE-2018-13487 (The mintToken function of a smart contract implementation for PlatoTok ...)
	NOT-FOR-US: smart contract implementation for PlatoToken
CVE-2018-13486 (The mintToken function of a smart contract implementation for HELP, an ...)
	NOT-FOR-US: smart contract implementation for HELP
CVE-2018-13485 (The mintToken function of a smart contract implementation for BitcoinA ...)
	NOT-FOR-US: smart contract implementation for BitcoinAgileToken
CVE-2018-13484 (The mintToken function of a smart contract implementation for CBRToken ...)
	NOT-FOR-US: smart contract implementation for CBRToken
CVE-2018-13483 (The mintToken function of a smart contract implementation for mkethTok ...)
	NOT-FOR-US: smart contract implementation for mkethToken
CVE-2018-13482 (The mintToken function of a smart contract implementation for ETHERCAS ...)
	NOT-FOR-US: smart contract implementation for ETHERCASH (ETC)
CVE-2018-13481 (The mintToken function of a smart contract implementation for TRIUM, a ...)
	NOT-FOR-US: smart contract implementation for TRIUM
CVE-2018-13480 (The mintToken function of a smart contract implementation for QRG, an  ...)
	NOT-FOR-US: smart contract implementation for QRG
CVE-2018-13479 (The mintToken function of a smart contract implementation for Slidebit ...)
	NOT-FOR-US: smart contract implementation for SlidebitsToken
CVE-2018-13478 (The mintToken function of a smart contract implementation for DMPToken ...)
	NOT-FOR-US: smart contract implementation for DMPToken
CVE-2018-13477 (The mintToken function of a smart contract implementation for CTESale, ...)
	NOT-FOR-US: smart contract implementation for CTESale
CVE-2018-13476 (The mintToken function of a smart contract implementation for PhilCoin ...)
	NOT-FOR-US: smart contract implementation for PhilCoin
CVE-2018-13475 (The mintToken function of a smart contract implementation for VSCToken ...)
	NOT-FOR-US: smart contract implementation for VSCToken
CVE-2018-13474 (The mintToken function of a smart contract implementation for FansChai ...)
	NOT-FOR-US: smart contract implementation for FansChainToken
CVE-2018-13473 (The mintToken function of a smart contract implementation for ohni_2 ( ...)
	NOT-FOR-US: smart contract implementation for ohni_2 (OHNI)
CVE-2018-13472 (The mint function of a smart contract implementation for CloutToken, a ...)
	NOT-FOR-US: smart contract implementation for CloutToken
CVE-2018-13471 (The mintToken function of a smart contract implementation for BeyondCa ...)
	NOT-FOR-US: smart contract implementation for BeyondCashToken
CVE-2018-13470 (The mintToken function of a smart contract implementation for BuyerTok ...)
	NOT-FOR-US: smart contract implementation for BuyerToken
CVE-2018-13469 (The mintToken function of a smart contract implementation for IcoContr ...)
	NOT-FOR-US: smart contract implementation for IcoContract
CVE-2018-13468 (The mintToken function of a smart contract implementation for Cavecoin ...)
	NOT-FOR-US: smart contract implementation for Cavecoin
CVE-2018-13467 (The mintToken function of a smart contract implementation for Epiphany ...)
	NOT-FOR-US: smart contract implementation for EpiphanyCoin
CVE-2018-13466 (The mintToken function of a smart contract implementation for Crystals ...)
	NOT-FOR-US: smart contract implementation for Crystals
CVE-2018-13465 (The mintToken function of a smart contract implementation for PaulyCoi ...)
	NOT-FOR-US: smart contract implementation for PaulyCoin
CVE-2018-13464 (The mintToken function of a smart contract implementation for t_swap,  ...)
	NOT-FOR-US: smart contract implementation for t_swap
CVE-2018-13463 (The mintToken function of a smart contract implementation for T-Swap-T ...)
	NOT-FOR-US: smart contract implementation for T-Swap-Token (T-S-T)
CVE-2018-13462 (The mintToken function of a smart contract implementation for MoonToke ...)
	NOT-FOR-US: smart contract implementation for MoonToken
CVE-2018-13461
	RESERVED
CVE-2018-13460
	RESERVED
CVE-2018-13459
	RESERVED
CVE-2018-13458 (qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer de ...)
	- nagios4 4.3.4-3 (low; bug #917160)
	NOTE: https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
CVE-2018-13457 (qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer de ...)
	- nagios4 4.3.4-3 (low; bug #917160)
	NOTE: https://gist.github.com/fakhrizulkifli/87cf1c1ad403b4d40a86d90c9c9bf7ab
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
CVE-2018-13456
	RESERVED
CVE-2018-13455
	RESERVED
CVE-2018-13454
	RESERVED
CVE-2018-13453
	RESERVED
CVE-2018-13452
	RESERVED
CVE-2018-13451
	RESERVED
CVE-2018-13450 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ve ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
CVE-2018-13449 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ve ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
CVE-2018-13448 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ve ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
CVE-2018-13447 (SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM ve ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb
CVE-2018-13446 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line appli ...)
	NOT-FOR-US: LINE jp.naver.line application for Android
CVE-2018-13445 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-13444 (An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability  ...)
	NOT-FOR-US: SeaCMS
CVE-2018-13443 (EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted was ...)
	NOT-FOR-US: EOS.IO jit-wasm
CVE-2018-13442 (SolarWinds Network Performance Monitor 12.3 allows SQL Injection via t ...)
	NOT-FOR-US: SolarWinds Network Performance Monitor
CVE-2018-13441 (qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL po ...)
	- nagios4 4.3.4-3 (low; bug #917160)
	NOTE: https://gist.github.com/fakhrizulkifli/8df4a174158df69ebd765f824bd736b8
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/b1a92a3b52d292ccb601e77a0b29cb1e67ac9d76
CVE-2018-13440 (The audiofile Audio File Library 0.3.6 has a NULL pointer dereference  ...)
	- audiofile 0.3.6-5 (low; bug #903499)
	[stretch] - audiofile 0.3.6-4+deb9u1
	[jessie] - audiofile <no-dsa> (Minor issue)
	NOTE: https://github.com/mpruett/audiofile/issues/49
CVE-2018-13439 (WXPayUtil in WeChat Pay Java SDK allows XXE attacks involving a mercha ...)
	NOT-FOR-US: WeChat Pay Java SDK
CVE-2018-13438
	RESERVED
CVE-2018-13437
	RESERVED
CVE-2018-13436
	RESERVED
CVE-2018-13435 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line appli ...)
	NOT-FOR-US: LINE jp.naver.line application for iOS
CVE-2018-13434 (** DISPUTED ** An issue was discovered in the LINE jp.naver.line appli ...)
	NOT-FOR-US: LINE jp.naver.line application for iOS
CVE-2018-13433 (Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as  ...)
	NOT-FOR-US: Boostnote
CVE-2018-13432
	RESERVED
CVE-2018-13431
	RESERVED
CVE-2018-13430
	RESERVED
CVE-2018-13429
	RESERVED
CVE-2018-13428
	RESERVED
CVE-2018-13427
	RESERVED
CVE-2018-13426
	RESERVED
CVE-2018-13425
	RESERVED
CVE-2018-13424
	RESERVED
CVE-2018-13423 (admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows X ...)
	NOT-FOR-US: Omeka
CVE-2018-13422 (TCExam before 14.1.2 has XSS via an ff_ or xl_ field. ...)
	NOT-FOR-US: TCExam
CVE-2018-13421 (Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a  ...)
	- fast-cpp-csv-parser 0.0+git20160525~9bf299c-2 (low; bug #903247)
	[stretch] - fast-cpp-csv-parser <no-dsa> (Minor issue)
	[jessie] - fast-cpp-csv-parser <no-dsa> (Minor issue)
	NOTE: https://github.com/ben-strasser/fast-cpp-csv-parser/issues/67
	NOTE: https://github.com/ben-strasser/fast-cpp-csv-parser/commit/8cf591aa7397f4372778cc927e184d28ee591093
CVE-2018-13420 (** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_exten ...)
	- google-perftools <unfixed> (unimportant; bug #903248)
	NOTE: https://github.com/gperftools/gperftools/issues/1013
CVE-2018-13419 (** DISPUTED ** An issue has been found in libsndfile 1.0.28. There is  ...)
	NOTE: Misreport, not reprodiucible by upstream and no test file was provided
	NOTE: https://github.com/erikd/libsndfile/issues/398
CVE-2018-13418 (System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 all ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPn ...)
	- azureus <removed>
CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP ...)
	NOT-FOR-US: Universal Media Server
CVE-2018-13415 (In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP ...)
	NOT-FOR-US: Plex Media Server
CVE-2018-13414
	RESERVED
CVE-2018-13413
	RESERVED
CVE-2018-13412 (An issue was discovered in the Self Service Portal in Zoho ManageEngin ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-13411 (An issue was discovered in Zoho ManageEngine Desktop Central before 10 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-13410 (** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line opti ...)
	- zip <unfixed> (unimportant; bug #903196)
	NOTE: http://seclists.org/fulldisclosure/2018/Jul/24
	NOTE: Negligible security impact, would involve that a untrusted party controls
	NOTE: the -TT value.
CVE-2018-13409 (An issue was discovered in Jirafeau before 3.4.1. The "search file by  ...)
	NOT-FOR-US: Jirafeau
CVE-2018-13408 (An issue was discovered in Jirafeau before 3.4.1. The "search file by  ...)
	NOT-FOR-US: Jirafeau
CVE-2018-13407 (A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file ...)
	NOT-FOR-US: Jirafeau
CVE-2018-13406 (An integer overflow in the uvesafb_setcmap function in drivers/video/f ...)
	{DLA-1715-1 DLA-1529-1}
	- linux 4.17.6-1
	[stretch] - linux 4.9.130-1
	NOTE: https://git.kernel.org/linus/9f645bcc566a1e9f921bdae7528a01ced5bc3713
CVE-2018-13405 (The inode_init_owner function in fs/inode.c in the Linux kernel throug ...)
	{DSA-4266-1 DLA-1529-1 DLA-1466-1}
	- linux 4.17.6-1
	NOTE: https://git.kernel.org/linus/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/13/2
CVE-2018-13404 (The VerifyPopServerConnection resource in Atlassian Jira before versio ...)
	NOT-FOR-US: Atlassian
CVE-2018-13403 (The two-dimensional filter statistics gadget in Atlassian Jira before  ...)
	NOT-FOR-US: Atlassian
CVE-2018-13402 (Many resources in Atlassian Jira before version 7.6.9, from version 7. ...)
	NOT-FOR-US: Atlassian
CVE-2018-13401 (The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, f ...)
	NOT-FOR-US: Atlassian
CVE-2018-13400 (Several administrative resources in Atlassian Jira before version 7.6. ...)
	NOT-FOR-US: Atlassian
CVE-2018-13399 (The Microsoft Windows Installer for Atlassian Fisheye and Crucible bef ...)
	NOT-FOR-US: Atlassian
CVE-2018-13398 (The administrative smart-commits resource in Atlassian Fisheye and Cru ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2018-13397 (There was an argument injection vulnerability in Sourcetree for Window ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13396 (There was an argument injection vulnerability in Sourcetree for macOS  ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13395 (Various resources in Atlassian Jira before version 7.6.8, from version ...)
	NOT-FOR-US: Atlassian Jira
CVE-2018-13394 (The acceptAnswer resource in Atlassian Confluence Questions before ver ...)
	NOT-FOR-US: Atlassian Confluence Questions
CVE-2018-13393 (The convertCommentToAnswer resource in Atlassian Confluence Questions  ...)
	NOT-FOR-US: Atlassian Confluence Questions
CVE-2018-13392 (Several resources in Atlassian Fisheye and Crucible before version 4.6 ...)
	NOT-FOR-US: Atlassian
CVE-2018-13391 (The ProfileLinkUserFormat component of Jira Server before version 7.6. ...)
	NOT-FOR-US: Atlassian Jira Server
CVE-2018-13390 (Unauthenticated access to cloudtoken daemon on Linux via network from  ...)
	NOT-FOR-US: Atlassian
CVE-2018-13389 (The attachment resource in Atlassian Confluence before version 6.6.1 a ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2018-13388 (The review attachment resource in Atlassian Fisheye and Crucible befor ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2018-13387 (The IncomingMailServers resource in Atlassian JIRA Server before versi ...)
	NOT-FOR-US: Atlassian
CVE-2018-13386 (There was an argument injection vulnerability in Sourcetree for Window ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13385 (There was an argument injection vulnerability in Sourcetree for macOS  ...)
	NOT-FOR-US: Atlassian Sourcetree
CVE-2018-13384 (A Host Header Redirection vulnerability in Fortinet FortiOS all versio ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13383 (A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13382 (An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13381 (A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5. ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13380 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13379 (An Improper Limitation of a Pathname to a Restricted Directory ("Path  ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13378 (An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 an ...)
	NOT-FOR-US: Fortinet FortiSIEM
CVE-2018-13377
	RESERVED
CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 t ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13375 (An Improper Neutralization of Script-Related HTML Tags in Fortinet For ...)
	NOT-FOR-US: FortiAnalyzer and FortiManager
CVE-2018-13374 (A Improper Access Control in Fortinet FortiOS allows attacker to obtai ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13373
	RESERVED
CVE-2018-13372
	RESERVED
CVE-2018-13371 (An external control of system vulnerability in FortiOS may allow an au ...)
	NOT-FOR-US: Fortiguard
CVE-2018-13370
	RESERVED
CVE-2018-13369
	RESERVED
CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and belo ...)
	NOT-FOR-US: FortiOS
CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13365 (An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-13364
	RESERVED
CVE-2018-13363
	RESERVED
CVE-2018-13362
	RESERVED
CVE-2018-13361 (User enumeration in usertable.php in TerraMaster TOS version 3.1.03 al ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13360 (Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03  ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13359 (Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13358 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13357 (Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13356 (Incorrect access control on ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13355 (Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13354 (System command injection in logtable.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13353 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13352 (Session Exposure in the web application for TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13351 (Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13350 (SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13349 (Cross-site scripting in the web application taskbar in TerraMaster TOS ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13345
	RESERVED
CVE-2018-13344
	RESERVED
CVE-2018-13343
	RESERVED
CVE-2018-13342 (The server API in the Anda app relies on hardcoded credentials. ...)
	NOT-FOR-US: Anda app
CVE-2018-13341 (Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all vers ...)
	NOT-FOR-US: Creston
CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request. ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode  ...)
	NOT-FOR-US: Imperavi Redactor
CVE-2018-13338 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13337 (Session Fixation in the web application for TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13336 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13335 (Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13334 (Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 a ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13333 (Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13332 (Directory Traversal in the explorer application in TerraMaster TOS ver ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13331 (Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.0 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13330 (System command injection in ajaxdata.php in TerraMaster TOS version 3. ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13329 (Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart contract imp ...)
	NOT-FOR-US: smart contract
CVE-2018-13327 (The transfer and transferFrom functions of a smart contract implementa ...)
	NOT-FOR-US: smart contract
CVE-2018-13326 (The transfer and transferFrom functions of a smart contract implementa ...)
	NOT-FOR-US: smart contract
CVE-2018-13325 (The _sell function of a smart contract implementation for GROWCHAIN (G ...)
	NOT-FOR-US: smart contract
CVE-2018-13324 (Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61 ...)
	NOT-FOR-US: Buffalo
CVE-2018-13323 (Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.6 ...)
	NOT-FOR-US: Buffalo
CVE-2018-13322 (Directory traversal in list_folders method in Buffalo TS5600D1206 vers ...)
	NOT-FOR-US: Buffalo
CVE-2018-13321 (Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.6 ...)
	NOT-FOR-US: Buffalo
CVE-2018-13320 (System Command Injection in network.set_auth_settings in Buffalo TS560 ...)
	NOT-FOR-US: Buffalo
CVE-2018-13319 (Incorrect access control in get_portal_info in Buffalo TS5600D1206 ver ...)
	NOT-FOR-US: Buffalo
CVE-2018-13318 (System command injection in User.create method in Buffalo TS5600D1206  ...)
	NOT-FOR-US: Buffalo
CVE-2018-13317 (Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8  ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13316 (System command injection in formAliasIp in TOTOLINK A3002RU version 1. ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002RU vers ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU version 1. ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13313 (In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the  ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13311 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13310 (Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13309 (Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13308 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13307 (System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8  ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13306 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
	NOT-FOR-US: TOTOLINK
CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of the mqu ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4#commitcomment-30094223
CVE-2018-13304 (In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency ...)
	- ffmpeg 7:4.0.2-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/bd27a9364ca274ca97f1df6d984e88a0700fb235
CVE-2018-13303 (In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bit ...)
	- ffmpeg 7:4.0.2-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/00e8181bd97c834fe60751b0c511d4bb97875f78
CVE-2018-13302 (In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRA ...)
	{DSA-4249-1}
	- ffmpeg 7:3.4.3-1
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
	NOTE: Fixed in 3.2.11
CVE-2018-13301 (In FFmpeg 4.0.1, due to a missing check of a profile value before sett ...)
	- ffmpeg 7:4.0.2-1 (low)
	[stretch] - ffmpeg <not-affected> (3.2.x not affected)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code path not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b
	NOTE: It looks like Jessie is not affected but we need the reproducer to confirm this assumption.
CVE-2018-13300 (In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) pass ...)
	{DSA-4249-1}
	- ffmpeg 7:3.4.3-1
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
	NOTE: Fixed in 3.2.11
CVE-2018-13299 (Relative path traversal vulnerability in Attachment Uploader in Synolo ...)
	NOT-FOR-US: Synology
CVE-2018-13298 (Channel accessible by non-endpoint vulnerability in privacy page in Sy ...)
	NOT-FOR-US: Synology
CVE-2018-13297 (Information exposure vulnerability in SYNO.SynologyDrive.Files in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-13296 (Uncontrolled resource consumption vulnerability in TLS configuration i ...)
	NOT-FOR-US: Synology
CVE-2018-13295 (Information exposure vulnerability in SYNO.Personal.Application.Info i ...)
	NOT-FOR-US: Synology
CVE-2018-13294 (Information exposure vulnerability in SYNO.Personal.Profile in Synolog ...)
	NOT-FOR-US: Synology
CVE-2018-13293 (Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings ...)
	NOT-FOR-US: Synology
CVE-2018-13292 (Information exposure vulnerability in /usr/syno/etc/mount.conf in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-13291 (Information exposure vulnerability in /usr/syno/etc/mount.conf in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-13290 (Information exposure vulnerability in SYNO.Core.ACL in Synology Router ...)
	NOT-FOR-US: Synology
CVE-2018-13289 (Information exposure vulnerability in SYNO.FolderSharing.List in Synol ...)
	NOT-FOR-US: Synology
CVE-2018-13288 (Information exposure vulnerability in SYNO.FolderSharing.List in Synol ...)
	NOT-FOR-US: Synology
CVE-2018-13287 (Incorrect default permissions vulnerability in synouser.conf in Synolo ...)
	NOT-FOR-US: Synology
CVE-2018-13286 (Incorrect default permissions vulnerability in synouser.conf in Synolo ...)
	NOT-FOR-US: Synology
CVE-2018-13285 (Command injection vulnerability in ftpd in Synology Router Manager (SR ...)
	NOT-FOR-US: Synology
CVE-2018-13284 (Command injection vulnerability in ftpd in Synology Diskstation Manage ...)
	NOT-FOR-US: Synology
CVE-2018-13283 (Lack of administrator control over security vulnerability in client.cg ...)
	NOT-FOR-US: Synology
CVE-2018-13282 (Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology P ...)
	NOT-FOR-US: Synology Photo Station
CVE-2018-13281 (Information exposure vulnerability in SYNO.Core.ACL in Synology DiskSt ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2018-13280 (Use of insufficiently random values vulnerability in SYNO.Encryption.G ...)
	NOT-FOR-US: Synology
CVE-2018-13279
	RESERVED
CVE-2018-13278
	RESERVED
CVE-2018-13277
	REJECTED
CVE-2018-13276
	REJECTED
CVE-2018-13275
	REJECTED
CVE-2018-13274
	REJECTED
CVE-2018-13273
	REJECTED
CVE-2018-13272
	REJECTED
CVE-2018-13271
	REJECTED
CVE-2018-13270
	REJECTED
CVE-2018-13269
	REJECTED
CVE-2018-13268
	REJECTED
CVE-2018-13267
	REJECTED
CVE-2018-13266
	REJECTED
CVE-2018-13265
	REJECTED
CVE-2018-13264
	REJECTED
CVE-2018-13263
	REJECTED
CVE-2018-13262
	REJECTED
CVE-2018-13261
	REJECTED
CVE-2018-13260
	REJECTED
CVE-2018-13259 (An issue was discovered in zsh before 5.6. Shebang lines exceeding 64  ...)
	{DLA-2470-1}
	- zsh 5.6-1 (bug #908000)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://www.zsh.org/mla/zsh-announce/136
	NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
CVE-2018-13258 (Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided ta ...)
	- mediawiki <not-affected> (Affected upstream tarball was never used)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
	NOTE: https://phabricator.wikimedia.org/T199029
CVE-2018-13257 (The bb-auth-provider-cas authentication module within Blackboard Learn ...)
	NOT-FOR-US: Blackboard Learn
CVE-2018-13256 (PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or fir ...)
	NOT-FOR-US: PHP Scripts Mall Auditor Website
CVE-2018-13255
	RESERVED
CVE-2018-13254
	RESERVED
CVE-2018-13253
	RESERVED
CVE-2018-13252 (Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain  ...)
	NOT-FOR-US: Entrust Datacard Syntera CS
CVE-2018-13251 (In libming 0.4.8, there is an excessive memory allocation attempt in t ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/149
CVE-2018-13250 (libming 0.4.8 has a NULL pointer dereference in the getString function ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/147
CVE-2018-13249
	RESERVED
CVE-2018-13248
	RESERVED
CVE-2018-13247
	RESERVED
CVE-2018-13246
	RESERVED
CVE-2018-13245
	RESERVED
CVE-2018-13244
	RESERVED
CVE-2018-13243
	RESERVED
CVE-2018-13242
	RESERVED
CVE-2018-13241
	RESERVED
CVE-2018-13240
	RESERVED
CVE-2018-13239
	RESERVED
CVE-2018-13238
	RESERVED
CVE-2018-13237
	RESERVED
CVE-2018-13236
	RESERVED
CVE-2018-13235
	RESERVED
CVE-2018-13234
	RESERVED
CVE-2018-13233 (The sell function of a smart contract implementation for GSI, an Ether ...)
	NOT-FOR-US: smart contract implementation for GSI
CVE-2018-13232 (The sell function of a smart contract implementation for ENTER (ENTR)  ...)
	NOT-FOR-US: smart contract implementation for ENTER (ENTR)
CVE-2018-13231 (The sell function of a smart contract implementation for ENTER (ENTR)  ...)
	NOT-FOR-US: smart contract implementation for ENTER (ENTR)
CVE-2018-13230 (The sell function of a smart contract implementation for DestiNeed (DS ...)
	NOT-FOR-US: smart contract implementation for DestiNeed (DSN)
CVE-2018-13229 (The sell function of a smart contract implementation for RiptideCoin ( ...)
	NOT-FOR-US: smart contract implementation for RiptideCoin (RIPT)
CVE-2018-13228 (The sell function of a smart contract implementation for Crowdnext (CN ...)
	NOT-FOR-US: smart contract implementation for Crowdnext (CNX)
CVE-2018-13227 (The sell function of a smart contract implementation for MoneyChainNet ...)
	NOT-FOR-US: smart contract implementation for MoneyChainNet (MCN)
CVE-2018-13226 (The sell function of a smart contract implementation for YLCToken, an  ...)
	NOT-FOR-US: smart contract implementation for YLCToken
CVE-2018-13225 (The sell function of a smart contract implementation for MyYLC, an Eth ...)
	NOT-FOR-US: smart contract implementation for MyYLC
CVE-2018-13224 (The sell function of a smart contract implementation for Virtual Energ ...)
	NOT-FOR-US: smart contract implementation for Virtual Energy Units (VEU)
CVE-2018-13223 (The sell function of a smart contract implementation for R Time Token  ...)
	NOT-FOR-US: smart contract implementation for R Time Token v3 (RS)
CVE-2018-13222 (The sell function of a smart contract implementation for ObjectToken ( ...)
	NOT-FOR-US: smart contract implementation for ObjectToken (OBJ)
CVE-2018-13221 (The sell function of a smart contract implementation for Extreme Coin  ...)
	NOT-FOR-US: smart contract implementation for Extreme Coin (XT)
CVE-2018-13220 (The sell function of a smart contract implementation for MAVCash, an E ...)
	NOT-FOR-US: smart contract implementation for MAVCash
CVE-2018-13219 (The sell function of a smart contract implementation for YourCoin (ICO ...)
	NOT-FOR-US: smart contract implementation for YourCoin (ICO)
CVE-2018-13218 (The sell function of a smart contract implementation for ICO Dollar (I ...)
	NOT-FOR-US: smart contract implementation for ICO Dollar (ICOD)
CVE-2018-13217 (The sell function of a smart contract implementation for CoinToken, an ...)
	NOT-FOR-US: smart contract implementation for CoinToken
CVE-2018-13216 (The sell function of a smart contract implementation for GreenMed (GRM ...)
	NOT-FOR-US: smart contract implementation for GreenMed (GRMD)
CVE-2018-13215 (The sell function of a smart contract implementation for Sample Token  ...)
	NOT-FOR-US: smart contract implementation for Sample Token (STK)
CVE-2018-13214 (The sell function of a smart contract implementation for GMile, an Eth ...)
	NOT-FOR-US: smart contract implementation for GMile
CVE-2018-13213 (The sell function of a smart contract implementation for TravelCoin (T ...)
	NOT-FOR-US: smart contract implementation for TravelCoin
CVE-2018-13212 (The sell function of a smart contract implementation for EthereumLegit ...)
	NOT-FOR-US: smart contract implementation for EthereumLegit
CVE-2018-13211 (The sell function of a smart contract implementation for MyToken, an E ...)
	NOT-FOR-US: smart contract implementation for MyToken
CVE-2018-13210 (The sell function of a smart contract implementation for Providence Cr ...)
	NOT-FOR-US: smart contract implementation for Providence Crypto Casion (PVE)
CVE-2018-13209 (The sell function of a smart contract implementation for Nectar (NCTR) ...)
	NOT-FOR-US: smart contract implementation for Nectar (NCTR)
CVE-2018-13208 (The sell function of a smart contract implementation for MoneyTree (TR ...)
	NOT-FOR-US: smart contract implementation for MoneyTree (TREE)
CVE-2018-13207 (The sell function of a smart contract implementation for PornCoin (PRN ...)
	NOT-FOR-US: smart contract implementation for PornCoin
CVE-2018-13206 (The sell function of a smart contract implementation for ProvidenceCas ...)
	NOT-FOR-US: smart contract implementation for ProvidenceCasino (PVE)
CVE-2018-13205 (The sell function of a smart contract implementation for ohni_2 (OHNI) ...)
	NOT-FOR-US: smart contract implementation for ohni_2 (OHNI)
CVE-2018-13204 (The sell function of a smart contract implementation for ETHERCASH (ET ...)
	NOT-FOR-US: smart contract implementation for ETHERCASH
CVE-2018-13203 (The sellBuyerTokens function of a smart contract implementation for Sw ...)
	NOT-FOR-US: smart contract implementation for SwapToken
CVE-2018-13202 (The sell function of a smart contract implementation for MyBO, an Ethe ...)
	NOT-FOR-US: smart contract implementation for MyBO
CVE-2018-13201 (The sell function of a smart contract implementation for TiTok - Ticke ...)
	NOT-FOR-US: smart contract implementation for TiTok - Ticket Token
CVE-2018-13200 (The sell function of a smart contract implementation for DateMe (DMX)  ...)
	NOT-FOR-US: smart contract implementation for DateMe (DMX)
CVE-2018-13199 (The sell function of a smart contract implementation for ETHEREUMBLACK ...)
	NOT-FOR-US: smart contract implementation for ETHEREUMBLACK
CVE-2018-13198 (The sell function of a smart contract implementation for STeX Exchange ...)
	NOT-FOR-US: smart contract implementation for STeX Exchange ICO (STE)
CVE-2018-13197 (The sell function of a smart contract implementation for Welfare Token ...)
	NOT-FOR-US: smart contract implementation for Welfare Token Fund (WTF)
CVE-2018-13196 (The sell function of a smart contract implementation for T-Swap-Token  ...)
	NOT-FOR-US: smart contract implementation for T-Swap-Token
CVE-2018-13195 (The mintToken function of a smart contract implementation for Cranoo ( ...)
	NOT-FOR-US: smart contract implementation for Cranoo
CVE-2018-13194 (The mintToken function of a smart contract implementation for TongTong ...)
	NOT-FOR-US: smart contract implementation for TongTong Coin
CVE-2018-13193 (The mintToken function of a smart contract implementation for hentaiso ...)
	NOT-FOR-US: smart contract implementation for hentaisolo
CVE-2018-13192 (The mintToken function of a smart contract implementation for Jobscoin ...)
	NOT-FOR-US: smart contract implementation for Jobscoin
CVE-2018-13191 (The mintToken function of a smart contract implementation for Super Ca ...)
	NOT-FOR-US: smart contract implementation for Super Carbon Coin
CVE-2018-13190 (The mintToken function of a smart contract implementation for DVChain, ...)
	NOT-FOR-US: smart contract implementation for DVChain
CVE-2018-13189 (The mint function of a smart contract implementation for Unolabo (UNLB ...)
	NOT-FOR-US: smart contract implementation for Unolabo
CVE-2018-13188 (The mintToken function of a smart contract implementation for MyBO, an ...)
	NOT-FOR-US: smart contract implementation for MyBO
CVE-2018-13187 (The mintToken function of a smart contract implementation for CIBN Liv ...)
	NOT-FOR-US: smart contract implementation for CIBN Live Token
CVE-2018-13186 (The mintToken function of a smart contract implementation for MMTCoin  ...)
	NOT-FOR-US: smart contract implementation for MMTCoin
CVE-2018-13185 (The mintToken function of a smart contract implementation for appcoins ...)
	NOT-FOR-US: smart contract implementation for appcoins
CVE-2018-13184 (The mintToken function of a smart contract implementation for TravelZe ...)
	NOT-FOR-US: smart contract implementation for TravelZedi Token
CVE-2018-13183 (The mintToken function of a smart contract implementation for JWC, an  ...)
	NOT-FOR-US: smart contract implementation for JWC
CVE-2018-13182 (The mintToken function of a smart contract implementation for loncoin  ...)
	NOT-FOR-US: smart contract implementation for loncoin
CVE-2018-13181 (The mintToken function of a smart contract implementation for Troo, an ...)
	NOT-FOR-US: smart contract implementation for Troo
CVE-2018-13180 (The mintToken function of a smart contract implementation for IMM Coin ...)
	NOT-FOR-US: smart contract implementation for IMM Coin
CVE-2018-13179 (The mintToken function of a smart contract implementation for Air-Cont ...)
	NOT-FOR-US: smart contract implementation for Air-Contact Token
CVE-2018-13178 (The mintToken function of a smart contract implementation for ECToints ...)
	NOT-FOR-US: smart contract implementation for ECToints
CVE-2018-13177 (The mintToken function of a smart contract implementation for MiningRi ...)
	NOT-FOR-US: smart contract implementation for MiningRigRentals Token
CVE-2018-13176 (The mintToken function of a smart contract implementation for Trust Ze ...)
	NOT-FOR-US: smart contract implementation for Trust Zen Token
CVE-2018-13175 (The mintToken function of a smart contract implementation for AIChain, ...)
	NOT-FOR-US: smart contract implementation for AIChain
CVE-2018-13174 (The mintToken function of a smart contract implementation for CryptoAB ...)
	NOT-FOR-US: smart contract implementation for CryptoABS
CVE-2018-13173 (The mintToken function of a smart contract implementation for EliteShi ...)
	NOT-FOR-US: smart contract implementation for EliteShipperToken
CVE-2018-13172 (The mintToken function of a smart contract implementation for bzxcoin  ...)
	NOT-FOR-US: smart contract implementation for bzxcoin
CVE-2018-13171 (The mintToken function of a smart contract implementation for LadaToke ...)
	NOT-FOR-US: smart contract implementation for LadaToken
CVE-2018-13170 (The mintToken function of a smart contract implementation for Snoqualm ...)
	NOT-FOR-US: smart contract implementation for Snoqualmie Coin
CVE-2018-13169 (The mintToken function of a smart contract implementation for Ethereum ...)
	NOT-FOR-US: smart contract implementation for Ethereum Cash Pro
CVE-2018-13168 (The mintToken function of a smart contract implementation for Yu Gi Oh ...)
	NOT-FOR-US: smart contract implementation for Yu Gi Oh
CVE-2018-13167 (The mintToken function of a smart contract implementation for Yu Gi Oh ...)
	NOT-FOR-US: smart contract implementation for Yu Gi Oh
CVE-2018-13166 (The mintToken function of a smart contract implementation for AthletiC ...)
	NOT-FOR-US: smart contract implementation for AthletiCoin
CVE-2018-13165 (The mintToken function of a smart contract implementation for JustDCoi ...)
	NOT-FOR-US: smart contract implementation for JustDCoin
CVE-2018-13164 (The mintToken function of a smart contract implementation for EPPCOIN  ...)
	NOT-FOR-US: smart contract implementation for EPPCOIN
CVE-2018-13163 (The mintToken function of a smart contract implementation for Ethernet ...)
	NOT-FOR-US: smart contract implementation for Ethernet Cash
CVE-2018-13162 (The mintToken function of a smart contract implementation for ALEX, an ...)
	NOT-FOR-US: smart contract implementation for ALEX
CVE-2018-13161 (The mintToken function of a smart contract implementation for MultiGam ...)
	NOT-FOR-US: smart contract implementation for MultiGames
CVE-2018-13160 (The mintToken function of a smart contract implementation for etktoken ...)
	NOT-FOR-US: smart contract implementation for etktokens
CVE-2018-13159 (The mintToken function of a smart contract implementation for bankcoin ...)
	NOT-FOR-US: smart contract implementation for bankcoin
CVE-2018-13158 (The mintToken function of a smart contract implementation for AssetTok ...)
	NOT-FOR-US: smart contract implementation for AssetToken
CVE-2018-13157 (The mintToken function of a smart contract implementation for Cryptoni ...)
	NOT-FOR-US: smart contract implementation for CryptonitexCoin
CVE-2018-13156 (The mintToken function of a smart contract implementation for bonusTok ...)
	NOT-FOR-US: smart contract implementation for bonusToken
CVE-2018-13155 (The mintToken function of a smart contract implementation for GEMCHAIN ...)
	NOT-FOR-US: smart contract implementation for GEMCHAIN
CVE-2018-13154
	RESERVED
CVE-2018-13153 (In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand f ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1195
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ab4849d667e26df0e63ece9d63ae23bc7ab0fa1
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6ce6d25b47caf9b6b2979a510b6202ce0f3dd2d4
CVE-2018-13152
	RESERVED
CVE-2018-13151
	RESERVED
CVE-2018-13150
	RESERVED
CVE-2018-13149
	RESERVED
CVE-2018-13148
	RESERVED
CVE-2018-13147
	RESERVED
CVE-2018-13146 (The mintToken, buy, and sell functions of a smart contract implementat ...)
	NOT-FOR-US: smart contract
CVE-2018-13145 (The mintToken function of a smart contract implementation for JavaSwap ...)
	NOT-FOR-US: smart contract
CVE-2018-13144 (The transfer and transferFrom functions of a smart contract implementa ...)
	NOT-FOR-US: smart contract
CVE-2018-13143
	RESERVED
CVE-2018-13142
	RESERVED
CVE-2018-13141
	RESERVED
CVE-2018-13140 (Druide Antidote through 9.5.1 on Windows and Linux allows remote code  ...)
	NOT-FOR-US: Druide Antidote
CVE-2018-13139 (A stack-based buffer overflow in psf_memset in common.c in libsndfile  ...)
	{DLA-1618-1}
	- libsndfile 1.0.28-5 (unimportant)
	NOTE: https://github.com/erikd/libsndfile/issues/397
	NOTE: https://github.com/erikd/libsndfile/commit/aaea680337267bfb6d2544da878890ee7f1c5077
	NOTE: Missing channel number check in sndfile-deinterleave program, not a
	NOTE: security issue in the library.
CVE-2018-13138
	RESERVED
CVE-2018-13137 (The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_eve ...)
	NOT-FOR-US: Events Manager plugin for WordPress
CVE-2018-13136 (The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for Word ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-13135
	RESERVED
CVE-2018-13134 (TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have X ...)
	NOT-FOR-US: TP-Link
CVE-2018-13133 (Golden Frog VyprVPN before 2018-06-21 has a vulnerability associated w ...)
	NOT-FOR-US: Golden Frog VyprVPN
CVE-2018-13132 (Spadeico is a smart contract running on Ethereum. The mint function ha ...)
	NOT-FOR-US: Spadeico
CVE-2018-13131 (SpadePreSale is a smart contract running on Ethereum. The mint functio ...)
	NOT-FOR-US: SpadePreSale
CVE-2018-13130 (Bitotal (TFUND) is a smart contract running on Ethereum. The mintToken ...)
	NOT-FOR-US: Bitotal (TFUND)
CVE-2018-13129 (SP8DE Token (SPX) is a smart contract running on Ethereum. The mint fu ...)
	NOT-FOR-US: SP8DE Token (SPX)
CVE-2018-13128 (Etherty Token (ETY) is a smart contract running on Ethereum. The mint  ...)
	NOT-FOR-US: Etherty Token (ETY)
CVE-2018-13127 (SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. Th ...)
	NOT-FOR-US: SP8DE PreSale Token (DSPX)
CVE-2018-13126 (MoxyOnePresale is a smart contract running on Ethereum. The mint funct ...)
	NOT-FOR-US: MoxyOnePresale
CVE-2018-13125
	RESERVED
CVE-2018-13124
	RESERVED
CVE-2018-13123 (onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-13122 (onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-13121 (RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a ...)
	NOT-FOR-US: RealOne Player
CVE-2018-13120
	RESERVED
CVE-2018-13119
	RESERVED
CVE-2018-13118
	RESERVED
CVE-2018-13117
	RESERVED
CVE-2018-13116 (/user/del.php in zzcms 8.3 allows SQL injection via the tablename para ...)
	NOT-FOR-US: zzcms
CVE-2018-13115 (Lack of an authentication mechanism in KERUI Wifi Endoscope Camera (YP ...)
	NOT-FOR-US: KERUI Wifi Endoscope Camera
CVE-2018-13114 (Missing authentication and improper input validation in KERUI Wifi End ...)
	NOT-FOR-US: KERUI Wifi Endoscope Camera
CVE-2018-13113 (The transfer and transferFrom functions of a smart contract implementa ...)
	NOT-FOR-US: smart contract implementation for Easy Trading Token and Ethereum token
CVE-2018-13112 (get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attac ...)
	- tcpreplay 4.3.1-1 (low; bug #902952)
	[stretch] - tcpreplay <no-dsa> (Minor issue)
	[jessie] - tcpreplay <no-dsa> (Minor issue)
	NOTE: https://github.com/appneta/tcpreplay/issues/477
	NOTE: https://github.com/appneta/tcpreplay/issues/408
	NOTE: https://github.com/appneta/tcpreplay/commit/0253c4707446b9500804101122a72dde2763ed8f
CVE-2018-13111 (There exists a partial Denial of Service vulnerability in Wanscam HW00 ...)
	NOT-FOR-US: Wanscam
CVE-2018-13110 (All ADB broadband gateways / routers based on the Epicentro platform a ...)
	NOT-FOR-US: ADB broadband gateways / routers
CVE-2018-13109 (All ADB broadband gateways / routers based on the Epicentro platform a ...)
	NOT-FOR-US: ADB broadband gateways / routers
CVE-2018-13108 (All ADB broadband gateways / routers based on the Epicentro platform a ...)
	NOT-FOR-US: ADB broadband gateways / routers
CVE-2018-13107
	RESERVED
CVE-2018-13106 (ClipperCMS 1.3.3 has stored XSS via the "Tools -&gt; Configuration" sc ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-13105
	RESERVED
CVE-2018-13104 (OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 ( ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2018-13103 (OX App Suite 7.8.4 and earlier allows SSRF. ...)
	NOT-FOR-US: Open-Xchange App Suite
CVE-2018-13102 (AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preload ...)
	NOT-FOR-US: AnyDesk
CVE-2018-13101 (KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from  ...)
	NOT-FOR-US: RedSwimmer KioskSimple
CVE-2018-13100 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
	{DLA-1715-1}
	- linux 4.18.10-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200183
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d
CVE-2018-13099 (An issue was discovered in fs/f2fs/inline.c in the Linux kernel throug ...)
	{DSA-4308-1 DLA-1531-1}
	- linux 4.18.10-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200179
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a
	NOTE: https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/
CVE-2018-13098 (An issue was discovered in fs/f2fs/inode.c in the Linux kernel through ...)
	- linux 4.18.10-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200173
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad
CVE-2018-13097 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200171
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=78bbd741456e31e0acb983283a8d3993ba859c15
CVE-2018-13096 (An issue was discovered in fs/f2fs/super.c in the Linux kernel through ...)
	{DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200167
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34
CVE-2018-13095 (An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux  ...)
	- linux 4.18.6-1
	[jessie] - linux <ignored> (Too risky to backport)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199915
	NOTE: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=23fcb3340d033d9f081e21e6c12c2db7eaa541d3
CVE-2018-13094 (An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux  ...)
	{DLA-2114-1 DLA-1529-1}
	- linux 4.17.14-1
	[stretch] - linux 4.9.210-1
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199969
	NOTE: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a
CVE-2018-13093 (An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel thr ...)
	{DLA-2114-1 DLA-1529-1}
	- linux 4.17.14-1
	[stretch] - linux 4.9.210-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199367
	NOTE: https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff
CVE-2018-13092 (The mintToken function of a smart contract implementation for Reimburs ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13091 (The mintToken function of a smart contract implementation for sumocoin ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13090 (The mintToken function of a smart contract implementation for YiTongCo ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13089 (The mintToken function of a smart contract implementation for Universa ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13088 (The mintToken function of a smart contract implementation for Futures  ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13087 (The mintToken function of a smart contract implementation for Coinstar ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13086 (The mintToken function of a smart contract implementation for IADOWR C ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13085 (The mintToken function of a smart contract implementation for FreeCoin ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13084 (The mintToken function of a smart contract implementation for Good Tim ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13083 (The mintToken function of a smart contract implementation for Plaza To ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13082 (The mintToken function of a smart contract implementation for MODI Tok ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13081 (The mintToken function of a smart contract implementation for GZS Toke ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13080 (The mintToken function of a smart contract implementation for Goutex ( ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13079 (The mintToken function of a smart contract implementation for GoodTo ( ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13078 (The mintToken function of a smart contract implementation for Jitech ( ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13077 (The mintToken function of a smart contract implementation for CTB, an  ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13076 (The mintToken function of a smart contract implementation for Betcash  ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13075 (The mintToken function of a smart contract implementation for Carbon E ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13074 (The mintToken function of a smart contract implementation for FIBToken ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13073 (The mintToken function of a smart contract implementation for ETHEREUM ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13072 (The mintToken function of a smart contract implementation for Coffeeco ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13071 (The mintToken function of a smart contract implementation for CCindex1 ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13070 (The mintToken function of a smart contract implementation for Encrypte ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13069 (The mintToken function of a smart contract implementation for DYchain  ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13068 (The mintToken function of a smart contract implementation for AzurionT ...)
	NOT-FOR-US: smart contract implementation
CVE-2018-13067 (/upload/catalog/controller/account/password.php in OpenCart through 3. ...)
	NOT-FOR-US: OpenCart
CVE-2018-13066 (There is a memory leak in util/parser.c in libming 0.4.8, which will l ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/146
CVE-2018-13065 (** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of a ...)
	NOT-FOR-US: Bogus claim for ModSecurity, to be revoked
CVE-2018-13064
	RESERVED
CVE-2018-13063 (Easy!Appointments 1.3.0 has a Missing Authorization issue allowing ret ...)
	NOT-FOR-US: Easy!Appointments
CVE-2018-13062
	RESERVED
CVE-2018-13061
	RESERVED
CVE-2018-13060 (Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. ...)
	NOT-FOR-US: Easy!Appointments
CVE-2018-13059
	RESERVED
CVE-2018-13058
	RESERVED
CVE-2018-13057
	RESERVED
CVE-2018-13056 (An issue was discovered on zzcms 8.3. There is a vulnerability at /use ...)
	NOT-FOR-US: zzcms
CVE-2018-13055 (A cross-site scripting (XSS) vulnerability in the View Filters page (v ...)
	- mantis <removed>
	NOTE: http://github.com/mantisbt/mantisbt/commit/4efac90ed89a5c009108b641e2e95683791a165a
	NOTE: https://mantisbt.org/blog/archives/mantisbt/602
	NOTE: https://mantisbt.org/bugs/view.php?id=24580
CVE-2018-13053 (The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Lin ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.135-1
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200303
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef
CVE-2018-13052 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privileg ...)
	NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2018-13051
	RESERVED
CVE-2018-13050 (A SQL Injection vulnerability exists in Zoho ManageEngine Applications ...)
	NOT-FOR-US: Zoho
CVE-2018-13048
	RESERVED
CVE-2018-13047
	RESERVED
CVE-2018-13046
	RESERVED
CVE-2018-13045 (SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheq ...)
	NOT-FOR-US: Yeswiki
CVE-2018-13054 (An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon- ...)
	{DLA-1420-1}
	- cinnamon 3.8.8-1 (bug #903201)
	[stretch] - cinnamon <no-dsa> (Minor issue)
	NOTE: https://github.com/linuxmint/Cinnamon/pull/7683
	NOTE: https://github.com/linuxmint/Cinnamon/commit/66e54f43f179fdf041a3e5232178a9910963cfb5 (3.8.7)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1083067
CVE-2018-13049 (The constructSQL function in inc/search.class.php in GLPI 9.2.x throug ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/issues/4270
	NOTE: https://github.com/trasher/glpi/commit/5c58d4c57be7b1e0c1de925b97f22d4468291d41
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-13044
	RESERVED
CVE-2018-13042 (The 1Password application 6.8 for Android is affected by a Denial Of S ...)
	NOT-FOR-US: 1Password
CVE-2018-13041 (The mint function of a smart contract implementation for Link Platform ...)
	NOT-FOR-US: Link Platform
CVE-2018-13040 (OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can a ...)
	NOT-FOR-US: OpenSID
CVE-2018-13039 (OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the c ...)
	NOT-FOR-US: OpenSID
CVE-2018-13038 (OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via  ...)
	NOT-FOR-US: OpenSID
CVE-2018-13037 (An issue was discovered in jpeg-compressor 0.1. The bmp_load function  ...)
	NOT-FOR-US: jpeg-compressor
CVE-2018-13036
	RESERVED
CVE-2018-13035
	RESERVED
CVE-2018-13034 (Directory traversal in Jester web framework 0.2.0 allows remote attack ...)
	NOT-FOR-US: Jester web framework
CVE-2018-13033 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed  ...)
	- binutils 2.30.90.20180627-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23361
	NOTE: binutils not covered by security support
CVE-2018-13032 (ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser a ...)
	NOT-FOR-US: ECESSA ShieldLink
CVE-2018-13031 (DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an admi ...)
	NOT-FOR-US: DamiCMS
CVE-2018-13030 (An issue was discovered in jpeg-compressor 0.1. The build_huffman func ...)
	NOT-FOR-US: jpeg-compressor
CVE-2018-13029
	RESERVED
CVE-2018-13028
	RESERVED
CVE-2018-13027
	RESERVED
CVE-2018-13026 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13025 (protected/apps/admin/controller/photoController.php in YXcms 1.4.7 all ...)
	NOT-FOR-US: YXcms
CVE-2018-13024 (Metinfo v6.0.0 allows remote attackers to write code into a .php file, ...)
	NOT-FOR-US: Metinfo
CVE-2018-13023 (System command injection vulnerability in wifi_access in Xiaomi Mi Rou ...)
	NOT-FOR-US: Xiaomi Mi Router
CVE-2018-13022 (Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Ro ...)
	NOT-FOR-US: Xiaomi Mi Router
CVE-2018-13021 (An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script ...)
	NOT-FOR-US: HongCMS
CVE-2018-13020
	RESERVED
CVE-2018-13019
	RESERVED
CVE-2018-13018
	RESERVED
CVE-2018-13017
	RESERVED
CVE-2018-13016
	RESERVED
CVE-2018-13015
	RESERVED
CVE-2018-13014 (Storing password in recoverable format in safensec.com (SysWatch servi ...)
	NOT-FOR-US: SysWatch
CVE-2018-13013 (Improper check of unusual conditions when launching msiexec.exe in saf ...)
	NOT-FOR-US: SysWatch
CVE-2018-13012 (Download of code with improper integrity check in snsupd.exe and upd.e ...)
	NOT-FOR-US: SysWatch
CVE-2018-13011 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13010 (WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&amp;c=Users&a ...)
	NOT-FOR-US: WSTMall
CVE-2018-13009 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13008 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13007 (An issue was discovered in gpmf-parser 1.1.2. There is a heap-based bu ...)
	NOT-FOR-US: gpmf-parser
CVE-2018-13006 (An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based ...)
	{DLA-1432-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #902782)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
CVE-2018-13005 (An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read ...)
	{DLA-1432-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #902782)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	NOTE: https://github.com/gpac/gpac/issues/1088
	NOTE: https://github.com/gpac/gpac/commit/bceb03fd2be95097a7b409ea59914f332fb6bc86
CVE-2018-13004
	RESERVED
CVE-2018-13003 (An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ' ...)
	NOT-FOR-US: OpenTSDB
CVE-2018-13002 (An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core ...)
	NOT-FOR-US: Weblication CMS
CVE-2018-13001 (An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerabil ...)
	NOT-FOR-US: Sandoba CP:Shop
CVE-2018-13000 (An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2018-12999 (Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine  ...)
	NOT-FOR-US: Zoho
CVE-2018-12998 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEng ...)
	NOT-FOR-US: Zoho
CVE-2018-12997 (Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine ...)
	NOT-FOR-US: Zoho
CVE-2018-12996 (A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEng ...)
	NOT-FOR-US: Zoho
CVE-2018-12995 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-12994 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-12993 (onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers  ...)
	NOT-FOR-US: OneFileCMS
CVE-2018-12992 (An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in ...)
	NOT-FOR-US: CMS MaeloStore
CVE-2018-12991
	RESERVED
CVE-2018-12990 (phpwcms 1.8.9 allows remote attackers to discover the installation pat ...)
	NOT-FOR-US: phpwcms
CVE-2018-12989 (The report-viewing feature in Pearson VUE Certiport Console 8 and IQSy ...)
	NOT-FOR-US: Pearson VUE Certiport Console 8 and IQSystem 7
CVE-2018-12988 (GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an  ...)
	NOT-FOR-US: GreenCMS
CVE-2018-12987
	RESERVED
CVE-2018-12986
	RESERVED
CVE-2018-12985
	RESERVED
CVE-2018-12984 (Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credential ...)
	NOT-FOR-US: Hycus CMS
CVE-2018-12983 (A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryp ...)
	- libpodofo <unfixed> (low; bug #916580)
	[bullseye] - libpodofo <no-dsa> (Minor issue)
	[buster] - libpodofo <no-dsa> (Minor issue)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1595693
	NOTE: https://sourceforge.net/p/podofo/tickets/23
CVE-2018-12982 (Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function  ...)
	- libpodofo 0.9.6+dfsg-4 (low; bug #916581)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1595689
	NOTE: https://sourceforge.net/p/podofo/tickets/22
	NOTE: https://sourceforge.net/p/podofo/code/1948
CVE-2018-12981 (An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 de ...)
	NOT-FOR-US: WAGO e!DISPLAY devices
CVE-2018-12980 (An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 de ...)
	NOT-FOR-US: WAGO e!DISPLAY devices
CVE-2018-12979 (An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 de ...)
	NOT-FOR-US: WAGO e!DISPLAY devices
CVE-2018-12978
	RESERVED
CVE-2018-12977 (A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite  ...)
	NOT-FOR-US: SoftExpert (SE) Excellence Suite
CVE-2018-12976 (In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use spe ...)
	NOT-FOR-US: Go Doc Dot Org
CVE-2018-12975 (The random() function of the smart contract implementation for CryptoS ...)
	NOT-FOR-US: CryptoSaga
CVE-2018-12974
	RESERVED
CVE-2018-12973 (An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter ' ...)
	NOT-FOR-US: OpenTSDB
CVE-2018-12972 (An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q U ...)
	NOT-FOR-US: OpenTSDB
CVE-2018-12971 (EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to del ...)
	NOT-FOR-US: EasyCMS
CVE-2018-12970
	RESERVED
CVE-2018-12969
	RESERVED
CVE-2018-12968
	RESERVED
CVE-2018-12967
	RESERVED
CVE-2018-12966
	RESERVED
CVE-2018-12965
	RESERVED
CVE-2018-12964
	RESERVED
CVE-2018-12963
	RESERVED
CVE-2018-12962
	RESERVED
CVE-2018-12961
	RESERVED
CVE-2018-12960
	RESERVED
CVE-2018-12959 (The approveAndCall function of a smart contract implementation for Adi ...)
	NOT-FOR-US: smart contract implementation for Aditus (ADI)
CVE-2018-12958
	RESERVED
CVE-2018-12957
	RESERVED
CVE-2018-12956
	RESERVED
CVE-2018-12955
	RESERVED
CVE-2018-12954
	RESERVED
CVE-2018-12953
	RESERVED
CVE-2018-12952
	RESERVED
CVE-2018-12951
	RESERVED
CVE-2018-12950
	RESERVED
CVE-2018-12949
	RESERVED
CVE-2018-12948
	RESERVED
CVE-2018-12947
	RESERVED
CVE-2018-12946
	RESERVED
CVE-2018-12945
	RESERVED
CVE-2018-12944 (Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12943 (Cross-Site Scripting (XSS) vulnerability in every page that includes t ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12942 (SQL injection vulnerability in the "Users management" functionality in ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12941 (This vulnerability allows remote attackers to execute arbitrary code i ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12940 (Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in  ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12939 (A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) bef ...)
	NOT-FOR-US: SeedDMS
CVE-2018-12937
	RESERVED
CVE-2018-12938
	REJECTED
CVE-2018-12936
	RESERVED
CVE-2018-12935
	RESERVED
CVE-2018-12934 (remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU  ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23059
	NOTE: binutils not covered by security support
CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
	- wine 4.0~rc1-1 (low)
	[stretch] - wine <ignored> (Minor issue)
	[jessie] - wine <postponed> (Minor issue)
	- wine-development 3.8-1 (low)
	[stretch] - wine-development <ignored> (Minor issue)
	[jessie] - wine-development <no-dsa> (Minor issue)
	NOTE: https://bugs.winehq.org/show_bug.cgi?id=45106
	NOTE: https://bugs.winehq.org/attachment.cgi?id=61285
	NOTE: https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d
	NOTE: https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949
CVE-2018-12932 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
	- wine 4.0~rc1-1 (low)
	[stretch] - wine <ignored> (Minor issue)
	[jessie] - wine <postponed> (Minor issue)
	- wine-development 3.8-1 (low)
	[stretch] - wine-development <ignored> (Minor issue)
	[jessie] - wine-development <no-dsa> (Minor issue)
	NOTE: https://bugs.winehq.org/show_bug.cgi?id=45105
	NOTE: https://bugs.winehq.org/attachment.cgi?id=61284
	NOTE: https://source.winehq.org/git/wine.git/commit/8d2676fd14f130f9e8f06744743423168bf8d18d
	NOTE: https://source.winehq.org/git/wine.git/commit/b6da3547d8990c3c3affc3a5865aefd2a0946949
CVE-2018-12931 (ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4. ...)
	- linux 4.19.37-1
	[jessie] - linux <ignored> (ntfs is not supportable)
CVE-2018-12930 (ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Lin ...)
	- linux 4.19.37-1
	[jessie] - linux <ignored> (ntfs is not supportable)
CVE-2018-12929 (ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux k ...)
	- linux 4.19.37-1
	[jessie] - linux <ignored> (ntfs is not supportable)
CVE-2018-12928 (In the Linux kernel 4.15.0, a NULL pointer dereference was discovered  ...)
	- linux <unfixed> (low)
	[buster] - linux <ignored> (Minor issue)
	[stretch] - linux <ignored> (Minor issue)
	- linux-4.9 <removed>
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384
	NOTE: https://marc.info/?l=linux-fsdevel&m=152407263325766&w=2
CVE-2018-12927 (Northern Electric &amp; Power (NEP) inverter devices allow remote atta ...)
	NOT-FOR-US: Northern Electric
CVE-2018-12926 (Pharos Controls devices allow remote attackers to obtain potentially s ...)
	NOT-FOR-US: Pharos Controls
CVE-2018-12925 (Baseon Lantronix MSS devices do not require a password for TELNET acce ...)
	NOT-FOR-US: Baseon Lantronix
CVE-2018-12924 (Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices hav ...)
	NOT-FOR-US: Sollae
CVE-2018-12923 (BWS Systems HA-Bridge devices allow remote attackers to obtain potenti ...)
	NOT-FOR-US: BWS Systems
CVE-2018-12922 (Emerson Liebert IntelliSlot Web Card devices allow remote attackers to ...)
	NOT-FOR-US: Emerson Liebert
CVE-2018-12921 (Electro Industries GaugeTech Nexus devices allow remote attackers to o ...)
	NOT-FOR-US: Electro Industries GaugeTech
CVE-2018-12920 (Brickstream 2300 devices allow remote attackers to obtain potentially  ...)
	NOT-FOR-US: Brickstream
CVE-2018-12919 (In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allow ...)
	NOT-FOR-US: CraftedWeb
CVE-2018-12918 (In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault i ...)
	NOT-FOR-US: PBC
CVE-2018-12917 (In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer ov ...)
	NOT-FOR-US: PBC
CVE-2018-12916 (In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault i ...)
	NOT-FOR-US: PBC
CVE-2018-12915 (In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in  ...)
	NOT-FOR-US: PBC
CVE-2018-12914 (A remote code execution issue was discovered in PublicCMS V4.0.2018021 ...)
	NOT-FOR-US: PublicCMS
CVE-2018-12913 (In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop ...)
	NOT-FOR-US: Miniz
CVE-2018-12912 (An issue wan discovered in admin\controllers\database.php in HongCMS 3 ...)
	NOT-FOR-US: HongCMS
CVE-2018-12911 (WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bou ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: https://trac.webkit.org/changeset/233404/webkit
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-12910 (The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows ...)
	{DSA-4241-1 DLA-1416-1}
	- libsoup2.4 2.62.2-2
	NOTE: https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
CVE-2018-12909 (** DISPUTED ** Webgrind 1.5 relies on user input to display a file, wh ...)
	NOT-FOR-US: Webgrind
CVE-2018-12908 (Brynamics "Online Trade - Online trading and cryptocurrency investment ...)
	NOT-FOR-US: Brynamics
CVE-2018-12907 (In Rclone 1.42, use of "rclone sync" to migrate data between two Googl ...)
	NOT-FOR-US: Rclone
CVE-2018-12906
	RESERVED
CVE-2018-12905 (joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/inde ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-12904 (In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested v ...)
	- linux 4.16.16-1
	[stretch] - linux <not-affected> (Vulnerability introduced later)
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
	NOTE: https://git.kernel.org/linus/727ba748e110b4de50d142edca9d6a9b7e6111d8
CVE-2018-12903 (In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.60 ...)
	NOT-FOR-US: CyberArk Endpoint Privilege Manager
CVE-2018-12902 (In Easy Magazine through 2012-10-26, there is XSS in the search bar of ...)
	NOT-FOR-US: Easy Magazine
CVE-2018-12901 (A vulnerability in the conferencing component of Mitel ST 14.2, versio ...)
	NOT-FOR-US: Mitel
CVE-2018-12900 (Heap-based buffer overflow in the cpSeparateBufToContigBuf function in ...)
	{DSA-4670-1 DLA-2009-1}
	- tiff 4.0.10-4 (bug #902718)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2798
	NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/60
	NOTE: https://gitlab.com/libtiff/libtiff/commit/27124e9148b2056d0e0bf4033b4924d5d2a38d01
CVE-2018-12899
	RESERVED
CVE-2018-12898
	RESERVED
CVE-2018-12897 (SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overf ...)
	NOT-FOR-US: SolarWinds DameWare Mini Remote Control
CVE-2018-12896 (An issue was discovered in the Linux kernel through 4.17.3. An Integer ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.18.20-1
	[stretch] - linux 4.9.144-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200189
	NOTE: https://github.com/lcytxw/bug_repro/tree/master/bug_200189
	NOTE: https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76
CVE-2018-12895 (WordPress through 4.9.6 allows Author users to execute arbitrary code  ...)
	{DSA-4250-1 DLA-1452-1}
	- wordpress 4.9.7+dfsg1-1 (bug #902876)
	NOTE: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
	NOTE: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
CVE-2018-12894
	RESERVED
CVE-2018-12893 (An issue was discovered in Xen through 4.10.x. One of the fixes in XSA ...)
	{DSA-4236-1 DLA-1577-1}
	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
	NOTE: https://xenbits.xen.org/xsa/advisory-265.html
CVE-2018-12892 (An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass ...)
	{DSA-4236-1}
	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
	[jessie] - xen <not-affected> (Issue introduced in 4.7)
	NOTE: https://xenbits.xen.org/xsa/advisory-266.html
CVE-2018-12891 (An issue was discovered in Xen through 4.10.x. Certain PV MMU operatio ...)
	{DSA-4236-1 DLA-1577-1}
	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9
	NOTE: https://xenbits.xen.org/xsa/advisory-264.html
CVE-2018-12890
	RESERVED
CVE-2018-12889 (An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffe ...)
	NOT-FOR-US: CCN-lite
CVE-2018-12888
	RESERVED
CVE-2018-12887
	RESERVED
CVE-2018-12886 (stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu ...)
	- gcc-8 <unfixed>
	[bullseye] - gcc-8 <ignored> (Too intrusive to backport)
	[buster] - gcc-8 <ignored> (Too intrusive to backport)
	- gcc-7 <unfixed>
	[buster] - gcc-7 <ignored> (Too intrusive to backport)
	- gcc-6 <removed>
	[stretch] - gcc-6 <ignored> (Too intrusive to backport)
	- gcc-4.9 <removed>
	[jessie] - gcc-4.9 <ignored> (Too intrusive to backport)
	- gcc-4.8 <removed>
	[jessie] - gcc-4.8 <ignored> (Too intrusive to backport)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85434
	NOTE: https://gcc.gnu.org/git/?p=gcc.git&a=commit;h=89d7557202d25a393666ac4c0f7dbdab31e452a2
CVE-2018-12885 (The randMod() function of the smart contract implementation for MyCryp ...)
	NOT-FOR-US: MyCryptoChamp
CVE-2018-12884 (In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-1000205 (U-Boot contains a CWE-20: Improper Input Validation vulnerability in V ...)
	- u-boot <unfixed> (unimportant)
	NOTE: No security impact as supported/packaged in Debian
CVE-2018-13043 (scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows cod ...)
	- devscripts 2.18.4 (low; bug #902409)
	[stretch] - devscripts <not-affected> (Vulnerable code introduced in 2.17.7)
	[jessie] - devscripts <not-affected> (Vulnerable code introduced in 2.17.7)
CVE-2018-1000610 (A exposure of sensitive information vulnerability exists in Jenkins Co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000609 (A exposure of sensitive information vulnerability exists in Jenkins Co ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000608 (A exposure of sensitive information vulnerability exists in Jenkins z/ ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000607 (A arbitrary file write vulnerability exists in Jenkins Fortify CloudSc ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000606 (A server-side request forgery vulnerability exists in Jenkins URLTrigg ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000605 (A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000604 (A persisted cross-site scripting vulnerability exists in Jenkins Badge ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000603 (A exposure of sensitive information vulnerability exists in Jenkins Op ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000602 (A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 a ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000601 (A arbitrary file read vulnerability exists in Jenkins SSH Credentials  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000600 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-12883
	RESERVED
CVE-2018-12882 (exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allo ...)
	- php7.2 7.2.8-1
	- php7.1 <not-affected> (Specific to 7.2.x)
	- php7.0 <not-affected> (Specific to 7.2.x)
	- php5 <not-affected> (Specific to 7.2.x)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76409
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=3fdde65617e9f954e2c964768aac8831005497e5
CVE-2018-12881 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12880 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12879 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12878 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12877 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12876 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12875 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12874 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12873 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12872 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12871 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12870 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12869 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12868 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12867 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12866 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12865 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12864 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12863 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12862 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12861 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12860 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12859 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12858 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12857 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12856 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12855 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12854
	REJECTED
CVE-2018-12853 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12852 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12851 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12850 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12849 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12848 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12847 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12846 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12845 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12844 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12843 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12842 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12841 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12840 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12839 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12838 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12837 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12836 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12835 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12834 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12833 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12832 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12831 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12830 (Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008 ...)
	NOT-FOR-US: Adobe
CVE-2018-12829 (Adobe Creative Cloud Desktop Application before 4.6.1 has an improper  ...)
	NOT-FOR-US: Adobe
CVE-2018-12828 (Adobe Flash Player 30.0.0.134 and earlier have a "use of a component w ...)
	NOT-FOR-US: Adobe
CVE-2018-12827 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read v ...)
	NOT-FOR-US: Adobe
CVE-2018-12826 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read v ...)
	NOT-FOR-US: Adobe
CVE-2018-12825 (Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulne ...)
	NOT-FOR-US: Adobe
CVE-2018-12824 (Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read v ...)
	NOT-FOR-US: Adobe
CVE-2018-12823 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow v ...)
	NOT-FOR-US: Adobe
CVE-2018-12822 (Adobe Digital Editions versions 4.5.8 and below have an use after free ...)
	NOT-FOR-US: Adobe
CVE-2018-12821 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12820 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12819 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12818 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12817 (Adobe Digital Editions versions 4.5.9 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12816 (Adobe Digital Editions versions 4.5.8 and below have an out of bounds  ...)
	NOT-FOR-US: Adobe
CVE-2018-12815 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12814 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow v ...)
	NOT-FOR-US: Adobe
CVE-2018-12813 (Adobe Digital Editions versions 4.5.8 and below have a heap overflow v ...)
	NOT-FOR-US: Adobe
CVE-2018-12812 (Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12811 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18. ...)
	NOT-FOR-US: Adobe
CVE-2018-12810 (Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18. ...)
	NOT-FOR-US: Adobe
CVE-2018-12809 (Adobe Experience Manager versions 6.4 and earlier have a Server-Side R ...)
	NOT-FOR-US: Adobe
CVE-2018-12808 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12807 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an  ...)
	NOT-FOR-US: Adobe
CVE-2018-12806 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a r ...)
	NOT-FOR-US: Adobe
CVE-2018-12805 (Adobe Connect versions 9.7.5 and earlier have an Insecure Library Load ...)
	NOT-FOR-US: Adobe
CVE-2018-12804 (Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass ...)
	NOT-FOR-US: Adobe
CVE-2018-12803 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12802 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12801 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12800
	REJECTED
CVE-2018-12799 (Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12798 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12797 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12796 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12795 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12794 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12793 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12792 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12791 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12790 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12789 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12788 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12787 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12786 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12785 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12784 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12783 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12782 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12781 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12780 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12779 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12778 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12777 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12776 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12775 (Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12774 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12773 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12772 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12771 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12770 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12769 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12768 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12767 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12766 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12765 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12764 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12763 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12762 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12761 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12760 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12759 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-12758 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12757 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12756 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12755 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12754 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-12753
	RESERVED
CVE-2018-12752
	RESERVED
CVE-2018-12751
	RESERVED
CVE-2018-12750
	RESERVED
CVE-2018-12749
	RESERVED
CVE-2018-12748
	RESERVED
CVE-2018-12747
	RESERVED
CVE-2018-12746
	RESERVED
CVE-2018-12745
	RESERVED
CVE-2018-12744
	RESERVED
CVE-2018-12743
	RESERVED
CVE-2018-12742
	RESERVED
CVE-2018-12741
	RESERVED
CVE-2018-12740
	RESERVED
CVE-2018-12739 (In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a  ...)
	NOT-FOR-US: BEESCMS
CVE-2018-12738
	RESERVED
CVE-2018-12737
	RESERVED
CVE-2018-12736
	RESERVED
CVE-2018-12735 (SAJ Solar Inverter allows remote attackers to obtain potentially sensi ...)
	NOT-FOR-US: SAJ Solar Inverter
CVE-2018-12734
	RESERVED
CVE-2018-12733
	RESERVED
CVE-2018-12732
	RESERVED
CVE-2018-12731
	RESERVED
CVE-2018-12730
	RESERVED
CVE-2018-12729
	RESERVED
CVE-2018-12728
	RESERVED
CVE-2018-12727
	RESERVED
CVE-2018-12726
	RESERVED
CVE-2018-12725
	RESERVED
CVE-2018-12724
	RESERVED
CVE-2018-12723
	RESERVED
CVE-2018-12722
	RESERVED
CVE-2018-12721
	RESERVED
CVE-2018-12720
	RESERVED
CVE-2018-12719
	RESERVED
CVE-2018-12718
	RESERVED
CVE-2018-12717
	RESERVED
CVE-2018-12716 (The API service on Google Home and Chromecast devices before mid-July  ...)
	NOT-FOR-US: Google services
CVE-2018-12715 (DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid ...)
	NOT-FOR-US: DIGISOL DG-HR3400 devices
CVE-2018-12714 (An issue was discovered in the Linux kernel through 4.17.2. The filter ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/70303420b5721c38998cf987e6b7d30cc62d4ff1
CVE-2018-12713 (GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary f ...)
	- gimp <unfixed> (unimportant)
	NOTE: https://github.com/GNOME/gimp/commit/c21eff4b031acb04fb4dfce8bd5fdfecc2b6524f
	NOTE: https://gitlab.gnome.org/GNOME/gimp/issues/1689
	NOTE: No security impact
CVE-2018-12712 (An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. T ...)
	NOT-FOR-US: Joomla!
CVE-2018-12711 (An XSS issue was discovered in the language switcher module in Joomla! ...)
	NOT-FOR-US: Joomla!
CVE-2018-12710 (An issue was discovered on D-Link DIR-601 2.02NA devices. Being local  ...)
	NOT-FOR-US: D-Link DIR-601 2.02NA devices
CVE-2018-12709
	RESERVED
CVE-2018-12708
	RESERVED
CVE-2018-12707
	RESERVED
CVE-2018-12706 (DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authoriz ...)
	NOT-FOR-US: DIGISOL
CVE-2018-12705 (DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated onl ...)
	NOT-FOR-US: DIGISOL
CVE-2018-12704
	RESERVED
CVE-2018-12703 (The approveAndCallcode function of a smart contract implementation for ...)
	NOT-FOR-US: Block 18
CVE-2018-12702 (The approveAndCallcode function of a smart contract implementation for ...)
	NOT-FOR-US: Globalvillage ecosystem
CVE-2018-12701
	RESERVED
CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause  ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12698 (demangle_template in cplus-dem.c in GNU libiberty, as distributed in G ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12697 (A NULL pointer dereference (aka SEGV on unknown address 0x000000000000 ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12696 (mao10cms 6 allows XSS via the article page. ...)
	NOT-FOR-US: mao10cms
CVE-2018-12695 (mao10cms 6 allows XSS via the m=bbs&amp;a=index page. ...)
	NOT-FOR-US: mao10cms
CVE-2018-12694 (TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows ...)
	NOT-FOR-US: TP-Link
CVE-2018-12693 (Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender ...)
	NOT-FOR-US: TP-Link
CVE-2018-12692 (TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows ...)
	NOT-FOR-US: TP-Link
CVE-2018-12691 (Time-of-check to time-of-use (TOCTOU) race condition in org.onosprojec ...)
	NOT-FOR-US: ONOS
CVE-2018-12690
	RESERVED
CVE-2018-12689 (phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id param ...)
	- phpldapadmin <unfixed> (unimportant; bug #902186)
	NOTE: https://www.exploit-db.com/exploits/44926/
	NOTE: Non-security issue as demostrated in https://bugs.debian.org/902186
	NOTE: and disputed as security issue. Should be properly rejected by MITRE.
CVE-2018-12688 (tinyexr 0.9.5 has a segmentation fault in the wav2Decode function. ...)
	NOT-FOR-US: tinyexr
CVE-2018-12687 (tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h ...)
	NOT-FOR-US: tinyexr
CVE-2018-12686
	RESERVED
CVE-2018-12685
	RESERVED
CVE-2018-12684 (Out-of-bounds Read in the send_ssi_file function in civetweb.c in Cive ...)
	NOT-FOR-US: CivetWeb
CVE-2018-12683
	RESERVED
CVE-2018-12682
	RESERVED
CVE-2018-12681
	RESERVED
CVE-2018-12680 (The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and  ...)
	NOT-FOR-US: CoAPthon
CVE-2018-12679 (The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandl ...)
	NOT-FOR-US: CoAPthon
CVE-2018-12678 (Portainer before 1.18.0 supports unauthenticated requests to the webso ...)
	NOT-FOR-US: Portainer
CVE-2018-12677
	RESERVED
CVE-2018-12676
	RESERVED
CVE-2018-12675 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4 ...)
	NOT-FOR-US: SV3C
CVE-2018-12674 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4 ...)
	NOT-FOR-US: SV3C
CVE-2018-12673 (An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4. ...)
	NOT-FOR-US: SV3C
CVE-2018-12672 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B) does not  ...)
	NOT-FOR-US: SV3C
CVE-2018-12671 (An attacker with remote access to the SV3C HD Camera (L-SERIES V2.3.4. ...)
	NOT-FOR-US: SV3C
CVE-2018-12670 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103 ...)
	NOT-FOR-US: SV3C
CVE-2018-12669 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103 ...)
	NOT-FOR-US: SV3C
CVE-2018-12668 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103 ...)
	NOT-FOR-US: SV3C
CVE-2018-12667 (The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4 ...)
	NOT-FOR-US: SV3C
CVE-2018-12666 (SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices imprope ...)
	NOT-FOR-US: SV3C
CVE-2018-12665
	RESERVED
CVE-2018-12664
	RESERVED
CVE-2018-12663
	RESERVED
CVE-2018-12662
	RESERVED
CVE-2018-12661
	RESERVED
CVE-2018-12660
	RESERVED
CVE-2018-12659 (SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protec ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12658 (Reflected Cross-Site Scripting (XSS) exists in the Stock Take module i ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12657 (Reflected Cross-Site Scripting (XSS) exists in the Master File module  ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12656 (Reflected Cross-Site Scripting (XSS) exists in the Membership module i ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12655 (Reflected Cross-Site Scripting (XSS) exists in the Circulation module  ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12654 (Reflected Cross-Site Scripting (XSS) exists in the Bibliography module ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2018-12653 (A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenal ...)
	NOT-FOR-US: Adrenalin HRMS Software
CVE-2018-12652 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
	NOT-FOR-US: Adrenalin HRMS Software
CVE-2018-12651 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
	NOT-FOR-US: Adrenalin HRMS
CVE-2018-12650 (Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting ...)
	NOT-FOR-US: Adrenalin HRMS
CVE-2018-12649 (An issue was discovered in app/Controller/UsersController.php in MISP  ...)
	NOT-FOR-US: MISP
CVE-2018-12648 (The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Suppo ...)
	[experimental] - exempi 2.5.0-1
	- exempi 2.5.0-2 (low; bug #902175)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106981
	NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/issues/9
	NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/commit/8ed2f034705fd2d032c81383eee8208fd4eee0ac
CVE-2018-12647
	RESERVED
CVE-2018-12646
	RESERVED
CVE-2018-12645
	RESERVED
CVE-2018-12644
	RESERVED
CVE-2018-12643
	RESERVED
CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not  ...)
	NOT-FOR-US: Floxlor
CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as  ...)
	NOTE: harmless crashes exposed by binutils, but underlying issue is in libiberty from GCC
	NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23058
	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
	NOTE: binutils not covered by security support
CVE-2018-12640 (The webService binary on Insteon HD IP Camera White 2864-222 devices h ...)
	NOT-FOR-US: Insteon
CVE-2018-12639
	RESERVED
CVE-2018-12638 (An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. The ...)
	NOT-FOR-US: Bose
CVE-2018-1000559 (qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970b ...)
	- qutebrowser 1.3.3-1
	NOTE: https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7
	NOTE: https://github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f
	NOTE: https://github.com/qutebrowser/qutebrowser/issues/4011
CVE-2018-1000558 (OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2 ...)
	- ocsinventory-server 2.4.1+dfsg-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-1000557 (OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross ...)
	- ocsinventory-server 2.4.1+dfsg-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-1000556 (WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerab ...)
	NOT-FOR-US: WP Statistics plugin
	NOTE: The CVE description is misleading, this is about a plugin, not Wordpress itself
CVE-2018-1000555
	REJECTED
CVE-2018-1000554 (Trovebox version &lt;= 4.0.0-rc6 contains a Unsafe password reset toke ...)
	NOT-FOR-US: Trovebox
CVE-2018-1000553 (Trovebox version &lt;= 4.0.0-rc6 contains a Server-Side request forger ...)
	NOT-FOR-US: Trovebox
CVE-2018-1000552 (Trovebox version &lt;= 4.0.0-rc6 contains a SQL Injection vulnerabilit ...)
	NOT-FOR-US: Trovebox
CVE-2018-1000551 (Trovebox version &lt;= 4.0.0-rc6 contains a PHP Type juggling vulnerab ...)
	NOT-FOR-US: Trovebox
CVE-2018-1000550 (The Sympa Community Sympa version prior to version 6.2.32 contains a D ...)
	{DSA-4285-1 DLA-1441-1}
	- sympa 6.2.32~dfsg-1
	NOTE: https://sympa-community.github.io/security/2018-001.html
CVE-2018-1000549 (Wekan version 1.04.0 contains a Email / Username Enumeration vulnerabi ...)
	NOT-FOR-US: Wekan
CVE-2018-1000548 (Umlet version &lt; 14.3 contains a XML External Entity (XXE) vulnerabi ...)
	NOT-FOR-US: Umlet
CVE-2018-1000547 (coreBOS version 7.0 and earlier contains a Incorrect Access Control vu ...)
	NOT-FOR-US: CoreBOS
CVE-2018-1000546 (Triplea version &lt;= 1.9.0.0.10291 contains a XML External Entity (XX ...)
	- triplea <unfixed> (unimportant; bug #902719)
	NOTE: https://0dd.zone/2018/05/31/TripleA-XXE/
	NOTE: https://github.com/triplea-game/triplea/issues/3442
	NOTE: https://github.com/triplea-game/triplea/pull/4516
	NOTE: Per https://github.com/triplea-game/triplea/issues/3442#issuecomment-451654646 no security impact
CVE-2018-1000545
	REJECTED
CVE-2018-1000544 (rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Tra ...)
	{DLA-2307-1 DLA-1467-1}
	- ruby-zip 1.2.2-1 (bug #902720)
	NOTE: https://github.com/rubyzip/rubyzip/issues/369
	NOTE: Part of fixes:
	NOTE: https://github.com/rubyzip/rubyzip/commit/6e0d23178a39f1b9ee0debc4fffb6d90994c6955
	NOTE: https://github.com/rubyzip/rubyzip/commit/8e78311d670ba70476fb46062c988849a82d1e02
	NOTE: And further followup fixes:
	NOTE: https://github.com/rubyzip/rubyzip/pull/376
CVE-2018-1000543 (Akiee version 0.0.3 contains a XSS leading to code execution due to th ...)
	NOT-FOR-US: Akiee
CVE-2018-1000542 (netbeans-mmd-plugin version &lt;= 1.4.3 contains a XML External Entity ...)
	NOT-FOR-US: netbeans-mmd-plugin
CVE-2018-1000541
	REJECTED
CVE-2018-1000540 (LoboEvolution version &lt; 9b75694cedfa4825d4a2330abf2719d470c654cd co ...)
	NOT-FOR-US: LoboEvolution
CVE-2018-1000539 (Nov json-jwt version &gt;= 0.5.0 &amp;&amp; &lt; 1.9.4 contains a CWE- ...)
	{DSA-4283-1}
	- ruby-json-jwt 1.9.4-1 (bug #902721)
	NOTE: https://github.com/nov/json-jwt/pull/62
	NOTE: https://github.com/nov/json-jwt/commit/3393f394f271c87bd42ec23c300727b4437d1638
CVE-2018-1000538 (Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-3 ...)
	NOT-FOR-US: Minion
CVE-2018-1000537 (Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Ove ...)
	NOT-FOR-US: Marlin
CVE-2018-1000536 (Medis version 0.6.1 and earlier contains a XSS vulnerability evolving  ...)
	NOT-FOR-US: Media
CVE-2018-1000535 (lms version &lt;= LMS_011123 contains a Local File Disclosure vulnerab ...)
	NOT-FOR-US: lms
CVE-2018-1000534 (Joplin version prior to 1.0.90 contains a XSS evolving into code execu ...)
	NOT-FOR-US: Joplin
CVE-2018-1000533 (klaussilveira GitList version &lt;= 0.6 contains a Passing incorrectly ...)
	NOT-FOR-US: klaussilveira GitList
CVE-2018-1000532 (beep version 1.3 and up contains a External Control of File Name or Pa ...)
	- beep 1.4.3-1 (low; bug #902722)
	[stretch] - beep <no-dsa> (Minor issue)
	[jessie] - beep <no-dsa> (Minor issue)
	NOTE: https://github.com/johnath/beep/issues/11#issuecomment-379514298
CVE-2018-1000531 (inversoft prime-jwt version prior to commit abb0d479389a2509f939452a67 ...)
	NOT-FOR-US: prime-jwt
CVE-2018-1000530
	REJECTED
CVE-2018-1000529 (Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XS ...)
	NOT-FOR-US: Grails Fields plugin
CVE-2018-1000528 (GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb756 ...)
	{DSA-4239-1 DLA-1436-1}
	- gosa 2.7.4+reloaded3-5 (low; bug #902723)
	NOTE: https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
	NOTE: https://github.com/gosa-project/gosa-core/issues/14
CVE-2018-1000527 (Froxlor version &lt;= 0.9.39.5 contains a PHP Object Injection vulnera ...)
	NOT-FOR-US: Froxlor
CVE-2018-1000526 (Openpsa contains a XML Injection vulnerability in RSS file upload feat ...)
	NOT-FOR-US: openpsa
CVE-2018-1000525 (openpsa contains a PHP Object Injection vulnerability in Form data pas ...)
	NOT-FOR-US: openpsa
CVE-2018-1000524 (miniSphere version 5.2.9 and earlier contains a Integer Overflow vulne ...)
	NOT-FOR-US: miniSphere
CVE-2018-1000523 (topydo contains a CWE-20: Improper Input Validation vulnerability in L ...)
	NOT-FOR-US: topydo
CVE-2018-1000522
	REJECTED
CVE-2018-1000521 (BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /us ...)
	NOT-FOR-US: BigTree-CMS
CVE-2018-1000520 (ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows In ...)
	- mbedtls <unfixed> (unimportant)
	- polarssl <removed> (unimportant)
	NOTE: https://github.com/ARMmbed/mbedtls/issues/1561
	NOTE: No security impact
CVE-2018-1000519 (aio-libs aiohttp-session contains a Session Fixation vulnerability in  ...)
	NOT-FOR-US: aio-libs aiohttp-session
CVE-2018-1000518 (aaugustin websockets version 4 contains a CWE-409: Improper Handling o ...)
	NOT-FOR-US: aaugustin websockets
CVE-2018-1000517 (BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c ...)
	{DLA-2559-1 DLA-1445-1}
	- busybox 1:1.27.2-3 (low; bug #902724)
	NOTE: https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
CVE-2018-1000516 (The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper N ...)
	NOT-FOR-US: Galaxy Project Galaxy
CVE-2018-1000515 (ventrian News-Articles version NewsArticles.00.09.11 contains a XML Ex ...)
	NOT-FOR-US: News-Articles
CVE-2018-1000514 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request For ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-1000513 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting  ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-1000512 (Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Sc ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000511 (WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulner ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000510 (WP Image Zoom version 1.23 contains a Incorrect Access Control vulnera ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000509 (Redirection version 2.7.1 contains a Serialisation vulnerability possi ...)
	NOT-FOR-US: Redirection
CVE-2018-1000508 (WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vuln ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000507 (WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSR ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000506 (Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forger ...)
	NOT-FOR-US: Metronet Tag Manager
CVE-2018-1000505 (Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forg ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-1000504 (Redirection version 2.7.3 contains a ACE via file inclusion vulnerabil ...)
	NOT-FOR-US: Redirection
CVE-2018-1000503 (MyBB Group MyBB contains a Incorrect Access Control vulnerability in P ...)
	NOT-FOR-US: MyBB Group MyBB
CVE-2018-1000502 (MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel ...)
	NOT-FOR-US: MyBB Group MyBB
CVE-2018-1000501 (Instant Update CMS contains a Password Reset Vulnerability vulnerabili ...)
	NOT-FOR-US: Instante Update CMS
CVE-2018-1000500 (Busybox contains a Missing SSL certificate validation vulnerability in ...)
	- busybox <unfixed> (unimportant)
	NOTE: Intentional design decision:
	NOTE: https://git.busybox.net/busybox/tree/networking/wget.c?id=8bc418f07eab79a9c8d26594629799f6157a9466#n74
	NOTE: https://git.busybox.net/busybox/commit/networking/wget.c?id=0972c7f7a570c38edb68e1c60a45614b7a7c7d55
	NOTE: Starting with 1:1.27.2-3 in unstable wget emmits a message that certificate
	NOTE: verification is not implemented.
CVE-2018-1000404 (Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and earlier  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-12637
	RESERVED
CVE-2018-12636 (The iThemes Security (better-wp-security) plugin before 7.0.3 for Word ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-12635 (CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to t ...)
	NOT-FOR-US: CirCarLife Scada
CVE-2018-12634 (CirCarLife Scada before 4.3 allows remote attackers to obtain sensitiv ...)
	NOT-FOR-US: CirCarLife Scada
CVE-2018-12633 (An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_d ...)
	- linux 4.17.3-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/bd23a7269834dc7c1f93e83535d16ebc44b75eba (4.18-rc1)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200131
CVE-2018-12632 (Redatam7 (formerly Redatam WebServer) allows remote attackers to disco ...)
	NOT-FOR-US: Redatam7
CVE-2018-12631 (Redatam7 (formerly Redatam WebServer) allows remote attackers to read  ...)
	NOT-FOR-US: Redatam7
CVE-2018-12630 (NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id  ...)
	NOT-FOR-US: NEWMARK (aka New Mark) NMCMS 2.1
CVE-2018-12629
	RESERVED
CVE-2018-12628 (An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users. ...)
	NOT-FOR-US: Eventum
CVE-2018-12627 (An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via ...)
	NOT-FOR-US: Eventum
CVE-2018-12626 (An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS vi ...)
	NOT-FOR-US: Eventum
CVE-2018-12625 (An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS ...)
	NOT-FOR-US: Eventum
CVE-2018-12624 (An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XS ...)
	NOT-FOR-US: Eventum
CVE-2018-12623 (An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS vi ...)
	NOT-FOR-US: Eventum
CVE-2018-12622 (An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has X ...)
	NOT-FOR-US: Eventum
CVE-2018-12621 (An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Op ...)
	NOT-FOR-US: Eventum
CVE-2018-12620
	RESERVED
CVE-2018-12619
	RESERVED
CVE-2018-12618
	RESERVED
CVE-2018-12617 (qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c i ...)
	{DSA-4454-1 DLA-1694-1}
	- qemu 1:3.1+dfsg-1 (low; bug #902725)
	NOTE: https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html
	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=141b197408ab398c4f474ac1a728ab316e921f2b
CVE-2018-12616
	RESERVED
CVE-2018-12615 (An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelpe ...)
	- passenger <not-affected> (Vulnerable code not present)
	- ruby-passenger <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
CVE-2018-12614
	RESERVED
CVE-2018-12613 (An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an  ...)
	- phpmyadmin <not-affected> (Affects 4.8.x)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7662d02939fb3cf6f0d9ec32ac664401dcfe7490
CVE-2018-12612
	RESERVED
CVE-2018-12611 (OX App Suite 7.8.4 and earlier allows Directory Traversal. ...)
	NOT-FOR-US: OX App Suite
CVE-2018-12610 (OX App Suite 7.8.4 and earlier allows Information Exposure. ...)
	NOT-FOR-US: OX App Suite
CVE-2018-12609 (OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. ...)
	NOT-FOR-US: OX App Suite
CVE-2018-12608 (An issue was discovered in Docker Moby before 17.06.0. The Docker engi ...)
	- docker.io 18.03.1+dfsg1-2
	NOTE: https://github.com/moby/moby/pull/33182
CVE-2018-1000403 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000402 (Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000401 (Jenkins project Jenkins AWS CodePipeline Plugin version 0.36 and earli ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-12607 (An issue was discovered in GitLab Community Edition and Enterprise Edi ...)
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	[stretch] - gitlab <not-affected> (Only affects >= 10.5)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-XXXX [gitlab: Activity feed publicly displaying internal project names]
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	[stretch] - gitlab <not-affected> (Only affects >= 10.7)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-XXXX [gitlab: Content injection via username]
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-12606 (An issue was discovered in GitLab Community Edition and Enterprise Edi ...)
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-12605 (An issue was discovered in GitLab Community Edition and Enterprise Edi ...)
	- gitlab 10.7.7+dfsg-2 (bug #902726)
	[stretch] - gitlab <not-affected> (Only affects 10.7)
	NOTE: https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
CVE-2018-12604 (GreenCMS 2.3.0603 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: GreenCMS
CVE-2018-12603 (Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS  ...)
	NOT-FOR-US: LFCMS
CVE-2018-12602 (A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitra ...)
	NOT-FOR-US: LFCMS
CVE-2018-12601 (There is a heap-based buffer overflow in ReadImage in input-tga.ci in  ...)
	{DLA-1463-1}
	- sam2p <removed>
	NOTE: https://github.com/pts/sam2p/issues/41
	NOTE: https://github.com/pts/sam2p/commit/8b2b7151991e07ef262857c2325e95c3b2867f80
CVE-2018-12600 (In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/d ...)
	{DSA-4245-1 DLA-1394-1}
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (bug #902728)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1178
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/921f208c2ea3cc45847f380257f270ff424adfff
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ae71c12bbaa34d942e036824ff389c22b7dacade
CVE-2018-12599 (In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/b ...)
	{DSA-4245-1 DLA-1394-1}
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (bug #902727)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1177
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ae04fa4be910255e5d363edebd77adeee99a525d
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/081f518eb9cb38e683b8b9ccb9e4ab5c52f82c2f
CVE-2018-12598
	RESERVED
CVE-2018-12597
	RESERVED
CVE-2018-12596 (Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU ...)
	NOT-FOR-US: Episerver Ektron CMS
CVE-2018-12595
	RESERVED
CVE-2018-12594 (Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers t ...)
	NOT-FOR-US: Reliable Controls MACH-ProWebCom devices
CVE-2018-12593
	RESERVED
CVE-2018-12592 (Polycom RealPresence Web Suite before 2.2.0 does not block a user's vi ...)
	NOT-FOR-US: Polycom RealPresence Web Suite
CVE-2018-12591 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an im ...)
	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
CVE-2018-12590 (Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an ex ...)
	NOT-FOR-US: Ubiquiti Networks EdgeSwitch
CVE-2018-12589 (Polaris Office 2017 8.1 allows attackers to execute arbitrary code via ...)
	NOT-FOR-US: Polaris Office
CVE-2018-12588 (Cross-site scripting (XSS) vulnerability in templates/frontend/pages/s ...)
	NOT-FOR-US: Public Knowledge Project (PKP) Open Monograph Press (OMP)
CVE-2018-12587 (A cross-site scripting (XSS) vulnerability was found in valeuraddons G ...)
	NOT-FOR-US: valeuraddons German Spelling Dictionary
CVE-2018-12586
	RESERVED
CVE-2018-12585 (An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allo ...)
	NOT-FOR-US: OPC UA Java and .NET Legacy Stack
CVE-2018-12584 (The ConnectionBase::preparseNewBytes function in resip/stack/Connectio ...)
	{DLA-1439-1}
	- resiprocate <removed> (bug #905495)
	[stretch] - resiprocate <no-dsa> (Minor issue)
	NOTE: http://joachimdezutter.webredirect.org/advisory.html
	NOTE: https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608
CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article via a ...)
	NOT-FOR-US: AKCMS
CVE-2018-12582 (An issue was discovered in AKCMS 6.1. CSRF can add an admin account vi ...)
	NOT-FOR-US: AKCMS
CVE-2018-12581 (An issue was discovered in js/designer/move.js in phpMyAdmin before 4. ...)
	- phpmyadmin 4:4.9.1+dfsg1-2 (low)
	[stretch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-3/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e
CVE-2018-12580 (library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3 ...)
	NOT-FOR-US: DragonByte vBSecurity for vBulletin
CVE-2018-12579 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, ...)
	NOT-FOR-US: OXID eShop
CVE-2018-12578 (There is a heap-based buffer overflow in bmp_compress1_row in appliers ...)
	{DLA-1463-1}
	- sam2p <removed>
	NOTE: https://github.com/pts/sam2p/issues/39
	NOTE: https://github.com/pts/sam2p/commit/22e7a17e70e5f5eedf466b0b1855c8c954061a51
CVE-2018-12577 (The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9 ...)
	NOT-FOR-US: TP-Link
CVE-2018-12576 (TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.652 ...)
	NOT-FOR-US: TP-Link
CVE-2018-12575 (On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel. ...)
	NOT-FOR-US: TP-Link
CVE-2018-12574 (CSRF exists for all actions in the web interface on TP-Link TL-WR841N  ...)
	NOT-FOR-US: TP-Link
CVE-2018-12573
	RESERVED
CVE-2018-12572 (Avast Free Antivirus prior to 19.1.2360 stores user credentials in mem ...)
	NOT-FOR-US: Avast
CVE-2018-12571 (uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified ...)
	NOT-FOR-US: Microsoft
CVE-2018-12570
	RESERVED
CVE-2018-12569
	RESERVED
CVE-2018-12568
	RESERVED
CVE-2018-12567
	RESERVED
CVE-2018-12566
	RESERVED
CVE-2018-12565 (An issue was discovered in Linaro LAVA before 2018.5.post1. Because of ...)
	{DSA-4234-1}
	- lava 2018.5.post1-1
	- lava-server <removed>
	[jessie] - lava-server <not-affected> (vulnerable code not present)
	NOTE: https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14
CVE-2018-12564 (An issue was discovered in Linaro LAVA before 2018.5.post1. Because of ...)
	{DSA-4234-1 DLA-1404-1}
	- lava 2018.5.post1-1
	- lava-server <removed>
	NOTE: https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3
CVE-2018-12563 (An issue was discovered in Linaro LAVA before 2018.5.post1. Because of ...)
	- lava 2018.5.post1-1
	- lava-server <removed>
	[stretch] - lava-server <not-affected> (Vulnerable code introduced in 2017.6)
	[jessie] - lava-server <not-affected> (vulnerable code not present)
	NOTE: https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214
CVE-2018-12562 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
	NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12561 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
	NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12560 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
CVE-2018-12559 (An issue was discovered in the cantata-mounter D-Bus service in Cantat ...)
	- cantata 2.3.0.ds1-2 (bug #901798; unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/18/1
	NOTE: The daemon code is part of cantata since version 2.0.0 and it is built
	NOTE: by default in versions 2.3.0 and 2.3.1. Before 2.3.0 it was only built
	NOTE: if `-DENABLE_REMOTE_DEVICES=ON` was passed to the cmake invocation.
	NOTE: 2.3.0.ds1-2 disables the cantata-mounter.
	NOTE: https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3
CVE-2018-12558 (The parse() method in the Email::Address module through 1.909 for Perl ...)
	- libemail-address-perl 1.912-1 (unimportant; bug #901873)
	[stretch] - libemail-address-perl 1.908-1+deb9u1
	NOTE: Possibility of DoS vs. usability issue for Email::Address
	NOTE: https://github.com/Perl-Email-Project/Email-Address/issues/19
	NOTE: Mitigation: https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
CVE-2018-12557 (An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offl ...)
	- zuul <itp> (bug #705844)
CVE-2018-12556 (The signature verification routine in install.sh in yarnpkg/website th ...)
	NOT-FOR-US: yarnpkg
CVE-2018-12555
	REJECTED
CVE-2018-12554
	REJECTED
CVE-2018-12553
	REJECTED
CVE-2018-12552
	REJECTED
CVE-2018-12551 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured  ...)
	{DSA-4388-1 DLA-1972-1}
	- mosquitto 1.5.6-1 (bug #921976)
	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
	NOTE: https://mosquitto.org/files/cve/2018-12551
CVE-2018-12550 (When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured  ...)
	{DSA-4388-1 DLA-1972-1}
	- mosquitto 1.5.6-1 (bug #921976)
	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
	NOTE: https://mosquitto.org/files/cve/2018-12550
CVE-2018-12549 (In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrec ...)
	NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12548 (In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.cryp ...)
	NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12547 (In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and ...)
	NOT-FOR-US: OpenJDK + Eclipse OpenJ9
CVE-2018-12546 (In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client pu ...)
	{DSA-4388-1}
	- mosquitto 1.5.6-1 (bug #921976)
	[jessie] - mosquitto <ignored> (Minor issue)
	NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
	NOTE: https://mosquitto.org/files/cve/2018-12546
CVE-2018-12545 (In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to  ...)
	- jetty9 <not-affected> (Vulnerable code never present in Debian released version)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096
	NOTE: Issue is not present in 9.2.x as there is no HTTP/2 support. Fixed upstream
	NOTE: in 9.4.12. Debian package moved directly to 9.4.14-1 containing the fix and
	NOTE: thus never including in unstable a vulnerable version.
	NOTE: Cf. https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096#c7
CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML  ...)
	NOT-FOR-US: Eclipse Vert.x
CVE-2018-12543 (In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is  ...)
	- mosquitto <not-affected> (Vulnerable code introduced in 1.5)
	NOTE: http://mosquitto.org/blog/2018/09/security-advisory-cve-2018-12543/
	NOTE: https://mosquitto.org/files/cve/2018-12543/
CVE-2018-12542 (In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler us ...)
	NOT-FOR-US: Eclipse Vert.x
CVE-2018-12541 (In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP u ...)
	NOT-FOR-US: Eclipse Vert.x
CVE-2018-12540 (In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do n ...)
	NOT-FOR-US: Eclipse Vertx
CVE-2018-12539 (In Eclipse OpenJ9 version 0.8, users other than the process owner may  ...)
	NOT-FOR-US: Eclipse OpenJ9
CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional ...)
	- jetty9 <not-affected> (Only affects 9.4.x)
	- jetty8 <not-affected> (Only affects 9.4.x)
	- jetty <not-affected> (Only affects 9.4.x)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018
CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response header ...)
	NOT-FOR-US: Eclipse Vertx
CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed using d ...)
	- jetty9 9.2.25-1 (low; bug #902774)
	[stretch] - jetty9 <ignored> (Harmless information leak)
	- jetty8 <removed>
	[jessie] - jetty8 <ignored> (Harmless information leak)
	- jetty <removed>
	[jessie] - jetty <ignored> (Harmless information leak)
	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670
CVE-2018-12535
	RESERVED
CVE-2018-12534 (A SQL injection issue was discovered in the Quick Chat plugin before 4 ...)
	NOT-FOR-US: Quick Chat plugin for WordPress
CVE-2018-12533 (JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote atta ...)
	NOT-FOR-US: RichFaces
CVE-2018-12532 (JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote att ...)
	NOT-FOR-US: RichFaces
CVE-2018-12531 (An issue was discovered in MetInfo 6.0.0. install\index.php allows rem ...)
	NOT-FOR-US: MetInfo
CVE-2018-12530 (An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php al ...)
	NOT-FOR-US: MetInfo
CVE-2018-12529 (An issue was discovered on Intex N150 devices. The router firmware suf ...)
	NOT-FOR-US: Intex
CVE-2018-12528 (An issue was discovered on Intex N150 devices. The backup/restore opti ...)
	NOT-FOR-US: Intex
CVE-2018-12527
	RESERVED
CVE-2018-12526 (Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a defaul ...)
	NOT-FOR-US: Telesquare
CVE-2018-12525 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboar ...)
	NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12524 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboar ...)
	NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12523 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboar ...)
	NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12522 (An issue was discovered in perfSONAR Monitoring and Debugging Dashboar ...)
	NOT-FOR-US: perfSONAR Monitoring and Debugging Dashboard (MaDDash)
CVE-2018-12521
	RESERVED
CVE-2018-12520 (An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG invo ...)
	- ntopng 3.8+dfsg1-1 (bug #903154)
	[stretch] - ntopng <no-dsa> (Minor issue)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/Jul/14
	NOTE: https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f
	NOTE: https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a
CVE-2018-12519 (An issue was discovered in ShopNx through 2017-11-17. The vulnerabilit ...)
	NOT-FOR-US: ShopNx
CVE-2018-12518
	RESERVED
CVE-2018-12517
	RESERVED
CVE-2018-12516
	RESERVED
CVE-2018-12515
	RESERVED
CVE-2018-12514
	RESERVED
CVE-2018-12513
	RESERVED
CVE-2018-12512
	RESERVED
CVE-2018-12511 (In the mintToken function of a smart contract implementation for Subst ...)
	NOT-FOR-US: Substratum
CVE-2018-12510
	RESERVED
CVE-2018-12509
	RESERVED
CVE-2018-12508
	RESERVED
CVE-2018-12507
	RESERVED
CVE-2018-12506
	RESERVED
CVE-2018-12505
	RESERVED
CVE-2018-12504 (tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tiny ...)
	NOT-FOR-US: tinyexr
CVE-2018-12503 (tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMem ...)
	NOT-FOR-US: tinyexr
CVE-2018-12502
	RESERVED
CVE-2018-12501 (Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. ...)
	NOT-FOR-US: Nagios Fusion
CVE-2018-12500
	RESERVED
CVE-2018-12499 (The Motorola MBP853 firmware does not correctly validate server certif ...)
	NOT-FOR-US: Motoral
CVE-2018-12498 (spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id paramet ...)
	NOT-FOR-US: iCMS
CVE-2018-12497
	RESERVED
CVE-2018-12496
	RESERVED
CVE-2018-12495 (The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2 ...)
	{DSA-4293-1 DLA-1499-1}
	- discount 2.2.4-1 (bug #901912)
	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-397541501
	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-12494 (An issue was discovered in PublicCMS V4.0.20180210. There is a "Direct ...)
	NOT-FOR-US: PublicCMS
CVE-2018-12493 (An issue was discovered in PublicCMS V4.0.20180210. There is a "Direct ...)
	NOT-FOR-US: PublicCMS
CVE-2018-12492 (PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delf ...)
	NOT-FOR-US: PHPOK
CVE-2018-12491 (PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import ...)
	NOT-FOR-US: PHPOK
CVE-2018-12490
	RESERVED
CVE-2018-12489
	RESERVED
CVE-2018-12488
	RESERVED
CVE-2018-12487
	RESERVED
CVE-2018-12486
	RESERVED
CVE-2018-12485
	RESERVED
CVE-2018-12484
	RESERVED
CVE-2018-12483 (OCS Inventory 2.4.1 is prone to a remote command-execution vulnerabili ...)
	- ocsinventory-server 2.5+dfsg-1 (unimportant; bug #905396)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-12482 (OCS Inventory 2.4.1 contains multiple SQL injections in the search eng ...)
	- ocsinventory-server 2.5+dfsg-1 (unimportant; bug #905396)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2018-12481 (The Olive Tree Ftp Server application 1.32 for Android has a "Sensitiv ...)
	NOT-FOR-US: Olive Tree Ftp Server application for Android
CVE-2018-12480 (Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 S ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-12479 (A Improper Input Validation vulnerability in Open Build Service allows ...)
	- open-build-service 2.9.4-1 (bug #911797)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108435
	NOTE: https://github.com/openSUSE/open-build-service/pull/5880
	NOTE: https://github.com/openSUSE/open-build-service/commit/01b015ca2a320afc4fae823465d1e72da8bd60df
CVE-2018-12478 (A Improper Input Validation vulnerability in Open Build Service allows ...)
	NOT-FOR-US: obs-service replace_using_package_version
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108280
CVE-2018-12477 (A Improper Neutralization of CRLF Sequences vulnerability in Open Buil ...)
	NOT-FOR-US: obs-service refresh_patches
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108189
	NOTE: https://github.com/openSUSE/obs-service-refresh_patches/commit/d6244245dda5367767efc989446fe4b5e4609cce
CVE-2018-12476 (Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE L ...)
	NOT-FOR-US: obs-service-tar_scm
CVE-2018-12475 (A Externally Controlled Reference to a Resource in Another Sphere vuln ...)
	NOT-FOR-US: obs-service-download_files
CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...)
	NOT-FOR-US: obs-service-tar_scm of Open Build Service
CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of Ope ...)
	NOT-FOR-US: obs-service-tar_scm of Open Build Service
CVE-2018-12472 (A improper authentication using the HOST header in SUSE Linux SMT allo ...)
	NOT-FOR-US: SUSE Linux SMT
CVE-2018-12471 (A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT al ...)
	NOT-FOR-US: SUSE Linux SMT
CVE-2018-12470 (A SQL Injection in the RegistrationSharing module of SUSE Linux SMT al ...)
	NOT-FOR-US: SUSE Linux SMT
CVE-2018-12469 (Incorrect handling of an invalid value for an HTTP request parameter b ...)
	NOT-FOR-US: Micro Focus
CVE-2018-12468 (A vulnerability in the administration console of Micro Focus GroupWise ...)
	NOT-FOR-US: Micro Focus
CVE-2018-12467 (Authorized users of the openbuildservice before 2.9.4 could delete pac ...)
	- open-build-service 2.9.4-1 (bug #911797)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100217
	NOTE: Fixed by: https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063
	NOTE: Introduced by: https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
CVE-2018-12466 (openSUSE openbuildservice before 9.2.4 allowed authenticated users to  ...)
	- open-build-service <unfixed> (bug #911797)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1098934
	NOTE: Fixed by: https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063
	NOTE: Introduced by: https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
CVE-2018-12465 (An OS command injection vulnerability in the web administration compon ...)
	NOT-FOR-US: Micro Focus
CVE-2018-12464 (A SQL injection vulnerability in the web administration and quarantine ...)
	NOT-FOR-US: Micro Focus
CVE-2018-12463 (An XML external entity (XXE) vulnerability in Fortify Software Securit ...)
	NOT-FOR-US: Fortify
CVE-2018-12462 (NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. ...)
	NOT-FOR-US: NetIQ iManager
CVE-2018-12461 (Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certif ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2018-12460 (libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the ...)
	[experimental] - ffmpeg 7:4.0.1-1 (low)
	- ffmpeg <not-affected> (Introduced after 3.4)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b3332a182f8ba33a34542e4a0370f38b914ccf7d
CVE-2018-12459 (An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_h ...)
	[experimental] - ffmpeg 7:4.0.1-1 (low)
	- ffmpeg 7:4.0.1-2 (low)
	[stretch] - ffmpeg <not-affected> (Studio profile not yet supported)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2fc108f60f98cd00813418a8754a46476b404a3c
CVE-2018-12458 (An improper integer type in the mpeg4_encode_gop_header function in li ...)
	{DSA-4249-1}
	[experimental] - ffmpeg 7:4.0.1-1 (low)
	- ffmpeg 7:3.4.3-1 (low)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
	NOTE: Fixed in 3.2.11
CVE-2018-12457 (expressCart before 1.1.6 allows remote attackers to create an admin us ...)
	NOT-FOR-US: expressCart
CVE-2018-12456 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token  ...)
	NOT-FOR-US: Intelbras NPLUG 1.0.0.14 wireless repeater devices
CVE-2018-12455 (Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vul ...)
	NOT-FOR-US: Intelbras NPLUG 1.0.0.14 wireless repeater devices
CVE-2018-12454 (The _addguess function of a simplelottery smart contract implementatio ...)
	NOT-FOR-US: simplelottery
CVE-2018-12453 (Type confusion in the xgroupCommand function in t_stream.c in redis-se ...)
	- redis <not-affected> (Vulnerable code introduced in 5.0-rc1)
	NOTE: https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5
	NOTE: https://github.com/antirez/redis/commit/c04082cf138f1f51cedf05ee9ad36fb6763cafc6
CVE-2018-12452
	RESERVED
CVE-2018-12451
	RESERVED
CVE-2018-12450
	RESERVED
CVE-2018-12449 (The Whale browser installer 0.4.3.0 and earlier versions allows DLL hi ...)
	NOT-FOR-US: Whale browser installer
CVE-2018-12448 (Whale Browser before 1.3.48.4 displays no URL information but only a t ...)
	NOT-FOR-US: Whale Browser
CVE-2018-12447 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as use ...)
	NOT-FOR-US: libbpg
CVE-2018-12446 (** DISPUTED ** An issue was discovered in the com.dropbox.android appl ...)
	NOT-FOR-US: com.dropbox.android application for Android
CVE-2018-12445 (** DISPUTED ** An issue was discovered in the com.dropbox.android appl ...)
	NOT-FOR-US: com.dropbox.android application for Android
CVE-2018-12444
	RESERVED
CVE-2018-12443
	RESERVED
CVE-2018-12442
	RESERVED
CVE-2018-12441 (The CorsairService Service in Corsair Utility Engine is installed with ...)
	NOT-FOR-US: Corsair
CVE-2018-12440 (BoringSSL through 2018-06-14 allows a memory-cache side-channel attack ...)
	- boringssl <itp> (bug #823933)
CVE-2018-12439 (MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack ...)
	- matrixssl <removed>
CVE-2018-12438 (The Elliptic Curve Cryptography library (aka sunec or libsunec) allows ...)
	- openjdk-7 <not-affected> (Didn't include/build sunec, see #750400)
CVE-2018-12437 (LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack o ...)
	- libtomcrypt 1.18.2-1 (low; bug #901626)
	[stretch] - libtomcrypt <no-dsa> (Minor issue)
	[jessie] - libtomcrypt <no-dsa> (Minor issue)
	NOTE: https://github.com/libtom/libtomcrypt/issues/407
	NOTE: https://github.com/libtom/libtomcrypt/pull/408
CVE-2018-12436 (wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cac ...)
	- wolfssl 3.15.3+dfsg-1 (bug #901627)
	NOTE: https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca
	NOTE: https://www.wolfssl.com/wolfssh-and-rohnp/
CVE-2018-12435 (Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-chan ...)
	- botan 2.6.0-3 (bug #901619)
	- botan1.10 <not-affected> (Issue introduced in 2.5.0)
	NOTE: https://github.com/randombit/botan/pull/1604
	NOTE: https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3
CVE-2018-12434 (LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache sid ...)
	- libressl <itp> (bug #754513)
CVE-2018-12433 (** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-chann ...)
	NOT-FOR-US: cryptlib
CVE-2018-12432 (JavaMelody through 1.60.0 has XSS via the counter parameter in a clear ...)
	NOT-FOR-US: JavaMelody
CVE-2018-12431 (SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_con ...)
	NOT-FOR-US: SeaCMS
CVE-2018-12430
	REJECTED
CVE-2018-12429 (JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish  ...)
	NOT-FOR-US: JEESNS
CVE-2018-12428
	RESERVED
CVE-2018-12427
	RESERVED
CVE-2018-12426 (The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vul ...)
	NOT-FOR-US: WP Live Chat Support Pro plugin for WordPress
CVE-2018-12425
	RESERVED
CVE-2018-12424
	RESERVED
CVE-2018-12422 (** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evol ...)
	- evolution-data-server 3.28.5-1 (unimportant; bug #901665)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796174
	NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/commit/34bad6173
	NOTE: non-issue, to be rejected
CVE-2018-12421 (LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a chan ...)
	NOT-FOR-US: LTB Self Service Password
CVE-2018-12420 (IceHrm before 23.0.1.OS has a risky usage of a hashed password in a re ...)
	NOT-FOR-US: IceHrm
CVE-2018-12419
	RESERVED
CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as used in Apache Tika and other  ...)
	NOT-FOR-US: Junrar
CVE-2018-12417
	REJECTED
CVE-2018-12416 (The GridServer Broker and GridServer Director components of TIBCO Soft ...)
	NOT-FOR-US: TIBCO
CVE-2018-12415 (The Central Administration server (emsca) component of TIBCO Software  ...)
	NOT-FOR-US: TIBCO
CVE-2018-12414 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...)
	NOT-FOR-US: TIBCO
CVE-2018-12413 (The Schema repository server (tibschemad) component of TIBCO Software  ...)
	NOT-FOR-US: TIBCO
CVE-2018-12412 (The realm server (tibrealmserver) component of TIBCO Software Inc. TIB ...)
	NOT-FOR-US: TIBCO
CVE-2018-12411 (The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ...)
	NOT-FOR-US: TIBCO
CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire Statistics S ...)
	NOT-FOR-US: TIBCO
CVE-2018-12409 (The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fab ...)
	NOT-FOR-US: TIBCO
CVE-2018-12408 (The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO Acti ...)
	NOT-FOR-US: TIBCO
CVE-2018-12407 (A buffer overflow occurs when drawing and validating elements with the ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12407
CVE-2018-12406 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 64.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12406
CVE-2018-12405 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4362-1 DSA-4354-1 DLA-1624-1 DLA-1605-1}
	- firefox 64.0-1
	- firefox-esr 60.4.0esr-1
	- thunderbird 1:60.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/#CVE-2018-12405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405
CVE-2018-12404 (A cached side channel attack during handshakes using RSA encryption co ...)
	{DLA-2388-1 DLA-1704-1}
	- nss 2:3.41-1
	NOTE: http://cat.eyalro.net/
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public)
	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes
	NOTE: Fixed in 3.36.6, 3.40.1
CVE-2018-12403 (If a site is loaded over a HTTPS connection but loads a favicon resour ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12403
CVE-2018-12402 (The internal WebBrowserPersist code does not use correct origin contex ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12402
CVE-2018-12401 (Some special resource URIs will cause a non-exploitable crash if loade ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12401
CVE-2018-12400 (In private browsing mode on Firefox for Android, favicons are cached i ...)
	- firefox <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12400
CVE-2018-12399 (When a new protocol handler is registered, the API accepts a title arg ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12399
CVE-2018-12398 (By using the reflected URL in some special resource URIs, such as chro ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12398
CVE-2018-12397 (A WebExtension can request access to local files without the warning p ...)
	{DSA-4324-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12397
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12397
CVE-2018-12396 (A vulnerability where a WebExtension can run content scripts in disall ...)
	{DSA-4324-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12396
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12396
CVE-2018-12395 (By rewriting the Host: request headers using the webRequest API, a Web ...)
	{DSA-4324-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12395
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12395
CVE-2018-12394
	RESERVED
CVE-2018-12393 (A potential vulnerability was found in 32-bit builds where an integer  ...)
	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	- thunderbird 1:60.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12393
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12393
CVE-2018-12392 (When manipulating user events in nested loops while opening a document ...)
	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	- thunderbird 1:60.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12392
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12392
CVE-2018-12391 (During HTTP Live Stream playback on Firefox for Android, audio data ca ...)
	- firefox-esr <not-affected> (Android-specific)
	- firefox <not-affected> (Android-specific)
	- thunderbird <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12391
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12391
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12391
CVE-2018-12390 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- firefox 63.0-1
	- thunderbird 1:60.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12390
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12390
CVE-2018-12389 (Mozilla developers and community members reported memory safety bugs p ...)
	{DSA-4337-1 DSA-4324-1 DLA-1575-1 DLA-1571-1}
	- firefox-esr 60.3.0esr-1
	- thunderbird 1:60.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-28/#CVE-2018-12389
CVE-2018-12388 (Mozilla developers and community members reported memory safety bugs p ...)
	- firefox 63.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/#CVE-2018-12388
CVE-2018-12387 (A vulnerability where the JavaScript JIT compiler inlines Array.protot ...)
	{DSA-4310-1}
	- firefox 62.0.3-1
	- firefox-esr 60.2.2esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387
CVE-2018-12386 (A vulnerability in register allocation in JavaScript can lead to type  ...)
	{DSA-4310-1}
	- firefox 62.0.3-1
	- firefox-esr 60.2.2esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386
CVE-2018-12385 (A potentially exploitable crash in TransportSecurityInfo used for SSL  ...)
	{DSA-4327-1 DSA-4304-1 DLA-1575-1}
	- firefox 62.0.2-1
	- firefox-esr 60.2.1esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-22/#CVE-2018-12385
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12385
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12385
CVE-2018-12384 (When handling a SSLv2-compatible ClientHello request, the server doesn ...)
	- nss 2:3.39-1 (low; bug #908332)
	[stretch] - nss <postponed> (Minor issue, can be fixed along in future DSA)
	[jessie] - nss <postponed> (Minor issue, can be fixed along in future DSA)
	NOTE: https://hg.mozilla.org/projects/nss/rev/2ed9f6afd84e (NSS_3_39_BRANCH)
	NOTE: https://hg.mozilla.org/projects/nss/rev/46f9a1f40c3d (NSS_3_36_BRANCH)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1622089
CVE-2018-12383 (If a user saved passwords before Firefox 58 and then later set a maste ...)
	{DSA-4327-1 DSA-4304-1 DLA-1575-1}
	- firefox 62.0-1
	- firefox-esr 60.2.1esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12383
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12383
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12383
CVE-2018-12382 (The displayed addressbar URL can be spoofed on Firefox for Android usi ...)
	- firefox <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12382
CVE-2018-12381 (Manually dragging and dropping an Outlook email message into the brows ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12381
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12381
CVE-2018-12380
	REJECTED
CVE-2018-12379 (When the Mozilla Updater opens a MAR format file which contains a very ...)
	{DSA-4327-1 DLA-1575-1}
	- firefox 62.0-1 (unimportant)
	- firefox-esr 60.2.0esr-1 (unimportant)
	[stretch] - firefox-esr 60.2.0esr-1~deb9u2
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12379
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12379
CVE-2018-12378 (A use-after-free vulnerability can occur when an IndexedDB index is de ...)
	{DSA-4327-1 DSA-4287-1 DLA-1575-1}
	- firefox 62.0-1
	- firefox-esr 60.2.0esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12378
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12378
CVE-2018-12377 (A use-after-free vulnerability can occur when refresh driver timers ar ...)
	{DSA-4327-1 DSA-4287-1 DLA-1575-1}
	- firefox 62.0-1
	- firefox-esr 60.2.0esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12377
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12377
CVE-2018-12376 (Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of ...)
	{DSA-4327-1 DSA-4287-1 DLA-1575-1}
	- firefox 62.0-1
	- firefox-esr 60.2.0esr-1
	- thunderbird 1:60.2.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12376
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12376
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12376
CVE-2018-12375 (Memory safety bugs present in Firefox 61. Some of these bugs showed ev ...)
	- firefox 62.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12375
CVE-2018-12374 (Plaintext of decrypted emails can leak through by user submitting an e ...)
	{DSA-4244-1 DLA-1425-1}
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12374
CVE-2018-12373 (dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can  ...)
	{DSA-4244-1 DLA-1425-1}
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12373
CVE-2018-12372 (Decrypted S/MIME parts, when included in HTML crafted for an attack, c ...)
	{DSA-4244-1 DLA-1425-1}
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
CVE-2018-12371 (An integer overflow vulnerability in the Skia library when allocating  ...)
	{DSA-4295-1 DLA-1575-1}
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12371
CVE-2018-12370 (In Reader View SameSite cookie protections are not checked on exiting. ...)
	- firefox 61.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12370
CVE-2018-12369 (WebExtensions bundled with embedded experiments were not correctly che ...)
	- firefox 61.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12369
CVE-2018-12368 (Windows 10 does not warn users before opening executable files with th ...)
	- firefox-esr <not-affected> (Windows-specific)
	- firefox <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12368
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12368
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12368
CVE-2018-12367 (In the previous mitigations for Spectre, the resolution or precision o ...)
	{DSA-4295-1 DLA-1575-1}
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12367
CVE-2018-12366 (An invalid grid size during QCMS (color profile) transformations can r ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12366
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12366
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12366
CVE-2018-12365 (A compromised IPC child process can escape the content sandbox and lis ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12365
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12365
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12365
CVE-2018-12364 (NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin r ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12364
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12364
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12364
CVE-2018-12363 (A use-after-free vulnerability can occur when script uses mutation eve ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12363
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12363
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12363
CVE-2018-12362 (An integer overflow can occur during graphics operations done by the S ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12362
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12362
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12362
CVE-2018-12361 (An integer overflow can occur in the SwizzleData code while calculatin ...)
	{DSA-4295-1 DLA-1575-1}
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-12361
CVE-2018-12360 (A use-after-free vulnerability can occur when deleting an input elemen ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12360
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12360
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12360
CVE-2018-12359 (A buffer overflow can occur when rendering canvas content while adjust ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12359
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-12359
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12359
CVE-2018-12358 (Service workers can use redirection to avoid the tainting of cross-ori ...)
	- firefox 61.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12358
CVE-2018-12423 (In Synapse before 0.31.2, unauthorised users can hijack rooms when the ...)
	- matrix-synapse 0.31.2+dfsg-1 (bug #901549)
	NOTE: https://github.com/matrix-org/synapse/pull/3397
CVE-2018-12357 (Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions. ...)
	NOT-FOR-US: Arista CloudVision Portal
CVE-2018-12356 (An issue was discovered in password-store.sh in pass in Simple Passwor ...)
	- password-store 1.7.2-1 (bug #901574)
	[stretch] - password-store <not-affected> (Signature verification support added in 1.7)
	[jessie] - password-store <not-affected> (Signature verification support added in 1.7)
	NOTE: https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html
	NOTE: Introduced in: https://git.zx2c4.com/password-store/commit/?id=ff62f87f41557ab7267defab662324927301485a
	NOTE: Fixed by: https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d
	NOTE: https://neopg.io/blog/pass-signature-spoof/
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/14/3
CVE-2018-12355 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or descriptio ...)
	NOT-FOR-US: Knowage / SpagoBI
CVE-2018-12354 (Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demons ...)
	NOT-FOR-US: Knowage / SpagoBI
CVE-2018-12353 (Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the  ...)
	NOT-FOR-US: Knowage / SpagoBI
CVE-2018-12352
	RESERVED
CVE-2018-12351
	RESERVED
CVE-2018-12350
	RESERVED
CVE-2018-12349
	RESERVED
CVE-2018-12348
	RESERVED
CVE-2018-12347
	RESERVED
CVE-2018-12346
	RESERVED
CVE-2018-12345
	RESERVED
CVE-2018-12344
	RESERVED
CVE-2018-12343
	RESERVED
CVE-2018-12342
	RESERVED
CVE-2018-12341
	RESERVED
CVE-2018-12340
	RESERVED
CVE-2018-12339 (ArticleCMS through 2017-02-19 has XSS via an "add an article" action. ...)
	NOT-FOR-US: ArticleCMS
CVE-2018-12338 (Undocumented Factory Backdoor in ECOS System Management Appliance (aka ...)
	NOT-FOR-US: ECOS System Management Appliance
CVE-2018-12337 (Reliance on Security Through Obscurity vulnerability in ECOS Secure Bo ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12336 (Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6. ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12335 (Incorrect access control in ECOS System Management Appliance (aka SMA) ...)
	NOT-FOR-US: ECOS System Management Appliance
CVE-2018-12334 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12333 (Insufficient Verification of Data Authenticity vulnerability in ECOS S ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12332 (Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5 ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12331 (Authentication Bypass by Spoofing vulnerability in ECOS System Managem ...)
	NOT-FOR-US: ECOS System Management Appliance
CVE-2018-12330 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12329 (Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 ...)
	NOT-FOR-US: ECOS Secure Boot Stick
CVE-2018-12328
	RESERVED
CVE-2018-12327 (Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11  ...)
	- ntp <unfixed> (unimportant)
	NOTE: https://gist.github.com/fakhrizulkifli/9b58ed8e0354e8deee50b0eebd1c011f
	NOTE: Negligible security impact
CVE-2018-12326 (Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 ...)
	{DSA-4230-1 DLA-1396-1}
	- redis 5:4.0.10-1 (bug #902410)
	NOTE: https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0
	NOTE: https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50
CVE-2018-12325
	RESERVED
CVE-2018-12324
	RESERVED
CVE-2018-12323 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. A passwor ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12322 (There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in l ...)
	- radare2 2.7.0+dfsg-1 (low; bug #901628)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/bbb4af56003c1afdad67af0c4339267ca38b1017
	NOTE: https://github.com/radare/radare2/issues/10294
CVE-2018-12321 (There is a heap out of bounds read in radare2 2.6.0 in java_switch_op( ...)
	- radare2 2.7.0+dfsg-1 (low; bug #901629)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d
	NOTE: https://github.com/radare/radare2/issues/10296
CVE-2018-12320 (There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr ...)
	- radare2 2.7.0+dfsg-1 (low; bug #901630)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548
	NOTE: https://github.com/radare/radare2/issues/10293
CVE-2018-12319 (Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attack ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12318 (Information disclosure in the SNMP settings page in ASUSTOR ADM versio ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12317 (OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows  ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12316 (OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12315 (Missing verification of a password in ASUSTOR ADM version 3.1.1 allows ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12314 (Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3. ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12313 (OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows a ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12312 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows a ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12311 (Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM ver ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12310 (Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 al ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12309 (Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows  ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12308 (Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 al ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12307 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows a ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12306 (Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allo ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12305 (Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 all ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-12304 (Cross-site scripting in Application Manager in Seagate NAS OS version  ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12303 (Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12302 (Missing HTTPOnly flag on session cookies in the Seagate NAS OS version ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12301 (Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12300 (Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.1 ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12299 (Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12298 (Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows a ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12297 (Cross-site scripting in API error pages in Seagate NAS OS version 4.3. ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12296 (Insufficient access control in /api/external/7.0/system.System.get_inf ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12295 (SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3. ...)
	NOT-FOR-US: Seagate NAS OS
CVE-2018-12294 (WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as  ...)
	- webkit2gtk 2.20.2-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-12293 (The getImageData function in the ImageBufferCairo class in WebCore/pla ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-12292 (A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpand ...)
	NOT-FOR-US: Pale Moon
CVE-2018-12290 (The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. ...)
	NOT-FOR-US: Yii2-StateMachine extension for Yii2
CVE-2018-12289
	RESERVED
CVE-2018-12288
	RESERVED
CVE-2018-12287
	RESERVED
CVE-2018-12286
	RESERVED
CVE-2018-12285
	RESERVED
CVE-2018-12284
	RESERVED
CVE-2018-12283
	RESERVED
CVE-2018-12282
	RESERVED
CVE-2018-12281
	RESERVED
CVE-2018-12280
	RESERVED
CVE-2018-12279
	RESERVED
CVE-2018-12278
	RESERVED
CVE-2018-12277
	RESERVED
CVE-2018-12276
	RESERVED
CVE-2018-12275
	RESERVED
CVE-2018-12274
	RESERVED
CVE-2018-12273 (The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciuda ...)
	NOT-FOR-US: Ximdex
CVE-2018-12272 (xowl/request.php in Ximdex 4.0 has XSS via the content parameter. ...)
	NOT-FOR-US: Ximdex
CVE-2018-12271 (** DISPUTED ** An issue was discovered in the com.getdropbox.Dropbox a ...)
	NOT-FOR-US: com.getdropbox.Dropbox app for IOS
CVE-2018-12270 (In Valve Steam 1528829181 BETA, it is possible to perform a homograph  ...)
	NOT-FOR-US: Valve Steam
	NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam
	NOTE: is started, so nothing really to be updated there
CVE-2018-12269
	RESERVED
CVE-2018-12268 (acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metac ...)
	- acccheck <unfixed> (bug #901572)
	[stretch] - acccheck <no-dsa> (Non-free not supported)
CVE-2018-12267
	RESERVED
CVE-2018-12266 (system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that  ...)
	NOT-FOR-US: HongCMS
CVE-2018-12265 (Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in prev ...)
	{DSA-4238-1 DLA-1402-1}
	- exiv2 0.25-4 (bug #901706)
	NOTE: https://github.com/Exiv2/exiv2/issues/365
	NOTE: https://github.com/Exiv2/exiv2/commit/937a1a2bd067b8b3b787f3757089d972f3a39853
CVE-2018-12264 (Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.c ...)
	{DSA-4238-1 DLA-1402-1}
	- exiv2 0.25-4 (bug #901707)
	NOTE: https://github.com/Exiv2/exiv2/issues/366
	NOTE: https://github.com/Exiv2/exiv2/commit/fe70939f54476e99046245ca69ff27012401f759
CVE-2018-12263 (portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin ...)
	NOT-FOR-US: portfolioCMS
CVE-2018-12262
	REJECTED
CVE-2018-12261 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. All proce ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12260 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root  ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12259 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root acce ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12258 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Fi ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12257 (An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is  ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-12256 (admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote ...)
	NOT-FOR-US: LiteCart
CVE-2018-12255 (An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF  ...)
	NOT-FOR-US: InvoicePlane
CVE-2018-12254 (router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for  ...)
	NOT-FOR-US: Harmis Ek rishta component for Joomla!
CVE-2018-12253
	RESERVED
CVE-2018-12252
	RESERVED
CVE-2018-12251
	RESERVED
CVE-2018-12250 (An issue was discovered in Elite CMS Pro 2.01. In /admin/add_sidebar.p ...)
	NOT-FOR-US: Elite CMS
CVE-2018-12249 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...)
	- mruby 1.4.1+20180622+git640fca32-1 (bug #901652)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/commit/faa4eaf6803bd11669bc324b4c34e7162286bfa3
	NOTE: https://github.com/mruby/mruby/issues/4037
CVE-2018-12248 (An issue was discovered in mruby 1.4.1. There is a heap-based buffer o ...)
	- mruby 1.4.1+20180622+git640fca32-1 (bug #901653)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/commit/778500563a9f7ceba996937dc886bd8cde29b42b
	NOTE: https://github.com/mruby/mruby/issues/4038
CVE-2018-12247 (An issue was discovered in mruby 1.4.1. There is a NULL pointer derefe ...)
	- mruby <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://github.com/mruby/mruby/commit/f408143c289b8017883294f13d36d43b50c8bc5d
	NOTE: Fixed by: https://github.com/mruby/mruby/commit/55edae0226409de25e59922807cb09acb45731a2
	NOTE: https://github.com/mruby/mruby/issues/4036
CVE-2018-12246 (Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a  ...)
	NOT-FOR-US: Symantec
CVE-2018-12245 (Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2018-12244 (SEP (Mac client) prior to and including 12.1 RU6 MP9 and prior to 14.2 ...)
	NOT-FOR-US: SEP
CVE-2018-12243 (The Symantec Messaging Gateway product prior to 10.6.6 may be suscepti ...)
	NOT-FOR-US: Symantec
CVE-2018-12242 (The Symantec Messaging Gateway product prior to 10.6.6 may be suscepti ...)
	NOT-FOR-US: Symantec
CVE-2018-12241 (The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susc ...)
	NOT-FOR-US: Symantec
CVE-2018-12240 (The Norton Identity Safe product prior to 5.3.0.976 may be susceptible ...)
	NOT-FOR-US: Norton
CVE-2018-12239 (Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12. ...)
	NOT-FOR-US: Norton
CVE-2018-12238 (Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12. ...)
	NOT-FOR-US: Norton
CVE-2018-12237 (The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10. ...)
	NOT-FOR-US: Symantec Reporter CLI
CVE-2018-12236
	RESERVED
CVE-2018-12235
	RESERVED
CVE-2018-12234 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
	NOT-FOR-US: Adrenalin HRMS Software
CVE-2018-12231
	RESERVED
CVE-2018-12230 (An wrong logical check identified in the transferFrom function of a sm ...)
	NOT-FOR-US: smart contract implementation for RemiCoin (RMC)
CVE-2018-12229 (Cross-site scripting (XSS) vulnerability in Public Knowledge Project ( ...)
	NOT-FOR-US: Public Knowledge Project (PKP) Open Journal System (OJS)
CVE-2018-12233 (In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4 ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://lkml.org/lkml/2018/6/2/2
CVE-2018-12232 (In net/socket.c in the Linux kernel through 4.17.1, there is a race co ...)
	- linux 4.17.3-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/6d8c50dcb029872b298eea68cc6209c866fd3e14
CVE-2018-12228 (An issue was discovered in Asterisk Open Source 15.x before 15.4.1. Wh ...)
	- asterisk <not-affected> (Only affects 15.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-007.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27807
CVE-2018-12227 (An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 1 ...)
	{DSA-4320-1}
	- asterisk 1:13.22.0~dfsg-1 (bug #902954)
	[jessie] - asterisk <not-affected> (vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-008.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27818
CVE-2018-12226
	RESERVED
CVE-2018-12225
	RESERVED
CVE-2018-12224 (Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* ...)
	NOT-FOR-US: Intel
CVE-2018-12223 (Insufficient access control in User Mode Driver in Intel(R) Graphics D ...)
	NOT-FOR-US: Intel
CVE-2018-12222 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12221 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12220 (Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Window ...)
	NOT-FOR-US: Intel
CVE-2018-12219 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12218 (Unhandled exception in User Mode Driver in Intel(R) Graphics Driver fo ...)
	NOT-FOR-US: Intel
CVE-2018-12217 (Insufficient access control in Kernel Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12216 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12215 (Insufficient input validation in Kernel Mode Driver in Intel(R) Graphi ...)
	NOT-FOR-US: Intel
CVE-2018-12214 (Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12213 (Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12212 (Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Wi ...)
	NOT-FOR-US: Intel
CVE-2018-12211 (Insufficient input validation in User Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12210 (Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-12209 (Insufficient access control in User Mode Driver in Intel(R) Graphics D ...)
	NOT-FOR-US: Intel
CVE-2018-12208 (Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11. ...)
	NOT-FOR-US: Intel
CVE-2018-12207 (Improper invalidation for page table updates by a virtual guest operat ...)
	{DSA-4602-1 DSA-4564-1 DLA-1990-1}
	- linux 5.3.9-2
	[jessie] - linux <ignored> (Untrusted guests are no longer supportable)
	- xen 4.11.3+24-g14b62ab3e5-1 (bug #947944)
	[jessie] - xen <end-of-life> (Not supported in jessie LTS)
	NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-machine-check-error-avoidance-page-size-change-0
	NOTE: https://xenbits.xen.org/xsa/advisory-304.html
CVE-2018-12206 (Improper configuration of hardware access in Intel QuickAssist Technol ...)
	NOT-FOR-US: Intel QuickAssist Technology for Linux
CVE-2018-12205 (Improper certificate validation in Platform Sample/ Silicon Reference  ...)
	NOT-FOR-US: Intel
CVE-2018-12204 (Improper memory initialization in Platform Sample/Silicon Reference fi ...)
	NOT-FOR-US: Intel
CVE-2018-12203 (Denial of service vulnerability in Platform Sample/ Silicon Reference  ...)
	NOT-FOR-US: Intel
CVE-2018-12202 (Privilege escalation vulnerability in Platform Sample/ Silicon Referen ...)
	NOT-FOR-US: Intel
CVE-2018-12201 (Buffer overflow vulnerability in Platform Sample / Silicon Reference f ...)
	NOT-FOR-US: Intel
CVE-2018-12200 (Insufficient access control in Intel(R) Capability Licensing Service b ...)
	NOT-FOR-US: Intel
CVE-2018-12199 (Buffer overflow in an OS component in Intel CSME before versions 11.8. ...)
	NOT-FOR-US: Intel
CVE-2018-12198 (Insufficient input validation in Intel(R) Server Platform Services HEC ...)
	NOT-FOR-US: Intel
CVE-2018-12197
	RESERVED
CVE-2018-12196 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME before  ...)
	NOT-FOR-US: Intel
CVE-2018-12195
	RESERVED
CVE-2018-12194
	RESERVED
CVE-2018-12193 (Insufficient access control in driver stack for Intel QuickAssist Tech ...)
	NOT-FOR-US: Intel
CVE-2018-12192 (Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11 ...)
	NOT-FOR-US: Intel
CVE-2018-12191 (Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, ...)
	NOT-FOR-US: Intel
CVE-2018-12190 (Insufficient input validation in Intel(r) CSME subsystem before versio ...)
	NOT-FOR-US: Intel
CVE-2018-12189 (Unhandled exception in Content Protection subsystem in Intel CSME befo ...)
	NOT-FOR-US: Intel
CVE-2018-12188 (Insufficient input validation in Intel CSME before versions 11.8.60, 1 ...)
	NOT-FOR-US: Intel
CVE-2018-12187 (Insufficient input validation in Intel(R) Active Management Technology ...)
	NOT-FOR-US: Intel
CVE-2018-12186
	RESERVED
CVE-2018-12185 (Insufficient input validation in Intel(R) AMT in Intel(R) CSME before  ...)
	NOT-FOR-US: Intel
CVE-2018-12184
	RESERVED
CVE-2018-12183 (Stack overflow in DxeCore for EDK II may allow an unauthenticated user ...)
	- edk2 0~20181115.85588389-1
	[buster] - edk2 <no-dsa> (Minor issue)
	[stretch] - edk2 <ignored> (Minor issue)
	[jessie] - edk2 <end-of-life> (non-free)
	NOTE: https://github.com/tianocore/edk2/commit/0a0d5296e448fc350de1594c49b9c0deff7fad60
CVE-2018-12182 (Insufficient memory write check in SMM service for EDK II may allow an ...)
	- edk2 <not-affected> (See https://bugzilla.tianocore.org/show_bug.cgi?id=1136#c13)
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1136
CVE-2018-12181 (Stack overflow in corrupted bmp for EDK II may allow unprivileged user ...)
	- edk2 0~20181115.85588389-3 (bug #924615)
	[stretch] - edk2 0~20161202.7bbe0b3e-1+deb9u1
	[jessie] - edk2 <end-of-life> (non-free is not supported)
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-March/037626.html
CVE-2018-12180 (Buffer overflow in BlockIo service for EDK II may allow an unauthentic ...)
	- edk2 0~20181115.85588389-3 (bug #924615)
	[stretch] - edk2 0~20161202.7bbe0b3e-1+deb9u1
	[jessie] - edk2 <end-of-life> (non-free is not supported)
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037248.html
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037249.html
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037250.html
	NOTE: https://github.com/tianocore/edk2/commit/38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f
	NOTE: https://github.com/tianocore/edk2/commit/fccdb88022c1f6d85c773fce506b10c879063f1d
CVE-2018-12179 (Improper configuration in system firmware for EDK II may allow unauthe ...)
	- edk2 0~20190606.20d2e5a1-2 (unimportant; bug #927484)
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1133
	NOTE: OpalPassword code is not enabled in Debian images
CVE-2018-12178 (Buffer overflow in network stack for EDK II may allow unprivileged use ...)
	- edk2 0~20181115.85588389-3 (bug #924615)
	[stretch] - edk2 0~20161202.7bbe0b3e-1+deb9u1
	[jessie] - edk2 <end-of-life> (non-free is not supported)
	NOTE: https://lists.01.org/pipermail/edk2-devel/2019-February/037251.html
	NOTE: https://github.com/tianocore/edk2/commit/84110bbe4bb3a346514b9bb12eadb7586bca7dfd
CVE-2018-12177 (Improper directory permissions in the ZeroConfig service in Intel(R) P ...)
	NOT-FOR-US: Intel PROSet/Wireless WiFi Software
CVE-2018-12176 (Improper input validation in firmware for Intel NUC Kits may allow a p ...)
	NOT-FOR-US: Intel
CVE-2018-12175 (Default install directory permissions in Intel Distribution for Python ...)
	NOT-FOR-US: Intel Distribution for Python
CVE-2018-12174 (Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE ...)
	NOT-FOR-US: Intel
CVE-2018-12173 (Insufficient access protection in firmware in Intel Server Board, Inte ...)
	NOT-FOR-US: Intel
CVE-2018-12172 (Improper password hashing in firmware in Intel Server Board (S7200AP,S ...)
	NOT-FOR-US: Intel
CVE-2018-12171 (Privilege escalation in Intel Baseboard Management Controller (BMC) fi ...)
	NOT-FOR-US: Intel Baseboard Management Controller firmware
CVE-2018-12170
	RESERVED
CVE-2018-12169 (Platform sample code firmware in 4th Generation Intel Core Processor,  ...)
	NOT-FOR-US: Intel
	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
CVE-2018-12168 (Privilege escalation in file permissions in Intel Computing Improvemen ...)
	NOT-FOR-US: Intel
CVE-2018-12167 (Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P ...)
	NOT-FOR-US: Intel
CVE-2018-12166 (Insufficient write protection in firmware for Intel(R) Optane(TM) SSD  ...)
	NOT-FOR-US: Intel
CVE-2018-12165
	RESERVED
CVE-2018-12164
	RESERVED
CVE-2018-12163 (A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 inst ...)
	NOT-FOR-US: Intel IoT Developers Kit
CVE-2018-12162 (Directory permissions in the Intel OpenVINO Toolkit for Windows before ...)
	NOT-FOR-US: Intel OpenVINO Toolkit for Windows
CVE-2018-12161 (Insufficient session validation in the webserver component of the Inte ...)
	NOT-FOR-US: Intel Rapid Web Server
CVE-2018-12160 (DLL injection vulnerability in software installer for Intel Data Cente ...)
	NOT-FOR-US: Intel
CVE-2018-12159 (Buffer overflow in the command-line interface for Intel(R) PROSet Wire ...)
	NOT-FOR-US: Intel
CVE-2018-12158 (Insufficient input validation in BIOS update utility in Intel NUC FW k ...)
	NOT-FOR-US: Intel
CVE-2018-12157
	RESERVED
CVE-2018-12156
	RESERVED
CVE-2018-12155 (Data leakage in cryptographic libraries for Intel IPP before 2019 upda ...)
	NOT-FOR-US: Intel
CVE-2018-12154 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
	NOT-FOR-US: Intel
CVE-2018-12153 (Denial of Service in Unified Shader Compiler in Intel Graphics Drivers ...)
	NOT-FOR-US: Intel
CVE-2018-12152 (Pointer corruption in Unified Shader Compiler in Intel Graphics Driver ...)
	NOT-FOR-US: Intel
CVE-2018-12151 (Buffer overflow in installer for Intel Extreme Tuning Utility before 6 ...)
	NOT-FOR-US: Intel
CVE-2018-12150 (Escalation of privilege in Installer for Intel Extreme Tuning Utility  ...)
	NOT-FOR-US: Intel
CVE-2018-12149 (Buffer overflow in input handling in Intel Extreme Tuning Utility befo ...)
	NOT-FOR-US: Intel
CVE-2018-12148 (Privilege escalation in file permissions in Intel Driver and Support A ...)
	NOT-FOR-US: Intel
CVE-2018-12147 (Insufficient input validation in HECI subsystem in Intel(R) CSME befor ...)
	NOT-FOR-US: Intel
CVE-2018-12146
	RESERVED
CVE-2018-12145
	RESERVED
CVE-2018-12144
	RESERVED
CVE-2018-12143
	RESERVED
CVE-2018-12142
	RESERVED
CVE-2018-12141
	RESERVED
CVE-2018-12140
	RESERVED
CVE-2018-12139
	RESERVED
CVE-2018-12138
	RESERVED
CVE-2018-12137
	RESERVED
CVE-2018-12136
	RESERVED
CVE-2018-12135
	RESERVED
CVE-2018-12134
	RESERVED
CVE-2018-12133
	RESERVED
CVE-2018-12132
	RESERVED
CVE-2018-12131 (Permissions in the driver pack installers for Intel NVMe before versio ...)
	NOT-FOR-US: Intel
CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on  ...)
	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
	- intel-microcode 3.20190514.1
	- linux 4.19.37-2
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
	NOTE: https://xenbits.xen.org/xsa/advisory-297.html
	NOTE: libvirt support for md-clear CPUID bit:
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
	NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2018-12129
	RESERVED
CVE-2018-12128
	RESERVED
CVE-2018-12127 (Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some ...)
	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
	- intel-microcode 3.20190514.1
	- linux 4.19.37-2
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
	NOTE: https://xenbits.xen.org/xsa/advisory-297.html
	NOTE: libvirt support for md-clear CPUID bit:
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
	NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers o ...)
	{DSA-4447-1 DSA-4444-1 DLA-1789-2 DLA-1799-1 DLA-1789-1 DLA-1787-1}
	- intel-microcode 3.20190514.1
	- linux 4.19.37-2
	- xen 4.11.1+92-g6c33308a8d-1 (bug #929129)
	[stretch] - xen 4.8.5.final+shim4.10.4-1+deb9u12
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://git.kernel.org/linus/fa4bff165070dc40a3de35b78e4f8da8e8d85ec5
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/microarchitectural-data-sampling
	NOTE: https://xenbits.xen.org/xsa/advisory-297.html
	NOTE: libvirt support for md-clear CPUID bit:
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=538d873571d7a682852dc1d70e5f4478f4d64e85
	NOTE: qemu and libvirt need updates to passthrough md-clear, see #929067 for qemu and #929154 for libvirt
CVE-2018-12125
	RESERVED
CVE-2018-12124
	RESERVED
CVE-2018-12123 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Patch (v8): https://github.com/nodejs/node/commit/53a6e4eb2002efc66eb9aefe24529fb63715094e
CVE-2018-12122 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Patch (v8): https://github.com/nodejs/node/commit/696f063c5e9157fd10859515da00fd8bd190d76d
CVE-2018-12121 (Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11. ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Patch (v8): https://github.com/nodejs/node/commit/93dba83fb0fb46ee2ea87163f435392490b4d59b
CVE-2018-12120 (Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 list ...)
	- nodejs 8.9.3~dfsg-5 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Code got removed in 8.x, so marking first 8.x version in sid as fixed
	NOTE: Patch (v6): https://github.com/nodejs/node/commit/a9791c9090927b41a8bbfad254a2279204508059
CVE-2018-12119
	RESERVED
CVE-2018-12118
	RESERVED
CVE-2018-12117
	RESERVED
CVE-2018-12116 (Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: Patch (v8): https://github.com/nodejs/node/commit/513e9747a22386bc9c93a12f9698561827a1e631
	NOTE: Only affects 6.x and 8.x, marking first 10.x release as fixed
CVE-2018-12115 (In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when use ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
	NOTE: Nodejs not covered by security support
	NOTE: https://github.com/nodejs/node/commit/fc14d812b7
CVE-2018-12114 (Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user  ...)
	NOT-FOR-US: Maccms
CVE-2018-12113 (Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulne ...)
	NOT-FOR-US: Core FTP LE
CVE-2018-12112 (md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to  ...)
	NOT-FOR-US: md4c
CVE-2018-12111 (Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webi ...)
	NOT-FOR-US: Canon PrintMe EFI webinterface
CVE-2018-12110 (portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php previ ...)
	NOT-FOR-US: portfolioCMS
CVE-2018-12109 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The  ...)
	- flif <removed> (bug #902196)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/513
CVE-2018-12108 (An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompre ...)
	- lepton <removed> (bug #905494)
	NOTE: https://github.com/dropbox/lepton/issues/107
CVE-2018-12107
	RESERVED
CVE-2018-12106
	RESERVED
CVE-2018-12105
	RESERVED
CVE-2018-12104 (Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7. ...)
	NOT-FOR-US: Airbnb Knowledge Repo
CVE-2018-12103 (An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 ...)
	NOT-FOR-US: D-Link
CVE-2018-12102 (md4c 0.2.6 has a NULL pointer dereference in the function md_process_l ...)
	NOT-FOR-US: md4c
CVE-2018-12101 (CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Res ...)
	NOT-FOR-US: CMS Clipper
CVE-2018-12100 (Sonatype Nexus Repository Manager versions 3.x before 3.12.0 has XSS i ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-12099 (Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. ...)
	- grafana <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/grafana/grafana/pull/11813
CVE-2018-12098 (** DISPUTED ** The liblnk_data_block_read function in liblnk_data_bloc ...)
	- liblnk 20180626-1 (unimportant; bug #901962)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
	NOTE: https://github.com/libyal/liblnk/commit/cb7fe0c66a5a01c19f1953fc7814c4fedfdc5785
	NOTE: https://github.com/libyal/liblnk/issues/32
	NOTE: https://github.com/libyal/liblnk/issues/33
	NOTE: Questionable/negligabe security impact
CVE-2018-12097 (** DISPUTED ** The liblnk_location_information_read_data function in l ...)
	- liblnk 20180626-1 (unimportant; bug #901962)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
	NOTE: https://github.com/libyal/liblnk/commit/cb7fe0c66a5a01c19f1953fc7814c4fedfdc5785
	NOTE: https://github.com/libyal/liblnk/issues/32
	NOTE: https://github.com/libyal/liblnk/issues/33
	NOTE: Questionable/negligabe security impact
CVE-2018-12096 (** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in ...)
	- liblnk 20180626-1 (unimportant; bug #901962)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/33
	NOTE: https://github.com/libyal/liblnk/issues/32
	NOTE: https://github.com/libyal/liblnk/issues/33
	NOTE: https://github.com/libyal/libuna/commit/aca678aa7e49ca628f1b27a53fdea883fa8764bb
	NOTE: https://github.com/libyal/libuna/commit/f22aca8b649afe5cef529d9268186bfe591b7f89
	NOTE: Questionable/negligabe security impact
CVE-2018-12095 (A Reflected Cross-Site Scripting web vulnerability has been discovered ...)
	NOT-FOR-US: OEcms
CVE-2018-12094 (Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS V ...)
	NOT-FOR-US: Dimofinf CMS
CVE-2018-12093 (tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr ...)
	NOT-FOR-US: tinyexr
CVE-2018-12092 (tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixe ...)
	NOT-FOR-US: tinyexr
CVE-2018-12091
	RESERVED
CVE-2018-12090 (There is unauthenticated reflected cross-site scripting (XSS) in LAMS  ...)
	NOT-FOR-US: LAMS
CVE-2018-12089 (In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View  ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-12291 (The on_get_missing_events function in handlers/federation.py in Matrix ...)
	- matrix-synapse 0.31.1+dfsg-1 (bug #901293)
	NOTE: https://github.com/matrix-org/synapse/pull/3371
	NOTE: https://github.com/matrix-org/synapse/commit/0834b49c6a9b6c597a154d4b2dfcf8fff90699ec
	NOTE: https://matrix.org/blog/2018/06/08/synapse-0-31-1-released/
CVE-2018-12088 (S3QL before 2.27 mishandles checksumming, and consequently allows repl ...)
	- s3ql 2.27.1+dfsg-1 (low)
	[stretch] - s3ql <ignored> (Minor issue, backports would change the file system revision rendering it unable to read older file systems)
	[jessie] - s3ql <ignored> (Minor issue, backports would change the file system revision rendering it unable to read older file systems)
	NOTE: https://groups.google.com/forum/#!topic/s3ql/4TzCVIMkA4o
	NOTE: https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020
CVE-2018-12087 (Failure to validate certificates in OPC Foundation UA Client Applicati ...)
	NOT-FOR-US: OPC UA
CVE-2018-12086 (Buffer overflow in OPC UA applications allows remote attackers to trig ...)
	{DSA-4359-1}
	- wireshark 2.6.4-1
	[jessie] - wireshark <ignored> (changes are too intrusive to backport)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-50.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28a7a79cac425d1b1ecf06e73add41edd2241e49
CVE-2018-12085 (Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parse ...)
	- liblouis 3.5.0-4 (bug #901202)
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/595
	NOTE: https://github.com/liblouis/liblouis/commit/dbfa58bb128cae86729578ac596056b3385817ef
CVE-2018-12084 (The mintToken function of a smart contract implementation for BitAsean ...)
	NOT-FOR-US: BitAsean
CVE-2018-12083 (The mintToken function of a smart contract implementation for GOAL Bon ...)
	NOT-FOR-US: GOAL
CVE-2018-12082 (The mintToken function of a smart contract implementation for Fujinto  ...)
	NOT-FOR-US: Fujinto
CVE-2018-12081 (The mintToken function of a smart contract implementation for Target C ...)
	NOT-FOR-US: Target Coin
CVE-2018-12080 (The mintToken function of a smart contract implementation for Internet ...)
	NOT-FOR-US: Internet Node Token
CVE-2018-12079 (The mintToken function of a smart contract implementation for Substrat ...)
	NOT-FOR-US: Substratum
CVE-2018-12078 (The mintToken function of a smart contract implementation for PolyAI ( ...)
	NOT-FOR-US: PolyAI
CVE-2018-12077
	RESERVED
CVE-2018-12076 (A vulnerability in the UPC bar code of the Avanti Markets MarketCard c ...)
	NOT-FOR-US: Avanti Markets MarketCard
CVE-2018-12075
	RESERVED
CVE-2018-12074
	RESERVED
CVE-2018-12073 (An issue was discovered on Eminent EM4544 9.10 devices. The device doe ...)
	NOT-FOR-US: Eminent EM4544 9.10 devices
CVE-2018-12072 (An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-P ...)
	NOT-FOR-US: Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware
CVE-2018-12071 (A Session Fixation issue exists in CodeIgniter before 3.1.9 because se ...)
	- codeigniter <itp> (bug #471583)
CVE-2018-12070 (The sell function of a smart contract implementation for SEC, a tradab ...)
	NOT-FOR-US: SEC
CVE-2018-12069
	RESERVED
CVE-2018-12068 (The sell function of a smart contract implementation for Target Coin ( ...)
	NOT-FOR-US: Target Coin
CVE-2018-12067 (The sell function of a smart contract implementation for Substratum (S ...)
	NOT-FOR-US: Substratum
CVE-2018-12065 (A Local File Inclusion vulnerability in /system/WCore/WHelper.php in C ...)
	NOT-FOR-US: wityCMS
CVE-2018-12064 (tinyexr 0.9.5 has a heap-based buffer over-read via tinyexr::ReadChann ...)
	NOT-FOR-US: tinyexr
CVE-2018-12063 (The sell function of a smart contract implementation for Internet Node ...)
	NOT-FOR-US: Internet Node Token
CVE-2018-12062 (The sell function of a smart contract implementation for SwftCoin (SWF ...)
	NOT-FOR-US: SwfCoin
CVE-2018-12061
	RESERVED
CVE-2018-12060
	RESERVED
CVE-2018-12059
	RESERVED
CVE-2018-12058
	RESERVED
CVE-2018-12057
	RESERVED
CVE-2018-12056 (The maxRandom function of a smart contract implementation for All For  ...)
	NOT-FOR-US: smart contract implementation for All For One
CVE-2018-12055 (Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Manage ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12054 (Arbitrary File Read exists in PHP Scripts Mall Schools Alert Managemen ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12053 (Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Manag ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12052 (SQL Injection exists in PHP Scripts Mall Schools Alert Management Scri ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12051 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts M ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-12050
	RESERVED
CVE-2018-13346 (The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorr ...)
	{DLA-2293-1 DLA-1414-1}
	- mercurial 4.6.1-1 (bug #901050)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/faa924469635
CVE-2018-13347 (mpatch.c in Mercurial before 4.6.1 mishandles integer addition and sub ...)
	{DLA-2293-1 DLA-1414-1}
	- mercurial 4.6.1-1 (bug #901050)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/1acfc35d478c
	NOTE: there are actually 6 more patches required to completely fix bug #901050,
	NOTE: see https://www.mercurial-scm.org/repo/hg-committed/log?rev=modifies%28%22mercurial%2Fmpatch.c%22%29+and+4.5%3A%3A
	NOTE: upstream proposes we use OVE-20180430-0002 to cover all undefined behavior
	NOTE: cases which the 6 patches fix
CVE-2018-13348 (The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 misha ...)
	{DLA-2293-1 DLA-1414-1}
	- mercurial 4.6.1-1 (bug #901050)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/90a274965de7
CVE-2018-12049 (** DISPUTED ** A remote attacker can bypass the System Manager Mode on ...)
	NOT-FOR-US: Canon
CVE-2018-12048 (** DISPUTED ** A remote attacker can bypass the Management Mode on the ...)
	NOT-FOR-US: Canon
CVE-2018-12047 (xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters ...)
	NOT-FOR-US: Ximdex
CVE-2018-12046 (DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage ...)
	NOT-FOR-US: DedeCMS
CVE-2018-12045 (DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_mana ...)
	NOT-FOR-US: DedeCMS
CVE-2018-12044
	RESERVED
CVE-2018-12043 (content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the  ...)
	NOT-FOR-US: Symphony CMS
CVE-2018-12042 (Roxy Fileman through v1.4.5 has Directory traversal via the php/downlo ...)
	NOT-FOR-US: Roxy Fileman
CVE-2018-12041 (An issue was discovered on the MediaTek AWUS036NH wireless USB adapter ...)
	NOT-FOR-US: MediaTek
CVE-2018-12040 (** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in t ...)
	- symfony 3.4.12+dfsg-1 (unimportant)
	NOTE: https://github.com/symfony/symfony/issues/28002
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1590702
CVE-2018-12039 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-12038 (An issue was discovered on Samsung 840 EVO devices. Vendor-specific co ...)
	NOT-FOR-US: Samsung 840 EVO devices
CVE-2018-12037 (An issue was discovered on Samsung 840 EVO and 850 EVO devices (only i ...)
	NOT-FOR-US: Samsung
CVE-2018-12036 (OWASP Dependency-Check before 3.2.0 allows attackers to write to arbit ...)
	NOT-FOR-US: OWASP Dependency-Check
CVE-2018-12035 (In YARA 3.7.1 and prior, parsing a specially crafted compiled rule fil ...)
	- yara 3.7.1-3 (low)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/891
CVE-2018-12034 (In YARA 3.7.1 and prior, parsing a specially crafted compiled rule fil ...)
	- yara 3.7.1-3 (low)
	[stretch] - yara <no-dsa> (Minor issue)
	[jessie] - yara <no-dsa> (Minor issue)
	NOTE: https://github.com/VirusTotal/yara/issues/891
CVE-2018-12033
	RESERVED
CVE-2018-12032
	RESERVED
CVE-2018-12031 (Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an ...)
	NOT-FOR-US: Eaton Intelligent Power Manager
CVE-2018-12030 (Chevereto Free before 1.0.13 has XSS. ...)
	NOT-FOR-US: Chevereto Free
CVE-2018-12029 (A race condition in the nginx module in Phusion Passenger 3.x through  ...)
	{DLA-1399-1}
	- passenger 5.0.30-1.1 (bug #921767; unimportant)
	[stretch] - passenger 5.0.30-1+deb9u1
	- ruby-passenger <removed> (unimportant)
	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
	NOTE: https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86 (release-5.3.2)
	NOTE: unimportant as nginx module not built.
	NOTE: Related hardening commits:
	NOTE: https://github.com/phusion/passenger/commit/9ed61bb4641ba1f5158fca3840d4e4088805b5af (release-5.3.2)
	NOTE: https://github.com/phusion/passenger/commit/4f663c8246f529e32575d50196d11cde12a6dfda (release-5.3.3)
	NOTE: https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
CVE-2018-12028 (An Incorrect Access Control vulnerability in SpawningKit in Phusion Pa ...)
	- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
CVE-2018-12027 (An Insecure Permissions vulnerability in SpawningKit in Phusion Passen ...)
	- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
CVE-2018-12026 (During the spawning of a malicious Passenger-managed application, Spaw ...)
	- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
	NOTE: https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/
CVE-2018-12025 (The transferFrom function of a smart contract implementation for Futur ...)
	NOT-FOR-US: FuturXE
CVE-2018-12024
	RESERVED
CVE-2018-12023 (An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4 ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2058
	NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
CVE-2018-12022 (An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4 ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2052
	NOTE: https://github.com/FasterXML/jackson-databind/commit/7487cf7eb14be2f65a1eb108e8629c07ef45e0a1
CVE-2018-12021 (Singularity 2.3.0 through 2.5.1 is affected by an incorrect access con ...)
	- singularity-container 2.5.2-1
	NOTE: https://github.com/singularityware/singularity/releases/tag/2.5.2
CVE-2018-12020 (mainproc.c in GnuPG before 2.2.8 mishandles the original filename duri ...)
	{DSA-4224-1 DSA-4223-1 DSA-4222-1}
	- enigmail 2:2.0.7-1
	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
	- gnupg2 2.2.8-1
	- gnupg1 1.4.22-5 (bug #901088)
	- gnupg <removed>
	NOTE: https://dev.gnupg.org/T4012
	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=210e402acd3e284b32db1901e43bf1470e659e49 (STABLE-BRANCH-2-2)
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac (STABLE-BRANCH-1-4)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/13/10
	NOTE: https://neopg.io/blog/gpg-signature-spoof/
CVE-2018-12019 (The signature verification routine in Enigmail before 2.0.7 interprets ...)
	- enigmail 2:2.0.7-1
	[jessie] - enigmail <end-of-life> (see https://lists.debian.org/debian-lts-announce/2019/02/msg00002.html)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/13/10
	NOTE: https://neopg.io/blog/enigmail-signature-spoof/
CVE-2018-12018 (The GetBlockHeadersMsg handler in the LES protocol implementation in G ...)
	- golang-github-go-ethereum <itp> (bug #890541)
CVE-2018-12017
	RESERVED
CVE-2018-12016 (libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows rem ...)
	- epiphany-browser 3.28.3.1-1 (unimportant; bug #901018)
	NOTE: webkit not covered by security support
CVE-2018-12014 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-12013 (Improper authentication in locked memory region can lead to unprivilge ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-12012 (While updating blacklisting region shared buffered memory region is no ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-12011 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-12010 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-12009
	RESERVED
CVE-2018-12008
	RESERVED
CVE-2018-12007
	RESERVED
CVE-2018-12006 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-12005 (An unprivileged user can issue a binder call and cause a system halt i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-12004 (Secure keypad is unlocked with secure display still intact in Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-12003
	RESERVED
CVE-2018-12002
	RESERVED
CVE-2018-12001
	RESERVED
CVE-2018-12000
	RESERVED
CVE-2018-11999 (Improper input validation in trustzone can lead to denial of service i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11998 (While processing a packet decode request in MQTT, Race condition can o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11997
	RESERVED
CVE-2018-11996 (When a malformed command is sent to the device programmer, an out-of-b ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11995 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11994 (SMMU secure camera logic allows secure camera controllers to access HL ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11993 (Improper check while accessing the local memory stack on MQTT connecti ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11992
	RESERVED
CVE-2018-11991
	RESERVED
CVE-2018-11990
	RESERVED
CVE-2018-11989
	REJECTED
CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11987 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	- linux <not-affected> (Vulnerable code path not present)
	NOTE: https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=5e9ffcfa152ecb2832990c42fcd8a0f2e63c2c04
	NOTE: https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin#_CVE-2018-11987
	NOTE: ion not enabled in Debian build and in staging anyway
CVE-2018-11986 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11985 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11984 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11983 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11982 (In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MD ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11981
	RESERVED
CVE-2018-11980 (When a fake broadcast/multicast 11w rmf without mmie received, since n ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11979
	RESERVED
CVE-2018-11978
	REJECTED
CVE-2018-11977
	REJECTED
CVE-2018-11976 (ECDSA signature code leaks private keys from secure world to non-secur ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11975
	REJECTED
CVE-2018-11974
	REJECTED
CVE-2018-11973
	REJECTED
CVE-2018-11972
	REJECTED
CVE-2018-11971 (Interrupt exit code flow may undermine access control policy set forth ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11970 (TZ App dynamic allocations not protected from XBL loader in Snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11969
	REJECTED
CVE-2018-11968 (Improper check before assigning value can lead to integer overflow in  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11967 (Signature verification of the skel library could potentially be disabl ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11966 (Undefined behavior in UE while processing unknown IEI in OTA message i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11965 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11964 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11963 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11962 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11961 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: CodeAurora components for Android
CVE-2018-11959
	REJECTED
CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to gain access ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11957
	RESERVED
CVE-2018-11956 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Android
CVE-2018-11955 (Lack of check on length of reason-code fetched from payload may lead d ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11954
	RESERVED
CVE-2018-11953 (While processing ssid IE length from remote AP, possible out-of-bounds ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11952
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11951 (Improper access control in core module lead XBL_LOADER performs the ZI ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11950 (Unapproved TrustZone applications can be loaded and executed in Snapdr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11949 (Failure to initialize the extra buffer can lead to an out of buffer ac ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11948 (Exceeding the limit of usage entries are not tracked and the informati ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11947 (The txrx stats req might be double freed in the pdev detach when the h ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11946 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11945 (Improper input validation in wireless service messaging module for dat ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11944
	RESERVED
CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the firmwar ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11941
	REJECTED
CVE-2018-11940 (Lack of check in length before using memcpy in WLAN function can lead  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11939 (Use after issue in WLAN function due to multiple ACS scan requests at  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11938 (Improper input validation for argument received from HLOS can lead to  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11937 (Lack of input validation before copying can lead to a buffer over read ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11936 (Index of array is processed in a wrong way inside a while loop and res ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11935 (Improper input validation might result in incorrect app id returned to ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11934 (Possible out of bounds write due to improper input validation while pr ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11933
	REJECTED
CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem from  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to CPZ i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11930 (Improper input validation on input data which is used to locate and co ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11929 (Lack of input validation in WLAN function can lead to potential heap o ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11928 (Lack of check on length parameter may cause buffer overflow while proc ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11927 (Improper input validation on input which is used as an array index wil ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11926
	RESERVED
CVE-2018-11925 (Data length received from firmware is not validated against the max al ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11924 (Improper buffer length validation in WLAN function can lead to a poten ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11923 (Improper buffer length check before copying can lead to integer overfl ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11922
	RESERVED
CVE-2018-11921 (Failure condition is not handled properly and the correct error code i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11920
	RESERVED
CVE-2018-11919 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11918 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11917
	RESERVED
CVE-2018-11916
	RESERVED
CVE-2018-11915
	RESERVED
CVE-2018-11914 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11913 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11912 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11911 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11910 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11909 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11908 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11907 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11906 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11905 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11904 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11903 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11902 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11901
	RESERVED
CVE-2018-11900
	RESERVED
CVE-2018-11899 (While processing radio connection status change events, Radio index is ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11898 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11897 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11896
	RESERVED
CVE-2018-11895 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11894 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11893 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11892
	REJECTED
CVE-2018-11891 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11890
	RESERVED
CVE-2018-11889 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11888 (Unauthorized access may be allowed by the SCP11 Crypto Services TA wil ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11887
	RESERVED
CVE-2018-11886 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11885
	RESERVED
CVE-2018-11884 (Improper input validation leads to buffer overflow while processing ne ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11883 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11882 (Incorrect bound check can lead to potential buffer overwrite in WLAN c ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11881
	RESERVED
CVE-2018-11880 (Incorrect bound check can lead to potential buffer overwrite in WLAN f ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11879 (When the buffer length passed is very large, bounds check could be byp ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11878 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11877 (When the buffer length passed is very large in WLAN, bounds check coul ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11876 (Lack of input validation while copying to buffer in WLAN will lead to  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11875 (Lack of check of buffer size before copying in a WLAN function can lea ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11874 (Buffer overflow if the length of passphrase is more than 32 when setti ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11873 (Improper input validation leads to buffer overwrite in the WLAN functi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11872 (Improper input validation leads to buffer overwrite in the WLAN functi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11871 (Buffer overwrite can happen in WLAN function while processing set pdev ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11870 (Buffer overwrite can occur when the legacy rates count received from t ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11869 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11868 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11867 (Lack of buffer length check before copying in WLAN function while proc ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11866 (Integer overflow may happen in WLAN when calculating an internal struc ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11865 (Integer overflow may happen when calculating an internal structure siz ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11864 (Bytes can be written to fuses from Secure region which can be read lat ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11863 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11862 (Buffer overflow can happen in WLAN module due to lack of validation of ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11861 (Buffer overflow can happen in WLAN function due to lack of validation  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11860 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11859 (Buffer overwrite can happen in WLAN due to lack of validation of the i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11858 (When processing IE set command, buffer overwrite may occur due to lack ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11857 (Improper input validation in WLAN encrypt/decrypt module can lead to a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11856 (Improper input validation leads to buffer overwrite in the WLAN functi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11855 (If an end user makes use of SCP11 sample OCE code without modification ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11854 (Lack of check of valid length of input parameter may cause buffer over ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11853 (Lack of check on out of range for channels When processing channel lis ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11852 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11851 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11850 (Lack of check on remaining length parameter When processing scan start ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11849 (Lack of check on out of range of bssid parameter When processing scan  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11848
	RESERVED
CVE-2018-11847 (Malicious TA can tag QSEE kernel memory and map to EL0, there by corru ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11846 (The use of a non-time-constant memory comparison operation can lead to ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11845 (Usage of non-time-constant comparison functions can lead to informatio ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11844
	RESERVED
CVE-2018-11843 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11842 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11841
	RESERVED
CVE-2018-11840 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11839
	RESERVED
CVE-2018-11838 (Possible double free issue in WLAN due to lack of checking memory free ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11837
	RESERVED
CVE-2018-11836 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11835
	RESERVED
CVE-2018-11834
	RESERVED
CVE-2018-11833
	RESERVED
CVE-2018-11832 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Android kernel, code not in mainline
CVE-2018-11831
	RESERVED
CVE-2018-11830 (Improper input validation in QCPE create function may lead to integer  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11829
	RESERVED
CVE-2018-11828 (When FW tries to get random mac address generated from new SW RNG and  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11827 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11826 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11825
	REJECTED
CVE-2018-11824 (A stack-based buffer overflow can occur in a firmware routine in Snapd ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11823 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Android kernel, code not in mainline
CVE-2018-11822 (A possible integer overflow may happen in WLAN during memory allocatio ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11821 (Possible integer overflow may happen in WLAN during memory allocation  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11820 (Use of non-time constant memcmp function creates side channel that lea ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11819 (Use after issue in WLAN function due to multiple ACS scan requests at  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-11818 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11817
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11816
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11815
	RESERVED
CVE-2018-12066 (BIRD Internet Routing Daemon before 1.6.4 allows local users to cause  ...)
	- bird 1.6.4-1 (low; bug #900967)
	[stretch] - bird <no-dsa> (Minor issue)
	[jessie] - bird <no-dsa> (Minor issue)
	NOTE: https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWS#L11
	NOTE: Fixed by: https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d
CVE-2018-1002209 (QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing att ...)
	- libquazip 0.7.6-1 (bug #902786)
	[stretch] - libquazip <no-dsa> (Minor issue)
	[jessie] - libquazip <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1593011
CVE-2018-1002204 (adm-zip npm library before 0.4.9 is vulnerable to directory traversal, ...)
	NOT-FOR-US: adm-zip nodejs module
CVE-2018-1002202 (zip4j before 1.3.3 is vulnerable to directory traversal, allowing atta ...)
	- zip4j <not-affected> (Fixed before initial upload to the archive)
CVE-2018-1002201 (zt-zip before 1.13 is vulnerable to directory traversal, allowing atta ...)
	NOT-FOR-US: zt-zip
CVE-2018-1002200 (plexus-archiver before 3.6.0 is vulnerable to directory traversal, all ...)
	{DSA-4227-1}
	- plexus-archiver 3.6.0-1 (bug #900953)
	NOTE: https://github.com/codehaus-plexus/plexus-archiver/pull/87
	NOTE: https://github.com/codehaus-plexus/plexus-archiver/commit/58bc24e465c0842981692adbf6d75680298989de
CVE-2018-1000204 (** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles a ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	NOTE: Fixed by: https://git.kernel.org/linus/a45b599ad808c3c982fdcdc12b0b8611c2f92824
CVE-2018-1000203 (Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21 ...)
	NOT-FOR-US: Soar Labs Soar Coin
CVE-2018-11814
	RESERVED
CVE-2018-11813 (libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles ...)
	- libjpeg9 1:9d-1 (unimportant; bug #904719)
	- libjpeg-turbo 1:2.0.5-1 (unimportant)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/909a8cfc7bca9b2e6707425bdb74da997e8fa499
	NOTE: Infinite loop in CLI tool, no security impact
CVE-2018-11812
	RESERVED
CVE-2018-11811
	RESERVED
CVE-2018-11810
	RESERVED
CVE-2018-11809
	RESERVED
CVE-2018-11808 (Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngi ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-11807
	RESERVED
CVE-2018-11806 (m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via inc ...)
	{DSA-4454-1 DLA-1781-1}
	- qemu 1:3.1+dfsg-1 (bug #901017)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=864036e251f54c99d31df124aad7f34f01f5344c
CVE-2018-1000202 (A persisted cross-site scripting vulnerability exists in Jenkins Groov ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000198 (A XML external entity processing vulnerability exists in Jenkins Black ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000197 (An improper authorization vulnerability exists in Jenkins Black Duck H ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000196 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000195 (A server-side request forgery vulnerability exists in Jenkins 2.120 an ...)
	- jenkins <removed>
CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and older, LTS  ...)
	- jenkins <removed>
CVE-2018-1000193 (A improper neutralization of control sequences vulnerability exists in ...)
	- jenkins <removed>
CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote attacker ...)
	{DSA-4226-1}
	- perl 5.26.2-6 (bug #900834)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=125523
	NOTE: https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
CVE-2018-1000192 (A information exposure vulnerability exists in Jenkins 2.120 and older ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000191 (A exposure of sensitive information vulnerability exists in Jenkins Bl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000190 (A exposure of sensitive information vulnerability exists in Jenkins Bl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000189 (A command execution vulnerability exists in Jenkins Absint Astree Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000188 (A server-side request forgery vulnerability exists in Jenkins CAS Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000187 (A exposure of sensitive information vulnerability exists in Jenkins Ku ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000186 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000185 (A server-side request forgery vulnerability exists in Jenkins GitHub B ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000184 (A server-side request forgery vulnerability exists in Jenkins GitHub P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000183 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000182 (A server-side request forgery vulnerability exists in Jenkins Git Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-11805 (In Apache SpamAssassin before 3.4.3, nefarious CF files can be configu ...)
	{DSA-4584-1 DLA-2037-1}
	- spamassassin 3.4.3~rc6-1 (bug #946652)
	NOTE: https://www.openwall.com/lists/oss-security/2019/12/12/1
	NOTE: https://markmail.org/message/pyp425yrulfxyhrn
	NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648 (not public)
CVE-2018-11804 (Spark's Apache Maven-based build includes a convenience script, 'build ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-11803 (Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10. ...)
	- subversion 1.10.4-1
	[stretch] - subversion <not-affected> (Vulnerable code introduced in 1.10.0)
	[jessie] - subversion <not-affected> (Vulnerable code introduced in 1.10.0)
	NOTE: https://subversion.apache.org/security/CVE-2018-11803-advisory.txt
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/23/1
CVE-2018-11802 (In Apache Solr, the cluster can be partitioned into multiple collectio ...)
	- lucene-solr <not-affected> (Vulnerable code is not present)
	NOTE: https://issues.apache.org/jira/browse/SOLR-12514
	NOTE: Issue introduced around: https://github.com/apache/lucene-solr/commit/56e88400aefbeb7f1821cbd10a2997cde018df97 (4.2.0)
	NOTE: Fixed by: https://github.com/apache/lucene-solr/commit/add003f217806afb4e1604f697cdb0a5a7115895 (releases/lucene-solr/6.6.6)
CVE-2018-11801 (SQL injection vulnerability in Apache Fineract before 1.3.0 allows att ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-11800 (SQL injection vulnerability in Apache Fineract before 1.3.0 allows att ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-11799 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0  ...)
	NOT-FOR-US: Apache Oozie
CVE-2018-11798 (The Apache Thrift Node.js static web server in versions 0.9.2 through  ...)
	- thrift 0.11.0-4 (unimportant; bug #918734)
	NOTE: https://issues.apache.org/jira/browse/THRIFT-4647
	NOTE: https://github.com/apache/thrift/commit/2a2b72f6c8aef200ecee4984f011e06052288ff2
	NOTE: src:thrift in Debian configured with --without-nodejs
CVE-2018-11797 (In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully c ...)
	{DLA-1547-1}
	- libpdfbox-java 1:1.8.16-1 (bug #910390)
	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
	- libpdfbox2-java 2.0.12-1 (bug #910391)
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/05/4
	NOTE: https://svn.apache.org/r1842131 (branch 2.0)
	NOTE: https://svn.apache.org/r1842278 (branch 1.8)
CVE-2018-11796 (In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion lim ...)
	- tika <not-affected> (Incomplete fix for CVE-2018-11761 not applied)
	NOTE: https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
	NOTE: https://issues.apache.org/jira/projects/TIKA/issues/TIKA-2727
	NOTE: https://github.com/apache/tika/commit/86d4ba1e
CVE-2018-11795
	REJECTED
CVE-2018-11794
	REJECTED
CVE-2018-11793 (When parsing a JSON payload with deeply nested JSON structures, the pa ...)
	- apache-mesos <itp> (bug #760315)
CVE-2018-11792 (In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER  ...)
	NOT-FOR-US: Apache Impala
CVE-2018-11791
	REJECTED
CVE-2018-11790 (When loading a document with Apache Open Office 4.1.5 and earlier with ...)
	- libreoffice 1:4.0.3-1
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/16/2
	NOTE: https://github.com/LibreOffice/core/commit/bbc94edb9a91b27910d43610db9994df10dd99e1
CVE-2018-11789 (When accessing the heron-ui webpage, people can modify the file paths  ...)
	NOT-FOR-US: Apache Heron
CVE-2018-11788 (Apache Karaf provides a features deployer, which allows users to "hot  ...)
	- apache-karaf <itp> (bug #881297)
CVE-2018-11787 (In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webcons ...)
	- apache-karaf <itp> (bug #881297)
CVE-2018-11786 (In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf i ...)
	- apache-karaf <itp> (bug #881297)
CVE-2018-11785 (Missing authorization check in Apache Impala before 3.0.1 allows a Ker ...)
	NOT-FOR-US: Apache Impala
CVE-2018-11784 (When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, ...)
	{DSA-4596-1 DLA-1545-1 DLA-1544-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.34-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: Fixed upstream in 9.0.12, 8.5.34, 7.0.91
	NOTE: https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
	NOTE: https://svn.apache.org/r1840055 (9.0.x)
	NOTE: https://svn.apache.org/r1840056 (8.5.x)
	NOTE: https://svn.apache.org/r1840057 (7.0.x)
CVE-2018-11783 (sslheaders plugin extracts information from the client certificate and ...)
	- trafficserver 8.0.2+ds-1
	NOTE: https://github.com/apache/trafficserver/pull/4701
	NOTE: https://www.openwall.com/lists/oss-security/2019/02/13/6
CVE-2018-11782 (In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12 ...)
	{DSA-4490-1 DLA-1903-1}
	- subversion 1.10.6-1
	NOTE: https://subversion.apache.org/security/CVE-2018-11782-advisory.txt
CVE-2018-11781 (Apache SpamAssassin 3.4.2 fixes a local user code injection in the met ...)
	{DLA-1578-1}
	- spamassassin 3.4.2-1 (bug #908971)
	[stretch] - spamassassin 3.4.2-1~deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
CVE-2018-11780 (A potential Remote Code Execution bug exists with the PDFInfo plugin i ...)
	{DLA-1578-1}
	- spamassassin 3.4.2-1 (bug #908970)
	[stretch] - spamassassin 3.4.2-1~deb9u1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1
CVE-2018-11779 (In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the st ...)
	NOT-FOR-US: Apache Storm
CVE-2018-11778 (UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correc ...)
	NOT-FOR-US: Apache Ranger
CVE-2018-11777 (In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer ...)
	NOT-FOR-US: Apache Hive
CVE-2018-11776 (Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from pos ...)
	- libstruts1.2-java <not-affected> (Specific to 2.x)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-057
CVE-2018-11775 (TLS hostname verification when using the Apache ActiveMQ Client before ...)
	- activemq 5.15.6-1 (low; bug #908950)
	[stretch] - activemq <no-dsa> (Minor issue)
	[jessie] - activemq <no-dsa> (Minor issue)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=bde7097fb8173cf871827df7811b3865679b963d
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=02971a40e281713a8397d3a1809c164b594abfbb
	NOTE: Fixed in 5.15.6
CVE-2018-11774 (Apache VCL versions 2.1 through 2.5 do not properly validate form inpu ...)
	NOT-FOR-US: Apache VCL
CVE-2018-11773 (Apache VCL versions 2.1 through 2.5 do not properly validate form inpu ...)
	NOT-FOR-US: Apache VCL
CVE-2018-11772 (Apache VCL versions 2.1 through 2.5 do not properly validate cookie in ...)
	NOT-FOR-US: Apache VCL
CVE-2018-11771 (When reading a specially crafted ZIP archive, the read method of Apach ...)
	- libcommons-compress-java 1.18-1 (bug #906301)
	[stretch] - libcommons-compress-java <no-dsa> (Minor issue)
	[jessie] - libcommons-compress-java <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/16/2
CVE-2018-11770 (From version 1.3.0 onward, Apache Spark's standalone master exposes a  ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-11769 (CouchDB administrative users before 2.2.0 can configure the database s ...)
	- couchdb <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/08/2
CVE-2018-11768 (In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1 ...)
	- hadoop <itp> (bug #793644)
CVE-2018-11767 (In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6, KMS b ...)
	- hadoop <itp> (bug #793644)
CVE-2018-11766 (In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is ...)
	- hadoop <itp> (bug #793644)
CVE-2018-11765 (In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 ...)
	- hadoop <itp> (bug #793644)
CVE-2018-11764 (Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alp ...)
	- hadoop <itp> (bug #793644)
CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large S ...)
	- apache2 2.4.35-1 (bug #909591)
	[stretch] - apache2 2.4.25-3+deb9u6
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-11763
CVE-2018-11762 (In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not  ...)
	- tika 1.20-1
	[jessie] - tika <ignored> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/5
CVE-2018-11761 (In Apache Tika 0.1 to 1.18, the XML parsers were not configured to lim ...)
	- tika 1.20-1
	[jessie] - tika <ignored> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/4
	NOTE: When fixing this issue the fix needs to be made complete to not open
	NOTE: CVE-2018-11796. The full fix is only in 1.19.1 onwards.
CVE-2018-11760 (When using PySpark , it's possible for a different local user to conne ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-11759 (The Apache Web Server (httpd) specific code that normalised the reques ...)
	{DSA-4357-1 DLA-1609-1}
	- libapache-mod-jk 1:1.2.46-1
	NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.46
	NOTE: https://www.immunit.ch/blog/2018/11/01/cve-2018-11759-apache-mod_jk-access-bypass/
CVE-2018-11758 (This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1,  ...)
	NOT-FOR-US: Apache Cayenne
CVE-2018-11757 (In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inher ...)
	NOT-FOR-US: Docker Skeleton Runtime for Apache OpenWhisk
CVE-2018-11756 (In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of ...)
	NOT-FOR-US: PHP Runtime for Apache OpenWhisk
CVE-2018-11755
	RESERVED
CVE-2018-11754
	RESERVED
CVE-2018-11753
	RESERVED
CVE-2018-11752 (Previous releases of the Puppet cisco_ios module output SSH session de ...)
	NOT-FOR-US: cisco_ios Puppet module
CVE-2018-11751 (Previous versions of Puppet Agent didn't verify the peer in the SSL co ...)
	- puppet <not-affected> (Only affects 6.x, see #952925)
	NOTE: https://puppet.com/security/cve/CVE-2018-11751/
	NOTE: https://tickets.puppetlabs.com/browse/PUP-9459
	NOTE: https://github.com/puppetlabs/puppet/commit/b49c11b6425738441d6f33285d2630fa434a123e
CVE-2018-11750 (Previous releases of the Puppet cisco_ios module did not validate a ho ...)
	NOT-FOR-US: cisco_ios Puppet module
CVE-2018-11749 (When users are configured to use startTLS with RBAC LDAP, at login tim ...)
	- puppet <not-affected> (RBAC is specific to Puppet Enterprise)
CVE-2018-11748 (Previous releases of the Puppet device_manager module creates configur ...)
	NOT-FOR-US: Puppet device_manager module
CVE-2018-11747 (Previously, Puppet Discovery was shipped with a default generated TLS  ...)
	NOT-FOR-US: Puppet Discovery
CVE-2018-11746 (In Puppet Discovery prior to 1.2.0, when running Discovery against Win ...)
	NOT-FOR-US: Puppet Discovery
CVE-2018-11745
	RESERVED
CVE-2018-11744 (Cloudera Manager through 5.15 has Incorrect Access Control. ...)
	NOT-FOR-US: Cloudera
CVE-2018-11743 (The init_copy function in kernel.c in mruby 1.4.1 makes initialize_cop ...)
	- mruby 1.4.1+20180622+git640fca32-1 (bug #900845)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d
	NOTE: https://github.com/mruby/mruby/issues/4027
CVE-2018-11742 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Sto ...)
	NOT-FOR-US: NEC Univerge Sv9100 WebPro devices
CVE-2018-11741 (NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session ID ...)
	NOT-FOR-US: NEC Univerge Sv9100 WebPro devices
CVE-2018-11740 (An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from r ...)
	- sleuthkit <unfixed> (low; bug #902187)
	[bullseye] - sleuthkit <ignored> (Minor issue)
	[buster] - sleuthkit <ignored> (Minor issue)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	[jessie] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1264
CVE-2018-11739 (An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from re ...)
	- sleuthkit <unfixed> (low; bug #902187)
	[bullseye] - sleuthkit <ignored> (Minor issue)
	[buster] - sleuthkit <ignored> (Minor issue)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	[jessie] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1267
CVE-2018-11738 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
	- sleuthkit <unfixed> (low; bug #902187)
	[bullseye] - sleuthkit <ignored> (Minor issue)
	[buster] - sleuthkit <ignored> (Minor issue)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	[jessie] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1265
CVE-2018-11737 (An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from rel ...)
	- sleuthkit <unfixed> (low; bug #902187)
	[bullseye] - sleuthkit <ignored> (Minor issue)
	[buster] - sleuthkit <ignored> (Minor issue)
	[stretch] - sleuthkit <no-dsa> (Minor issue)
	[jessie] - sleuthkit <no-dsa> (Minor issue)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/1266
CVE-2018-1000201 (ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can  ...)
	- ruby-ffi <not-affected> (Windows-specific)
CVE-2018-11736 (An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.p ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-11735 (index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or  ...)
	NOT-FOR-US: Ximdex
CVE-2018-11734 (In e107 v2.1.7, output without filtering results in XSS. ...)
	NOT-FOR-US: e107
CVE-2018-11733
	RESERVED
CVE-2018-11732
	RESERVED
CVE-2018-11731 (** DISPUTED ** The libfsntfs_mft_entry_read_attributes function in lib ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11730 (** DISPUTED ** The libfsntfs_security_descriptor_values_free function  ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11729 (** DISPUTED ** The libfsntfs_mft_entry_read_header function in libfsnt ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11728 (** DISPUTED ** The libfsntfs_reparse_point_values_read_data function i ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11727 (** DISPUTED ** The libfsntfs_attribute_read_from_mft function in libfs ...)
	- libfsntfs 20190104-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/17
	NOTE: https://github.com/libyal/libfsntfs/issues/8
	NOTE: https://github.com/libyal/libfsntfs/issues/9
	NOTE: https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad
	NOTE: Negligable/questionable security impact
CVE-2018-11726 (The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows ...)
	NOT-FOR-US: Libmobi
CVE-2018-11725 (The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows r ...)
	NOT-FOR-US: Libmobi
CVE-2018-11724 (The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows re ...)
	NOT-FOR-US: Libmobi
CVE-2018-11723 (** DISPUTED ** The libpff_name_to_id_map_entry_read function in libpff ...)
	- libpff 20180714-1 (low; bug #901967)
	[stretch] - libpff <no-dsa> (Minor issue)
	[jessie] - libpff <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/Jun/15
	NOTE: https://github.com/libyal/libpff/issues/64
	NOTE: https://github.com/libyal/libpff/commit/7b92bcace7e743cc9417e3cc3e4eee29abb70cf5
CVE-2018-11722 (WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' param ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-11721
	RESERVED
CVE-2018-11720 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Travers ...)
	NOT-FOR-US: Xovis
CVE-2018-11719 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. ...)
	NOT-FOR-US: Xovis
CVE-2018-11718 (Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. ...)
	NOT-FOR-US: Xovis
CVE-2018-11717 (An issue was discovered in Zoho ManageEngine Desktop Central before 10 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-11716 (An issue was discovered in Zoho ManageEngine Desktop Central before 10 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-11715 (The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread  ...)
	NOT-FOR-US: Recent Threads plugin for MyBB
CVE-2018-11714 (An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0 ...)
	NOT-FOR-US: TP-Link
CVE-2018-11713 (WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the li ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=126384
	NOTE: https://trac.webkit.org/changeset/228088/webkit
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-11712 (WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the li ...)
	- webkit2gtk 2.20.2-1 (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=184804
	NOTE: https://trac.webkit.org/changeset/230886/webkit
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-11711 (** DISPUTED ** A remote attacker can bypass the System Manager Mode on ...)
	NOT-FOR-US: Canon MF210 and MF220 web interface
CVE-2018-11710 (soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers  ...)
	- libopenmpt 0.3.9-1
	[stretch] - libopenmpt <no-dsa> (Minor issue)
	NOTE: https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/
	NOTE: https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150
CVE-2018-11709 (wpforo_get_request_uri in wpf-includes/functions.php in the wpForo For ...)
	NOT-FOR-US: wpForo Forum plugin for WordPress
CVE-2018-11708
	RESERVED
CVE-2018-1002101 (In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1,  ...)
	- kubernetes <not-affected> (Vulnerable code introduced later; Windows specific)
	NOTE: https://github.com/kubernetes/kubernetes/issues/65750
CVE-2018-11707 (FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x00 ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11706 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11705 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11704 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11703 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11702 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11701 (FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, tri ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2018-11700
	RESERVED
CVE-2018-11699
	RESERVED
CVE-2018-11698 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...)
	- libsass 3.6.3-1
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2662
	NOTE: https://github.com/sass/libsass/commit/8f40dc03e5ab5a8b2ebeb72b31f8d1adbb2fd6ae
CVE-2018-11697 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...)
	- libsass 3.6.3-1
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2656
	NOTE: https://github.com/sass/libsass/commit/eb15533b07773c30dc03c9d742865604f47120ef
CVE-2018-11696 (An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...)
	- libsass 3.5.5-1
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2665
	NOTE: https://github.com/sass/libsass/commit/38f4c3699d06b64128bebc7cf1e8b3125be74dc4
CVE-2018-11695 (An issue was discovered in LibSass &lt;3.5.3. A NULL pointer dereferen ...)
	- libsass 3.5.4-1 (low)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2664
	NOTE: https://github.com/sass/libsass/commit/0bc35e3d26922229d5a3e3308860cf0fcee5d1cf (master)
	NOTE: https://github.com/sass/libsass/commit/e3512120403dc7863a38bf2f122e7523593718ad (3.5.3)
CVE-2018-11694 (An issue was discovered in LibSass through 3.5.4. A NULL pointer deref ...)
	- libsass 3.6.3-1 (low)
	[buster] - libsass <no-dsa> (Minor issue)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2663
	NOTE: https://github.com/sass/libsass/commit/280ffd8c692cc24199b678f38fc796825d7df4a1
	NOTE: https://github.com/sass/libsass/commit/c93f0581c6b7794d8c1d5637c5c4dabd591b1d57
CVE-2018-11693 (An issue was discovered in LibSass through 3.5.4. An out-of-bounds rea ...)
	- libsass 3.5.4+20180621~c0a6cf3-1 (low)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2661
	NOTE: https://github.com/sass/libsass/commit/c0a6cf39dea9b2522a08d61b731bc72dfb362584 (3.5.5)
	NOTE: https://github.com/sass/libsass/commit/b3374e3fd1a0c3658644d2bad24e4a0ff2e0dcea (master)
CVE-2018-11692 (** DISPUTED ** An issue was discovered on Canon LBP6650, LBP3370, LBP3 ...)
	NOT-FOR-US: Canon devices
CVE-2018-11691 (Emerson DeltaV Smart Switch Command Center application, available in v ...)
	NOT-FOR-US: Emerson devices
CVE-2018-11690 (The Balbooa Gridbox extension version 2.4.0 and previous versions for  ...)
	NOT-FOR-US: Balbooa Gridbox extension for Joomla!
CVE-2018-11689 (Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cr ...)
	NOT-FOR-US: Smart Viewer in Samsung Web Viewer for Samsung DVR
CVE-2018-11688 (Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scri ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2018-11687 (An integer overflow in the distributeBTR function of a smart contract  ...)
	NOT-FOR-US: smart contract implementation for Bitcoin Red (BTCR)
CVE-2018-11686 (The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allow ...)
	NOT-FOR-US: FlexPaper (later renamed FlowPaper)
CVE-2018-11685 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compi ...)
	- liblouis 3.5.0-3
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/593
	NOTE: https://github.com/liblouis/liblouis/commit/b5049cb17ae3d15b2b26890de0e24d0fecc080f5
CVE-2018-11684 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function inclu ...)
	- liblouis 3.5.0-3
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/592
	NOTE: https://github.com/liblouis/liblouis/commit/fb2bfce4ed49ac4656a8f7e5b5526e4838da1dde
CVE-2018-11683 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parse ...)
	- liblouis 3.5.0-3
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/591
	NOTE: https://github.com/liblouis/liblouis/commit/e7eee2b7926668360a0d8e2abee6c35a00ebce3c
	NOTE: https://github.com/liblouis/liblouis/commit/d4fc803687e38a5355fb686bf98cc082951f3043
CVE-2018-11682 (** DISPUTED ** Default and unremovable support credentials allow attac ...)
	NOT-FOR-US: products using the Stanza Lutron integration protocol
CVE-2018-11681 (** DISPUTED ** Default and unremovable support credentials (user:nwk p ...)
	NOT-FOR-US: products using the RadioRA 2 Lutron integration protocol
CVE-2018-11680 (An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulne ...)
	NOT-FOR-US: CmsEasy
CVE-2018-11679 (An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulne ...)
	NOT-FOR-US: CmsEasy
CVE-2018-11678 (plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login R ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11677
	RESERVED
CVE-2018-11676
	RESERVED
CVE-2018-11675
	REJECTED
CVE-2018-11674
	RESERVED
CVE-2018-11673
	RESERVED
CVE-2018-11672
	RESERVED
CVE-2018-11671 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnera ...)
	NOT-FOR-US: GreenCMS
CVE-2018-11670 (An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnera ...)
	NOT-FOR-US: GreenCMS
CVE-2018-11669
	RESERVED
CVE-2018-11668
	RESERVED
CVE-2018-11667
	RESERVED
CVE-2018-11666
	RESERVED
CVE-2018-11665
	RESERVED
CVE-2018-11664
	RESERVED
CVE-2018-11663
	RESERVED
CVE-2018-11662
	RESERVED
CVE-2018-11661
	RESERVED
CVE-2018-11660
	RESERVED
CVE-2018-11659
	RESERVED
CVE-2018-11658
	RESERVED
CVE-2018-11657 (ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg ...)
	NOT-FOR-US: ngiflib
CVE-2018-11656 (In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was fo ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/931
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4da2cd650532ffd18fa11578fc2ec7c2467727bb
CVE-2018-11655 (In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was fo ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/930
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7414b7322201a9c8a5cacf563f08468c329b4b1
CVE-2018-11654 (Information disclosure in Netwave IP camera at get_status.cgi (via HTT ...)
	NOT-FOR-US: Netwave IP camera
CVE-2018-11653 (Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (vi ...)
	NOT-FOR-US: Netwave IP camera
CVE-2018-11652 (CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote a ...)
	- nikto 1:2.1.5-3 (bug #900608)
	[stretch] - nikto <no-dsa> (non-free not supported)
	[jessie] - nikto <no-dsa> (non-free not supported)
	NOTE: https://github.com/sullo/nikto/commit/e759b3300aace5314fe3d30800c8bd83c81c29f7
CVE-2018-11651 (Graylog before v2.4.4 has an XSS security issue with unescaped text in ...)
	- graylog2 <itp> (bug #652273)
CVE-2018-11650 (Graylog before v2.4.4 has an XSS security issue with unescaped text in ...)
	- graylog2 <itp> (bug #652273)
CVE-2018-11649 (Hue 3.12 has XSS via the /pig/save/ name and script parameters. ...)
	NOT-FOR-US: Hue
CVE-2018-11648
	RESERVED
CVE-2018-11647 (index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. ...)
	NOT-FOR-US: oauth2orize-fprm
CVE-2018-11646 (webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIco ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=186164
	NOTE: Was found while investigting CVE-2018-11396 in epiphany, cf.
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795740 but is a
	NOTE: different issue.
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-11645 (psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status c ...)
	{DSA-4336-1 DLA-1504-1}
	- ghostscript 9.21~dfsg-1 (low)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697193
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7567369ad856cebe1efb6cd7dd2284219 (9.21rc1)
CVE-2018-11644
	RESERVED
CVE-2018-11643 (SQL injection vulnerability in the administrative console in Dialogic  ...)
	NOT-FOR-US: Dialogic
CVE-2018-11642 (Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell  ...)
	NOT-FOR-US: Dialogic
CVE-2018-11641 (Use of Hard-coded Credentials in /var/www/xms/application/controllers/ ...)
	NOT-FOR-US: Dialogic
CVE-2018-11640 (XML External Entity (XXE) vulnerability in the web service in Dialogic ...)
	NOT-FOR-US: Dialogic
CVE-2018-11639 (Plaintext Storage of Passwords within Cookies in /var/www/xms/applicat ...)
	NOT-FOR-US: Dialogic
CVE-2018-11638 (Unrestricted Upload of a File with a Dangerous Type in the administrat ...)
	NOT-FOR-US: Dialogic
CVE-2018-11637 (Information leakage vulnerability in the administrative console in Dia ...)
	NOT-FOR-US: Dialogic
CVE-2018-11636 (Cross-site request forgery (CSRF) vulnerability in the administrative  ...)
	NOT-FOR-US: Dialogic
CVE-2018-11635 (Use of a Hard-coded Cryptographic Key used to protect cookie session d ...)
	NOT-FOR-US: Dialogic
CVE-2018-11634 (Plaintext Storage of Passwords in the administrative console in Dialog ...)
	NOT-FOR-US: Dialogic
CVE-2018-11633 (An issue was discovered in the MULTIDOTS Woo Checkout for Digital Good ...)
	NOT-FOR-US: MULTIDOTS Woo Checkout for Digital Goods plugin for WordPress
CVE-2018-11632 (An issue was discovered in the MULTIDOTS Add Social Share Messenger Bu ...)
	NOT-FOR-US: MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin for WordPress
CVE-2018-11631 (Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to s ...)
	NOT-FOR-US: Rondaful M1 Wristband Smart Band 1 devices
CVE-2018-11630
	RESERVED
CVE-2018-11629 (** DISPUTED ** Default and unremovable support credentials (user:lutro ...)
	NOT-FOR-US: products using the HomeWorks QS Lutron integration protocol
CVE-2018-11628 (Data input into EMS Master Calendar before 8.0.0.201805210 via URL par ...)
	NOT-FOR-US: EMS Master Calendar
CVE-2018-11627 (Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs  ...)
	- ruby-sinatra <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/sinatra/sinatra/issues/1428
	NOTE: Introduced by: https://github.com/sinatra/sinatra/commit/8f8df53ff29938ace79b31097c27d9cdac803b44
	NOTE: Fixed by: https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a
CVE-2018-11626 (SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer ...)
	NOT-FOR-US: SELA
CVE-2018-11625 (In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file  ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2
	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5294966898532a6bd54699fbf04edf18902513ac
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/406ebfe09b62858b17ab3ee11f67171d43d9a76e
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1156
CVE-2018-11624 (In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2
	[stretch] - imagemagick <not-affected> (Vulnerable code not present)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/172d82afe89d3499ef0cab06dc58d380cc1ab946
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1149
CVE-2018-11623 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11622 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11621 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11620 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11619 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11618 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11617 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-11616 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Tencent Foxmail
CVE-2018-11615 (This vulnerability allows remote attackers to deny service on vulnerab ...)
	NOT-FOR-US: mosca
CVE-2018-11614 (This vulnerability allows remote attackers to escalate privileges on v ...)
	NOT-FOR-US: Samsung Members Fixed
CVE-2018-11613
	RESERVED
CVE-2018-11612
	RESERVED
CVE-2018-11611
	RESERVED
CVE-2018-11610
	RESERVED
CVE-2018-11609
	RESERVED
CVE-2018-11608
	RESERVED
CVE-2018-11607
	RESERVED
CVE-2018-11606
	RESERVED
CVE-2018-11605
	RESERVED
CVE-2018-11604
	RESERVED
CVE-2018-11603
	RESERVED
CVE-2018-11602
	RESERVED
CVE-2018-11601
	RESERVED
CVE-2018-11600
	RESERVED
CVE-2018-11599
	RESERVED
CVE-2018-11598 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11597 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11596 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11595 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11594 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11593 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11592 (Espruino before 1.98 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11591 (Espruino before 1.98 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11590 (Espruino before 1.99 allows attackers to cause a denial of service (ap ...)
	NOT-FOR-US: Espruino
CVE-2018-11589 (Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Cen ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-11588 (Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authe ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-11587 (There is Remote Code Execution in Centreon 3.4.6 including Centreon We ...)
	- centreon-web <itp> (bug #913903)
CVE-2018-11586 (XML external entity (XXE) vulnerability in api/rest/status in SearchBl ...)
	NOT-FOR-US: SearchBlox
CVE-2018-11585
	RESERVED
CVE-2018-11584
	RESERVED
CVE-2018-11583 (SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parame ...)
	NOT-FOR-US: SeaCMS
CVE-2018-11582
	RESERVED
CVE-2018-11581 (Cross-site scripting (XSS) vulnerability on Brother HL series printers ...)
	NOT-FOR-US: Brother HL-L2340D and HL-L2380DW series printers
CVE-2018-11580 (An issue was discovered in mass-pages-posts-creator.php in the MULTIDO ...)
	NOT-FOR-US: MULTIDOTS Mass Pages/Posts Creator plugin for WordPress
CVE-2018-11579 (class-woo-banner-management.php in the MULTIDOTS WooCommerce Category  ...)
	NOT-FOR-US: MULTIDOTS WooCommerce Category Banner Management plugin for WordPress
CVE-2018-11578 (GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segment ...)
	NOT-FOR-US: ngiflib
CVE-2018-11577 (Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. ...)
	- liblouis 3.5.0-3 (bug #900607)
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/582
CVE-2018-11576 (ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in ...)
	NOT-FOR-US: ngiflib
CVE-2018-11575 (ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in ...)
	NOT-FOR-US: ngiflib
CVE-2018-11574 (Improper input validation together with an integer overflow in the EAP ...)
	- ppp 2.4.7-2+3
	[stretch] - ppp <not-affected> (Vulnerable code introduced later)
	[jessie] - ppp <not-affected> (Vulnerable code introduced later)
	[wheezy] - ppp <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/11/1
	NOTE: https://www.nikhef.nl/~janjust/ppp/ppp-2.4.7-eaptls-mppe-1.101.patch
CVE-2018-11573
	RESERVED
CVE-2018-11572 (ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -&gt ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-11571 (ClipperCMS 1.3.3 allows Session Fixation. ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-11570
	RESERVED
CVE-2018-11569 (Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deseri ...)
	NOT-FOR-US: Eventum
CVE-2018-11568 (Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for W ...)
	NOT-FOR-US: GamePlan theme for WordPress
CVE-2018-11567 (** DISPUTED ** Prior to 2018-04-27, the reprompt feature in Amazon Ech ...)
	NOT-FOR-US: Amazon Echo devices
CVE-2018-11566
	RESERVED
CVE-2018-11565 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before  ...)
	- mahara <removed>
	NOTE: https://bugs.launchpad.net/mahara/+bug/1772774
CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upl ...)
	NOT-FOR-US: Pagekit CMS
CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...)
	{DLA-1877-1}
	- otrs2 6.0.8-1
	[stretch] - otrs2 <ignored> (Non-free not supported)
	NOTE: https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/
	NOTE: https://github.com/OTRS/otrs/commit/50861a2a1183a07daf99cc2e71395e79f022338f
CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in app/View/El ...)
	NOT-FOR-US: MISP
CVE-2018-11561 (An integer overflow in the unprotected distributeToken function of a s ...)
	NOT-FOR-US: smart contract implementation for EETHER (EETHER)
CVE-2018-11560 (The webService binary on Insteon HD IP Camera White 2864-222 devices h ...)
	NOT-FOR-US: Insteon
CVE-2018-11559 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" n ...)
	NOT-FOR-US: DomainMod
CVE-2018-11558 (DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" n ...)
	NOT-FOR-US: DomainMod
CVE-2018-11557 (YIBAN Easy class education platform 2.0 has XSS via the articlelist.ph ...)
	NOT-FOR-US: YIBAN Easy
CVE-2018-11556 (** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in  ...)
	NOT-FOR-US: Little CMS
CVE-2018-11555 (** DISPUTED ** tificc in Little CMS 2.9 has an out-of-bounds write in  ...)
	NOT-FOR-US: Little CMS
CVE-2018-11554 (The forgotten-password feature in index.php/member/reset/reset_email.h ...)
	NOT-FOR-US: YzmCMS
CVE-2018-11553 (SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter  ...)
	NOT-FOR-US: SGIN.CN xiangyun platform
CVE-2018-11552 (There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON- ...)
	NOT-FOR-US: AXON PBX
CVE-2018-11551 (AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow  ...)
	NOT-FOR-US: AXON PBX
CVE-2018-11550
	REJECTED
CVE-2018-11549 (An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulne ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-11548 (An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plu ...)
	NOT-FOR-US: EOS.IO DAWN
CVE-2018-11547 (md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based  ...)
	NOT-FOR-US: md4c
CVE-2018-11546 (md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entit ...)
	NOT-FOR-US: md4c
CVE-2018-11545 (md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because  ...)
	NOT-FOR-US: md4c
CVE-2018-11544 (The Olive Tree Ftp Server application 1.32 for Android has Insecure Da ...)
	NOT-FOR-US: Olive Tree Ftp Server application
CVE-2018-11543 (A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC ...)
	NOT-FOR-US: Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface
CVE-2018-11542 (A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / ...)
	NOT-FOR-US: Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface
CVE-2018-11541 (A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC  ...)
	NOT-FOR-US: Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface
CVE-2018-XXXX [gitlab: Removing public deploy keys regression]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 10.1.6)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: Persistent XSS - Selecting users as allowed merge request approvers]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 9.1)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: Persistent XSS - Multiple locations of user selection drop downs]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 9.1)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: include directive in .gitlab-ci.yml allows SSRF requests]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 10.5)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: Permissions issue in Merge Requests Create Service]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 10.6)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-XXXX [gitlab: Arbitrary assignment of project fields using Import project]
	[experimental] - gitlab 10.7.5+dfsg-1
	- gitlab 10.7.7+dfsg-2 (bug #900522)
	[stretch] - gitlab <not-affected> (Introduced in 10.4)
	NOTE: https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/
CVE-2018-11540
	RESERVED
CVE-2018-11539
	RESERVED
CVE-2018-11538 (servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_pas ...)
	NOT-FOR-US: SearchBlox
CVE-2018-11537 (Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as r ...)
	NOT-FOR-US: angular-jwt
CVE-2018-11536 (md4c before 0.2.5 has a heap-based buffer overflow because md_split_si ...)
	NOT-FOR-US: md4c
CVE-2018-11535 (An issue was discovered in SITEMAKIN SLAC (Site Login and Access Contr ...)
	NOT-FOR-US: SITEMAKIN SLAC
CVE-2018-11534
	RESERVED
CVE-2018-11533
	RESERVED
CVE-2018-11532 (An issue was discovered in the ChangUonDyU Advanced Statistics plugin  ...)
	NOT-FOR-US: MyBB plugin
CVE-2018-11531 (Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. ...)
	{DSA-4238-1 DLA-1402-1}
	- exiv2 0.25-4
	NOTE: https://github.com/Exiv2/exiv2/issues/283
	NOTE: https://github.com/Exiv2/exiv2/commit/ed874703ad553338f973d537b8159d0eb4375cc4
	NOTE: https://github.com/Exiv2/exiv2/commit/863aaebc92ff0b0ee3d302b7b5291002c043bc7b
	NOTE: https://github.com/Exiv2/exiv2/commit/67a5a741153c876a6f1c189abb874721d1725c48
CVE-2018-11530
	RESERVED
CVE-2018-11529 (VideoLAN VLC media player 2.2.x is prone to a use after free vulnerabi ...)
	{DSA-4251-1}
	- vlc 3.0.3-1-1
	[jessie] - vlc <end-of-life> (See https://lists.debian.org/debian-security-announce/2018/msg00130.html)
	NOTE: https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368
	NOTE: https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42
CVE-2018-11528 (WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-11527 (An issue was discovered in CScms v4.1. A Cross-site request forgery (C ...)
	NOT-FOR-US: CScms
CVE-2018-11526 (The plugin "WordPress Comments Import &amp; Export" for WordPress (v2. ...)
	NOT-FOR-US: "WordPress Comments Import & Export" plugin for WordPress
CVE-2018-11525 (The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5 ...)
	NOT-FOR-US: "Advanced Order Export For WooCommerce" plugin for WordPress
CVE-2018-11524
	RESERVED
CVE-2018-11523 (upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, suc ...)
	NOT-FOR-US: NUUO NVRmini
CVE-2018-11522 (Yosoro 1.0.4 has stored XSS. ...)
	NOT-FOR-US: Yosoro
CVE-2018-11521
	RESERVED
CVE-2018-11520
	RESERVED
CVE-2018-11519
	RESERVED
CVE-2018-11518 (A vulnerability allows a phreaking attack on HCL legacy IVR systems th ...)
	NOT-FOR-US: HCL legacy IVR systems
CVE-2018-11517 (mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in  ...)
	NOT-FOR-US: mySCADA myPRO
CVE-2018-11516 (The vlc_demux_chained_Delete function in input/demux_chained.c in Vide ...)
	- vlc 3.0.2-1
	[stretch] - vlc 3.0.2-0+deb9u1
	[jessie] - vlc <not-affected> (Only affects 3.x)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=33dcfcf41340c27b6f8183fdb35b129282a79bd8
	NOTE: http://www.videolan.org/security/sa1801.html
CVE-2018-11515 (The wpForo plugin through 2018-02-05 for WordPress has SQL Injection v ...)
	NOT-FOR-US: wpForo plugin for WordPress
CVE-2018-11514 (PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted ...)
	NOT-FOR-US: PHP Scripts Mall Naukri Clone Script
CVE-2018-11513
	RESERVED
CVE-2018-11512 (Stored cross-site scripting (XSS) vulnerability in the "Website's name ...)
	NOT-FOR-US: wityCMS
CVE-2018-11511 (The tree list functionality in the photo gallery application in ASUSTO ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-11510 (The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated  ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11509 (ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and p ...)
	NOT-FOR-US: ASUSTOR ADM
CVE-2018-11508 (The compat_get_timex function in kernel/compat.c in the Linux kernel b ...)
	- linux 4.16.12-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1574
	NOTE: Fixed by: https://git.kernel.org/linus/0a0b98734479aa5b3c671d5190e86273372cab95
CVE-2018-11507 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An a ...)
	- flif <removed> (bug #902188)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/509
CVE-2018-11506 (The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kerne ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.16.16-1
	[stretch] - linux 4.9.110-1
	NOTE: Fixed by: https://git.kernel.org/linus/f7068114d45ec55996b9040e98111afa56e010fe
CVE-2018-11505 (The Werewolf Online application 0.8.8 for Android allows attackers to  ...)
	NOT-FOR-US: Werewolf Online application for Android
CVE-2018-11504 (The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a  ...)
	{DSA-4293-1 DLA-1499-1}
	- discount 2.2.4-1 (bug #901912)
	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue3_testcase
	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-11503 (The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2 ...)
	{DSA-4293-1 DLA-1499-1}
	- discount 2.2.4-1 (bug #901912)
	NOTE: https://github.com/Orc/discount/issues/189#issuecomment-392247798
	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue2_testcase
	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-11502 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB ...)
	NOT-FOR-US: MyBB plugin
CVE-2018-11501 (PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit. ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-11500 (An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vu ...)
	NOT-FOR-US: PublicCMS
CVE-2018-11499 (A use-after-free vulnerability exists in handle_error() in sass_contex ...)
	- libsass 3.5.5-3 (bug #900182)
	[stretch] - libsass <not-affected> (Vulnerability introduced in 3.4.7 upstream)
	NOTE: https://github.com/sass/libsass/issues/2643
	NOTE: https://github.com/sass/libsass/commit/84eaca254ca726531def3569c990089b3154e640
CVE-2018-11498 (In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was ...)
	NOT-FOR-US: Lizard
CVE-2018-11497
	RESERVED
CVE-2018-11496 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read ...)
	- lrzip 0.631+git180528-1
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/96
	NOTE: https://github.com/ckolivas/lrzip/commit/907b66b8cb4ba7384abf8d82f09204b127d328bd
	NOTE: https://github.com/ckolivas/lrzip/commit/a81248e47d276cf59b8c7e22558e2b5035e87b33
CVE-2018-11495 (OpenCart through 3.0.2.0 allows directory traversal in the editDownloa ...)
	NOT-FOR-US: OpenCart
CVE-2018-11494 (The "program extension upload" feature in OpenCart through 3.0.2.0 has ...)
	NOT-FOR-US: OpenCart
CVE-2018-11493 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-11492 (ASUS HG100 devices allow denial of service via an IPv4 packet flood. ...)
	NOT-FOR-US: ASUS HG100 devices
CVE-2018-11491 (ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated  ...)
	NOT-FOR-US: ASUS HG100 devices
CVE-2018-11490 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly vers ...)
	[experimental] - giflib 5.1.7-1
	- giflib 5.1.9-1 (bug #904114)
	[buster] - giflib <no-dsa> (Minor issue)
	[stretch] - giflib <no-dsa> (Minor issue)
	[jessie] - giflib <no-dsa> (Minor issue)
	NOTE: https://github.com/pts/sam2p/issues/38
	NOTE: https://sourceforge.net/p/giflib/bugs/113/
	NOTE: https://sourceforge.net/p/giflib/code/ci/08438a5098f3bb1de23a29334af55eba663f75bd/
	NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
CVE-2018-11489 (The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly vers ...)
	- giflib <unfixed> (bug #904113)
	[bullseye] - giflib <no-dsa> (Minor issue)
	[buster] - giflib <no-dsa> (Minor issue)
	[stretch] - giflib <no-dsa> (Minor issue)
	[jessie] - giflib <no-dsa> (Minor issue)
	NOTE: https://github.com/pts/sam2p/issues/37
	NOTE: https://sourceforge.net/p/giflib/bugs/112/
	NOTE: Issue was reported against sam2p but issue is in dgif_lib.c from giflib.
CVE-2018-11488 (A stack exhaustion vulnerability in the search function of dtSearch 7. ...)
	NOT-FOR-US: dtSearch
CVE-2018-11487 (PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the qu ...)
	NOT-FOR-US: PHPMyWind
CVE-2018-11486 (An issue was discovered in the MULTIDOTS Advance Search for WooCommerc ...)
	NOT-FOR-US: MULTIDOTS Advance Search for WooCommerce plugin for WordPress
CVE-2018-11485 (The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for W ...)
	NOT-FOR-US: MULTIDOTS WooCommerce Quick Reports plugin for WordPress
CVE-2018-11484
	RESERVED
CVE-2018-11483
	RESERVED
CVE-2018-11482 (/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K ...)
	NOT-FOR-US: TP-LINK
CVE-2018-11481 (TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC4 ...)
	NOT-FOR-US: TP-LINK
CVE-2018-11480
	RESERVED
CVE-2018-11479 (The VPN component in Windscribe 1.81 uses the OpenVPN client for conne ...)
	NOT-FOR-US: VPN component in Windscribe
CVE-2018-11478 (An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The ...)
	NOT-FOR-US: Vgate iCar 2 Wi-Fi OBD2 Dongle devices
CVE-2018-11477 (An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The ...)
	NOT-FOR-US: Vgate iCar 2 Wi-Fi OBD2 Dongle devices
CVE-2018-11476 (An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The ...)
	NOT-FOR-US: Vgate iCar 2 Wi-Fi OBD2 Dongle devices
CVE-2018-11475 (Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A p ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11474 (Monstra CMS 3.0.4 has a Session Management Issue in the Administration ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11473 (Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login pa ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11472 (Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login para ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11471 (Cockpit 0.5.5 has XSS via a collection, form, or region. ...)
	NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2018-11470 (iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' para ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-11469 (Incorrect caching of responses to requests including an Authorization  ...)
	- haproxy 1.8.9-2 (bug #900084)
	[stretch] - haproxy <not-affected> (Issue introduced in 1.8.0)
	[jessie] - haproxy <not-affected> (Issue introduced in 1.8.0)
	NOTE: https://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=17514045e5d934dede62116216c1b016fe23dd06
CVE-2018-11468 (The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2 ...)
	{DSA-4293-1 DLA-1499-1}
	- discount 2.2.4-1 (bug #901912)
	NOTE: https://github.com/Orc/discount/issues/189
	NOTE: POC: https://github.com/fCorleone/fuzz_programs/blob/master/discount/issue1_testcase
	NOTE: Fixed by https://github.com/Orc/discount/commit/b002a5a4db31e42dfb45451c059bc56941c17974
CVE-2018-11467
	RESERVED
CVE-2018-11466 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11465 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11464 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11463 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11462 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11461 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11460 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11459 (A vulnerability has been identified in SINUMERIK 808D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11458 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11457 (A vulnerability has been identified in SINUMERIK 828D V4.7 (All versio ...)
	NOT-FOR-US: Siemens
CVE-2018-11456 (A vulnerability has been identified in Automation License Manager 5 (A ...)
	NOT-FOR-US: Automation License Manager
CVE-2018-11455 (A vulnerability has been identified in Automation License Manager 5 (A ...)
	NOT-FOR-US: Automation License Manager
CVE-2018-11454 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and ...)
	NOT-FOR-US: SIMATIC
CVE-2018-11453 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and ...)
	NOT-FOR-US: SIMATIC
CVE-2018-11452 (A vulnerability has been identified in Firmware variant IEC 61850 for  ...)
	NOT-FOR-US: Siemens
CVE-2018-11451 (A vulnerability has been identified in Firmware variant IEC 61850 for  ...)
	NOT-FOR-US: Siemens
CVE-2018-11450 (A reflected Cross-Site-Scripting (XSS) vulnerability has been identifi ...)
	NOT-FOR-US: Siemens PLM Software TEAMCENTER
CVE-2018-11449 (A vulnerability has been identified in SCALANCE M875 (All versions). A ...)
	NOT-FOR-US: SCALANCE
CVE-2018-11448 (A vulnerability has been identified in SCALANCE M875 (All versions). T ...)
	NOT-FOR-US: SCALANCE
CVE-2018-11447 (A vulnerability has been identified in SCALANCE M875 (All versions). T ...)
	NOT-FOR-US: SCALANCE
CVE-2018-11446 (The buy function of a smart contract implementation for Gold Reward (G ...)
	NOT-FOR-US: Gold Reward
CVE-2018-11445 (A CSRF issue was discovered on the User Add/System Settings Page (syst ...)
	NOT-FOR-US: EasyService Billing
CVE-2018-11444 (A SQL Injection issue was observed in the parameter "q" in jobcard-ong ...)
	NOT-FOR-US: EasyService Billing
CVE-2018-11443 (The parameter q is affected by Cross-site Scripting in jobcard-ongoing ...)
	NOT-FOR-US: EasyService Billing
CVE-2018-11442 (A CSRF issue was discovered in EasyService Billing 1.0, which was trig ...)
	NOT-FOR-US: EasyService Billing
CVE-2018-11441
	RESERVED
CVE-2018-11440 (Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parse ...)
	- liblouis 3.5.0-3 (bug #900085)
	[stretch] - liblouis 3.0.0-3+deb9u4
	[jessie] - liblouis <no-dsa> (Minor issue)
	NOTE: https://github.com/liblouis/liblouis/issues/575
	NOTE: https://github.com/liblouis/liblouis/commit/4417bad83df4481ed58419b28c5c91b9649e2a86
CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLi ...)
	{DLA-1430-1}
	- taglib 1.11.1+dfsg.1-0.3 (bug #903847)
	[stretch] - taglib <no-dsa> (Minor issue)
	NOTE: PoC: http://seclists.org/fulldisclosure/2018/May/49
	NOTE: Upstream issue: https://github.com/taglib/taglib/issues/868
	NOTE: Pull request: https://github.com/taglib/taglib/pull/869
	NOTE: Upstream fix: https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45
CVE-2018-11438 (The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allo ...)
	NOT-FOR-US: Libmobi
CVE-2018-11437 (The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 al ...)
	NOT-FOR-US: Libmobi
CVE-2018-11436 (The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote at ...)
	NOT-FOR-US: Libmobi
CVE-2018-11435 (The mobi_decompress_huffman_internal function in compression.c in Libm ...)
	NOT-FOR-US: Libmobi
CVE-2018-11434 (The buffer_fill64 function in compression.c in Libmobi 0.3 allows remo ...)
	NOT-FOR-US: Libmobi
CVE-2018-11433 (The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 a ...)
	NOT-FOR-US: Libmobi
CVE-2018-11432 (The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows rem ...)
	NOT-FOR-US: Libmobi
CVE-2018-11431
	RESERVED
CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB ...)
	NOT-FOR-US: Moderator Log Notes plugin for MyBB
CVE-2018-11429 (ATLANT (ATL) is a smart contract running on Ethereum. The mint functio ...)
	NOT-FOR-US: smart contract
CVE-2018-11428
	RESERVED
CVE-2018-11427 (CSRF tokens are not used in the web application of Moxa OnCell G3100-H ...)
	NOT-FOR-US: Moxa
CVE-2018-11426 (A weak Cookie parameter is used in the web application of Moxa OnCell  ...)
	NOT-FOR-US: Moxa
CVE-2018-11425 (Memory corruption issue was discovered in Moxa OnCell G3470A-LTE Serie ...)
	NOT-FOR-US: Moxa
CVE-2018-11424 (There is Memory corruption in the web interface of Moxa OnCell G3470A- ...)
	NOT-FOR-US: Moxa
CVE-2018-11423 (There is Memory corruption in the web interface Moxa OnCell G3100-HSPA ...)
	NOT-FOR-US: Moxa
CVE-2018-11422 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...)
	NOT-FOR-US: Moxa
CVE-2018-11421 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and prior use ...)
	NOT-FOR-US: Moxa
CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G3100-H ...)
	NOT-FOR-US: Moxa
CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
	- iotjs 1.0+715-1
	[buster] - iotjs <no-dsa> (Minor issue)
	NOTE: https://github.com/jerryscript-project/jerryscript/issues/2230
	NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352
CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
	- iotjs 1.0+715-1
	[buster] - iotjs <no-dsa> (Minor issue)
	NOTE: https://github.com/jerryscript-project/jerryscript/issues/2237
	NOTE: https://github.com/jerryscript-project/jerryscript/pull/2352
CVE-2018-11417
	RESERVED
CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of  ...)
	- jpegoptim <not-affected> (Introduced in 1.4.5)
	NOTE: https://github.com/tjko/jpegoptim/issues/57
CVE-2018-11415 (SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Sit ...)
	NOT-FOR-US: SAP Internet Transaction Server
CVE-2018-11414 (An issue was discovered in BearAdmin 0.5. There is admin/admin_log/ind ...)
	NOT-FOR-US: BearAdmin
CVE-2018-11413 (An issue was discovered in BearAdmin 0.5. Remote attackers can downloa ...)
	NOT-FOR-US: BearAdmin
CVE-2018-11412 (In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in f ...)
	- linux 4.17.3-1
	[stretch] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
	[jessie] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
	[wheezy] - linux <not-affected> (Introduced in e50e5129f384 in 4.13)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1580
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199803
	NOTE: Fixed by: https://git.kernel.org/linus/117166efb1ee8f13c38f9e96b258f16d4923f888
CVE-2018-11411 (The transferFrom function of a smart contract implementation for Dimon ...)
	NOT-FOR-US: DimonCoin
CVE-2018-11410 (An issue was discovered in Liblouis 3.5.0. A invalid free in the compi ...)
	- liblouis 3.5.0-2 (bug #899999)
	[stretch] - liblouis 3.0.0-3+deb9u2
	[jessie] - liblouis <not-affected> (Code did not even exist at the time)
	[wheezy] - liblouis <not-affected> (Code did not even exist at the time)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1582024
	NOTE: https://github.com/liblouis/liblouis/issues/573
CVE-2018-11409 (Splunk through 7.0.1 allows information disclosure by appending __raw/ ...)
	NOT-FOR-US: Splunk
CVE-2018-11408 (The security handlers in the Security component in Symfony in 2.7.x be ...)
	{DLA-1707-1}
	- symfony 3.4.12+dfsg-1
	[stretch] - symfony <not-affected> (Incomplete fix for CVE-2017-16652 wasn't backported)
	NOTE: https://symfony.com/blog/cve-2018-11408-open-redirect-vulnerability-on-security-handlers
CVE-2018-11407 (An issue was discovered in the Ldap component in Symfony 2.8.x before  ...)
	- symfony 3.4.12+dfsg-1
	[stretch] - symfony <not-affected> (Incomplete fix for CVE-2016-2403 not applied)
	[jessie] - symfony <not-affected> (Incomplete fix for CVE-2016-2403 not applied)
	NOTE: https://symfony.com/blog/cve-2018-11407-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
CVE-2018-11406 (An issue was discovered in the Security component in Symfony 2.7.x bef ...)
	{DSA-4262-1}
	- symfony 3.4.12+dfsg-1
	[jessie] - symfony <not-affected> (vulnerable code not present in branch 2.3)
	NOTE: https://symfony.com/blog/cve-2018-11406-csrf-token-fixation
CVE-2018-11405 (Kliqqi 2.0.2 has CSRF in admin/admin_users.php. ...)
	NOT-FOR-US: Kliqqi
CVE-2018-11404 (DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.ph ...)
	NOT-FOR-US: DomainMod
CVE-2018-11403 (DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid p ...)
	NOT-FOR-US: DomainMod
CVE-2018-11402 (SimpliSafe Original has Unencrypted Keypad Transmissions, which allows ...)
	NOT-FOR-US: SimpliSafe Original
CVE-2018-11401 (In SimpliSafe Original, RF Interference (e.g., an extremely strong 433 ...)
	NOT-FOR-US: SimpliSafe Original
CVE-2018-11400 (In SimpliSafe Original, the Base Station fails to detect tamper attemp ...)
	NOT-FOR-US: SimpliSafe Original
CVE-2018-11399 (SimpliSafe Original has Unencrypted Sensor Transmissions, which allows ...)
	NOT-FOR-US: SimpliSafe Original
CVE-2018-11398
	RESERVED
CVE-2018-11397
	RESERVED
CVE-2018-11396 (ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3 ...)
	- epiphany-browser 3.28.2.1-1 (unimportant; bug #899409)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795740
	NOTE: webkit not covered by security support
CVE-2018-11395
	RESERVED
CVE-2018-11394
	RESERVED
CVE-2018-11393
	RESERVED
CVE-2018-11392 (An arbitrary file upload vulnerability in /classes/profile.class.php i ...)
	NOT-FOR-US: Jigowatt
CVE-2018-11391
	RESERVED
CVE-2018-11390
	RESERVED
CVE-2018-11389
	RESERVED
CVE-2018-11388
	RESERVED
CVE-2018-11387
	RESERVED
CVE-2018-11386 (An issue was discovered in the HttpFoundation component in Symfony 2.7 ...)
	{DSA-4262-1}
	- symfony 3.4.12+dfsg-1
	[jessie] - symfony <not-affected> (vulnerable code no present, no rollback mechanism in this version)
	NOTE: https://symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler
CVE-2018-11385 (An issue was discovered in the Security component in Symfony 2.7.x bef ...)
	{DSA-4262-1 DLA-1707-1}
	- symfony 3.4.12+dfsg-1
	NOTE: https://symfony.com/blog/cve-2018-11385-session-fixation-issue-for-guard-authentication
CVE-2018-11384 (The sh_op() function in radare2 2.5.0 allows remote attackers to cause ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/77c47cf873dd55b396da60baa2ca83bbd39e4add
	NOTE: https://github.com/radare/radare2/issues/9903
CVE-2018-11383 (The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers  ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/9d348bcc2c4bbd3805e7eec97b594be9febbdf9a
	NOTE: https://github.com/radare/radare2/issues/9943
CVE-2018-11382 (The _inst__sts() function in radare2 2.5.0 allows remote attackers to  ...)
	- radare2 <not-affected> (Vulnerable code not yet present)
	NOTE: https://github.com/radare/radare2/commit/d04c78773f6959bcb427453f8e5b9824d5ba9eff
	NOTE: https://github.com/radare/radare2/issues/10091
CVE-2018-11381 (The string_scan_range() function in radare2 2.5.0 allows remote attack ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3
	NOTE: https://github.com/radare/radare2/issues/9902
CVE-2018-11380 (The parse_import_ptr() function in radare2 2.5.0 allows remote attacke ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/60208765887f5f008b3b9a883f3addc8bdb9c134
	NOTE: https://github.com/radare/radare2/issues/9970
CVE-2018-11379 (The get_debug_info() function in radare2 2.5.0 allows remote attackers ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/4e1cf0d3e6f6fe2552a269def0af1cd2403e266c
	NOTE: https://github.com/radare/radare2/issues/9926
CVE-2018-11378 (The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly ha ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <not-affected> (Vulnerable code not present)
	[wheezy] - radare2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/bd276ef2fd8ac3401e65be7c126a43175ccfbcd7
	NOTE: https://github.com/radare/radare2/issues/9969
CVE-2018-11377 (The avr_op_analyze() function in radare2 2.5.0 allows remote attackers ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/25a3703ef2e015bbe1d1f16f6b2f63bb10dd34f4
	NOTE: https://github.com/radare/radare2/commit/b35530fa0681b27eba084de5527037ebfb397422
	NOTE: https://github.com/radare/radare2/issues/9901
CVE-2018-11376 (The r_read_le32() function in radare2 2.5.0 allows remote attackers to ...)
	- radare2 2.6.0+dfsg-1 (low)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf
	NOTE: https://github.com/radare/radare2/issues/9904
CVE-2018-11375 (The _inst__lds() function in radare2 2.5.0 allows remote attackers to  ...)
	- radare2 <not-affected> (Vulnerable code not yet present)
	NOTE: https://github.com/radare/radare2/commit/041e53cab7ca33481ae45ecd65ad596976d78e68
	NOTE: https://github.com/radare/radare2/issues/9928
CVE-2018-11374
	RESERVED
CVE-2018-11373 (iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" U ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-11372 (iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php Use ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-11371 (SkyCaiji 1.2 allows CSRF to add an Administrator user. ...)
	NOT-FOR-US: SkyCaiji
CVE-2018-11370
	RESERVED
CVE-2018-11369 (An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection t ...)
	NOT-FOR-US: PbootCMS
CVE-2018-11368
	RESERVED
CVE-2018-11367 (An issue was discovered in CppCMS before 1.2.1. There is a denial of s ...)
	NOT-FOR-US: CppCMS
CVE-2018-11366 (init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an ...)
	- r-cran-haven 1.1.1-2 (low; bug #899335)
CVE-2018-11364 (sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in l ...)
	- r-cran-haven 1.1.1-2 (low; bug #899335)
CVE-2018-11363 (jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buf ...)
	NOT-FOR-US: PDFGen
CVE-2018-11362 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS diss ...)
	{DSA-4217-1 DLA-1388-1}
	- wireshark 2.6.1-1 (bug #900708)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14615
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f177008b04a530640de835ca878892e58b826d58
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-25.html
CVE-2018-11361 (In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. Th ...)
	- wireshark 2.6.1-1 (bug #900708)
	[jessie] - wireshark <not-affected> (vulnerable code not present (TDLS support added in version 2.1.0))
	[wheezy] - wireshark <not-affected> (vulnerable code not present (TDLS support added in version 2.1.0))
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b52f9929238ce3948ec924ae4f9456b5e9df558
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-32.html
CVE-2018-11360 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTA ...)
	- wireshark 2.6.1-1 (bug #900708)
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
	[jessie] - wireshark <not-affected> (vulnerable code not present (uses static a_bigbuf instead))
	[wheezy] - wireshark <not-affected> (vulnerable code not present (uses static a_bigbuf instead))
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a55b36c51f83a7b9680824e8ee3a6ce8429ab24b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-30.html
CVE-2018-11359 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC disse ...)
	{DLA-1634-1}
	- wireshark 2.6.1-1 (bug #900708)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=beaebe91b14564fb9f86f0726bab09927872721b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-33.html
CVE-2018-11358 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dis ...)
	{DSA-4217-1 DLA-1388-1}
	- wireshark 2.6.1-1 (bug #900708)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14689
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ccb1ac3c8cec47fbbbf2e80ced80644005c65252
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-31.html
CVE-2018-11357 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP disse ...)
	{DLA-1634-1}
	- wireshark 2.6.1-1 (bug #900708)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=ab8a33ef083b9732c89117747a83a905a676faf6
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-28.html
CVE-2018-11356 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS disse ...)
	{DLA-1634-1}
	- wireshark 2.6.1-1 (bug #900708)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4425716ddba99374749bd033d9bc0f4add2fb973
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-29.html
CVE-2018-11355 (In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed ...)
	- wireshark <not-affected> (Vulnerable code, new RTCP dissector for transport-cc, introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14673
	NOTE: Introduced by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a584eab239d55e441433ead40c993e08a24c59fe (v2.5.0)
	NOTE: Fixed by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=99d27a5fd2c540f837154aca3b3647f5ccfa0c33 (v2.6.1)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-27.html
CVE-2018-11354 (In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was a ...)
	- wireshark <not-affected> (Vulnerable code, IEEE 1905.1a dissector, introduced in v2.5.0~1187)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14647
	NOTE: Introduced by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=05b1d35586aee37dad7d84fa27531fc9794a41c9 (v2.5.0)
	NOTE: Fixed by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cb517a4a434387e74a2f75ebb106ee3c3893251c (v2.6.1)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-26.html
CVE-2018-11353
	RESERVED
CVE-2018-11352 (The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site  ...)
	NOT-FOR-US: Wallabag
CVE-2018-11351 (script.php in Jirafeau before 3.4.1 is affected by two stored Cross-Si ...)
	NOT-FOR-US: Jirafeau
CVE-2018-11350 (An issue was discovered in Jirafeau before 3.4.1. The file "search by  ...)
	NOT-FOR-US: Jirafeau
CVE-2018-11349 (The administration panel of Jirafeau before 3.4.1 is vulnerable to thr ...)
	NOT-FOR-US: Jirafeau
CVE-2018-11348 (Two XSS vulnerabilities are located in the profile edition page of the ...)
	NOT-FOR-US: Yunihost
CVE-2018-11347 (The YunoHost 2.7.2 through 2.7.14 web application is affected by one H ...)
	NOT-FOR-US: Yunihost
CVE-2018-11346 (An insecure direct object reference vulnerability in download.cgi in A ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11345 (An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6 ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11344 (A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM  ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11343 (A persistent cross site scripting vulnerability in playlistmanger.cgi  ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11342 (A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T  ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11341 (Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11340 (An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR ...)
	NOT-FOR-US: ASUSTOR
CVE-2018-11339 (An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5  ...)
	NOT-FOR-US: Frappe ERPNext
CVE-2018-11338 (Intuit Lacerte 2017 for Windows in a client/server environment transfe ...)
	NOT-FOR-US: Intuit Lacerte
CVE-2018-11337
	RESERVED
CVE-2018-11336
	RESERVED
CVE-2018-11335 (GVToken Genesis Vision (GVT) is a smart contract running on Ethereum.  ...)
	NOT-FOR-US: smart contract
CVE-2018-11334 (Windscribe 1.81 creates a named pipe with a NULL DACL that allows Ever ...)
	NOT-FOR-US: Windscribe
CVE-2018-11333
	RESERVED
CVE-2018-11332 (Stored cross-site scripting (XSS) vulnerability in the "Site Name" fie ...)
	NOT-FOR-US: ClipperCMS
CVE-2018-11331 (An issue was discovered in Pluck before 4.7.6. Remote PHP code executi ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-11330 (An issue was discovered in Pluck before 4.7.6. There is authenticated  ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-11329 (The DrugDealer function of a smart contract implementation for Ether C ...)
	NOT-FOR-US: DrugDealer smart contractz
CVE-2018-11328 (An issue was discovered in Joomla! Core before 3.8.8. Under specific c ...)
	NOT-FOR-US: Joomla!
CVE-2018-11327 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate check ...)
	NOT-FOR-US: Joomla!
CVE-2018-11326 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate input ...)
	NOT-FOR-US: Joomla!
CVE-2018-11325 (An issue was discovered in Joomla! Core before 3.8.8. The web install  ...)
	NOT-FOR-US: Joomla!
CVE-2018-11324 (An issue was discovered in Joomla! Core before 3.8.8. A long running b ...)
	NOT-FOR-US: Joomla!
CVE-2018-11323 (An issue was discovered in Joomla! Core before 3.8.8. Inadequate check ...)
	NOT-FOR-US: Joomla!
CVE-2018-11322 (An issue was discovered in Joomla! Core before 3.8.8. Depending on the ...)
	NOT-FOR-US: Joomla!
CVE-2018-11321 (An issue was discovered in com_fields in Joomla! Core before 3.8.8. In ...)
	NOT-FOR-US: Joomla!
CVE-2018-11320 (In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that ar ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-1000181 (Kitura 2.3.0 and earlier have an unintended read access to unauthorise ...)
	NOT-FOR-US: Kitura
CVE-2018-1000180 (Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier h ...)
	{DSA-4233-1}
	- bouncycastle 1.59-2 (bug #900843)
	[jessie] - bouncycastle <not-affected> (Issue introduced in 1.54)
	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
	NOTE: Introduced by: https://github.com/bcgit/bc-java/commit/a47c9eff26101f2969bb2a9627ca721b135c9d47
	NOTE: https://www.bouncycastle.org/jira/browse/BJA-694
CVE-2018-11318
	RESERVED
CVE-2018-11317 (Subrion CMS before 4.1.4 has XSS. ...)
	NOT-FOR-US: Subrion CMS
CVE-2018-11316 (The UPnP HTTP server on Sonos wireless speaker products allow unauthor ...)
	NOT-FOR-US: Sonos
CVE-2018-11315 (The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below ...)
	NOT-FOR-US: Radio Thermostat CT50 and CT80
CVE-2018-11314 (The External Control API in Roku and Roku TV products allow unauthoriz ...)
	NOT-FOR-US: Roku
CVE-2018-11313
	RESERVED
CVE-2018-11312
	RESERVED
CVE-2018-11311 (A hardcoded FTP username of myscada and password of Vikuk63 in 'myscad ...)
	NOT-FOR-US: mySCADA
CVE-2018-11310
	RESERVED
CVE-2018-11309 (Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and ...)
	NOT-FOR-US: MemberMouse plugin for WordPress
CVE-2018-11308
	RESERVED
CVE-2018-11307 (An issue was discovered in FasterXML jackson-databind 2.0.0 through 2. ...)
	{DSA-4452-1 DLA-1703-1}
	- jackson-databind 2.9.8-1
	NOTE: https://github.com/FasterXML/jackson-databind/issues/2032
	NOTE: https://github.com/FasterXML/jackson-databind/commit/27b4defc270454dea6842bd9279f17387eceb737
CVE-2018-11306
	RESERVED
CVE-2018-11305 (When a series of FDAL messages are sent to the modem, a Use After Free ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11304 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11303
	RESERVED
CVE-2018-11302 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11301 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11300 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11299 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11298 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11297 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11296 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11295 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11294 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11293 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11292 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11291 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11290 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11289 (Data truncation during higher to lower type conversion which causes le ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11288 (Possible undefined behavior due to lack of size check in function for  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11287 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11286 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11285 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11284 (Spoofed SMS can be used to send a large number of messages to the devi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11283
	RESERVED
CVE-2018-11282
	RESERVED
CVE-2018-11281 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11280 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11279 (Lack of check of input size can make device memory get corrupted becau ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11278 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11277 (In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996A ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11276 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11275 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11274 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11273 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11272
	RESERVED
CVE-2018-11271 (Improper authentication can happen on Remote command handling due to i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11270 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11269 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11268 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11267 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11266 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Android kernel, code not in mainline
CVE-2018-11265 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11264 (Possible buffer overflow in Ontario fingerprint code due to lack of in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11263 (In all Android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11262 (In Android for MSM, Firefox OS for MSM, and QRD Android with all Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11261 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11260 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11259 (Due to Improper Access Control of NAND-based EFS in Snapdragon Automob ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11258 (In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11257 (Permissions, Privileges, and Access Controls in TA in Snapdragon Mobil ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::App ...)
	- libpodofo 0.9.6+dfsg-4 (low; bug #916583)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575851
	NOTE: https://sourceforge.net/p/podofo/tickets/21
	NOTE: https://sourceforge.net/p/podofo/code/1938
CVE-2018-11255 (An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPage ...)
	- libpodofo 0.9.7+dfsg-2 (low; bug #916584)
	[buster] - libpodofo <no-dsa> (Minor issue)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575502
	NOTE: https://sourceforge.net/p/podofo/tickets/20
CVE-2018-11254 (An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursi ...)
	- libpodofo 0.9.6+dfsg-4 (low; bug #916585)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1576174
	NOTE: https://sourceforge.net/p/podofo/tickets/19
	NOTE: https://sourceforge.net/p/podofo/code/1941
CVE-2018-11253
	RESERVED
CVE-2018-11252
	RESERVED
CVE-2018-11251 (In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based b ...)
	{DSA-4245-1 DLA-1394-1 DLA-1381-1}
	- imagemagick 8:6.9.9.39+dfsg-1
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/956
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fbc6a557b4f63af18b2debe83f817859ef7481
CVE-2018-11250
	RESERVED
CVE-2018-11249
	RESERVED
CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an  ...)
	NOT-FOR-US: FileDownloader
CVE-2018-11247 (The JMX/RMI interface in Nasdaq BWise 5.0 does not require authenticat ...)
	NOT-FOR-US: SAP
CVE-2018-11246 (K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex  ...)
	NOT-FOR-US: MISP
CVE-2018-11244 (The BBE theme before 1.53 for WordPress allows a direct launch of an H ...)
	NOT-FOR-US: WordPress theme
CVE-2018-11243 (PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attac ...)
	- upx-ucl 1.03+repack-5 (unimportant; bug #899190; bug #907426)
	NOTE: https://github.com/upx/upx/issues/206
	NOTE: https://github.com/upx/upx/issues/207
CVE-2018-11242 (An issue was discovered in the MakeMyTrip application 7.2.4 for Androi ...)
	NOT-FOR-US: MakeMyTrip application for Android
CVE-2018-11241 (An issue was discovered on SoftCase T-Router build 20112017 devices. A ...)
	NOT-FOR-US: SoftCase T-Router devices
CVE-2018-11240 (An issue was discovered on SoftCase T-Router build 20112017 devices. T ...)
	NOT-FOR-US: SoftCase T-Router devices
CVE-2018-11239 (An integer overflow in the _transfer function of a smart contract impl ...)
	NOT-FOR-US: Hexagon (HXG)
CVE-2018-11238
	RESERVED
CVE-2018-11237 (An AVX-512-optimized implementation of the mempcpy function in the GNU ...)
	- glibc 2.27-4 (low; bug #899070)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23196
CVE-2018-11236 (stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 a ...)
	- glibc 2.27-4 (low; bug #899071)
	[stretch] - glibc 2.24-11+deb9u4
	[jessie] - glibc <no-dsa> (Minor issue, can be fixed along in future DSA or point update)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22786
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2
CVE-2018-11235 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16 ...)
	{DSA-4212-1}
	- git 1:2.17.1-1
	NOTE: https://lkml.org/lkml/2018/5/29/889
CVE-2018-11234
	RESERVED
CVE-2018-11233 (In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16 ...)
	- git 1:2.17.1-1 (unimportant)
	[stretch] - git 1:2.11.0-3+deb9u3
	[jessie] - git 1:2.1.4-2.1+deb8u6
	NOTE: Only an issue when running on an NTFS filesystem.
	NOTE: https://lkml.org/lkml/2018/5/29/889
CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Swi ...)
	NOT-FOR-US: Kubernetes CRI-O
CVE-2018-11232 (The etm_setup_aux function in drivers/hwtracing/coresight/coresight-et ...)
	- linux <not-affected> (Vulnerable code never present in unstable)
	NOTE: Fixed by: https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
CVE-2018-11231 (In the Divido plugin for OpenCart, there is SQL injection. Attackers c ...)
	NOT-FOR-US: OpenCart plugin
CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows ...)
	NOT-FOR-US: jbig2enc
CVE-2018-11229 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...)
	NOT-FOR-US: Crestron devices
CVE-2018-11228 (Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW- ...)
	NOT-FOR-US: Crestron devices
CVE-2018-11227 (Monstra CMS 3.0.4 and earlier has XSS via index.php. ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8 mishand ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/144
CVE-2018-11225 (The dcputs function in decompile.c in libming through 0.4.8 mishandles ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/143
CVE-2018-11224 (An issue was discovered in Libav 12.3. A read access violation in the  ...)
	- libav <removed> (low)
	[jessie] - libav <postponed> (Minor issue, oob read, no patch)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1129
	NOTE: ffmpeg PoC crash fixed but different vector:
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/7248e735599bad765e1ef39c3ea9a6d469d74049
CVE-2018-11223 (XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to exec ...)
	NOT-FOR-US: Pandora FMS
CVE-2018-11222 (Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23  ...)
	NOT-FOR-US: Pandora FMS
CVE-2018-11221 (Unauthenticated untrusted file upload in Artica Pandora FMS through ve ...)
	NOT-FOR-US: Pandora FMS
CVE-2018-11220 (Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Executio ...)
	NOT-FOR-US: Bitmain Antminer D3, L3+, and S9 devices
CVE-2018-11219 (An Integer Overflow issue was discovered in the struct library in the  ...)
	{DSA-4230-1 DLA-1396-1}
	- redis 5:4.0.10-1 (bug #901495)
	NOTE: https://github.com/antirez/redis/issues/5017
	NOTE: http://antirez.com/news/119
CVE-2018-11218 (Memory Corruption was discovered in the cmsgpack library in the Lua su ...)
	{DSA-4230-1 DLA-1396-1}
	- redis 5:4.0.10-1 (bug #901495)
	NOTE: https://github.com/antirez/redis/issues/5017
	NOTE: http://antirez.com/news/119
CVE-2018-11217
	RESERVED
CVE-2018-11216
	RESERVED
CVE-2018-11215 (Remote code execution is possible in Cloudera Data Science Workbench v ...)
	NOT-FOR-US: Cloudera
CVE-2018-11214 (An issue was discovered in libjpeg 9a. The get_text_rgb_row function i ...)
	{DLA-1638-1}
	- libjpeg9 1:9c-1 (low; bug #902176)
	- libjpeg-turbo 1:1.4.2-1
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row function  ...)
	{DLA-1638-1}
	- libjpeg9 1:9c-1 (low; bug #902176)
	- libjpeg-turbo 1:1.4.2-1
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
CVE-2018-11212 (An issue was discovered in libjpeg 9a and 9d. The alloc_sarray functio ...)
	{DLA-1638-1}
	- libjpeg9 1:9c-1 (low; bug #902176)
	- libjpeg-turbo 1:1.4.2-1
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/82923eb93a2eacf4a593e00e3e672bbb86a8a3a0 (1.4.2)
CVE-2018-11211
	RESERVED
CVE-2018-11210 (** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the ...)
	- tinyxml2 <unfixed> (bug #899063; unimportant)
	NOTE: https://github.com/leethomason/tinyxml2/issues/675
	NOTE: Non-real issue, missuse of API
CVE-2018-11209 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. zb_system/c ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-11208 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a  ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-11207 (A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in  ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10481
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107
CVE-2018-11206 (An out of bounds read was discovered in H5O_fill_new_decode and H5O_fi ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10480
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the  ...)
	- hdf5 <undetermined>
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10479
CVE-2018-11204 (A NULL pointer dereference was discovered in H5O__chunk_deserialize in ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10478
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11203 (A division by zero was discovered in H5D__btree_decode_key in H5Dbtree ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10477
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/d0362ce438aef8ad690d5b084d929403c9877107
CVE-2018-11202 (A NULL pointer dereference was discovered in H5S_hyper_make_spans in H ...)
	- hdf5 1.10.4+repack-1 (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10476
	NOTE: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/992a199f90fec31e0ad72ed76ed279a3ccea59e4
CVE-2018-11201
	RESERVED
CVE-2018-11200 (An issue was discovered in Mautic 2.13.1. It has Stored XSS via the co ...)
	NOT-FOR-US: Mautic
CVE-2018-11199
	RESERVED
CVE-2018-11198 (An issue was discovered in Mautic 2.13.1. There is Stored XSS via the  ...)
	NOT-FOR-US: Mautic
CVE-2018-11197
	RESERVED
CVE-2018-11196 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before  ...)
	- mahara <removed>
	NOTE: https://bugs.launchpad.net/bugs/1770535
	NOTE: https://mahara.org/interaction/forum/topic.php?id=8270
CVE-2018-11195 (Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before  ...)
	- mahara <removed>
	NOTE: https://bugs.launchpad.net/mahara/+bug/1770561
	NOTE: https://mahara.org/interaction/forum/topic.php?id=8269
CVE-2018-11194 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11193 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11192 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11191 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11190 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11189 (Quest DR Series Disk Backup software version before 4.0.3.1 allows pri ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11188 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11187 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11186 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11185 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11184 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11183 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11182 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11181 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11180 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11179 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11178 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11177 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11176 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11175 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11174 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11173 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11172 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11171 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11170 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11169 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11168 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11167 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11166 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11165 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11164 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11163 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11162 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11161 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11160 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11159 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11158 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11157 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11156 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11155 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11154 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11153 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11152 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11151 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11150 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11149 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11148 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11147 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11146 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11145 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11144 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11143 (Quest DR Series Disk Backup software version before 4.0.3.1 allows com ...)
	NOT-FOR-US: Quest DR Series Disk Backup software
CVE-2018-11142 (The 'systemui/settings_network.php' and 'systemui/settings_patching.ph ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11141 (The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/ad ...)
	NOT-FOR-US: Quest KACE System Management Virtual Appliance
CVE-2018-11140 (The 'reportID' parameter received by the '/common/run_report.php' scri ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11139 (The '/common/ajax_email_connection_test.php' script in the Quest KACE  ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11138 (The '/common/download_agent_installer.php' script in the Quest KACE Sy ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11137 (The 'checksum' parameter of the '/common/download_attachment.php' scri ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11136 (The 'orgID' parameter received by the '/common/download_agent_installe ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11135 (The script '/adminui/error_details.php' in the Quest KACE System Manag ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11134 (In order to perform actions that requires higher privileges, the Quest ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11133 (The 'fmt' parameter of the '/common/run_cross_report.php' script in th ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11132 (In order to perform actions that require higher privileges, the Quest  ...)
	NOT-FOR-US: Quest KACE System Management Appliance
CVE-2018-11131
	RESERVED
CVE-2018-11130 (The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0 ...)
	{DLA-1807-1}
	- vcftools 0.1.16-1 (low; bug #902190)
	[stretch] - vcftools 0.1.14+dfsg-4+deb9u1
	[wheezy] - vcftools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/May/43
	NOTE: https://github.com/vcftools/vcftools/issues/109
CVE-2018-11129 (The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1 ...)
	{DLA-1807-1}
	- vcftools 0.1.16-1 (low; bug #902190)
	[stretch] - vcftools 0.1.14+dfsg-4+deb9u1
	[wheezy] - vcftools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/May/43
	NOTE: https://github.com/vcftools/vcftools/issues/109
CVE-2018-11128 (The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFP ...)
	NOT-FOR-US: vincent0629 PDFParser
CVE-2018-11127 (e107 2.1.7 has CSRF resulting in arbitrary user deletion. ...)
	NOT-FOR-US: e107
CVE-2018-11126 (dg-user/?controller=users&amp;action=add in doorGets 7.0 has CSRF that ...)
	NOT-FOR-US: doorGets
CVE-2018-11125
	REJECTED
CVE-2018-11124 (Cross-site scripting (XSS) vulnerability in Attributes functionality i ...)
	NOT-FOR-US: Open-AudIT Community
CVE-2018-11123
	RESERVED
CVE-2018-11122
	RESERVED
CVE-2018-11121
	RESERVED
CVE-2018-11120 (Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x ...)
	NOT-FOR-US: ILIAS
CVE-2018-11119 (ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user  ...)
	NOT-FOR-US: ILIAS
CVE-2018-11118 (The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XS ...)
	NOT-FOR-US: ILIAS
CVE-2018-11117 (Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5. ...)
	NOT-FOR-US: ILIAS
CVE-2018-11116 (** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd a ...)
	NOT-FOR-US: OpenWrt
CVE-2018-11115
	RESERVED
CVE-2018-11114
	RESERVED
CVE-2018-11113
	RESERVED
CVE-2018-11112
	RESERVED
CVE-2018-11111
	RESERVED
CVE-2018-11110
	RESERVED
CVE-2018-11109
	RESERVED
CVE-2018-11108
	RESERVED
CVE-2018-11107
	RESERVED
CVE-2018-11106 (NETGEAR has released fixes for a pre-authentication command injection  ...)
	NOT-FOR-US: Netgear
CVE-2018-11105 (There is stored cross site scripting in the wp-live-chat-support plugi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-11104
	RESERVED
CVE-2018-11103
	RESERVED
CVE-2018-11102 (An issue was discovered in Libav 12.3. A read access violation in the  ...)
	{DLA-1907-1}
	- libav <removed> (low)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1128
CVE-2018-11101 (Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via ...)
	- signal-desktop <itp> (bug #842943)
CVE-2018-11100 (The decompileSETTARGET function in decompile.c in libming through 0.4. ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/142
CVE-2018-11099 (The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1 ...)
	{DLA-1807-1}
	- vcftools 0.1.16-1 (low; bug #902190)
	[stretch] - vcftools 0.1.14+dfsg-4+deb9u1
	[wheezy] - vcftools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/May/43
	NOTE: https://github.com/vcftools/vcftools/issues/109
CVE-2018-11098 (An issue was discovered in Frog CMS 0.9.5. There is a file upload vuln ...)
	NOT-FOR-US: Frog CMS
CVE-2018-11097 (An issue was discovered in cloudwu/cstring through 2016-11-09. There i ...)
	NOT-FOR-US: cloudwu
CVE-2018-11096 (Horse Market Sell &amp; Rent Portal Script 1.5.7 has a CSRF vulnerabil ...)
	NOT-FOR-US: Horse Market Sell & Rent Portal Script
CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 0.4.8 mis ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/141
CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ ...)
	NOT-FOR-US: Intelbras NCLOUD
CVE-2018-11093 (Cross-site scripting (XSS) vulnerability in the Link package for CKEdi ...)
	NOT-FOR-US: CKeditor addon
CVE-2018-11092 (An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF a ...)
	NOT-FOR-US: Admin Notes plugin for MyBB
CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file  ...)
	NOT-FOR-US: MyBiz MyProcureNet
CVE-2018-11090 (An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerab ...)
	NOT-FOR-US: MyBiz MyProcureNet
CVE-2018-11089
	RESERVED
CVE-2018-11088 (Pivotal Applications Manager in Pivotal Application Service, versions  ...)
	NOT-FOR-US: Pivotal
CVE-2018-11087 (Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions pri ...)
	NOT-FOR-US: Spring AMQP
CVE-2018-11086 (Pivotal Usage Service in Pivotal Application Service, versions 2.0 pri ...)
	NOT-FOR-US: Pivotal
CVE-2018-11085
	REJECTED
CVE-2018-11084 (Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11083 (Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11082 (Cloud Foundry UAA, all versions prior to 4.20.0 and Cloud Foundry UAA  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11081 (Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior ...)
	NOT-FOR-US: Pivotal
CVE-2018-11080 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contain ...)
	NOT-FOR-US: EMC Secure Remote Services
CVE-2018-11079 (Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contain ...)
	NOT-FOR-US: EMC Secure Remote Services
CVE-2018-11078 (Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecu ...)
	NOT-FOR-US: EMC VPlex GeoSynchrony
CVE-2018-11077 ('getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3 ...)
	NOT-FOR-US: EMC
CVE-2018-11076 (Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and  ...)
	NOT-FOR-US: EMC
CVE-2018-11075 (RSA Authentication Manager versions prior to 8.3 P3 contain a reflecte ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2018-11074 (RSA Authentication Manager versions prior to 8.3 P3 are affected by a  ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2018-11073 (RSA Authentication Manager versions prior to 8.3 P3 contain a stored c ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2018-11072 (Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection  ...)
	NOT-FOR-US: Dell Digital Delivery
CVE-2018-11071 (Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1 ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2018-11070 (RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J version ...)
	NOT-FOR-US: RSA BSAFE Crypto-J
CVE-2018-11069 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channe ...)
	NOT-FOR-US: RSA BSAFE SSL-J
CVE-2018-11068 (RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vuln ...)
	NOT-FOR-US: RSA BSAFE SSL-J
CVE-2018-11067 (Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2. ...)
	NOT-FOR-US: EMC
CVE-2018-11066 (Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2. ...)
	NOT-FOR-US: EMC
CVE-2018-11065 (The WorkPoint component, which is embedded in all RSA Archer, versions ...)
	NOT-FOR-US: RSA
CVE-2018-11064 (Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE version ...)
	NOT-FOR-US: Dell
CVE-2018-11063 (Dell WMS versions 1.1 and prior are impacted by multiple unquoted serv ...)
	NOT-FOR-US: Dell WMS
CVE-2018-11062 (Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contai ...)
	NOT-FOR-US: Integrated Data Protection Appliance
CVE-2018-11061 (RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security An ...)
	NOT-FOR-US: RSA
CVE-2018-11060 (RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass ...)
	NOT-FOR-US: RSA Archer
CVE-2018-11059 (RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scr ...)
	NOT-FOR-US: RSA Archer
CVE-2018-11058 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11057 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11056 (RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BS ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11055 (RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11054 (RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer over ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2018-11053 (Dell EMC iDRAC Service Module for all supported Linux and XenServer ve ...)
	NOT-FOR-US: Dell
CVE-2018-11052 (Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication by ...)
	NOT-FOR-US: EMC
CVE-2018-11051 (RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 c ...)
	NOT-FOR-US: RSA Certificate Manager
CVE-2018-11050 (Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, a ...)
	NOT-FOR-US: EMC
CVE-2018-11049 (RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governanc ...)
	NOT-FOR-US: RSA
CVE-2018-11048 (Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell ...)
	NOT-FOR-US: Dell
CVE-2018-11047 (Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.1 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11046 (Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version  ...)
	NOT-FOR-US: Pivotal
CVE-2018-11045 (Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior  ...)
	NOT-FOR-US: Pivotal
CVE-2018-11044 (Pivotal Apps Manager included in Pivotal Application Service, versions ...)
	NOT-FOR-US: Pivotal
CVE-2018-11043
	REJECTED
CVE-2018-11042
	REJECTED
CVE-2018-11041 (Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 excep ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-11040 (Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3 ...)
	- libspring-java 4.3.19-1
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <no-dsa> (unable to find relevant commits)
	NOTE: https://pivotal.io/security/cve-2018-11040
CVE-2018-11039 (Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior  ...)
	- libspring-java 4.3.19-1
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://pivotal.io/security/cve-2018-11039
CVE-2018-11038
	RESERVED
CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimag ...)
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <not-affected> (Jessie doesn't have '-pS', not reproducible, closed upstream)
	NOTE: https://github.com/Exiv2/exiv2/issues/307
CVE-2018-11036 (Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3 ...)
	NOT-FOR-US: Ruckus devices
CVE-2018-11035 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ve ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-11034 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ve ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-11033 (The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=40842
CVE-2018-11032 (PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/ ...)
	NOT-FOR-US: PHPRAP
CVE-2018-11031 (application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 ha ...)
	NOT-FOR-US: PHPRAP
CVE-2018-11030
	RESERVED
CVE-2018-11029
	RESERVED
CVE-2018-11028
	RESERVED
CVE-2018-11027 (A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remo ...)
	NOT-FOR-US: Ruckus
CVE-2018-11026
	RESERVED
CVE-2018-11025 (kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Ama ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11024 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11023 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11022 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11021 (kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel compone ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11020 (kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazo ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11019 (kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in ...)
	NOT-FOR-US: kernel component on Amazon Fire
CVE-2018-11018 (An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery ...)
	NOT-FOR-US: PbootCMS
CVE-2018-11017 (The newVar_N function in decompile.c in libming through 0.4.8 mishandl ...)
	- ming <removed>
CVE-2018-11016
	RESERVED
CVE-2018-11015
	RESERVED
CVE-2018-11014
	RESERVED
CVE-2018-11013 (Stack-based buffer overflow in the websRedirect function in GoAhead on ...)
	NOT-FOR-US: D-Link
CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd param ...)
	NOT-FOR-US: ruibaby Halo
CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to Front ...)
	NOT-FOR-US: ruibaby Halo
CVE-2018-11010 (A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Prem ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-11009 (A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Prem ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-11008 (An Incorrect Access Control issue was discovered in K7Computing K7Anti ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-11007 (A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium  ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-11006 (An Incorrect Access Control issue was discovered in K7Computing K7Anti ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-11005 (A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium  ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request forgery (CSR ...)
	NOT-FOR-US: SDcms
CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CS ...)
	NOT-FOR-US: YXcms
CVE-2018-11002 (Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on ...)
	NOT-FOR-US: Pulse Secure Desktop Client
CVE-2018-11001
	RESERVED
CVE-2018-11000
	RESERVED
CVE-2018-10999 (An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk:: ...)
	{DSA-4238-1 DLA-1551-1 DLA-1402-1}
	- exiv2 0.25-4
	NOTE: https://github.com/Exiv2/exiv2/issues/306
	NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88
	NOTE: https://github.com/Exiv2/exiv2/commit/3ad0050469e6ea63b4081f2a88c264ce8ab55c51
CVE-2018-10998 (An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp al ...)
	{DSA-4238-1 DLA-1402-1}
	- exiv2 0.25-4
	NOTE: https://github.com/Exiv2/exiv2/issues/303
	NOTE: https://github.com/Exiv2/exiv2/commit/f4e8ed2fd48d012467b99552f0d6378302a23c75
CVE-2018-10997 (Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injec ...)
	NOT-FOR-US: Etere EtereWeb
CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devic ...)
	NOT-FOR-US: D-Link
CVE-2018-10995 (SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles us ...)
	{DSA-4254-1 DLA-1437-1}
	- slurm-llnl 17.11.7-1 (bug #900548)
	NOTE: https://www.schedmd.com/news.php?id=203
	NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html
	NOTE: https://github.com/SchedMD/slurm/commit/033dc0d1d28b8d2ba1a5187f564a01c15187eb4e
	NOTE: https://github.com/SchedMD/slurm/commit/df545955e4f119974c278bff0c47155257d5afc7
CVE-2018-10994 (js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) b ...)
	- signal-desktop <itp> (bug #842943)
CVE-2018-10993
	RESERVED
CVE-2018-10991
	REJECTED
CVE-2018-10990 (On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a log ...)
	NOT-FOR-US: Arris Touchstone Telephony Gateway
CVE-2018-10989 (Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distr ...)
	NOT-FOR-US: Arris Touchstone Telephony Gateway
CVE-2018-10988 (An issue was discovered on Diqee Diqee360 devices. A firmware update p ...)
	NOT-FOR-US: Diqee
CVE-2018-10987 (An issue was discovered on Dongguan Diqee Diqee360 devices. The affect ...)
	NOT-FOR-US: Diqee
CVE-2018-10986 (OX Guard 2.8.0 has CSRF. ...)
	NOT-FOR-US: Open-Xchange OX Guard
CVE-2018-10985
	RESERVED
CVE-2018-10984
	RESERVED
CVE-2018-10983
	RESERVED
CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings b ...)
	- lilypond 2.18.2-13 (bug #898373)
	[jessie] - lilypond <not-affected> (Incomplete fix not applied)
	[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest O ...)
	{DSA-4201-1 DLA-1549-1 DLA-1383-1}
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	NOTE: https://xenbits.xen.org/xsa/advisory-261.html
CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest O ...)
	{DSA-4201-1 DLA-1559-1 DLA-1383-1}
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	NOTE: https://xenbits.xen.org/xsa/advisory-262.html
CVE-2018-10980
	RESERVED
CVE-2018-10979
	RESERVED
CVE-2018-10978
	RESERVED
CVE-2018-10977 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10976 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10975 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10974 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10973 (An integer overflow in the transferMulti function of a smart contract  ...)
	NOT-FOR-US: KoreaShow
CVE-2018-10972 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The  ...)
	- flif <removed> (bug #898407)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/503
CVE-2018-10971 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The  ...)
	- flif <removed> (bug #898406)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/501
CVE-2018-10970
	RESERVED
CVE-2018-10969 (SQL injection vulnerability in the Pie Register plugin before 3.0.10 f ...)
	NOT-FOR-US: Pie Register plugin for WordPress
CVE-2018-10968 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious u ...)
	NOT-FOR-US: D-Link
CVE-2018-10967 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious u ...)
	NOT-FOR-US: D-Link
CVE-2018-10966 (An issue was discovered in GamerPolls 0.4.6, related to config/environ ...)
	NOT-FOR-US: GamerPolls
CVE-2018-10965
	RESERVED
CVE-2018-10964
	RESERVED
CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF thro ...)
	{DSA-4349-1 DLA-1411-1}
	- tiff 4.0.9-6 (bug #898348)
	[stretch] - tiff <no-dsa> (Minor issue)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2795
	NOTE: https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
CVE-2018-10962 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPC ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10961
	RESERVED
CVE-2018-10960
	RESERVED
CVE-2018-10959 (Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Un ...)
	NOT-FOR-US: Avecto Defendpoint
CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT d ...)
	{DSA-4238-1 DLA-1551-1 DLA-1402-1}
	- exiv2 0.25-4
	NOTE: https://github.com/Exiv2/exiv2/issues/302
	NOTE: https://github.com/Exiv2/exiv2/commit/2fb00c8a16ce93756cddd70536e361a49369ba88
	NOTE: https://github.com/Exiv2/exiv2/commit/3ad0050469e6ea63b4081f2a88c264ce8ab55c51
CVE-2018-10957 (CSRF exists on D-Link DIR-868L devices, leading to (for example) a cha ...)
	NOT-FOR-US: D-Link
CVE-2018-10956 (IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal. ...)
	NOT-FOR-US: IPConfigure Orchid Core VMS
CVE-2018-10955 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10954 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10953 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10952 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10951 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8. ...)
	NOT-FOR-US: Zimbra
CVE-2018-10950 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8. ...)
	NOT-FOR-US: Zimbra
CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8. ...)
	NOT-FOR-US: Zimbra
CVE-2018-10948 (Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 bet ...)
	NOT-FOR-US: Zimbra
CVE-2018-10947 (An issue was discovered in versions earlier than 1.3.2 for Polycom Rea ...)
	NOT-FOR-US: Polycom
CVE-2018-10946 (An issue was discovered in versions earlier than 1.3.0-66872 for Polyc ...)
	NOT-FOR-US: Polycom
CVE-2018-10945 (The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remot ...)
	- smplayer 18.5.0~ds1-1
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
	NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support
CVE-2018-10944 (The request_dividend function of a smart contract implementation for R ...)
	NOT-FOR-US: Rasputin Online Coin
CVE-2018-10943 (An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Un ...)
	NOT-FOR-US: Barco ClickShare CSE-200 and CS-100 Base Units
CVE-2018-10942 (modules/attributewizardpro/file_upload.php in the Attribute Wizard add ...)
	NOT-FOR-US: Attribute Wizard addon for PrestaShop
CVE-2018-10941
	RESERVED
CVE-2018-10940 (The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the ...)
	{DLA-1423-1 DLA-1422-1 DLA-1392-1}
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	NOTE: Fixed by: https://git.kernel.org/linus/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
CVE-2018-10939 (Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8 ...)
	NOT-FOR-US: Zimbra Web Client
CVE-2018-10938 (A flaw was found in the Linux kernel present since v4.0-rc1 and throug ...)
	{DSA-4308-1 DLA-1531-1}
	- linux 4.13.4-1 (unimportant)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/40413955ee265a5e42f710940ec78f5450d49149 (4.13-rc5)
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/27/1
CVE-2018-10937 (A cross site scripting flaw exists in the tetonic-console component of ...)
	NOT-FOR-US: OpenShift
CVE-2018-10936 (A weakness was found in postgresql-jdbc before version 42.2.5. It was  ...)
	- libpgjava 42.2.5-1
	[stretch] - libpgjava <no-dsa> (Minor issue)
	[jessie] - libpgjava <no-dsa> (Minor issue)
	NOTE: https://github.com/pgjdbc/pgjdbc/commit/cdeeaca47dc3bc6f727c79a582c9e412309
CVE-2018-10935 (A flaw was found in the 389 Directory Server that allows users to caus ...)
	{DLA-1483-1}
	- 389-ds-base 1.4.0.15-1 (bug #906985)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://pagure.io/389-ds-base/issue/49890
CVE-2018-10934 (A cross-site scripting (XSS) vulnerability was found in the JBoss Mana ...)
	- wildfly <itp> (bug #752018)
CVE-2018-10933 (A vulnerability was found in libssh's server-side state machine before ...)
	{DSA-4322-1 DLA-1548-1}
	- libssh 0.8.4-1 (bug #911149)
	NOTE: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
	NOTE: https://bugs.libssh.org/T101
	NOTE: https://www.libssh.org/security/advisories/CVE-2018-10933.txt
	NOTE: POC: https://www.openwall.com/lists/oss-security/2018/10/17/5
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=2bddafeb709eacc80ad31fec40479f9b628a8bd7 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=825f4ba96407abe8cebb046a7503fa2bf5de9df6 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=20981bf2296202e95d7919394d4610ae3a876cfa (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=5d7414467d6dac100a93df761b06de5cd07fc69a (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=459868c4a57d2d11cf7835655a8d1a5cf034ccb4 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=68b0c7a93448123cc0d6a04d3df40d92a3fd0a67 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=75be012b4a14f4550ce6ad3f126e559f44dbde76 (master)
	NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=e1548a71bdac73da084174ab1d6d2713edd93f6e (master)
	NOTE: Fixed in 0.7.6, 0.8.4 upstream
CVE-2018-10932 (lldptool version 1.0.1 and older can print a raw, unsanitized attacker ...)
	- lldpad 1.0.1+git20180808.4e642bd-1 (unimportant; bug #905901)
	NOTE: https://github.com/intel/openlldp/pull/7
	NOTE: https://github.com/intel/openlldp/commit/41feb359a9d0082b0bcf68b1f2b37227f02af4f1
	NOTE: Terminal emulators need to perform proper escaping
CVE-2018-10931 (It was found that cobbler 2.6.x exposed all functions from its Cobbler ...)
	- cobbler <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/9
CVE-2018-10930 (A flaw was found in RPC request using gfs3_rename_req in glusterfs ser ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612664
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10929 (A flaw was found in RPC request using gfs2_create_req in glusterfs ser ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612660
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10928 (A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612659
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10927 (A flaw was found in RPC request using gfs3_lookup_req in glusterfs ser ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1612658
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10926 (A flaw was found in RPC request using gfs3_mknod_req supported by glus ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1613143
	NOTE: https://github.com/gluster/glusterfs/commit/9ae986f18c0f251cba6bbc23eae2150a8ce0417e
	NOTE: When fixing this issue make sure to be complete an not open CVE-2018-14651
CVE-2018-10925 (It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14 ...)
	{DSA-4269-1}
	- postgresql-10 10.5-1
	- postgresql-9.6 <removed>
	- postgresql-9.5 <removed>
	- postgresql-9.4 <not-affected> (Only affects PostgreSQL 9.5 onwards)
	- postgresql-9.1 <not-affected> (Only affects PostgreSQL 9.5 onwards)
	NOTE: Fixed in 9.5.14, 9.6.10, 10.5
	NOTE: https://www.postgresql.org/about/news/1878/
CVE-2018-10924 (It was discovered that fsync(2) system call in glusterfs client code l ...)
	- glusterfs 4.0.1-1
	[stretch] - glusterfs <not-affected> (Issue introduced in 3.13.2 and backported to 3.12 series)
	[jessie] - glusterfs <not-affected> (Issue introduced in 3.13.2 and backported to 3.12 series)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1611785
	NOTE: Introduced by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=51dfc9c789b8405f595a337eade938aedcb449c4
	NOTE: https://review.gluster.org/20723
CVE-2018-10923 (It was found that the "mknod" call derived from mknod(2) can create fi ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1610659
	NOTE: https://github.com/gluster/glusterfs/commit/4bafcc97e812acc854dfc436ade35df0308d5a3e
CVE-2018-10922 (An input validation flaw exists in ttembed. With a crafted input file, ...)
	NOT-FOR-US: ttembed
CVE-2018-10921 (Certain input files may trigger an integer overflow in ttembed input f ...)
	NOT-FOR-US: ttembed
CVE-2018-10920 (Improper input validation bug in DNS resolver component of Knot Resolv ...)
	- knot-resolver 2.4.1-1 (bug #905325)
	NOTE: https://www.knot-resolver.cz/2018-08-02-knot-resolver-2.4.1.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/09/2 (including patch)
CVE-2018-10919 (The Samba Active Directory LDAP server was vulnerable to an informatio ...)
	{DSA-4271-1 DLA-1539-1}
	- samba 2:4.8.4+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2018-10919.html
CVE-2018-10918 (A null pointer dereference flaw was found in the way samba checked dat ...)
	- samba 2:4.8.4+dfsg-1
	[stretch] - samba <not-affected> (Only affects Samba 4.7.0 onwards)
	[jessie] - samba <not-affected> (Only affects Samba 4.7.0 onwards)
	NOTE: https://www.samba.org/samba/security/CVE-2018-10918.html
CVE-2018-10917 (pulp 2.16.x and possibly older is vulnerable to an improper path parsi ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2018-10916 (It has been discovered that lftp up to and including version 4.8.3 doe ...)
	- lftp 4.8.4-1 (bug #905163)
	[stretch] - lftp <no-dsa> (Minor issue)
	[jessie] - lftp <no-dsa> (Minor issue)
	NOTE: https://github.com/lavv17/lftp/issues/452
	NOTE: https://github.com/lavv17/lftp/commit/a27e07d90a4608ceaf928b1babb27d4d803e1992
CVE-2018-10915 (A vulnerability was found in libpq, the default PostgreSQL client libr ...)
	{DSA-4269-1 DLA-1464-1}
	- postgresql-10 10.5-1
	- postgresql-9.6 <removed>
	- postgresql-9.5 <removed>
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <no-dsa> (package only serves as a means for upgrading to Stretch)
	NOTE: Fixed in 9.3.24, 9.4.19, 9.5.14, 9.6.10, 10.5
	NOTE: https://www.postgresql.org/about/news/1878/
CVE-2018-10914 (It was found that an attacker could issue a xattr request via glusterf ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607617
	NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10913 (An information disclosure vulnerability was discovered in glusterfs se ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1607618
	NOTE: https://github.com/gluster/glusterfs/commit/13298d2b3893edb5d147ea3bcb9902ee5be4b3ad
CVE-2018-10912 (keycloak before version 4.0.0.final is vulnerable to a infinite loop i ...)
	NOT-FOR-US: Keycloak
CVE-2018-10911 (A flaw was found in the way dic_unserialize function of glusterfs does ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601657
	NOTE: https://github.com/gluster/glusterfs/commit/cc3271ebf3aacdbbc77fdd527375af78ab12ea8d
CVE-2018-10910 (A bug in Bluez may allow for the Bluetooth Discoverable state being se ...)
	- bluez 5.54-1 (low; bug #925369)
	[buster] - bluez <ignored> (Minor issue)
	[stretch] - bluez <ignored> (Minor issue, does not affected Gnome Bluetooth in stretch)
	[jessie] - bluez <no-dsa> (Minor issue because in gnome-bluetooth <= 3.26 the D-Bus calls were synchronous and thus the issue in bluez will have no actual affect)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1606203
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1602985
	NOTE: Bug in src:bluez itself and would need fixing there, but it is workaroundable in
	NOTE: gnome-bluetooth: https://gitlab.gnome.org/GNOME/gnome-bluetooth/commit/6b5086d42ea64d46277f3c93b43984f331d12f89
	NOTE: workaround in gnome-bluetooth landed in 3.28.2, BlueZ fixed in 5.51
CVE-2018-10909
	RESERVED
CVE-2018-10908 (It was found that vdsm before version 4.20.37 invokes qemu-img on untr ...)
	- vdsm <itp> (bug #668538)
CVE-2018-10907 (It was found that glusterfs server is vulnerable to multiple stack bas ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601642
	NOTE: https://github.com/gluster/glusterfs/commit/35f86ce46240c4f9c216bbc29164ce441cfca1e7
CVE-2018-10906 (In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vuln ...)
	{DSA-4257-1 DLA-1468-1}
	- fuse3 3.2.6-1 (bug #911343)
	- fuse 2.9.8-1 (bug #904439)
	NOTE: https://github.com/libfuse/libfuse/pull/268
	NOTE: https://sourceforge.net/p/fuse/mailman/message/36374753/
CVE-2018-10905 (CloudForms Management Engine (cfme) is vulnerable to an improper secur ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2018-10904 (It was found that glusterfs server does not properly sanitize file pat ...)
	{DLA-1510-1}
	- glusterfs 4.1.4-1 (bug #909215)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1601298
	NOTE: https://github.com/gluster/glusterfs/commit/9716ce88b3a1faf135a6badc02d94249898059dd
CVE-2018-10903 (A flaw was found in python-cryptography versions between &gt;=1.9.0 an ...)
	- python-cryptography 2.3-1 (bug #904072)
	[stretch] - python-cryptography <not-affected> (Vulnerable code introduced later)
	[jessie] - python-cryptography <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com//pyca/cryptography/pull/4342
	NOTE: https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
CVE-2018-10902 (It was found that the raw midi kernel driver does not protect against  ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.15-1
	NOTE: https://git.kernel.org/linus/39675f7a7c7e7702f7d5341f1e0d01db746543a0 (4.18-rc6)
CVE-2018-10901 (A flaw was found in Linux kernel's KVM virtualization subsystem. The V ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/3444d7da1839b851eefedd372978d8a982316c36 (2.6.36-rc1)
CVE-2018-10900 (Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1 ...)
	{DSA-4253-1 DLA-1454-1}
	- network-manager-vpnc 1.2.6-1 (bug #904255)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/20/3
	NOTE: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4e361a27ef48ac757d36cbb46e8e12
CVE-2018-10899 (A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affecte ...)
	NOT-FOR-US: Jolokia
CVE-2018-10898 (A vulnerability was found in openstack-tripleo-heat-templates before v ...)
	- tripleo-heat-templates <removed>
CVE-2018-10897 (A directory traversal issue was found in reposync, a part of yum-utils ...)
	- yum-utils 1.1.31-2.2 (bug #921131)
	[stretch] - yum-utils <ignored> (Minor issue)
	[jessie] - yum-utils <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1600221
	NOTE: https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c
	NOTE: https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c
	NOTE: https://github.com/rpm-software-management/yum-utils/pull/43
CVE-2018-10896 (The default cloud-init configuration, in cloud-init 0.6.2 and newer, i ...)
	NOT-FOR-US: Red Hat-specific packaging flaw of cloud-init default config
CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site request ...)
	- qutebrowser 1.4.1-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/11/7
	NOTE: https://github.com/qutebrowser/qutebrowser/issues/4060
	NOTE: Introduced in: https://github.com/qutebrowser/qutebrowser/commit/ffc29ee (v1.0.0)
	NOTE: Fixed in: https://github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660 (v1.4.1)
CVE-2018-10894 (It was found that SAML authentication in Keycloak 3.4.3.Final incorrec ...)
	NOT-FOR-US: Keycloak
CVE-2018-10893 (Multiple integer overflow and buffer overflow issues were discovered i ...)
	- spice-gtk 0.37-1 (bug #904161)
	[buster] - spice-gtk <no-dsa> (Minor issue)
	[stretch] - spice-gtk <no-dsa> (Minor issue)
	[jessie] - spice-gtk <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598234
	NOTE: Ongoing patch review: https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html
	NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/3050b4e1f6f39c1a9f8a286791d06705fce1ecb7
	NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/5173ff871a7df11e230124b4d1724653ebaa7134
CVE-2018-10892 (The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby f ...)
	[experimental] - docker.io 18.06.0+dfsg1-1
	- docker.io 18.06.1+dfsg1-1 (bug #908057)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598581
	NOTE: https://github.com/moby/moby/pull/37404
CVE-2018-10891 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13 ...)
	- moodle <removed>
CVE-2018-10890 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13 ...)
	- moodle <removed>
CVE-2018-10889 (A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No opt ...)
	- moodle <removed>
CVE-2018-10888 (A flaw was found in libgit2 before version 0.27.3. A missing check in  ...)
	{DLA-1477-1}
	- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903508)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3
CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been discove ...)
	{DLA-1477-1}
	- libgit2 0.27.4+dfsg.1-0.1 (low; bug #903509)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
	NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
CVE-2018-XXXX [Incomplete fix for CVE-2018-10886]
	- ant 1.10.5-1 (bug #904191)
	[stretch] - ant <not-affected> (Incomplete fix for CVE-2018-10886 not applied)
	[jessie] - ant 1.9.4-3+deb8u2
	NOTE: Workaround entry for DLA-1457-1 (as no CVE will be assigned by its CNA)
	NOTE: https://github.com/apache/ant/commit/6a41d62cb9ab4e640b72cb4de42a6c211dea645d
	NOTE: https://github.com/apache/ant/commit/5a8c37b271677587046bfd0fea18c1675d5a6300
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62502
CVE-2018-10886
	REJECTED
	{DSA-4255-1 DLA-1431-1}
	- ant 1.10.4-1
	NOTE: Fixed upstream in 1.9.12 and 1.10.4
	NOTE: https://github.com/apache/ant/commit/e56e54565804991c62ec76dad385d2bdda8972a7
	NOTE: https://github.com/apache/ant/commit/1a2b1e37e3616991588f21efa89c474dd6ff83ff
	NOTE: https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe
	NOTE: https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1584407
	NOTE: The CVE was rejected, as it was assigned by Red Hat's CNA but is out of
	NOTE: scope of the assigning CNA. The rejection was not due to technical invalid
	NOTE: issue but because it was assigned by a CNA which did not cover the scope
	NOTE: for ant. Would fall under Apache CNA instead.
CVE-2018-10885 (In atomic-openshift before version 3.10.9 a malicious network-policy c ...)
	NOT-FOR-US: atomic-openshift
CVE-2018-10884 (Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-s ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-10883 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200071
CVE-2018-10882 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200069
CVE-2018-10881 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200015
CVE-2018-10880 (Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4  ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200005
CVE-2018-10879 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596806
CVE-2018-10878 (A flaw was found in the Linux kernel's ext4 filesystem. A local user c ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199865
CVE-2018-10877 (Linux kernel ext4 filesystem is vulnerable to an out-of-bound access i ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199417
CVE-2018-10876 (A flaw was found in Linux kernel in the ext4 filesystem code. A use-af ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199403
CVE-2018-10875 (A flaw was found in ansible. ansible.cfg is read from the current work ...)
	{DSA-4396-1 DLA-1923-1}
	- ansible 2.6.1+dfsg-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596533
	NOTE: https://github.com/ansible/ansible/pull/42070
	NOTE: https://github.com/ansible/ansible/commit/4cecbe81adbc655d7ab734165d3ac539f8ba5981
CVE-2018-10874 (In ansible it was found that inventory variables are loaded from curre ...)
	- ansible 2.6.1+dfsg-1
	[stretch] - ansible <not-affected> (Vulnerable code not present)
	[jessie] - ansible <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596528
	NOTE: https://github.com/ansible/ansible/pull/42067
	NOTE: https://github.com/ansible/ansible/commit/1f80949f964a946773f9d3ac1899535bd2cc2b8e
CVE-2018-10873 (A vulnerability was discovered in SPICE before version 0.14.1 where th ...)
	{DSA-4319-1 DLA-1489-1 DLA-1486-1}
	- spice 0.14.0-1.1 (bug #906315)
	- spice-gtk 0.35-1 (bug #906316)
	[stretch] - spice-gtk <no-dsa> (Minor issue)
	NOTE: https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
CVE-2018-10872 (A flaw was found in the way the Linux kernel handled exceptions delive ...)
	- linux <not-affected> (Red Hat specific CVE-2018-8897 regression in RHEL 6.10)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1596094
CVE-2018-10871 (389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Clear ...)
	{DLA-1483-1}
	[experimental] - 389-ds-base 1.4.0.13-1
	- 389-ds-base 1.4.0.15-1
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://pagure.io/389-ds-base/issue/49789
CVE-2018-10870 (redhat-certification does not properly sanitize paths in rhcertStore.p ...)
	NOT-FOR-US: Red Hat Certification
CVE-2018-10869 (redhat-certification does not properly restrict files that can be down ...)
	NOT-FOR-US: Red Hat Certification
CVE-2018-10868
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10867
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10866
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10865
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10864 (An uncontrolled resource consumption flaw has been discovered in redha ...)
	NOT-FOR-US: Red Hat Certification
CVE-2018-10863
	RESERVED
	NOT-FOR-US: Red Hat Certification
CVE-2018-10862 (WildFly Core before version 6.0.0.Alpha3 does not properly validate fi ...)
	- wildfly <itp> (bug #752018)
CVE-2018-10861 (A flaw was found in the way ceph mon handles user requests. Any authen ...)
	{DSA-4339-1}
	- ceph 12.2.8+dfsg1-1 (bug #913470)
	[jessie] - ceph <no-dsa> (Intrusive changes)
	NOTE: http://tracker.ceph.com/issues/24838
	NOTE: https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc
CVE-2018-10860 (perl-archive-zip is vulnerable to a directory traversal in Archive::Zi ...)
	{DSA-4300-1 DLA-1440-1}
	- libarchive-zip-perl 1.62-1 (bug #902882)
	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
	NOTE: https://github.com/redhotpenguin/perl-Archive-Zip/commit/95e1df86327
CVE-2018-10859 (git-annex is vulnerable to an Information Exposure when decrypting fil ...)
	{DLA-1495-1}
	- git-annex 6.20180626-1
	[stretch] - git-annex 6.20170101-1+deb9u2
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/26/4
	NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10858 (A heap-buffer overflow was found in the way samba clients processed ex ...)
	{DSA-4271-1 DLA-1539-1}
	- samba 2:4.8.4+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2018-10858.html
CVE-2018-10857 (git-annex is vulnerable to a private data exposure and exfiltration at ...)
	{DLA-1495-1}
	- git-annex 6.20180626-1
	[stretch] - git-annex 6.20170101-1+deb9u2
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/26/4
	NOTE: https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
CVE-2018-10856 (It has been discovered that podman before version 0.6.1 does not drop  ...)
	- libpod <not-affected> (Fixed before initial upload)
CVE-2018-10855 (Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the n ...)
	{DSA-4396-1}
	- ansible 2.5.5+dfsg-1 (low)
	[jessie] - ansible <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ansible/ansible/pull/41414
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588855
CVE-2018-10854 (cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable t ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2018-10853 (A flaw was found in the way Linux kernel KVM hypervisor before 4.18 em ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.16.16-1
	[stretch] - linux 4.9.110-1
	NOTE: Fixed by: https://git.kernel.org/linus/3c9fa24ca7c9c47605672916491f79e8ccacb9e6
CVE-2018-10852 (The UNIX pipe which sudo uses to contact SSSD and read the available s ...)
	{DLA-1429-1}
	- sssd 1.16.3-1 (bug #902860)
	[stretch] - sssd <no-dsa> (Minor issue)
	NOTE: https://pagure.io/SSSD/sssd/issue/3766
	NOTE: https://pagure.io/SSSD/sssd/c/ed90a20a0f0e936eb00d268080716c0384ffb01d (master, ssd-1_16_3)
CVE-2018-10851 (PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4. ...)
	- pdns 4.1.5-1 (bug #913163)
	[stretch] - pdns 4.0.3-1+deb9u3
	[jessie] - pdns <ignored> (Minor issue)
	- pdns-recursor 4.1.7-1 (bug #913162)
	[stretch] - pdns-recursor 4.0.4-1+deb9u4
	[jessie] - pdns-recursor <ignored> (Minor issue)
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html
	NOTE: https://downloads.powerdns.com/patches/2018-03/
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html
	NOTE: https://downloads.powerdns.com/patches/2018-04/
CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race  ...)
	{DLA-1428-1}
	[experimental] - 389-ds-base 1.4.0.13-1
	- 389-ds-base 1.4.0.15-1 (bug #903501)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1588056
	NOTE: https://pagure.io/389-ds-base/c/8f04487f99a
	NOTE: https://pagure.io/389-ds-base/issue/49768
CVE-2018-10849
	REJECTED
CVE-2018-10848
	REJECTED
CVE-2018-10847 (prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authenticat ...)
	{DSA-4216-1}
	- prosody 0.10.2-1 (bug #900524)
	NOTE: https://issues.prosody.im/1147
	NOTE: https://blog.prosody.im/prosody-0-10-2-security-release/
	NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.10.1.patch (0.10.1)
	NOTE: https://prosody.im/security/advisory_20180531/issue1147-0.9.patch (0.9.x)
CVE-2018-10846 (A cache-based side channel in GnuTLS implementation that leads to plai ...)
	{DLA-1560-1}
	[experimental] - gnutls28 3.6.3-1
	- gnutls28 3.5.19-1
	[stretch] - gnutls28 3.5.8-5+deb9u4
	- gnutls26 <removed>
	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
	NOTE: https://gitlab.com/gnutls/gnutls/commit/ce671a6db9e47006cff152d485091141b1569f39 (master)
	NOTE: The proposed fix is to introduce a new option to force encrypt-then-mac
	NOTE: instead of correcting the issue.
	NOTE: https://eprint.iacr.org/2018/747
	NOTE: Backport of the MR657 to 3.5.x: https://gitlab.com/gnutls/gnutls/merge_requests/663
CVE-2018-10845 (It was found that the GnuTLS implementation of HMAC-SHA-384 was vulner ...)
	{DLA-1560-1}
	- gnutls28 3.5.19-1
	[stretch] - gnutls28 3.5.8-5+deb9u4
	- gnutls26 <removed>
	NOTE: https://gitlab.com/gnutls/gnutls/issues/455
	NOTE: https://gitlab.com/gnutls/gnutls/commit/cc14ec5ece856cb083d64e6a5a8657323da661cb (master)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/e14d85eb8b1987d86f7b1d101a0e7795675d20d4 (gnutls_3_5_19)
	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
	NOTE: https://eprint.iacr.org/2018/747
CVE-2018-10844 (It was found that the GnuTLS implementation of HMAC-SHA-256 was vulner ...)
	{DLA-1560-1}
	- gnutls28 3.5.19-1
	[stretch] - gnutls28 3.5.8-5+deb9u4
	- gnutls26 <removed>
	NOTE: https://gitlab.com/gnutls/gnutls/issues/456
	NOTE: https://gitlab.com/gnutls/gnutls/commit/29ffa2a1fa4cc396c5d1563a3e5cdca0174de28b (master)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/c32a8690f9f9b05994078fe9d2e7a41b18da5b09 (master)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/c433cdf92349afae66c703bdacedf987f423605e (gnutls_3_5_19)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/c2e094acd68f7159025b2e2556d6fb4427b41dd7 (gnutls_3_5_19)
	NOTE: https://gitlab.com/gnutls/gnutls/merge_requests/657
	NOTE: https://eprint.iacr.org/2018/747
CVE-2018-10843 (source-to-image component of Openshift Container Platform before versi ...)
	NOT-FOR-US: source-to-image in OpenShift
CVE-2018-10842
	REJECTED
CVE-2018-10841 (glusterfs is vulnerable to privilege escalation on gluster server node ...)
	- glusterfs 4.1.2-1 (bug #901968)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - glusterfs <not-affected> (vulnerable code not present)
	NOTE: https://review.gluster.org/#/c/20328/
	NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=e8d928e34680079e42be6947ffacc4ddd7defca2
CVE-2018-10840 (Linux kernel is vulnerable to a heap-based buffer overflow in the fs/e ...)
	- linux 4.17.3-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199347
	NOTE: Fixed by: https://git.kernel.org/linus/8a2b307c21d4b290e3cbe33f768f194286d07c23
CVE-2018-10839 (Qemu emulator &lt;= 3.0.0 built with the NE2000 NIC emulation support  ...)
	{DSA-4338-1 DLA-1599-1}
	- qemu 1:3.1+dfsg-1 (bug #910431)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03273.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/10/08/1
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=fdc89e90fac40c5ca2686733df17b6423fb8d8fb
CVE-2018-10838
	RESERVED
CVE-2018-10837
	RESERVED
CVE-2018-10836
	RESERVED
CVE-2018-10835
	RESERVED
CVE-2018-10834
	RESERVED
CVE-2018-10833
	RESERVED
CVE-2018-10832 (ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. P ...)
	NOT-FOR-US: ModbusPal
CVE-2018-10831 (Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier t ...)
	NOT-FOR-US: Z-NOMP
CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ver ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10829
	RESERVED
CVE-2018-10828 (An issue was discovered in Alps Pointing-device Driver 10.1.101.207. A ...)
	NOT-FOR-US: Alps Pointing-device Driver
CVE-2018-10827 (LiteCart before 2.1.2 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: LiteCart
CVE-2018-10826
	RESERVED
CVE-2018-10825 (Mimo Baby 2 devices do not use authentication or encryption for the Bl ...)
	NOT-FOR-US: Mimo Baby 2
CVE-2018-10824 (An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L throu ...)
	NOT-FOR-US: D-Link
CVE-2018-10823 (An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 throug ...)
	NOT-FOR-US: D-Link
CVE-2018-10822 (Directory traversal vulnerability in the web interface on D-Link DWR-1 ...)
	NOT-FOR-US: D-Link
CVE-2018-10821 (Cross-site scripting (XSS) vulnerability in backend/pages/modify.php i ...)
	NOT-FOR-US: BlackCatCMS
CVE-2018-10820
	RESERVED
CVE-2018-10819
	RESERVED
CVE-2018-10818
	RESERVED
CVE-2018-10817 (Severalnines ClusterControl before 1.6.0-4699 allows XSS. ...)
	NOT-FOR-US: Severalnines ClusterControl
CVE-2018-10816
	RESERVED
CVE-2018-10815 (An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x befo ...)
	NOT-FOR-US: Cloudera Manager
CVE-2018-10814 (Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for ...)
	NOT-FOR-US: Synametrics SynaMan
CVE-2018-10813 (In Dedos-web 1.0, the cookie and session secrets used in the Express.j ...)
	NOT-FOR-US: Dedos-web
CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses cleartex ...)
	NOT-FOR-US: Bitpie application for Android and iOS
CVE-2018-10811 (strongSwan 5.6.0 and older allows Remote Denial of Service because of  ...)
	{DSA-4229-1}
	- strongswan 5.6.3-1
	NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html
	NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html
CVE-2018-10810 (chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is affe ...)
	NOT-FOR-US: LiveZilla Live Chat
CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allo ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10808
	RESERVED
CVE-2018-10807
	RESERVED
CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross  ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage  ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (unimportant; bug #898218)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1054
CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage  ...)
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (unimportant; bug #898217)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials functi ...)
	NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer
CVE-2018-1000301 (curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-1 ...)
	{DSA-4202-1 DLA-1379-1}
	- curl 7.60.0-1 (bug #898856)
	NOTE: https://curl.haxx.se/docs/adv_2018-b138.html
CVE-2018-1000300 (curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-1 ...)
	- curl 7.60.0-1
	[stretch] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
	[jessie] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
	[wheezy] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
	NOTE: https://curl.haxx.se/docs/adv_2018-82c2.html
CVE-2018-1000177 (A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10. ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000176 (An exposure of sensitive information vulnerability exists in Jenkins E ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000175 (A path traversal vulnerability exists in Jenkins HTML Publisher Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000174 (An open redirect vulnerability exists in Jenkins Google Login Plugin 1 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000173 (A session fixaction vulnerability exists in Jenkins Google Login Plugi ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-10802
	RESERVED
CVE-2018-10801 (TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as dem ...)
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2790
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although
	NOTE: technically still present in the source package
CVE-2018-10800
	RESERVED
CVE-2018-10799 (A hang issue was discovered in Brave before 0.14.0 (on, for example, L ...)
	- brave-browser <itp> (bug #864795)
CVE-2018-10798 (A hang issue was discovered in Brave before 0.14.0 (on, for example, L ...)
	- brave-browser <itp> (bug #864795)
CVE-2018-10797
	RESERVED
CVE-2018-10796 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allo ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10795 (** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration ...)
	NOT-FOR-US: Liferay
CVE-2018-10794
	RESERVED
CVE-2018-10793
	RESERVED
CVE-2018-10792
	RESERVED
CVE-2018-10791
	RESERVED
CVE-2018-10790
	RESERVED
CVE-2018-10789
	RESERVED
CVE-2018-10788
	RESERVED
CVE-2018-10787
	RESERVED
CVE-2018-10786
	RESERVED
CVE-2018-10785
	RESERVED
CVE-2018-10784
	RESERVED
CVE-2018-10783
	RESERVED
CVE-2018-10782
	RESERVED
CVE-2018-10781
	RESERVED
CVE-2018-10780 (Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based bu ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575201
	NOTE: Commit https://github.com/Exiv2/exiv2/commit/74cb5bab132ed76adf15df172c5e8b58cddaa96c
	NOTE: adresses an overflow, but not solving the invalid write of size 1 via
	NOTE: Exiv2::Image::printIFDStructure.
	NOTE: Commit https://github.com/Exiv2/exiv2/commit/8ff26931e31bb25d66c69846f47f3f5b6d9a32f1
	NOTE: avoids using Image::printStructure() when reading images.
CVE-2018-10779 (TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buf ...)
	- tiff 4.0.6-3 (bug #898359)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2788
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although
	NOTE: technically still present in the source package
CVE-2018-10778 (Read access violation in the III_dequantize_sample function in mpglibD ...)
	- mp3gain 1.6.2-1
	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10777 (Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3g ...)
	- mp3gain 1.6.2-2 (bug #973932)
	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
	NOTE: Fixed according to https://sourceforge.net/p/mp3gain/bugs/43/ but still causes crash with ASAN
	NOTE: According to the CVE this is caught by FORTIFY_SOURCE, so no real vulnerability.
CVE-2018-10776 (The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 ...)
	- mp3gain 1.6.2-1
	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10775 (NULL pointer dereference in the _fields_add function in fields.c in li ...)
	- bibutils 6.10-2 (unimportant; bug #898135)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10774 (Read access violation in the isiin_keyword function in isiin.c in libb ...)
	- bibutils 6.10-2 (unimportant; bug #898135)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10773 (NULL pointer deference in the addsn function in serialno.c in libbibco ...)
	- bibutils 6.10-2 (unimportant; bug #898135)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10772 (The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allow ...)
	[experimental] - exiv2 <unfixed>
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566260
CVE-2018-10771 (Stack-based buffer overflow in the get_key function in parse.c in abcm ...)
	- abcm2ps 8.14.2-0.1 (unimportant; bug #898130)
	NOTE: https://github.com/leesavide/abcm2ps/issues/17
	NOTE: https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f
	NOTE: Crash in CLI tool (neutralised by toolchain hardening), no security impact
CVE-2018-10770 (download.rsp on ShenZhen Anni "5 in 1 XVR" devices allows remote attac ...)
	NOT-FOR-US: ShenZhen Anni "5 in 1 XVR" devices
CVE-2018-10769 (The transferProxy and approveProxy functions of a smart contract imple ...)
	NOT-FOR-US: smart contract
CVE-2018-10768 (There is a NULL pointer dereference in the AnnotPath::getCoordsLength  ...)
	{DLA-1562-1}
	- poppler 0.38.0-2
	[wheezy] - poppler <not-affected> (Vulnerable code is not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106408
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=942adfc25e7a00ac3cf032ced2d8949e99099f70 (poppler-0.37)
CVE-2018-10767 (There is a stack-based buffer over-read in calling GLib in the functio ...)
	- libgxps 0.3.0-3 (bug #898133)
	[stretch] - libgxps <no-dsa> (Minor issue)
	[jessie] - libgxps <no-dsa> (Minor issue)
	[wheezy] - libgxps <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575188
CVE-2018-10766
	RESERVED
CVE-2018-10765
	RESERVED
CVE-2018-10764
	RESERVED
CVE-2018-10763 (Multiple cross-site scripting (XSS) vulnerabilities in Synametrics Syn ...)
	NOT-FOR-US: Synametrics SynaMan
CVE-2018-10762
	REJECTED
CVE-2018-10761
	REJECTED
CVE-2018-10760 (Unrestricted file upload vulnerability in the Files plugin in ProjectP ...)
	NOT-FOR-US: Files plugin in ProjectPier
CVE-2018-10759 (PHP remote file inclusion vulnerability in public/patch/patch.php in P ...)
	NOT-FOR-US: Project Pier
CVE-2018-11319 (Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle s ...)
	{DSA-4261-1 DLA-1444-1}
	- vim-syntastic 3.9.0-1 (bug #894736)
	NOTE: https://github.com/vim-syntastic/syntastic/issues/2170
	NOTE: https://github.com/vim-syntastic/syntastic/commit/6d7c0b394e001233dd09ec473fbea2002c72632f
CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action  ...)
	NOT-FOR-US: Datenstrom Yellow
CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant Authe ...)
	NOT-FOR-US: CSP MySQL User Manager
CVE-2018-10756 (Use-after-free in libtransmission/variant.c in Transmission before 3.0 ...)
	{DLA-2305-1 DLA-2218-1}
	- transmission 3.00-1 (bug #961461)
	[buster] - transmission 2.94-2+deb10u1
	NOTE: https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e (3.00)
	NOTE: https://tomrichards.net/2020/05/cve-2018-10756-transmission/
CVE-2018-10755
	REJECTED
CVE-2018-10754
	REJECTED
CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c  ...)
	- abcm2ps 8.14.2-0.1 (unimportant; bug #897966)
	NOTE: https://github.com/leesavide/abcm2ps/issues/16
	NOTE: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title f ...)
	NOT-FOR-US: Tagregator plugin for WordPress
CVE-2018-10751 (A malformed OMACP WAP push message can cause memory corruption on a Sa ...)
	NOT-FOR-US: Samsung
CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10748 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10747 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10746 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10745
	RESERVED
CVE-2018-10744
	RESERVED
CVE-2018-10743
	RESERVED
CVE-2018-10742
	RESERVED
CVE-2018-10741
	RESERVED
CVE-2018-10740 (Axublog 1.1.0 allows remote Code Execution as demonstrated by injectio ...)
	NOT-FOR-US: Axublog
CVE-2018-10739 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPC ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10738 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via th ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10737 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via th ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10736 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via th ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10735 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via th ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10734 (KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoo ...)
	NOT-FOR-US: KONGTOP DVR devices
CVE-2018-10733 (There is a heap-based buffer over-read in the function ft_font_face_ha ...)
	- libgxps 0.3.0-3 (low; bug #897954)
	[stretch] - libgxps <no-dsa> (Minor issue)
	[jessie] - libgxps <no-dsa> (Minor issue)
	[wheezy] - libgxps <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1574844
	NOTE: https://git.gnome.org/browse/libgxps/commit/?id=b458226e162fe1ffe7acb4230c114a52ada5131b
	NOTE: https://git.gnome.org/browse/libgxps/commit/?id=133fe2a96e020d4ca65c6f64fb28a404050ebbfd
CVE-2018-10732 (The REST API in Dataiku DSS before 4.2.3 allows remote attackers to ob ...)
	NOT-FOR-US: Dataiku DSS
CVE-2018-10731 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products runnin ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10730 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products runnin ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10729 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products runnin ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10728 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products runnin ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10727 (Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_refer ...)
	NOT-FOR-US: Joomla extension
CVE-2018-10726 (** DISPUTED ** A stored XSS vulnerability was found in Datenstrom Yell ...)
	NOT-FOR-US: Datenstrom Yellow
CVE-2018-10725
	RESERVED
CVE-2018-10724
	RESERVED
CVE-2018-10723 (Directus 6.4.9 has a hardcoded admin password for the Admin account be ...)
	NOT-FOR-US: Directus
CVE-2018-10722 (In Cylance CylancePROTECT before 1470, an unprivileged local user can  ...)
	NOT-FOR-US: Cylance CylancePROTECT
CVE-2018-10721
	RESERVED
CVE-2018-10720
	RESERVED
CVE-2018-10719
	RESERVED
CVE-2018-10718 (Stack-based buffer overflow in Activision Infinity Ward Call of Duty M ...)
	NOT-FOR-US: Activision
CVE-2018-10717 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does no ...)
	NOT-FOR-US: ngiflib
CVE-2018-10716 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPC ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10715
	RESERVED
CVE-2018-10714
	RESERVED
CVE-2018-10713 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authent ...)
	NOT-FOR-US: D-Link
CVE-2018-10712 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
	NOT-FOR-US: ASRock
CVE-2018-10711 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
	NOT-FOR-US: ASRock
CVE-2018-10710 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
	NOT-FOR-US: ASRock
CVE-2018-10709 (The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED ...)
	NOT-FOR-US: ASRock
CVE-2018-10708
	RESERVED
CVE-2018-10707
	RESERVED
CVE-2018-10706 (An integer overflow in the transferMulti function of a smart contract  ...)
	NOT-FOR-US: Social Chain
CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an Ethe ...)
	NOT-FOR-US: Aurora DAD
CVE-2018-10704 (yidashi yii2cmf 2.0 has XSS via the /search q parameter. ...)
	NOT-FOR-US: yidashi yii2cmf
CVE-2018-10703 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
	NOT-FOR-US: Moxa
CVE-2018-10702 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
	NOT-FOR-US: Moxa
CVE-2018-10701 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides fun ...)
	NOT-FOR-US: Moxa
CVE-2018-10700 (An issue was discovered on Moxa AWK-3121 1.19 devices. It provides fun ...)
	NOT-FOR-US: Moxa
CVE-2018-10699 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
	NOT-FOR-US: Moxa
CVE-2018-10698 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device enab ...)
	NOT-FOR-US: Moxa
CVE-2018-10697 (An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 31 ...)
	NOT-FOR-US: Moxa
CVE-2018-10696 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
	NOT-FOR-US: Moxa
CVE-2018-10695 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ale ...)
	NOT-FOR-US: Moxa
CVE-2018-10694 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device prov ...)
	NOT-FOR-US: Moxa
CVE-2018-10693 (An issue was discovered on Moxa AWK-3121 1.14 devices. It provides pin ...)
	NOT-FOR-US: Moxa
CVE-2018-10692 (An issue was discovered on Moxa AWK-3121 1.14 devices. The session coo ...)
	NOT-FOR-US: Moxa
CVE-2018-10691 (An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended  ...)
	NOT-FOR-US: Moxa
CVE-2018-10690 (An issue was discovered on Moxa AWK-3121 1.14 devices. The device by d ...)
	NOT-FOR-US: Moxa
CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel a ...)
	- blktrace 1.2.0-1 (low; bug #897695)
	[stretch] - blktrace 1.1.0-2+deb9u1
	[jessie] - blktrace 1.0.5-1+deb8u1
	[wheezy] - blktrace <no-dsa> (Minor issue)
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
	NOTE: https://www.spinics.net/lists/linux-btrace/msg00847.html
CVE-2018-10688
	RESERVED
CVE-2018-10687
	RESERVED
CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There is Refl ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the  ...)
	- lrzip 0.631+git180517-1 (low; bug #897645)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <ignored> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/95
CVE-2018-10684
	RESERVED
CVE-2018-10683 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. In the ...)
	- wildfly <itp> (bug #752018)
CVE-2018-10682 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is  ...)
	- wildfly <itp> (bug #752018)
CVE-2018-10681
	RESERVED
CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulne ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-10679
	RESERVED
CVE-2018-10678 (MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_b ...)
	NOT-FOR-US: MyBB
CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks c ...)
	NOT-FOR-US: ngiflib
CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR dev ...)
	NOT-FOR-US: CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices
CVE-2018-10674
	RESERVED
CVE-2018-10673
	RESERVED
CVE-2018-10672
	RESERVED
CVE-2018-10671
	RESERVED
CVE-2018-10670
	RESERVED
CVE-2018-10669
	RESERVED
CVE-2018-10668
	RESERVED
CVE-2018-10667
	RESERVED
CVE-2018-10666 (The Owned smart contract implementation for Aurora IDEX Membership (ID ...)
	NOT-FOR-US: Aurora IDEX
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...)
	NOT-FOR-US: ILIAS
CVE-2018-10664 (An issue was discovered in the httpd process in multiple models of Axi ...)
	NOT-FOR-US: Axis
CVE-2018-10663 (An issue was discovered in multiple models of Axis IP Cameras. There i ...)
	NOT-FOR-US: Axis
CVE-2018-10662 (An issue was discovered in multiple models of Axis IP Cameras. There i ...)
	NOT-FOR-US: Axis
CVE-2018-10661 (An issue was discovered in multiple models of Axis IP Cameras. There i ...)
	NOT-FOR-US: Axis
CVE-2018-10660 (An issue was discovered in multiple models of Axis IP Cameras. There i ...)
	NOT-FOR-US: Axis
CVE-2018-10659 (There was a Memory Corruption issue discovered in multiple models of A ...)
	NOT-FOR-US: Axis
CVE-2018-10658 (There was a Memory Corruption issue discovered in multiple models of A ...)
	NOT-FOR-US: Axis
CVE-2018-10675 (The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel be ...)
	- linux 4.12.12-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux 3.2.96-1
	NOTE: https://git.kernel.org/linus/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 (4.13-rc6)
CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a denial of service flaw wher ...)
	- matrix-synapse 0.28.1+dfsg-1
	NOTE: https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb
	NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
CVE-2018-10656
	RESERVED
CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 h ...)
	NOT-FOR-US: DeviceLock Plug and Play Auditor
CVE-2018-10654 (There is a Hazelcast Library Java Deserialization Vulnerability in Cit ...)
	NOT-FOR-US: Citrix
CVE-2018-10653 (There is an XML External Entity (XXE) Processing Vulnerability in Citr ...)
	NOT-FOR-US: Citrix
CVE-2018-10652 (There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10. ...)
	NOT-FOR-US: Citrix
CVE-2018-10651 (There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10. ...)
	NOT-FOR-US: Citrix
CVE-2018-10650 (There is an Insufficient Path Validation Vulnerability in Citrix XenMo ...)
	NOT-FOR-US: Citrix
CVE-2018-10649 (There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Serv ...)
	NOT-FOR-US: Citrix
CVE-2018-10648 (There are Unauthenticated File Upload Vulnerabilities in Citrix XenMob ...)
	NOT-FOR-US: Citrix
CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation  ...)
	NOT-FOR-US: SaferVPN
CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege esca ...)
	NOT-FOR-US: CyberGhost
CVE-2018-10645 (Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM priv ...)
	NOT-FOR-US: Golden Frog VyprVPN
CVE-2018-10644
	RESERVED
CVE-2018-10643
	RESERVED
CVE-2018-10642 (Command injection vulnerability in Combodo iTop 2.4.1 allows remote au ...)
	NOT-FOR-US: Combodo iTop
CVE-2018-10641 (D-Link DIR-601 A1 1.02NA devices do not require the old password for a ...)
	NOT-FOR-US: D-Link
CVE-2018-10640
	RESERVED
CVE-2018-10639
	RESERVED
CVE-2018-10638
	RESERVED
CVE-2018-10637 (A maliciously crafted project file may cause a buffer overflow, which  ...)
	NOT-FOR-US: Fuji
CVE-2018-10636 (CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 ha ...)
	NOT-FOR-US: CNCSoft
CVE-2018-10635 (In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5 ...)
	NOT-FOR-US: Universal Robots
CVE-2018-10634 (Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL- ...)
	NOT-FOR-US: Medtronic
CVE-2018-10633 (Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-10 ...)
	NOT-FOR-US: Universal Robots
CVE-2018-10632 (In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and pri ...)
	NOT-FOR-US: Moxa
CVE-2018-10631 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Progra ...)
	NOT-FOR-US: Medtronic
CVE-2018-10630 (For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version p ...)
	NOT-FOR-US: Creston
CVE-2018-10629
	RESERVED
CVE-2018-10628 (AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update ...)
	NOT-FOR-US: AVEVA
CVE-2018-10627 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
	NOT-FOR-US: Echelon
CVE-2018-10626 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
	NOT-FOR-US: Medtronic
CVE-2018-10625
	RESERVED
CVE-2018-10624 (In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (B ...)
	NOT-FOR-US: Johnson Controls Metasys System
CVE-2018-10623 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04  ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-10622 (A vulnerability was discovered in all versions of Medtronic MyCareLink ...)
	NOT-FOR-US: Medtronic
CVE-2018-10621 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04  ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-10620 (AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Editio ...)
	NOT-FOR-US: AVEVA
CVE-2018-10619 (An unquoted search path or element in RSLinx Classic Versions 3.90.01  ...)
	NOT-FOR-US: RSLinx
CVE-2018-10618 (Davolink DVW-3200N all version prior to Version 1.00.06. The device ge ...)
	NOT-FOR-US: Davolink DVW-3200N
CVE-2018-10617 (Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04  ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-10616 (ABB Panel Builder 800 all versions has an improper input validation vu ...)
	NOT-FOR-US: ABB Panel Builder 800
CVE-2018-10615 (Directory traversal may lead to files being exfiltrated or deleted on  ...)
	NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10614 (An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be ...)
	NOT-FOR-US: LeviStudioU
CVE-2018-10613 (Multiple variants of XML External Entity (XXE) attacks may be used to  ...)
	NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10612 (In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior  ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Control V3 Products
CVE-2018-10611 (Java remote method invocation (RMI) input port in GE MDS PulseNET and  ...)
	NOT-FOR-US: GE MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10610 (An out-of-bounds vulnerability in LeviStudioU, Versions 1.8.29 and 1.8 ...)
	NOT-FOR-US: LeviStudioU
CVE-2018-10609 (Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-6 ...)
	NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10608 (SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited  ...)
	NOT-FOR-US: SEL AcSELerator Architect
CVE-2018-10607 (Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-6 ...)
	NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10606 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based b ...)
	NOT-FOR-US: WECON LeviStudio
CVE-2018-10605 (Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unp ...)
	NOT-FOR-US: Martem TELEM GW6/GWM
CVE-2018-10604 (SEL Compass version 3.0.5.1 and prior allows all users full access to  ...)
	NOT-FOR-US: SEL Compass
CVE-2018-10603 (Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-6 ...)
	NOT-FOR-US: Martem TELEM GW6 and GWM devices
CVE-2018-10602 (WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based  ...)
	NOT-FOR-US: WECON LeviStudio
CVE-2018-10601 (IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70 ...)
	NOT-FOR-US: Philips
CVE-2018-10600 (SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitize ...)
	NOT-FOR-US: SEL AcSELerator Architect
CVE-2018-10599 (IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70 ...)
	NOT-FOR-US: Philips
CVE-2018-10598 (CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 ha ...)
	NOT-FOR-US: CNCSoft
CVE-2018-10597 (IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70 ...)
	NOT-FOR-US: Philips
CVE-2018-10596 (Medtronic 2090 CareLink Programmer all versions The affected product u ...)
	NOT-FOR-US: Medtronic
CVE-2018-10595 (A vulnerability in ReadA version 1.1.0.2 and previous allows an author ...)
	NOT-FOR-US: BD Kiestra and InoqulA systems
CVE-2018-10594 (Delta Industrial Automation COMMGR from Delta Electronics versions 1.0 ...)
	NOT-FOR-US: Delta
CVE-2018-10593 (A vulnerability in DB Manager version 3.0.1.0 and previous and Perform ...)
	NOT-FOR-US: BD Kiestra and InoqulA systems
CVE-2018-10592 (Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers  ...)
	NOT-FOR-US: Yokogawa
CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-10590 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-10589 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-10588
	RESERVED
CVE-2018-10587 (NetGain Enterprise Manager (EM) is affected by OS Command Injection vu ...)
	NOT-FOR-US: NetGain Enterprise Manager
CVE-2018-10586 (NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-S ...)
	NOT-FOR-US: NetGain Enterprise Manager
CVE-2018-10585 (Pexip Infinity before 18 allows remote Denial of Service (XML parsing) ...)
	NOT-FOR-US: Pexip Infinity
CVE-2018-10584
	RESERVED
CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3  ...)
	- libreoffice <unfixed> (unimportant)
	NOTE: http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
	NOTE: This is the generic behaviour of accessing remote SMB shares and not limited to
	NOTE: Libreoffice. This can e.g. be addressed by rejecting outgoing SMB connections
	NOTE: from the local network
	NOTE: The following commit adds this class of access to the list of trusted locations:
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e
CVE-2018-10582
	RESERVED
CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-10580 (The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because ther ...)
	NOT-FOR-US: "Latest Posts on Profile" plugin for MyBB
CVE-2018-10579
	RESERVED
CVE-2018-10578 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices  ...)
	NOT-FOR-US: WatchGuard AP100, AP102, and AP200 devices
CVE-2018-10577 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices  ...)
	NOT-FOR-US: WatchGuard AP100, AP102, and AP200 devices
CVE-2018-10576 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices  ...)
	NOT-FOR-US: WatchGuard devices
CVE-2018-10575 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices  ...)
	NOT-FOR-US: WatchGuard devices
CVE-2018-10574 (site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows r ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-1000172 (Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Si ...)
	NOT-FOR-US: Imagely NextGEN Gallery
CVE-2018-10573 (interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote a ...)
	NOT-FOR-US: OpenEMR
CVE-2018-10572 (interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remot ...)
	NOT-FOR-US: OpenEMR
CVE-2018-10571 (Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenE ...)
	NOT-FOR-US: OpenEMR
CVE-2018-10570 (Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10569 (An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1. ...)
	NOT-FOR-US: Edimax EW-7438RPn Mini v2
CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. ...)
	NOT-FOR-US: Flexense DiskSorter Enterprise
CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. ...)
	NOT-FOR-US: Flexense VX Search Enterprise
CVE-2018-10566 (XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. ...)
	NOT-FOR-US: Flexense DupScout Enterprise
CVE-2018-10565 (XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. ...)
	NOT-FOR-US: Flexense DiskSavvy Enterprise
CVE-2018-10564 (XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. ...)
	NOT-FOR-US: Flexense DiskPulse Enterprise
CVE-2018-10563 (An XSS in Flexense SyncBreeze affects all versions (tested from SyncBr ...)
	NOT-FOR-US: Flexense SyncBreeze
CVE-2018-10562 (An issue was discovered on Dasan GPON home routers. Command Injection  ...)
	NOT-FOR-US: Dasan GPON home routers
CVE-2018-10561 (An issue was discovered on Dasan GPON home routers. It is possible to  ...)
	NOT-FOR-US: Dasan GPON home routers
CVE-2018-10560
	RESERVED
CVE-2018-10559
	RESERVED
CVE-2018-10558
	RESERVED
CVE-2018-10557
	RESERVED
CVE-2018-10556
	RESERVED
CVE-2018-10555
	RESERVED
CVE-2018-10554 (An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable  ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10553 (An issue was discovered in Nagios XI 5.4.13. A registered user is able ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10552
	RESERVED
CVE-2018-10551
	RESERVED
CVE-2018-10550 (In Octopus Deploy before 2018.4.7, target and tenant tag variable scop ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-10549 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...)
	{DSA-4240-1 DLA-1397-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.19-1
	- php7.0 7.0.30-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (vulnerable code is not present)
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76130
CVE-2018-10548 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...)
	{DSA-4240-1 DLA-1397-1 DLA-1373-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.19-1
	- php7.0 7.0.30-1
	- php5 <removed>
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76248
CVE-2018-10547 (An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36 ...)
	{DSA-4240-1 DLA-1397-1 DLA-1373-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.19-1
	- php7.0 7.0.30-1
	- php5 <removed>
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76129
CVE-2018-10546 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...)
	{DSA-4240-1 DLA-1397-1}
	- php7.2 7.2.8-1
	- php7.1 7.1.19-1
	- php7.0 7.0.30-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (does not cause an infinite loop)
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76249
CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1 ...)
	{DSA-4240-1 DLA-1397-1 DLA-1373-1}
	- php7.2 7.2.4-1
	- php7.1 7.1.16-1
	- php7.0 7.0.29-1
	- php5 <removed>
	NOTE: Fixed in 5.6.35, 7.0.29, 7.1.16, 7.2.4
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75605
CVE-2018-10544 (Meross MSS110 devices through 1.1.24 contain an unauthenticated admin. ...)
	NOT-FOR-US: Meross MSS110
CVE-2018-10543
	RESERVED
CVE-2018-10542
	RESERVED
CVE-2018-10541
	RESERVED
CVE-2018-10540 (An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Ou ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
	NOTE: https://github.com/dbry/WavPack/issues/33
CVE-2018-10539 (An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
	NOTE: https://github.com/dbry/WavPack/issues/33
CVE-2018-10538 (An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Ou ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
	NOTE: https://github.com/dbry/WavPack/issues/33
CVE-2018-10537 (An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser c ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15
	NOTE: https://github.com/dbry/WavPack/issues/30
	NOTE: https://github.com/dbry/WavPack/issues/31
	NOTE: https://github.com/dbry/WavPack/issues/32
CVE-2018-10536 (An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser c ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15
	NOTE: https://github.com/dbry/WavPack/issues/30
	NOTE: https://github.com/dbry/WavPack/issues/31
	NOTE: https://github.com/dbry/WavPack/issues/32
CVE-2018-10535 (The ignore_section_sym function in elf.c in the Binary File Descriptor ...)
	- binutils 2.30.90.20180627-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23113
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db0c309f4011ca94a4abc8458e27f3734dab92ac
CVE-2018-10534 (The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in ...)
	- binutils 2.30.90.20180627-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23110
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aa4a8c2a2a67545e90c877162c53cc9de42dc8b4
CVE-2018-10533
	RESERVED
CVE-2018-10532 (An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 dev ...)
	NOT-FOR-US: EE 4GEE HH70VB-2BE8GB3s
CVE-2018-10531 (An issue was discovered in the America's Army Proving Grounds platform ...)
	NOT-FOR-US: America's Army Proving Grounds
CVE-2018-10530
	RESERVED
CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds re ...)
	- libraw 0.18.11-1 (low; bug #897186)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
	NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffe ...)
	- libraw 0.18.11-1 (low; bug #897185)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
	NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10527 (EasyCMS 1.3 is prone to Stored XSS when posting an article; four field ...)
	NOT-FOR-US: EasyCMS
CVE-2018-10526
	RESERVED
CVE-2018-10525
	RESERVED
CVE-2018-10524
	RESERVED
CVE-2018-10523 (CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10522 (In CMS Made Simple (CMSMS) through 2.2.7, the "file view" operation in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10521 (In CMS Made Simple (CMSMS) through 2.2.7, the "file move" operation in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10520 (In CMS Made Simple (CMSMS) through 2.2.7, the "module remove" operatio ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10519 (CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation vulnerab ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10518 (In CMS Made Simple (CMSMS) through 2.2.7, the "file delete" operation  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10517 (In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operatio ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10516 (In CMS Made Simple (CMSMS) through 2.2.7, the "file rename" operation  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10515 (In CMS Made Simple (CMSMS) through 2.2.7, the "file unpack" operation  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10514 (A Missing Impersonation Privilege Escalation vulnerability in Trend Mi ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10513 (A Deserialization of Untrusted Data Privilege Escalation vulnerability ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10512 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0)  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10511 (A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0)  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10510 (A Directory Traversal Remote Code Execution vulnerability in Trend Mic ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10509 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10508 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10507 (A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10506 (A out-of-bounds read information disclosure vulnerability in Trend Mic ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10505 (A pool corruption privilege escalation vulnerability in Trend Micro Of ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10504 (The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-10503 (An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105.  ...)
	NOT-FOR-US: baijiacms
CVE-2018-10502 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Samsung Galaxy Apps Fixed
CVE-2018-10501 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Samsung Notes Fixed
CVE-2018-10500 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Samsung Galaxy Apps
CVE-2018-10499 (This vulnerability allows local attackers to execute arbitrary code on ...)
	NOT-FOR-US: Samsung Galaxy Apps
CVE-2018-10498 (This vulnerability allows local attackers to disclose sensitive inform ...)
	NOT-FOR-US: Samsung Email Fixed
CVE-2018-10497 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Samsung Email Fixed
CVE-2018-10496 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Samsung Internet Browser Fixed
CVE-2018-10495 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10494 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10493 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10492 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10491 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10490 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10489 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10488 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10487 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10486 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10485 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10484 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10483 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10482 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10481 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10480 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10479 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10478 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10477 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10476 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10475 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10474 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10473 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10470 (Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidity ...)
	NOT-FOR-US: Little Snitch
CVE-2018-10469 (b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and e ...)
	NOT-FOR-US: b3log Symphony (aka Sym)
CVE-2018-10468 (The transferFrom function of a smart contract implementation for Usele ...)
	NOT-FOR-US: Ethereum
CVE-2018-10467
	RESERVED
CVE-2018-10466 (Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQ ...)
	NOT-FOR-US: Zoho
CVE-2018-10465 (Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro use ...)
	NOT-FOR-US: Jamf Pro
CVE-2018-10464
	RESERVED
CVE-2018-10463
	RESERVED
CVE-2018-10462
	RESERVED
CVE-2018-10461
	RESERVED
CVE-2018-10460
	RESERVED
CVE-2018-10459
	RESERVED
CVE-2018-10458
	RESERVED
CVE-2018-10457
	RESERVED
CVE-2018-10456
	RESERVED
CVE-2018-10455
	RESERVED
CVE-2018-10454
	RESERVED
CVE-2018-10453
	RESERVED
CVE-2018-10452
	RESERVED
CVE-2018-10451
	RESERVED
CVE-2018-10450
	RESERVED
CVE-2018-10449
	RESERVED
CVE-2018-10448
	RESERVED
CVE-2018-10447
	RESERVED
CVE-2018-10446
	RESERVED
CVE-2018-10445
	RESERVED
CVE-2018-10444
	RESERVED
CVE-2018-10443
	RESERVED
CVE-2018-10442
	RESERVED
CVE-2018-10441
	RESERVED
CVE-2018-10440
	RESERVED
CVE-2018-10439
	RESERVED
CVE-2018-10438
	RESERVED
CVE-2018-10437
	RESERVED
CVE-2018-10436
	RESERVED
CVE-2018-10435
	RESERVED
CVE-2018-10434
	RESERVED
CVE-2018-10433
	RESERVED
CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
	{DSA-4201-1 DLA-1549-1}
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	[wheezy] - xen <not-affected> (Regression for XSA-254 which was not applied in wheezy)
	NOTE: https://xenbits.xen.org/xsa/advisory-259.html
CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest O ...)
	{DSA-4201-1 DLA-1559-1}
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	[wheezy] - xen <not-affected> (No QMP support in wheezy)
	NOTE: https://xenbits.xen.org/xsa/advisory-258.html
CVE-2018-10432 (Pexip Infinity before 18 allows Remote Denial of Service (TLS handshak ...)
	NOT-FOR-US: Pexip Infinity
CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell me ...)
	NOT-FOR-US: D-Link
CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...)
	NOT-FOR-US: DiliCMS
CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via th ...)
	NOT-FOR-US: Cosmo
CVE-2018-10428 (ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due  ...)
	NOT-FOR-US: ILIAS
CVE-2018-10427
	RESERVED
CVE-2018-10426
	RESERVED
CVE-2018-10425 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPC ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10424 (mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10423 (mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a  ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10422 (An issue was discovered in HongCMS 3.0.0. The post news feature has St ...)
	NOT-FOR-US: HongCMS
CVE-2018-10421
	RESERVED
CVE-2018-10420
	RESERVED
CVE-2018-10419
	RESERVED
CVE-2018-10418
	RESERVED
CVE-2018-10417
	RESERVED
CVE-2018-10416
	RESERVED
CVE-2018-10415
	RESERVED
CVE-2018-10414
	RESERVED
CVE-2018-10413
	RESERVED
CVE-2018-10412
	RESERVED
CVE-2018-10411
	RESERVED
CVE-2018-10410
	RESERVED
CVE-2018-10409
	RESERVED
CVE-2018-10408 (An issue was discovered in VirusTotal. A maliciously crafted Universal ...)
	NOT-FOR-US: VirusTotal
CVE-2018-10407 (An issue was discovered in Carbon Black Cb Response. A maliciously cra ...)
	NOT-FOR-US: Carbon Black Cb Response
CVE-2018-10406 (An issue was discovered in Yelp OSXCollector. A maliciously crafted Un ...)
	NOT-FOR-US: Yelp OSXCollector
CVE-2018-10405 (An issue was discovered in Google Santa and molcodesignchecker. A mali ...)
	NOT-FOR-US: Google Santa and molcodesignchecker
CVE-2018-10404 (An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplore ...)
	NOT-FOR-US: Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo
CVE-2018-10403 (An issue was discovered in F-Secure XFENCE and Little Flocker. A malic ...)
	NOT-FOR-US: F-Secure XFENCE and Little Flocker
CVE-2018-10402
	RESERVED
CVE-2018-10401
	RESERVED
CVE-2018-10400
	RESERVED
CVE-2018-10399
	RESERVED
CVE-2018-10398
	RESERVED
CVE-2018-10397
	RESERVED
CVE-2018-10396
	RESERVED
CVE-2018-10395
	RESERVED
CVE-2018-10394
	RESERVED
CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...)
	{DLA-2013-1}
	- libvorbis 1.3.6-2 (bug #876780)
	[stretch] - libvorbis <no-dsa> (Minor issue)
	[wheezy] - libvorbis <ignored> (Minor issue)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
	NOTE: Same patch as for CVE-2017-14160
CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...)
	{DLA-2013-1}
	- libvorbis 1.3.6-2 (bug #876780)
	[stretch] - libvorbis <no-dsa> (Minor issue)
	[wheezy] - libvorbis <ignored> (Minor issue)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10390
	RESERVED
CVE-2018-10389 (Format string vulnerability in the logMess function in TFTP Server MT  ...)
	NOT-FOR-US: TFTP Server SP
CVE-2018-10388 (Format string vulnerability in the logMess function in TFTP Server SP  ...)
	NOT-FOR-US: TFTP Server SP
CVE-2018-10387 (Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier a ...)
	NOT-FOR-US: TFTP Server SP
CVE-2018-10386
	RESERVED
CVE-2018-10385
	RESERVED
CVE-2018-10384
	RESERVED
CVE-2018-10383 (Lantronix SecureLinx Spider (SLS) 2.2+ devices have XSS in the auth.as ...)
	NOT-FOR-US: Lantronix SecureLinx Spider
CVE-2018-10382 (MODX Revolution 2.6.3 has XSS. ...)
	NOT-FOR-US: MODX Revolution
CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege escalat ...)
	NOT-FOR-US: TunnelBear for Windows
CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain  ...)
	{DSA-4200-1}
	- kwallet-pam 5.12.1-2
	NOTE: https://www.kde.org/info/security/advisory-20180503-1.txt
	NOTE: https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 (Plasma 5.12)
	NOTE: https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 (Plasma 5.12)
	NOTE: https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 (Plasma 5.8)
	NOTE: https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b (Plasma 5.8)
CVE-2018-10379 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...)
	- gitlab 10.6.5+dfsg-1
	[stretch] - gitlab <not-affected> (Vulnerable code introduced in 9.5)
	NOTE: https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/
CVE-2018-10378
	RESERVED
CVE-2018-10377 (PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validati ...)
	NOT-FOR-US: PortSwigger Burp Suite
CVE-2018-10376 (An integer overflow in the transferProxy function of a smart contract  ...)
	NOT-FOR-US: SmartMesh token
CVE-2018-10375 (A file uploading vulnerability exists in /include/helpers/upload.helpe ...)
	NOT-FOR-US: DedeCMS
CVE-2018-10374 (EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value)  ...)
	NOT-FOR-US: EasyCMS
CVE-2018-10373 (concat_filename in dwarf2.c in the Binary File Descriptor (BFD) librar ...)
	- binutils 2.30.90.20180627-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23065
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6327533b1fd29fa86f6bf34e61c332c010e3c689
CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote atta ...)
	- binutils 2.30.90.20180627-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23064
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d
CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1 ...)
	NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
CVE-2018-1000178 (A heap corruption of type CWE-120 exists in quassel version 0.12.4 in  ...)
	{DSA-4189-1 DLA-1370-1}
	- quassel 1:0.12.5-1 (bug #896914)
	NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
	NOTE: https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 ...)
	{DSA-4189-1}
	- quassel 1:0.12.5-1 (bug #896915)
	[wheezy] - quassel <no-dsa> (Minor issue)
	NOTE: https://github.com/quassel/quassel/commit/e17fca767d60c06ca02bc5898ced04f06d3670bd (master)
	NOTE: https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e (0.12)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-10370
	RESERVED
CVE-2018-10369 (A Cross-site scripting (XSS) vulnerability was discovered on Intelbras ...)
	NOT-FOR-US: Intelbras Win devices
CVE-2018-10368 (An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -&gt ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. The content-management fea ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10366 (An issue was discovered in the Users (aka Front-end user management) p ...)
	NOT-FOR-US: Users (aka Front-end user management) plugin for October CMS
CVE-2018-10365 (An XSS issue was discovered in the Threads to Link plugin 1.3 for MyBB ...)
	NOT-FOR-US: Threads to Link plugin for MyBB
CVE-2018-10364 (BigTree before 4.2.22 has XSS in the Users management page via the nam ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-10363 (An issue was discovered in the WpDevArt "Booking calendar, Appointment ...)
	NOT-FOR-US: WpDevArt "Booking calendar, Appointment Booking System" plugin for WordPress
CVE-2018-10360 (The do_core_note function in readelf.c in libmagic.a in file 5.33 allo ...)
	- file 1:5.33-3 (bug #901351)
	[stretch] - file 1:5.30-1+deb9u2
	[jessie] - file 1:5.22+15-2+deb8u4
	NOTE: https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22
CVE-2018-10359 (A pool corruption privilege escalation vulnerability in Trend Micro Of ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10358 (A pool corruption privilege escalation vulnerability in Trend Micro Of ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10357 (A directory traversal vulnerability in Trend Micro Endpoint Applicatio ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10356 (A SQL injection remote code execution vulnerability in Trend Micro Ema ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10355 (An authentication weakness vulnerability in Trend Micro Email Encrypti ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10354 (A command injection remote command execution vulnerability in Trend Mi ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10353 (A SQL injection information disclosure vulnerability in Trend Micro Em ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10352 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allo ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10351 (A vulnerability in Trend Micro Email Encryption Gateway 5.5 could allo ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10350 (A SQL injection remote code execution vulnerability in Trend Micro Sma ...)
	NOT-FOR-US: Trend Micro
CVE-2018-10349
	REJECTED
CVE-2018-10348
	REJECTED
CVE-2018-10347
	REJECTED
CVE-2018-10346
	REJECTED
CVE-2018-10345
	REJECTED
CVE-2018-10344
	REJECTED
CVE-2018-10343
	REJECTED
CVE-2018-10342
	REJECTED
CVE-2018-10341
	REJECTED
CVE-2018-10340
	REJECTED
CVE-2018-10339
	REJECTED
CVE-2018-10338
	REJECTED
CVE-2018-10337
	REJECTED
CVE-2018-10336
	REJECTED
CVE-2018-10335
	REJECTED
CVE-2018-10334
	REJECTED
CVE-2018-10333
	REJECTED
CVE-2018-10332
	REJECTED
CVE-2018-10331
	REJECTED
CVE-2018-10330
	REJECTED
CVE-2018-10361 (An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure ...)
	- ktexteditor 5.47.0-1 (bug #896836)
	[stretch] - ktexteditor <not-affected> (Introduced in 5.34.0)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/24/1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033055
	NOTE: https://phabricator.kde.org/R39:c81af5aa1d4f6e0f8c44b2e85ca007ba2a1e4590
CVE-2018-10329 (app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on / ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/issues/1903
CVE-2018-10328 (Momentum Axel 720P 5.1.8 devices have a hardcoded password of streamin ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-10327 (PrinterOn Enterprise 4.1.3 stores the Active Directory bind credential ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-10326 (PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored  ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-10325
	RESERVED
CVE-2018-10324
	RESERVED
CVE-2018-10323 (The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in  ...)
	{DSA-4188-1 DLA-1529-1}
	- linux 4.16.5-1
	[wheezy] - linux <ignored> (Too much work to backport)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199423
CVE-2018-10322 (The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the ...)
	- linux 4.16.5-1
	[jessie] - linux <ignored> (dinode verifier not implemented)
	[wheezy] - linux <ignored> (dinode verifier not implemented)
	- linux-4.9 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199377
CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Ad ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10320 (Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parame ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10319 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] para ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10318 (Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parame ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10317
	RESERVED
CVE-2018-10316 (Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the asse ...)
	- nasm 2.14-1 (unimportant)
	NOTE: No security impact
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392474
	NOTE: https://github.com/netwide-assembler/nasm/commit/f0ceb1e122dc3523123dd8dfd6113f2e68451452
CVE-2018-10315
	RESERVED
CVE-2018-10314 (Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 ...)
	NOT-FOR-US: Open-AudIT Community
CVE-2018-10313 (WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D paramete ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10312 (index.php?m=member&amp;v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to ch ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10310 (A persistent cross-site scripting vulnerability has been identified in ...)
	NOT-FOR-US: web interface of the Catapult UK Cookie Consent plugin for WordPress
CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress mishandl ...)
	NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
CVE-2018-10308
	RESERVED
CVE-2018-10307 (error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the ...)
	NOT-FOR-US: ILIAS
CVE-2018-10306 (Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Fo ...)
	NOT-FOR-US: ILIAS
CVE-2018-10305 (The MessageSearch2 function in PersonalMessage.php in Simple Machines  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2018-10304
	RESERVED
CVE-2018-10303 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10302 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1  ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10362 (An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to  ...)
	- phpliteadmin 1.9.7.1-2 (bug #896682)
	NOTE: https://github.com/phpLiteAdmin/pla/issues/11
	NOTE: Fixed by: https://github.com/phpLiteAdmin/pla/commit/41545fe058e674a983f557bff13787df53167274
CVE-2018-10301 (Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram F ...)
	NOT-FOR-US: Web-Dorado Instagram Feed WD plugin Premium for WordPress
CVE-2018-10300 (Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram F ...)
	NOT-FOR-US: Web-Dorado Instagram Feed WD plugin for WordPress
CVE-2018-10299 (An integer overflow in the batchTransfer function of a smart contract  ...)
	NOT-FOR-US: Beauty Chain
CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post& ...)
	NOT-FOR-US: DiscuzX
CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=por ...)
	NOT-FOR-US: DiscuzX
CVE-2018-10296 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add ...)
	NOT-FOR-US: ChemCMS
CVE-2018-10294 (Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. ...)
	NOT-FOR-US: Flexense DiskBoss Enterprise
CVE-2018-10293
	RESERVED
CVE-2018-10292
	RESERVED
CVE-2018-10291
	RESERVED
CVE-2018-10290
	RESERVED
CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space functi ...)
	- mupdf 1.13.0+ds1-3 (unimportant; bug #896545)
	[jessie] - mupdf <not-affected> (Vulnerable code introduced later)
	[wheezy] - mupdf <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699271
	NOTE: Introduced in https://git.ghostscript.com/?p=mupdf.git;a=commit;h=1acaaf2b40614401378aa697de47093be9f390fe (1.8)
CVE-2018-10288
	RESERVED
CVE-2018-10287
	RESERVED
CVE-2018-10286 (The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive in ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application
CVE-2018-10285 (The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access  ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application
CVE-2018-10284 (Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/men ...)
	NOT-FOR-US: Adaltech G-Ticket v70 EME104
CVE-2018-10283 (CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php ...)
	NOT-FOR-US: CliqueMania loja virtual
CVE-2018-10282
	RESERVED
CVE-2018-10281
	RESERVED
CVE-2018-10280
	RESERVED
CVE-2018-10279
	RESERVED
CVE-2018-10278
	RESERVED
CVE-2018-10277
	RESERVED
CVE-2018-10276
	RESERVED
CVE-2018-10275
	RESERVED
CVE-2018-10274
	RESERVED
CVE-2018-10273
	RESERVED
CVE-2018-10272
	RESERVED
CVE-2018-10271
	RESERVED
CVE-2018-10270
	RESERVED
CVE-2018-10269
	RESERVED
CVE-2018-10268 (An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XS ...)
	NOT-FOR-US: FastAdmin
CVE-2018-10267 (WTCMS 1.0 has a CSRF vulnerability to add an administrator account via ...)
	NOT-FOR-US: WTCMS
CVE-2018-10266 (BEESCMS 4.0 has a CSRF vulnerability to add an administrator account v ...)
	NOT-FOR-US: BEESCMS
CVE-2018-10265 (An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerabili ...)
	NOT-FOR-US: HongCMS
CVE-2018-10264
	RESERVED
CVE-2018-10263
	RESERVED
CVE-2018-10262
	RESERVED
CVE-2018-10261
	RESERVED
CVE-2018-10260 (A Local File Inclusion vulnerability was found in HRSALE The Ultimate  ...)
	NOT-FOR-US: HRSALE
CVE-2018-10259 (An Authenticated Stored XSS vulnerability was found in HRSALE The Ulti ...)
	NOT-FOR-US: HRSALE
CVE-2018-10258 (A CSV Injection vulnerability was discovered in Shopy Point of Sale v1 ...)
	NOT-FOR-US: Shopy
CVE-2018-10257 (A CSV Injection vulnerability was discovered in HRSALE The Ultimate HR ...)
	NOT-FOR-US: HRSALE
CVE-2018-10256 (A SQL Injection vulnerability was discovered in HRSALE The Ultimate HR ...)
	NOT-FOR-US: HRSALE
CVE-2018-10255 (A CSV Injection vulnerability was discovered in clustercoding Blog Mas ...)
	NOT-FOR-US: clustercoding
CVE-2018-10254 (Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in th ...)
	- nasm 2.14-1 (bug #896523)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/nasm/bugs/561/
	NOTE: https://github.com/netwide-assembler/nasm/commit/55d09bbf6f7087339277b1e3b17c134b2afb2510
CVE-2018-10253 (Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack mem ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2018-10252 (An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a device ...)
	NOT-FOR-US: Actiontec WCB6200Q
CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS ...)
	NOT-FOR-US: Sierra Wireless AirLink routers
CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin ...)
	NOT-FOR-US: iCMS
CVE-2018-10249 (baijiacms V3 has CSRF via index.php?mod=site&amp;op=edituser&amp;name= ...)
	NOT-FOR-US: baijiacms
CVE-2018-10248 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10247
	RESERVED
CVE-2018-10246
	RESERVED
CVE-2018-10245 (A Full Path Disclosure vulnerability in AWStats through 7.6 allows rem ...)
	- awstats <unfixed> (unimportant)
	NOTE: Path disclosure for awstats negligible within Debian
CVE-2018-10244 (Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/ ...)
	- suricata 1:4.0.5-1
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <not-affected> (EtherNet/IP and CIP support introduced in 3.2beta1)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2545
	NOTE: https://redmine.openinfosecfoundation.org/issues/2543
	NOTE: https://github.com/OISF/suricata/commit/f68bf3301ad4d25f0a5ecb13405f4e26316cdf8d
	NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2018-10243 (htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allow ...)
	{DLA-1751-1}
	- libhtp 1:0.5.28-1
	- suricata 1:4.0.0-1
	[stretch] - suricata <no-dsa> (Minor issue)
	NOTE: suricata used the embedded copy of libhtp up to before 1:4.0.0-1.
	NOTE: https://github.com/OISF/libhtp/issues/169
	NOTE: https://github.com/OISF/libhtp/commit/eefd4b7d2be663f6067362f29c81e6edf909145a
	NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2018-10242 (Suricata version 4.0.4 incorrectly handles the parsing of the SSH bann ...)
	{DLA-1751-1}
	- suricata 1:4.0.5-1
	[stretch] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2544
	NOTE: https://redmine.openinfosecfoundation.org/issues/2542
	NOTE: https://github.com/OISF/suricata/commit/9ba89a31efc89ec5cb72326dbcb9166b098f3ea0
	NOTE: https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/
CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 H ...)
	NOT-FOR-US: SolarWinds Serv-U
CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a ...)
	NOT-FOR-US: SolarWinds Serv-U
CVE-2018-10239 (A privilege escalation vulnerability in the "support access" feature o ...)
	NOT-FOR-US: Infoblox NIOS
CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affec ...)
	NOT-FOR-US: skarg BACnet Protocol Stack
CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x before 2 ...)
	NOT-FOR-US: Google Guava
CVE-2018-10236 (POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code vi ...)
	NOT-FOR-US: POSCMS
CVE-2018-10235 (POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code vi ...)
	NOT-FOR-US: POSCMS
CVE-2018-10234 (Authenticated Cross site Scripting exists in the User Profile &amp; Me ...)
	NOT-FOR-US: User Profile & Membership plugin for WordPress
CVE-2018-10233 (The User Profile &amp; Membership plugin before 2.0.7 for WordPress ha ...)
	NOT-FOR-US: User Profile & Membership plugin for WordPress
CVE-2018-10232 (Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05 ...)
	NOT-FOR-US: TOPdesk
CVE-2018-10231 (Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (J ...)
	NOT-FOR-US: TOPdesk
CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. ...)
	NOT-FOR-US: Zend Server
CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to acc ...)
	NOT-FOR-US: GPU memory hardware issue
CVE-2018-10228
	RESERVED
CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10226
	RESERVED
CVE-2018-10225 (thinkphp 3.1.3 has SQL Injection via the index.php s parameter. ...)
	NOT-FOR-US: thinkphp
CVE-2018-10224 (An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability t ...)
	NOT-FOR-US: YzmCMS
CVE-2018-10223 (An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability t ...)
	NOT-FOR-US: YzmCMS
CVE-2018-10222 (An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulne ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-10221 (An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10220 (** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc ...)
	NOT-FOR-US: Glastopf
CVE-2018-10219 (baijiacms V3 has physical path leakage via an index.php?mod=mobile&amp ...)
	NOT-FOR-US: baijiacms
CVE-2018-10218
	RESERVED
CVE-2018-10217
	RESERVED
CVE-2018-10216
	RESERVED
CVE-2018-10215
	RESERVED
CVE-2018-10214
	RESERVED
CVE-2018-10213 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10212 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10211 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10210 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10209 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10208 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10207 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10206 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31.  ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10205 (hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_se ...)
	NOT-FOR-US: HyperHQ Hyper
CVE-2018-10204 (PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation v ...)
	NOT-FOR-US: PureVPN
CVE-2018-10203
	RESERVED
CVE-2018-10202
	RESERVED
CVE-2018-10201 (An issue was discovered in NcMonitorServer.exe in NC Monitor Server in ...)
	NOT-FOR-US: NC Monitor Server
CVE-2018-10200
	RESERVED
CVE-2018-10198 (An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is ...)
	- otrs2 6.0.7-1
	[stretch] - otrs2 <not-affected> (Specific to OTRS 6)
	[jessie] - otrs2 <not-affected> (Specific to OTRS 6)
	NOTE: https://github.com/OTRS/otrs/commit/9f5f09e4eef283c2f38c003ba0685b77234750d1
	NOTE: https://community.otrs.com/security-advisory-2018-01-security-update-for-otrs-framework
CVE-2018-10197 (There is a time-based blind SQL injection vulnerability in the Access  ...)
	NOT-FOR-US: ELO
CVE-2018-10196 (NULL pointer dereference vulnerability in the rebuild_vlists function  ...)
	- graphviz 2.40.1-6 (low; bug #898841)
	[stretch] - graphviz <no-dsa> (Minor issue)
	[jessie] - graphviz <no-dsa> (Minor issue)
	[wheezy] - graphviz <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/graphviz/graphviz/issues/1367
	NOTE: https://issuetracker.google.com/issues/77810342
CVE-2018-10195 [rzsz: sz can leak data to receiving side]
	RESERVED
	- lrzsz 0.12.21-10 (low; bug #897010)
	[stretch] - lrzsz <no-dsa> (Minor issue)
	[jessie] - lrzsz <no-dsa> (Minor issue)
	[wheezy] - lrzsz <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1090051
	NOTE: Fedora patch: https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch
CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in the pdf ...)
	{DLA-1363-1}
	- ghostscript 9.22~dfsg-2.1 (bug #896069)
	[stretch] - ghostscript 9.20~dfsg-3.2+deb9u2
	[jessie] - ghostscript 9.06~dfsg-2+deb8u7
	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet public)
CVE-2018-1000200 (The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dere ...)
	- linux 4.16.12-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/27ae357fa82be5ab73b2ef8d39dcb8ca2563483a
CVE-2018-1000167 (OISF suricata-update version 1.0.0a1 contains an Insecure Deserializat ...)
	NOT-FOR-US: suricata-update (different from suricata)
CVE-2018-1000166
	REJECTED
CVE-2018-1000165 (LightSAML version prior to 1.3.5 contains a Incorrect Access Control v ...)
	NOT-FOR-US: LightSAML
CVE-2018-1000163 (Floodlight version 1.2 and earlier contains a Cross Site Scripting (XS ...)
	NOT-FOR-US: Floodlight
CVE-2018-1000162 (Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: Parsedown
CVE-2018-1000160 (RisingStack protect version 1.2.0 and earlier contains a Cross Site Sc ...)
	NOT-FOR-US: RisingStack
CVE-2018-1000158 (cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulner ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10199 (In versions of mruby up to and including 1.4.0, a use-after-free vulne ...)
	- mruby 1.4.0+20180418+git54905e98-1 (bug #896021)
	[stretch] - mruby <not-affected> (Vulnerable code introduced later)
	[jessie] - mruby <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/mruby/mruby/issues/4001
	NOTE: https://github.com/mruby/mruby/commit/b51b21fc63c9805862322551387d9036f2b63433
CVE-2018-10193 (LogMeIn LastPass through 4.15.0 allows remote attackers to cause a den ...)
	NOT-FOR-US: LogMeIn LastPass
CVE-2018-10192 (IPVanish 3.0.11 for macOS suffers from a root privilege escalation vul ...)
	NOT-FOR-US: IPVanish for macOS
CVE-2018-10191 (In versions of mruby up to and including 1.4.0, an integer overflow ex ...)
	- mruby 1.4.0+20180418+git54905e98-1 (bug #896020)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/issues/3995
	NOTE: https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626
CVE-2018-10190 (A vulnerability in London Trust Media Private Internet Access (PIA) VP ...)
	NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client for Windows
CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is pos ...)
	NOT-FOR-US: Mautic
CVE-2018-10188 (phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to exec ...)
	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #896490)
	[stretch] - phpmyadmin <not-affected> (Only affects 4.8.x)
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
CVE-2018-10187 (In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik ...)
	- radare2 2.6.0+dfsg-1 (low; bug #897305)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/9913
	NOTE: https://github.com/radare/radare2/commit/cdb278059b7b0aaaaa2315b82d0fa6ad50433db0
CVE-2018-10186 (In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_ ...)
	- radare2 2.6.0+dfsg-1 (low; bug #897305)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/9915
	NOTE: https://github.com/radare/radare2/commit/a0348bb1b512ef27301dd7cdfb327ef5e14813fc
	NOTE: Before applying the fix for CVE-2018-8808 the issue is covered/differently visible
CVE-2018-10185 (An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerabili ...)
	NOT-FOR-US: TuziCMS
CVE-2018-10184 (An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame ...)
	- haproxy 1.8.8-1
	[stretch] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
	[jessie] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
	[wheezy] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588
	NOTE: http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28
CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site scripti ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-10182
	RESERVED
CVE-2018-1000199 (The Linux Kernel version 3.18 contains a dangerous feature vulnerabili ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/f67b15037a7a50c57f72e69a6d59941ad90a0f0f
CVE-2018-10181
	RESERVED
CVE-2018-10180
	RESERVED
CVE-2018-10179
	RESERVED
CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allows rem ...)
	NOT-FOR-US: FromDocToPDF extension for Ghrome
CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGIm ...)
	{DLA-2333-1}
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (bug #896018)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1095
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9fdda6391e38aaad3bfd6a30bd6a72bd31aeee02
CVE-2018-10176 (Digital Guardian Management Console 7.1.2.0015 has a Directory Travers ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10175 (Digital Guardian Management Console 7.1.2.0015 has an XXE issue. ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10174 (Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that  ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10173 (Digital Guardian Management Console 7.1.2.0015 allows authenticated re ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10172 (7-Zip through 18.01 on Windows implements the "Large memory pages" opt ...)
	NOT-FOR-US: 7-Zip
CVE-2018-10171 (Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vul ...)
	NOT-FOR-US: Kromtech MacKeeper
CVE-2018-10170 (NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalatio ...)
	NOT-FOR-US: NordVPN for Windows
CVE-2018-10169 (ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation ...)
	NOT-FOR-US: ProtonVPN for Windows
CVE-2018-10168 (TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6 ...)
	NOT-FOR-US: TP-Link
CVE-2018-10167 (The web application backup file in the TP-Link EAP Controller and Omad ...)
	NOT-FOR-US: TP-Link
CVE-2018-10166 (The web management interface in the TP-Link EAP Controller and Omada C ...)
	NOT-FOR-US: TP-Link
CVE-2018-10165 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Con ...)
	NOT-FOR-US: TP-Link
CVE-2018-10164 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Con ...)
	NOT-FOR-US: TP-Link
CVE-2018-10163
	REJECTED
CVE-2018-10162
	REJECTED
CVE-2018-10161
	REJECTED
CVE-2018-10160
	REJECTED
CVE-2018-10159
	REJECTED
CVE-2018-10158
	REJECTED
CVE-2018-10157
	REJECTED
CVE-2018-10156
	REJECTED
CVE-2018-10155
	REJECTED
CVE-2018-10154
	REJECTED
CVE-2018-10153
	REJECTED
CVE-2018-10152
	REJECTED
CVE-2018-10151
	REJECTED
CVE-2018-10150
	REJECTED
CVE-2018-10149
	REJECTED
CVE-2018-10148
	REJECTED
CVE-2018-10147
	REJECTED
CVE-2018-10146
	REJECTED
CVE-2018-10145
	REJECTED
CVE-2018-10144
	REJECTED
CVE-2018-10143 (The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier m ...)
	NOT-FOR-US: Palo Alto Networks Expedition Migration tool
CVE-2018-10142 (The Expedition Migration tool 1.0.106 and earlier may allow an unauthe ...)
	NOT-FOR-US: Expedition Migration
CVE-2018-10141 (GlobalProtect Portal Login page in Palo Alto Networks PAN-OS before 8. ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2018-10140 (The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2018-10139 (The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PA ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2018-10138 (The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuk ...)
	NOT-FOR-US: DNN
CVE-2018-10137 (iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the ...)
	NOT-FOR-US: iScripts UberforX
CVE-2018-10136 (iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section  ...)
	NOT-FOR-US: iScripts UberforX
CVE-2018-10135 (iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" ca ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10134
	RESERVED
CVE-2018-10133 (PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php ...)
	NOT-FOR-US: PbootCMS
CVE-2018-10132 (PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backu ...)
	NOT-FOR-US: PbootCMS
CVE-2018-10131
	RESERVED
CVE-2018-10130
	RESERVED
CVE-2018-10129
	RESERVED
CVE-2018-10128 (An issue was discovered in XYHCMS 3.5. It has XSS via the test paramet ...)
	NOT-FOR-US: XYHCMS
CVE-2018-10127 (An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g= ...)
	NOT-FOR-US: XYHCMS
CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 fu ...)
	- tiff <unfixed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2786
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10125 (Contao before 4.5.7 has XSS in the system log. ...)
	NOT-FOR-US: Contao
CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to r ...)
	NOT-FOR-US: p910nd on Inteno IOPSYS
CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhi ...)
	NOT-FOR-US: QingDao Nature Easy Soft Chanzhi Enterprise Portal System
CVE-2018-10121 (plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XS ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-10120 (The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx ...)
	{DSA-4178-1 DLA-1356-1}
	- libreoffice 1:6.0.2-1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6173
	NOTE: https://gerrit.libreoffice.org/#/c/49486/
	NOTE: https://gerrit.libreoffice.org/#/c/49499/
	NOTE: https://gerrit.libreoffice.org/#/c/49500/
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=017fcc2fcd00af17a97bd5463d89662404f57667
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2018-10120/
CVE-2018-10119 (sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x b ...)
	{DSA-4178-1 DLA-1356-1}
	- libreoffice 1:6.0.1-1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747
	NOTE: https://gerrit.libreoffice.org/#/c/48751/
	NOTE: https://gerrit.libreoffice.org/#/c/48756/
	NOTE: https://gerrit.libreoffice.org/#/c/48757/
	NOTE: https://gerrit.libreoffice.org/#/c/48758/
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/
CVE-2018-10118 (Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New  ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-10117 (An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vul ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-10116
	RESERVED
CVE-2018-10115 (Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 a ...)
	- p7zip-rar 16.02-3 (bug #897674)
	[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
	[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
	[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
	NOTE: https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
	NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
CVE-2018-10114 (An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterat ...)
	- gegl 0.3.34-1 (low)
	[stretch] - gegl <no-dsa> (Minor issue)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795248
	NOTE: https://git.gnome.org/browse/gegl/commit/?id=c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
	NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#1-gegl-outbound-write-1
CVE-2018-10113 (An issue was discovered in GEGL through 0.3.32. The process function i ...)
	- gegl 0.3.34-1 (low)
	[stretch] - gegl <no-dsa> (Minor issue)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795248
	NOTE: https://gitlab.gnome.org/GNOME/gegl/commit/c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_ ...)
	- gegl <unfixed> (low)
	[bullseye] - gegl <ignored> (Minor issue, architectual limitation)
	[buster] - gegl <ignored> (Minor issue, architectual limitation)
	[stretch] - gegl <ignored> (Minor issue, architectual limitation)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795249
	NOTE: https://gitlab.gnome.org/GNOME/gegl/issues/65
	NOTE: https://github.com/xiaoqx/pocs/tree/master/gegl#4-gegl-outbound-write-2
CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The render_rectangle f ...)
	- gegl <unfixed> (low)
	[bullseye] - gegl <ignored> (Minor issue, architectual limitation)
	[buster] - gegl <ignored> (Minor issue, architectual limitation)
	[stretch] - gegl <ignored> (Minor issue, architectual limitation)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795249
	NOTE: https://gitlab.gnome.org/GNOME/gegl/issues/65
	NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#2-gegl-dos-1
CVE-2018-10110 (D-Link DIR-615 T1 devices allow XSS via the Add User feature. ...)
	NOT-FOR-US: D-Link
CVE-2018-10109 (Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has  ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-10108 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
	NOT-FOR-US: D-Link
CVE-2018-10107 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
	NOT-FOR-US: D-Link
CVE-2018-10106 (D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PAT ...)
	NOT-FOR-US: D-Link
CVE-2018-10105 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2 ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: "Fixed" by disabling SMB printing
CVE-2018-10104
	RESERVED
CVE-2018-10103 (tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2 ...)
	{DSA-4547-1 DLA-1955-1}
	- tcpdump 4.9.3-1 (bug #941698)
	NOTE: "Fixed" by disabling SMB printing
CVE-2018-10099 (Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search)  ...)
	NOT-FOR-US: Google Monorail
CVE-2018-10098 (In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.14 ...)
	NOT-FOR-US: MicroWorld eScan
CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_addre ...)
	NOT-FOR-US: Domain Trader
CVE-2018-1000171
	REJECTED
CVE-2018-1002100 (In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to versio ...)
	- kubernetes 1.17.4-1 (bug #929225)
	NOTE: https://github.com/kubernetes/kubernetes/issues/61297
	NOTE: https://github.com/kubernetes/kubernetes/commit/f180c969ccd47b9d00dbaf5cbd5b37eb8b49ae08 (1.9.x)
CVE-2018-1000170 (A cross-site scripting vulnerability exists in Jenkins 2.115 and older ...)
	- jenkins <removed>
CVE-2018-1000169 (An exposure of sensitive information vulnerability exists in Jenkins 2 ...)
	- jenkins <removed>
CVE-2018-10096 (joyplus-cms 1.6.0 has XSS via the device_name parameter in a manager/a ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-10095 (Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allo ...)
	- dolibarr <removed>
CVE-2018-10094 (SQL injection vulnerability in Dolibarr before 7.0.2 allows remote att ...)
	- dolibarr <removed>
CVE-2018-10093 (AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 al ...)
	NOT-FOR-US: AudioCodes IP phone
CVE-2018-10092 (The admin panel in Dolibarr before 7.0.2 might allow remote attackers  ...)
	- dolibarr <removed>
CVE-2018-10091 (AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 al ...)
	NOT-FOR-US: AudioCodes IP phone
CVE-2018-10090
	RESERVED
CVE-2018-10089
	RESERVED
CVE-2018-10088 (Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and  ...)
	NOT-FOR-US: XiongMai uc-httpd
CVE-2018-10124 (The kill_something_info function in kernel/signal.c in the Linux kerne ...)
	{DLA-1423-1}
	- linux 4.13.4-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <ignored> (Minor issue)
	NOTE: Fixed by: https://git.kernel.org/linus/4ea77014af0d6205b05503d1c7aac6eace11d473 (4.13-rc1)
CVE-2018-10087 (The kernel_wait4 function in kernel/exit.c in the Linux kernel before  ...)
	{DLA-1423-1}
	- linux 4.13.4-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <ignored> (Minor issue)
	NOTE: Fixed by: https://git.kernel.org/linus/dd83c161fbcc5d8be637ab159c0de015cbff5ba4 (4.13-rc1)
CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execu ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10085 (CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection beca ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10084 (CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation  ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10083 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file delet ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10082 (CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_ ...)
	NOT-FOR-US: Secutech RiS-11, RiS-22, and RiS-33 devices
CVE-2018-10079 (Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\Wa ...)
	NOT-FOR-US: Geist WatchDog Console
CVE-2018-10078 (Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2 ...)
	NOT-FOR-US: Geist WatchDog Console
CVE-2018-10077 (XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2. ...)
	NOT-FOR-US: Geist WatchDog Console
CVE-2018-10076 (An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12.  ...)
	NOT-FOR-US: Zoho
CVE-2018-10075 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog ...)
	NOT-FOR-US: Zoho
CVE-2018-10073 (joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword par ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-10072 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attacker ...)
	NOT-FOR-US: WinDriver
CVE-2018-10071 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attacker ...)
	NOT-FOR-US: WinDriver
CVE-2018-10070 (A vulnerability in MikroTik Version 6.41.4 could allow an unauthentica ...)
	NOT-FOR-US: MikroTik
CVE-2018-10069
	RESERVED
CVE-2018-10068 (The jDownloads extension before 3.2.59 for Joomla! has XSS. ...)
	NOT-FOR-US: jDownloads extension for Joomla!
CVE-2018-10067
	RESERVED
CVE-2018-10066 (An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN s ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2018-10065
	RESERVED
CVE-2018-10064
	RESERVED
CVE-2018-10063 (The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to  ...)
	NOT-FOR-US: Convert Forms extension for Joomla!
CVE-2018-10062
	RESERVED
CVE-2018-10074 (The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660 ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/9903e41ae1f5d50c93f268ca3304d4d7c64b9311 (4.16-rc7)
CVE-2018-10061 (Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars  ...)
	- cacti 1.1.37+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <no-dsa> (Minor issue)
	[wheezy] - cacti <no-dsa> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/issues/1457
CVE-2018-10060 (Cacti before 1.1.37 has XSS because it does not properly reject uninte ...)
	- cacti 1.1.37+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <no-dsa> (Minor issue)
	[wheezy] - cacti <no-dsa> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/issues/1457
CVE-2018-10059 (Cacti before 1.1.37 has XSS because the get_current_page function in l ...)
	- cacti 1.1.37+ds1-1
	[stretch] - cacti <not-affected> (Issue introduced later)
	[jessie] - cacti <not-affected> (Issue introduced later)
	[wheezy] - cacti <not-affected> (Issue introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/1457
	NOTE: get_current_page was added in the 1.x series
CVE-2018-10058 (The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 a ...)
	- cgminer <unfixed> (bug #900929)
	[stretch] - cgminer <no-dsa> (Minor issue)
	[jessie] - cgminer <no-dsa> (Minor issue)
	- bfgminer <removed> (bug #900930)
	[jessie] - bfgminer <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/03/1
	NOTE: Mitigated by toolchain hardening to plain crash
CVE-2018-10057 (The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 a ...)
	- cgminer <unfixed> (bug #900929)
	[stretch] - cgminer <no-dsa> (Minor issue)
	[jessie] - cgminer <no-dsa> (Minor issue)
	- bfgminer <removed> (bug #900930)
	[jessie] - bfgminer <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/03/1
CVE-2018-10056
	RESERVED
CVE-2018-10055 (Invalid memory access and/or a heap buffer overflow in the TensorFlow  ...)
	- tensorflow <itp> (bug #804612)
CVE-2018-10054 (H2 1.4.197, as used in Datomic before 0.9.5697 and other products, all ...)
	NOT-FOR-US: H2 (different from src:python-h2)
CVE-2018-10053
	RESERVED
CVE-2018-10052 (iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult ...)
	NOT-FOR-US: iScripts SupportDesk
CVE-2018-10051 (iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult ...)
	NOT-FOR-US: iScripts SupportDesk
CVE-2018-10050 (iScripts eSwap v2.4 has SQL injection via the "registration_settings.p ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10049 (iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDat ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10048 (iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Ad ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10047
	RESERVED
CVE-2018-10046
	RESERVED
CVE-2018-10045
	RESERVED
CVE-2018-10044
	RESERVED
CVE-2018-10043
	RESERVED
CVE-2018-10042
	RESERVED
CVE-2018-10041
	RESERVED
CVE-2018-10040
	RESERVED
CVE-2018-10039
	RESERVED
CVE-2018-10038
	RESERVED
CVE-2018-10037
	RESERVED
CVE-2018-10036
	RESERVED
CVE-2018-10035
	RESERVED
CVE-2018-10034
	RESERVED
CVE-2018-10033 (CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.ph ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10032 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleint ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10031 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.ph ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10030 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10029 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleint ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10028 (joyplus-cms 1.6.0 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-10027 (ESTsoft ALZip before 10.76 allows local users to execute arbitrary cod ...)
	NOT-FOR-US: ESTsoft ALZip
CVE-2018-10026 (The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/modu ...)
	NOT-FOR-US: WeChat module in YzmCMS
CVE-2018-10025
	RESERVED
CVE-2018-10024 (ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with  ...)
	NOT-FOR-US: ubiQuoss Switch VP5208A
CVE-2018-10023 (Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/ ...)
	NOT-FOR-US: Catfish CMS
CVE-2018-10022
	RESERVED
CVE-2018-10021 (** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel ...)
	{DLA-1529-1 DLA-1423-1}
	- linux 4.15.17-1
	[stretch] - linux 4.9.107-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/318aaf34f1179b39fa9c30fa0f3288b645beee39 (4.16-rc7)
	NOTE: Low security impact, failure can only occur for physically
	NOTE: proximate attackers who unplug SAS Host Bus Adapter cables.
CVE-2018-10020
	RESERVED
CVE-2018-10019
	RESERVED
CVE-2018-9999 (In Zulip Server versions before 1.7.2, there was an XSS issue with use ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-9998 (Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40 ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-9997 (Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchan ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-9996 (An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...)
	- binutils <unfixed> (unimportant)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
	NOTE: binutils not covered by security support
CVE-2018-9995 (TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix ...)
	NOT-FOR-US: TBK DVR4104 and DVR4216 devices
CVE-2018-9994
	REJECTED
CVE-2018-9993 (YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcon ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-9992 (Frog CMS 0.9.5 has XSS via the name field of a new "File" or "Director ...)
	NOT-FOR-US: Frog CMS
CVE-2018-9991 (Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username para ...)
	NOT-FOR-US: Frog CMS
CVE-2018-9990 (In Zulip Server versions before 1.7.2, there was an XSS issue with str ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-10018 (The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Tota ...)
	NOT-FOR-US: GDASPAMLib.AntiSpam ActiveX control
CVE-2018-10017 (soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before ...)
	- libopenmpt 0.3.8-1 (bug #895406)
	[stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u3
	NOTE: https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76
CVE-2018-10016 (Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability  ...)
	- nasm 2.14-1 (bug #895408)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392473
	NOTE: https://github.com/netwide-assembler/nasm/commit/ceec0d818798aeaa75ed4907e6135b0247ed46b2
CVE-2018-10015
	RESERVED
CVE-2018-10014
	RESERVED
CVE-2018-10013
	RESERVED
CVE-2018-10012
	RESERVED
CVE-2018-10011
	RESERVED
CVE-2018-10010
	RESERVED
CVE-2018-10009
	RESERVED
CVE-2018-10008
	RESERVED
CVE-2018-10007
	RESERVED
CVE-2018-10006
	RESERVED
CVE-2018-10005
	RESERVED
CVE-2018-10004
	RESERVED
CVE-2018-10003
	RESERVED
CVE-2018-10002
	RESERVED
CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through  ...)
	{DSA-4249-1}
	- ffmpeg 7:3.4.3-1 (low)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	NOTE: Fixed in 3.2.11
CVE-2018-10000 (The Video Downloader professional extension before 2018-04-05 for Chro ...)
	NOT-FOR-US: The Video Downloader professional extension for Chrome
CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...)
	{DLA-1518-1}
	- mbedtls 2.8.0-1
	[stretch] - mbedtls <no-dsa> (Minor issue)
	- polarssl <removed>
	[wheezy] - polarssl <no-dsa> (Minor issue)
	NOTE: https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e
	NOTE: https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffe ...)
	{DLA-1518-1}
	- mbedtls 2.8.0-1
	[stretch] - mbedtls <no-dsa> (Minor issue)
	- polarssl <removed>
	[wheezy] - polarssl <no-dsa> (Minor issue)
	NOTE: https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1
	NOTE: https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215
	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
CVE-2018-9987 (In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there w ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-9986 (In Zulip Server versions before 1.7.2, there were XSS issues with the  ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-9985 (The front page of MetInfo 6.0 allows XSS by sending a feedback message ...)
	NOT-FOR-US: MetInfo
CVE-2018-9984 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9983 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9982 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9981 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9980 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9979 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9978 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9977 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9976 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9975 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9974 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9973 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9972 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9971 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9970 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9969 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9968 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9967 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9966 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9965 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9964 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9963 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9962 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9961 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9960 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9959 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9958 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9957 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9956 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9955 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9954 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9953 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9952 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9951 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9950 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9949 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9948 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9947 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9946 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9945 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9944 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9943 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9942 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9941 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9940 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9939 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9938 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9937 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9936 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9935 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9934 (The reset-password feature in MetInfo 6.0 allows remote attackers to c ...)
	NOT-FOR-US: MetInfo
CVE-2018-9933
	RESERVED
CVE-2018-9932
	RESERVED
CVE-2018-9931
	RESERVED
CVE-2018-9930
	RESERVED
CVE-2018-9929
	RESERVED
CVE-2018-9928 (Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 al ...)
	NOT-FOR-US: MetInfo
CVE-2018-9927 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-9926 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerabil ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-9925 (An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists v ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9924 (An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injectio ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9923 (An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists  ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. Physical pat ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possibl ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-9920 (Server side request forgery exists in the runtime application in K2 sm ...)
	NOT-FOR-US: K2
CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0. ...)
	NOT-FOR-US: Tp-shop
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionar ...)
	- qpdf 8.0.2-3 (bug #895443)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/202
CVE-2018-9917
	RESERVED
CVE-2018-9916
	RESERVED
CVE-2018-9915
	RESERVED
CVE-2018-9914
	RESERVED
CVE-2018-9913
	RESERVED
CVE-2018-9912
	RESERVED
CVE-2018-9911
	RESERVED
CVE-2018-9910
	RESERVED
CVE-2018-9909
	RESERVED
CVE-2018-9908
	RESERVED
CVE-2018-9907
	RESERVED
CVE-2018-9906
	RESERVED
CVE-2018-9905
	RESERVED
CVE-2018-9904
	RESERVED
CVE-2018-9903
	RESERVED
CVE-2018-9902
	RESERVED
CVE-2018-9901
	RESERVED
CVE-2018-9900
	RESERVED
CVE-2018-9899
	RESERVED
CVE-2018-9898
	RESERVED
CVE-2018-9897
	RESERVED
CVE-2018-9896
	RESERVED
CVE-2018-9895
	RESERVED
CVE-2018-9894
	RESERVED
CVE-2018-9893
	RESERVED
CVE-2018-9892
	RESERVED
CVE-2018-9891
	RESERVED
CVE-2018-9890
	RESERVED
CVE-2018-9889
	RESERVED
CVE-2018-9888
	RESERVED
CVE-2018-9887
	RESERVED
CVE-2018-9886
	RESERVED
CVE-2018-9885
	RESERVED
CVE-2018-9884
	RESERVED
CVE-2018-9883
	RESERVED
CVE-2018-9882
	RESERVED
CVE-2018-9881
	RESERVED
CVE-2018-9880
	RESERVED
CVE-2018-9879
	RESERVED
CVE-2018-9878
	RESERVED
CVE-2018-9877
	RESERVED
CVE-2018-9876
	RESERVED
CVE-2018-9875
	RESERVED
CVE-2018-9874
	RESERVED
CVE-2018-9873
	RESERVED
CVE-2018-9872
	RESERVED
CVE-2018-9871
	RESERVED
CVE-2018-9870
	RESERVED
CVE-2018-9869
	RESERVED
CVE-2018-9868
	RESERVED
CVE-2018-9867 (In SonicWall SonicOS, administrators without full permissions can down ...)
	NOT-FOR-US: SonicWall
CVE-2018-9866 (A vulnerability in lack of validation of user-supplied parameters pass ...)
	NOT-FOR-US: SonicWall
CVE-2018-9865
	RESERVED
CVE-2018-9864 (The WP Live Chat Support plugin before 8.0.06 for WordPress has stored ...)
	NOT-FOR-US: WP Live Chat Support plugin for WordPress
CVE-2018-9863
	RESERVED
CVE-2018-9862 (util.c in runV 1.0.0 for Docker mishandles a numeric username, which a ...)
	NOT-FOR-US: runV for Docker
CVE-2018-9861 (Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka im ...)
	NOT-FOR-US: ckeditor plugin
CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An  ...)
	- botan 2.4.0-6
	- botan1.10 <not-affected> (Issue introduced in 1.11.32)
	NOTE: https://github.com/randombit/botan/commit/ec222c99719c396a1f4756b2ca345dbbfbeb5ed5
	NOTE: Bug introduced in 1.11.32, fixed in 2.6.0
CVE-2018-9859 (The path of Whale update service was unquoted in NAVER Whale before 1. ...)
	NOT-FOR-US: Whale
CVE-2018-1000168 (nghttp2 version &gt;= 1.10.0 and nghttp2 &lt;= v1.31.0 contains an Imp ...)
	- nghttp2 1.31.1-1 (low; bug #895566)
	[stretch] - nghttp2 <no-dsa> (Minor issue)
	[jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0)
	NOTE: Affected versions: nghttp2 >= 1.10.0 and nghttp2 <= v1.31.0
	NOTE: Fixed by: https://github.com/nghttp2/nghttp2/commit/b1bd6035e884b3d83748914a3b5f2a8e52a78a2f
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/12/4
CVE-2018-9858
	RESERVED
CVE-2018-9857 (PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field ...)
	NOT-FOR-US: PHP Scripts Mall Match Clone Script
CVE-2018-9856 (Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles  ...)
	NOT-FOR-US: Kotti
CVE-2018-9855
	RESERVED
CVE-2018-9854
	RESERVED
CVE-2018-9853 (Insecure access control in freeSSHd version 1.3.1 allows attackers to  ...)
	NOT-FOR-US: freeSSHd
CVE-2018-9852 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allow ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9851 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allow ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9850 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allo ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9849 (Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8. ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-9848 (In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\Up ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9847 (In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\Tp ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9846 (In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin ena ...)
	{DSA-4181-1}
	- roundcube 1.3.6+dfsg.1-1 (bug #895184)
	[wheezy] - roundcube <not-affected> (Vulnerable code not present in archive.php)
	NOTE: https://github.com/roundcube/roundcubemail/issues/6238
	NOTE: https://github.com/roundcube/roundcubemail/commit/e3dd5b66d236867572e68fcb80281e9268a0cfb0 (release-1.3)
	NOTE: https://github.com/roundcube/roundcubemail/commit/cdeb6234a2e029c499898c3432fdf5b2cf093640 (release-1.2)
	NOTE: https://github.com/roundcube/roundcubemail/commit/5b7e9a2c960eb4fd2364921297020a5dcd2d7dbc (release-1.2)
	NOTE: https://github.com/roundcube/roundcubemail/commit/c69b851b8a704f6483ec9d1cae7cd1ecd33c3343 (release-1.2)
	NOTE: https://github.com/roundcube/roundcubemail/commit/7901047474729a7f466eb8c59c92a36fc7cf0e70 (release-1.2)
CVE-2018-9845 (Etherpad Lite before 1.6.4 is exploitable for admin access. ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9844 (The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mi ...)
	NOT-FOR-US: Iptanus WordPress File Upload plugin for WordPress
CVE-2018-9843 (The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10 ...)
	NOT-FOR-US: CyberArk Password Vault Web Access
CVE-2018-9842 (CyberArk Password Vault before 9.7 allows remote attackers to obtain s ...)
	NOT-FOR-US: CyberArk Password Vault
CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg through 3. ...)
	- ffmpeg 7:3.4.3-1 (low)
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physically pr ...)
	NOT-FOR-US: Open Whisper Signal app for iOS
CVE-2018-9839 (An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a ...)
	- mantis <removed>
	NOTE: https://github.com/mantisbt/mantisbt/commit/1fbcd9bca2f2c77cb61624d36ddee4b3802c38ea
	NOTE: https://mantisbt.org/bugs/view.php?id=24221
CVE-2018-1000164 (gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of ...)
	{DSA-4186-1 DLA-1357-1}
	- gunicorn 19.5.0-1 (bug #896548)
	NOTE: https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5
	NOTE: https://github.com/benoitc/gunicorn/issues/1227
	NOTE: https://github.com/benoitc/gunicorn/commit/5263a4ef2a63c62216680876f3813959839608ff
CVE-2018-1000161 (nmap version 6.49BETA6 through 7.60, up to and including SVN revision  ...)
	- nmap 7.70+dfsg1-1
	[stretch] - nmap <no-dsa> (Minor issue)
	[jessie] - nmap <not-affected> (Vulnerable code not present)
	[wheezy] - nmap <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/098e32713650f54732472f31245b7eca936b2bd8
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/da0c861299ae1ce6268e9591838f7a1144b327d7
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/88631b50676c38824e01d30819f46258a8497b0a
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/80e1977308e51b1b7aa038a38f8837a7e90b3849
	NOTE: Introduced in https://github.com/nmap/nmap/commit/88381c2e685297a4fafe7182a06877b27da34e1e
	NOTE: Script added in 6.49BETA6 (cf. https://bugzilla.suse.com/show_bug.cgi?id=1088608#c1)
CVE-2018-1000159 (tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd08 ...)
	- tlslite-ng 0.7.4-1 (low; bug #895728)
	[stretch] - tlslite-ng 0.6.0-1+deb9u1
	NOTE: https://github.com/tomato42/tlslite-ng/pull/234
	NOTE: https://github.com/tomato42/tlslite-ng/pull/234/commits/3674815d1b0f7484454995e2737a352e0a6a93d8 (v0.8.0-alpha3)
	NOTE: https://github.com/tomato42/tlslite-ng/pull/235
	NOTE: https://github.com/tomato42/tlslite-ng/pull/235/commits/e5e9145558f4c1a81071c61c947aa55a52542585 (backport for tslite-ng-0.7)
CVE-2018-1000157
	REJECTED
CVE-2018-9838 (The caml_ba_deserialize function in byterun/bigarray.c in the standard ...)
	- ocaml 4.05.0-11 (bug #895472)
	[stretch] - ocaml <no-dsa> (Minor issue)
	[jessie] - ocaml <no-dsa> (Minor issue)
	[wheezy] - ocaml <no-dsa> (Minor issue)
	NOTE: https://caml.inria.fr/mantis/view.php?id=7765
	NOTE: https://github.com/ocaml/ocaml/pull/1718
	NOTE: https://github.com/ocaml/ocaml/commit/9664c7ee807c2dfa802f53cabd405ff58e219c47
	NOTE: Before 4.06.0+beta1 the code is present in otherlibs/bigarray/bigarray_stubs.c
CVE-2018-10101 (Before WordPress 4.9.5, the URL validator assumed URLs with the hostna ...)
	- wordpress 4.9.5+dfsg1-1 (bug #895034)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u3
	[jessie] - wordpress <not-affected> (vulnerable code is not present)
	[wheezy] - wordpress <not-affected> (vulnerable code is not present)
	NOTE: https://core.trac.wordpress.org/changeset/42894
	NOTE: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
	NOTE: Introduced via https://github.com/WordPress/WordPress/commit/c73a812109e1a64ecf21b6a198f949c58d1f2674 (4.5)
CVE-2018-10100 (Before WordPress 4.9.5, the redirection URL for the login page was not ...)
	{DSA-4193-1 DLA-1366-1}
	- wordpress 4.9.5+dfsg1-1 (bug #895034)
	NOTE: https://core.trac.wordpress.org/changeset/42892
	NOTE: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
CVE-2018-10102 (Before WordPress 4.9.5, the version string was not escaped in the get_ ...)
	{DSA-4193-1 DLA-1366-1}
	- wordpress 4.9.5+dfsg1-1 (bug #895034)
	NOTE: https://core.trac.wordpress.org/changeset/42893
	NOTE: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
CVE-2018-9837
	RESERVED
CVE-2018-9836
	RESERVED
CVE-2018-9835
	RESERVED
CVE-2018-9834
	RESERVED
CVE-2018-9833
	RESERVED
CVE-2018-9832
	RESERVED
CVE-2018-9831
	RESERVED
CVE-2018-9830
	RESERVED
CVE-2018-9829
	RESERVED
CVE-2018-9828
	RESERVED
CVE-2018-9827
	RESERVED
CVE-2018-9826
	RESERVED
CVE-2018-9825
	RESERVED
CVE-2018-9824
	RESERVED
CVE-2018-9823
	RESERVED
CVE-2018-9822
	RESERVED
CVE-2018-9821
	RESERVED
CVE-2018-9820
	RESERVED
CVE-2018-9819
	RESERVED
CVE-2018-9818
	RESERVED
CVE-2018-9817
	RESERVED
CVE-2018-9816
	RESERVED
CVE-2018-9815
	RESERVED
CVE-2018-9814
	RESERVED
CVE-2018-9813
	RESERVED
CVE-2018-9812
	RESERVED
CVE-2018-9811
	RESERVED
CVE-2018-9810
	RESERVED
CVE-2018-9809
	RESERVED
CVE-2018-9808
	RESERVED
CVE-2018-9807
	RESERVED
CVE-2018-9806
	RESERVED
CVE-2018-9805
	RESERVED
CVE-2018-9804
	RESERVED
CVE-2018-9803
	RESERVED
CVE-2018-9802
	RESERVED
CVE-2018-9801
	RESERVED
CVE-2018-9800
	RESERVED
CVE-2018-9799
	RESERVED
CVE-2018-9798
	RESERVED
CVE-2018-9797
	RESERVED
CVE-2018-9796
	RESERVED
CVE-2018-9795
	RESERVED
CVE-2018-9794
	RESERVED
CVE-2018-9793
	RESERVED
CVE-2018-9792
	RESERVED
CVE-2018-9791
	RESERVED
CVE-2018-9790
	RESERVED
CVE-2018-9789
	RESERVED
CVE-2018-9788
	RESERVED
CVE-2018-9787
	RESERVED
CVE-2018-9786
	RESERVED
CVE-2018-9785
	RESERVED
CVE-2018-9784
	RESERVED
CVE-2018-9783
	RESERVED
CVE-2018-9782
	RESERVED
CVE-2018-9781
	RESERVED
CVE-2018-9780
	RESERVED
CVE-2018-9779
	RESERVED
CVE-2018-9778
	RESERVED
CVE-2018-9777
	RESERVED
CVE-2018-9776
	RESERVED
CVE-2018-9775
	RESERVED
CVE-2018-9774
	RESERVED
CVE-2018-9773
	RESERVED
CVE-2018-9772
	RESERVED
CVE-2018-9771
	RESERVED
CVE-2018-9770
	RESERVED
CVE-2018-9769
	RESERVED
CVE-2018-9768
	RESERVED
CVE-2018-9767
	RESERVED
CVE-2018-9766
	RESERVED
CVE-2018-9765
	RESERVED
CVE-2018-9764
	RESERVED
CVE-2018-9763
	RESERVED
CVE-2018-9762
	RESERVED
CVE-2018-9761
	RESERVED
CVE-2018-9760
	RESERVED
CVE-2018-9759
	RESERVED
CVE-2018-9758
	RESERVED
CVE-2018-9757
	RESERVED
CVE-2018-9756
	RESERVED
CVE-2018-9755
	RESERVED
CVE-2018-9754
	RESERVED
CVE-2018-9753
	RESERVED
CVE-2018-9752
	RESERVED
CVE-2018-9751
	RESERVED
CVE-2018-9750
	RESERVED
CVE-2018-9749
	RESERVED
CVE-2018-9748
	RESERVED
CVE-2018-9747
	RESERVED
CVE-2018-9746
	RESERVED
CVE-2018-9745
	RESERVED
CVE-2018-9744
	RESERVED
CVE-2018-9743
	RESERVED
CVE-2018-9742
	RESERVED
CVE-2018-9741
	RESERVED
CVE-2018-9740
	RESERVED
CVE-2018-9739
	RESERVED
CVE-2018-9738
	RESERVED
CVE-2018-9737
	RESERVED
CVE-2018-9736
	RESERVED
CVE-2018-9735
	RESERVED
CVE-2018-9734
	RESERVED
CVE-2018-9733
	RESERVED
CVE-2018-9732
	RESERVED
CVE-2018-9731
	RESERVED
CVE-2018-9730
	RESERVED
CVE-2018-9729
	RESERVED
CVE-2018-9728
	RESERVED
CVE-2018-9727
	RESERVED
CVE-2018-9726
	RESERVED
CVE-2018-9725
	RESERVED
CVE-2018-9724
	RESERVED
CVE-2018-9723
	RESERVED
CVE-2018-9722
	RESERVED
CVE-2018-9721
	RESERVED
CVE-2018-9720
	RESERVED
CVE-2018-9719
	RESERVED
CVE-2018-9718
	RESERVED
CVE-2018-9717
	RESERVED
CVE-2018-9716
	RESERVED
CVE-2018-9715
	RESERVED
CVE-2018-9714
	RESERVED
CVE-2018-9713
	RESERVED
CVE-2018-9712
	RESERVED
CVE-2018-9711
	RESERVED
CVE-2018-9710
	RESERVED
CVE-2018-9709
	RESERVED
CVE-2018-9708
	RESERVED
CVE-2018-9707
	RESERVED
CVE-2018-9706
	RESERVED
CVE-2018-9705
	RESERVED
CVE-2018-9704
	RESERVED
CVE-2018-9703
	RESERVED
CVE-2018-9702
	RESERVED
CVE-2018-9701
	RESERVED
CVE-2018-9700
	RESERVED
CVE-2018-9699
	RESERVED
CVE-2018-9698
	RESERVED
CVE-2018-9697
	RESERVED
CVE-2018-9696
	RESERVED
CVE-2018-9695
	RESERVED
CVE-2018-9694
	RESERVED
CVE-2018-9693
	RESERVED
CVE-2018-9692
	RESERVED
CVE-2018-9691
	RESERVED
CVE-2018-9690
	RESERVED
CVE-2018-9689
	RESERVED
CVE-2018-9688
	RESERVED
CVE-2018-9687
	RESERVED
CVE-2018-9686
	RESERVED
CVE-2018-9685
	RESERVED
CVE-2018-9684
	RESERVED
CVE-2018-9683
	RESERVED
CVE-2018-9682
	RESERVED
CVE-2018-9681
	RESERVED
CVE-2018-9680
	RESERVED
CVE-2018-9679
	RESERVED
CVE-2018-9678
	RESERVED
CVE-2018-9677
	RESERVED
CVE-2018-9676
	RESERVED
CVE-2018-9675
	RESERVED
CVE-2018-9674
	RESERVED
CVE-2018-9673
	RESERVED
CVE-2018-9672
	RESERVED
CVE-2018-9671
	RESERVED
CVE-2018-9670
	RESERVED
CVE-2018-9669
	RESERVED
CVE-2018-9668
	RESERVED
CVE-2018-9667
	RESERVED
CVE-2018-9666
	RESERVED
CVE-2018-9665
	RESERVED
CVE-2018-9664
	RESERVED
CVE-2018-9663
	RESERVED
CVE-2018-9662
	RESERVED
CVE-2018-9661
	RESERVED
CVE-2018-9660
	RESERVED
CVE-2018-9659
	RESERVED
CVE-2018-9658
	RESERVED
CVE-2018-9657
	RESERVED
CVE-2018-9656
	RESERVED
CVE-2018-9655
	RESERVED
CVE-2018-9654
	RESERVED
CVE-2018-9653
	RESERVED
CVE-2018-9652
	RESERVED
CVE-2018-9651
	RESERVED
CVE-2018-9650
	RESERVED
CVE-2018-9649
	RESERVED
CVE-2018-9648
	RESERVED
CVE-2018-9647
	RESERVED
CVE-2018-9646
	RESERVED
CVE-2018-9645
	RESERVED
CVE-2018-9644
	RESERVED
CVE-2018-9643
	RESERVED
CVE-2018-9642
	RESERVED
CVE-2018-9641
	RESERVED
CVE-2018-9640
	RESERVED
CVE-2018-9639
	RESERVED
CVE-2018-9638
	RESERVED
CVE-2018-9637
	RESERVED
CVE-2018-9636
	RESERVED
CVE-2018-9635
	RESERVED
CVE-2018-9634
	RESERVED
CVE-2018-9633
	RESERVED
CVE-2018-9632
	RESERVED
CVE-2018-9631
	RESERVED
CVE-2018-9630
	RESERVED
CVE-2018-9629
	RESERVED
CVE-2018-9628
	RESERVED
CVE-2018-9627
	RESERVED
CVE-2018-9626
	RESERVED
CVE-2018-9625
	RESERVED
CVE-2018-9624
	RESERVED
CVE-2018-9623
	RESERVED
CVE-2018-9622
	RESERVED
CVE-2018-9621
	RESERVED
CVE-2018-9620
	RESERVED
CVE-2018-9619
	RESERVED
CVE-2018-9618
	RESERVED
CVE-2018-9617
	RESERVED
CVE-2018-9616
	RESERVED
CVE-2018-9615
	RESERVED
CVE-2018-9614
	RESERVED
CVE-2018-9613
	RESERVED
CVE-2018-9612
	RESERVED
CVE-2018-9611
	RESERVED
CVE-2018-9610
	RESERVED
CVE-2018-9609
	RESERVED
CVE-2018-9608
	RESERVED
CVE-2018-9607
	RESERVED
CVE-2018-9606
	RESERVED
CVE-2018-9605
	RESERVED
CVE-2018-9604
	RESERVED
CVE-2018-9603
	RESERVED
CVE-2018-9602
	RESERVED
CVE-2018-9601
	RESERVED
CVE-2018-9600
	RESERVED
CVE-2018-9599
	RESERVED
CVE-2018-9598
	RESERVED
CVE-2018-9597
	RESERVED
CVE-2018-9596
	RESERVED
CVE-2018-9595
	RESERVED
CVE-2018-9594 (In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1. ...)
	NOT-FOR-US: Android
CVE-2018-9593 (In llcp_dlc_proc_i_pdu of llcp_dlc.cc in Android-7.0, Android-7.1.1, A ...)
	NOT-FOR-US: Android
CVE-2018-9592 (In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Andro ...)
	NOT-FOR-US: Android
CVE-2018-9591 (In bta_hh_ctrl_dat_act of bta_hh_act.cc in Android-7.0, Android-7.1.1, ...)
	NOT-FOR-US: Android
CVE-2018-9590 (In add_attr of sdp_discovery.c in Android-7.0, Android-7.1.1, Android- ...)
	NOT-FOR-US: Android
CVE-2018-9589 (In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1. ...)
	NOT-FOR-US: Android
CVE-2018-9588 (In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1. ...)
	NOT-FOR-US: Android
CVE-2018-9587 (In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, And ...)
	NOT-FOR-US: Android
CVE-2018-9586 (In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Andro ...)
	NOT-FOR-US: Android
CVE-2018-9585 (In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7. ...)
	NOT-FOR-US: Android
CVE-2018-9584 (In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7 ...)
	NOT-FOR-US: Android
CVE-2018-9583 (In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, A ...)
	NOT-FOR-US: Android
CVE-2018-9582 (In package installer in Android-8.0, Android-8.1 and Android-9, there  ...)
	NOT-FOR-US: Android
CVE-2018-9581 (In WiFi, the RSSI value and SSID information is broadcast as part of a ...)
	NOT-FOR-US: Android
CVE-2018-9580 (A Elevation of privilege vulnerability in the HTC bootloader. Product: ...)
	NOT-FOR-US: HTC
CVE-2018-9579
	RESERVED
CVE-2018-9578 (In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is  ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9577 (In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payloa ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9576 (In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9575 (In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there i ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9574 (In impd_parse_split_drc_characteristic of impd_drc_static_payload.c th ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9573 (In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a poss ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9572 (In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possib ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9571 (In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9570 (In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a poss ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9569 (In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there i ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9568 (In sk_clone_lock of sock.c, there is a possible memory corruption due  ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.59-1
	NOTE: Fixed by: https://git.kernel.org/linus/9d538fa60bad4f7b23193c89e843797a1cf71ef3
CVE-2018-9567 (On Pixel devices there is a bug causing verified boot to show the same ...)
	NOT-FOR-US: Android
CVE-2018-9566 (In process_service_search_rsp of sdp_discovery.c, there is a possible  ...)
	NOT-FOR-US: Android
CVE-2018-9565 (In readBytes of xltdecwbxml.c, there is a possible out of bounds read  ...)
	NOT-FOR-US: Android
CVE-2018-9564 (In llcp_util_parse_link_params of llcp_util.cc, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2018-9563 (In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-boun ...)
	NOT-FOR-US: Android
CVE-2018-9562 (In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound r ...)
	NOT-FOR-US: Android
CVE-2018-9561 (In llcp_util_parse_connect of llcp_util.cc, there is a possible out-of ...)
	NOT-FOR-US: Android
CVE-2018-9560 (In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds  ...)
	NOT-FOR-US: Android
CVE-2018-9559 (In persist_set_key and other functions of cryptfs.cpp, there is a poss ...)
	NOT-FOR-US: Android
CVE-2018-9558 (In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2018-9557 (In really_install_package of install.cpp, there is a possible free of  ...)
	NOT-FOR-US: Android
CVE-2018-9556 (In ParsePayloadHeader of payload_metadata.cc, there is a possible out  ...)
	NOT-FOR-US: Android
CVE-2018-9555 (In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds w ...)
	NOT-FOR-US: Android
CVE-2018-9554 (In dumpExtractors of IMediaExtractor.cp, there is a possible disclosur ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9553 (In MasteringMetadata::Parse of mkvparser.cc there is a possible double ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9552 (In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bou ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9551 (In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-boun ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9550 (In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of boun ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9549 (In lppTransposer of lpp_tran.cpp there is a possible out of bounds wri ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9548 (In multiple functions of ContentProvider.java, there is a possible per ...)
	NOT-FOR-US: Android
CVE-2018-9547 (In unflatten of GraphicBuffer.cpp, there is a possible bad fd close du ...)
	NOT-FOR-US: Android
CVE-2018-9546
	RESERVED
CVE-2018-9545 (In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-boun ...)
	NOT-FOR-US: Android
CVE-2018-9544 (In register_app of btif_hd.cc, there is a possible out-of-bounds read  ...)
	NOT-FOR-US: Android
CVE-2018-9543 (In trim_device of f2fs_format_utils.c, it is possible that the data pa ...)
	NOT-FOR-US: Android
CVE-2018-9542 (In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of ...)
	NOT-FOR-US: Android
CVE-2018-9541 (In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of ...)
	NOT-FOR-US: Android
CVE-2018-9540 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible ou ...)
	NOT-FOR-US: Android
CVE-2018-9539 (In the ClearKey CAS descrambler, there is a possible use after free du ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9538 (In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9537 (In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-o ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9536 (In numerous functions of libFDK, there are possible out of bounds writ ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9535 (In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9534 (In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possib ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9533 (In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9532 (In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a po ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9531 (In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9530 (In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possibl ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9529 (In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a poss ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9528 (In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a  ...)
	NOT-FOR-US: Android libxaac
CVE-2018-9527 (In vorbis_book_decodev_set of codebook.c there is a possible out of bo ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9526 (In device configuration data, there is an improperly configured settin ...)
	NOT-FOR-US: Android
CVE-2018-9525 (In the AndroidManifest.xml file defining the SliceBroadcastReceiver ha ...)
	NOT-FOR-US: Android
CVE-2018-9524 (In functionality implemented in System UI, there are insufficient prot ...)
	NOT-FOR-US: Android
CVE-2018-9523 (In Parcel.writeMapInternal of Parcel.java, there is a possible parcel  ...)
	NOT-FOR-US: Android
CVE-2018-9522 (In the serialization functions of StatsLogEventWrapper.java, there is  ...)
	NOT-FOR-US: Android
CVE-2018-9521 (In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9520
	RESERVED
CVE-2018-9519 (In easelcomm_hw_build_scatterlist, there is a possible out of bounds w ...)
	NOT-FOR-US: Android kernel
CVE-2018-9518 (In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible ou ...)
	- linux 4.16.5-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux 3.16.57-1
	NOTE: Fixed by: https://git.kernel.org/linus/fe9c842695e26d8116b61b80bfb905356f07834b (4.16-rc3)
CVE-2018-9517 (In pppol2tp_connect, there is possible memory corruption due to a use  ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.228-1
	[jessie] - linux 3.16.51-1
	NOTE: https://git.kernel.org/linus/f026bc29a8e093edfbb2a77700454b285c97e8ad
	NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
CVE-2018-9516 (In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possib ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.6-1
	NOTE: https://git.kernel.org/linus/717adfdaf14704fd3ec7fa2c04520c0723247eac
	NOTE: https://source.android.com/security/bulletin/pixel/2018-09-01
CVE-2018-9515 (In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible  ...)
	NOT-FOR-US: Android kernel (apparently not in mainline)
CVE-2018-9514 (In sdcardfs_open of file.c, there is a possible Use After Free due to  ...)
	NOT-FOR-US: Android kernel (apparently not in mainline)
CVE-2018-9513 (In copy_process of fork.c, there is possible memory corruption due to  ...)
	NOT-FOR-US: Android kernel (apparently not in mainline)
CVE-2018-9512
	RESERVED
CVE-2018-9511 (In ipSecSetEncapSocketOwner of XfrmController.cpp, there is a possible ...)
	NOT-FOR-US: Android
CVE-2018-9510 (In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2018-9509 (In smp_proc_master_id of smp_act.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2018-9508 (In smp_process_keypress_notification of smp_act.cc, there is a possibl ...)
	NOT-FOR-US: Android
CVE-2018-9507 (In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of b ...)
	NOT-FOR-US: Android
CVE-2018-9506 (In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound rea ...)
	NOT-FOR-US: Android
CVE-2018-9505 (In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds r ...)
	NOT-FOR-US: Android
CVE-2018-9504 (In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of b ...)
	NOT-FOR-US: Android
CVE-2018-9503 (In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2018-9502 (In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2018-9501 (In the SetupWizard, there is a possible Factory Reset Protection bypas ...)
	NOT-FOR-US: Android
CVE-2018-9500
	RESERVED
CVE-2018-9499 (In readVector of iCrypto.cpp, there is a possible invalid read due to  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9498 (In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9497 (In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9496 (In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possib ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9495
	RESERVED
CVE-2018-9494
	RESERVED
CVE-2018-9493 (In the content provider of the download manager, there is a possible S ...)
	NOT-FOR-US: Android
CVE-2018-9492 (In checkGrantUriPermissionLocked of ActivityManagerService.java, there ...)
	NOT-FOR-US: Android
CVE-2018-9491 (In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible ...)
	NOT-FOR-US: Android
CVE-2018-9490 (In CollectValuesOrEntriesImpl of elements.cc, there is possible remote ...)
	NOT-FOR-US: Android
CVE-2018-9489 (When wifi is switched, function sendNetworkStateChangeBroadcast of Wif ...)
	NOT-FOR-US: Android
CVE-2018-9488 (In the SELinux permissions of crash_dump.te, there is a permissions by ...)
	NOT-FOR-US: Android
CVE-2018-9487
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9486
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9485
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9484
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9483
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9482
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9481
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9480
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9479
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9478
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9477
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9476 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use- ...)
	NOT-FOR-US: Android
CVE-2018-9475
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9474
	RESERVED
CVE-2018-9473 (In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a poss ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9472
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9471
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9470
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9469
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9468
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9467
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9466
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9465 (In task_get_unused_fd_flags of binder.c, there is a possible memory co ...)
	- linux 4.14.12-1 (unimportant)
	[stretch] - linux 4.9.144-1
	NOTE: Android drivers from staging not enabled in any released suite
	NOTE: https://git.kernel.org/linus/7f3dc0088b98533f17128058fac73cd8b2752ef1
CVE-2018-9464
	RESERVED
CVE-2018-9463
	RESERVED
CVE-2018-9462
	RESERVED
CVE-2018-9461
	RESERVED
CVE-2018-9460
	RESERVED
CVE-2018-9459 (In Attachment of Attachment.java and getFilePath of EmlAttachmentProvi ...)
	NOT-FOR-US: Android
CVE-2018-9458 (In computeFocusedWindow of RootWindowContainer.java, and related funct ...)
	NOT-FOR-US: Android
CVE-2018-9457 (In onCheckedChanged of BluetoothPairingController.java, there is a pos ...)
	NOT-FOR-US: Android
CVE-2018-9456
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9455 (In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of b ...)
	NOT-FOR-US: Android
CVE-2018-9454 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...)
	NOT-FOR-US: Android
CVE-2018-9453 (In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds  ...)
	NOT-FOR-US: Android
CVE-2018-9452 (In getOffsetForHorizontal of Layout.java, there is a possible applicat ...)
	NOT-FOR-US: Android
CVE-2018-9451 (In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out ...)
	NOT-FOR-US: Android
CVE-2018-9450 (In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of ...)
	NOT-FOR-US: Android
CVE-2018-9449
	RESERVED
CVE-2018-9448 (In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bou ...)
	NOT-FOR-US: Android
CVE-2018-9447
	RESERVED
CVE-2018-9446 (In smp_br_state_machine_event of smp_br_main.cc, there is a possible o ...)
	NOT-FOR-US: Android
CVE-2018-9445 (In readMetadata of Utils.cpp, there is a possible path traversal bug d ...)
	NOT-FOR-US: Android
CVE-2018-9444 (In ih264d_video_decode of ih264d_api.c there is a possible resource ex ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9443
	RESERVED
CVE-2018-9442
	RESERVED
CVE-2018-9441
	RESERVED
CVE-2018-9440
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9439
	RESERVED
CVE-2018-9438 (When a device connects only over WiFi VPN, the device may not receive  ...)
	NOT-FOR-US: Android
CVE-2018-9437 (In getstring of ID3.cpp there is a possible out-of-bounds read due to  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9436 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...)
	NOT-FOR-US: Android
CVE-2018-9435
	RESERVED
CVE-2018-9434
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9433
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9432
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9431
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9430
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9429
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9428
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9427 (In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds  ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9426
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9425 (In Platform, there is a possible bypass of user interaction requiremen ...)
	NOT-FOR-US: Android
CVE-2018-9424
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9423
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9422 (In get_futex_key of futex.c, there is a use-after-free due to improper ...)
	{DLA-1422-1}
	- linux 4.6.1-1
	NOTE: https://git.kernel.org/linus/65d8fc777f6dcfee12785c057a6b57f679641c90
CVE-2018-9421
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9420
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9419
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9418
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9417
	RESERVED
	NOT-FOR-US: Android kernel (no source release, so not from upstream kernel)
CVE-2018-9416
	RESERVED
	NOT-FOR-US: Android kernel (no source release, so not from upstream kernel)
CVE-2018-9415 (In driver_override_store and driver_override_show of bus.c, there is a ...)
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://source.android.com/security/bulletin/pixel/2018-07-01
	NOTE: https://patchwork.kernel.org/patch/10175615/
CVE-2018-9414
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9413
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9412
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9411
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9410
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9409
	RESERVED
CVE-2018-9408
	RESERVED
CVE-2018-9407
	RESERVED
CVE-2018-9406
	RESERVED
CVE-2018-9405
	RESERVED
CVE-2018-9404
	RESERVED
CVE-2018-9403
	RESERVED
CVE-2018-9402
	RESERVED
CVE-2018-9401
	RESERVED
CVE-2018-9400
	RESERVED
CVE-2018-9399
	RESERVED
CVE-2018-9398
	RESERVED
CVE-2018-9397
	RESERVED
CVE-2018-9396
	RESERVED
CVE-2018-9395
	RESERVED
CVE-2018-9394
	RESERVED
CVE-2018-9393
	RESERVED
CVE-2018-9392
	RESERVED
CVE-2018-9391
	RESERVED
CVE-2018-9390
	RESERVED
CVE-2018-9389
	RESERVED
CVE-2018-9388
	RESERVED
CVE-2018-9387
	RESERVED
CVE-2018-9386
	RESERVED
CVE-2018-9385 (In driver_override_store of bus.c, there is a possible out of bounds w ...)
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1100491
	NOTE: Related, but not the same as CVE-2018-9415
CVE-2018-9384
	RESERVED
CVE-2018-9383
	RESERVED
CVE-2018-9382
	RESERVED
CVE-2018-9381
	RESERVED
CVE-2018-9380
	RESERVED
CVE-2018-9379
	RESERVED
CVE-2018-9378
	RESERVED
CVE-2018-9377
	RESERVED
CVE-2018-9376
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9375
	RESERVED
CVE-2018-9374
	RESERVED
CVE-2018-9373
	RESERVED
CVE-2018-9372
	RESERVED
CVE-2018-9371
	RESERVED
CVE-2018-9370
	RESERVED
CVE-2018-9369
	RESERVED
CVE-2018-9368
	RESERVED
CVE-2018-9367
	RESERVED
CVE-2018-9366
	RESERVED
CVE-2018-9365
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9364
	RESERVED
CVE-2018-9363 (In the hidp_process_report in bluetooth, there is an integer overflow. ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.15-1
CVE-2018-9362 (In processMessagePart of InboundSmsHandler.java, there is a possible r ...)
	NOT-FOR-US: Android
CVE-2018-9361 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2018-9360 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2018-9359 (In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2018-9358 (In gatts_process_attribute_req of gatt_sc.cc, there is a possible read ...)
	NOT-FOR-US: Android
CVE-2018-9357 (In BNEP_Write of bnep_api.cc, there is a possible out of bounds write  ...)
	NOT-FOR-US: Android
CVE-2018-9356 (In bnep_data_ind of bnep_main.c, there is a possible remote code execu ...)
	NOT-FOR-US: Android
CVE-2018-9355 (In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of boun ...)
	NOT-FOR-US: Android
CVE-2018-9354
	RESERVED
CVE-2018-9353
	RESERVED
CVE-2018-9352
	RESERVED
CVE-2018-9351
	RESERVED
CVE-2018-9350
	RESERVED
CVE-2018-9349
	RESERVED
CVE-2018-9348
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9347 (In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect in ...)
	NOT-FOR-US: Android Media Framework
CVE-2018-9346
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9345
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9344
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9343
	RESERVED
CVE-2018-9342
	RESERVED
CVE-2018-9341
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2018-9340
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9339
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9338
	RESERVED
	NOT-FOR-US: Android
CVE-2018-9337 (The PAN-OS web interface administration page in PAN-OS 6.1.20 and earl ...)
	NOT-FOR-US: PAN-OS
CVE-2018-9336 (openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x  ...)
	- openvpn <not-affected> (Windows specific issue)
	NOTE: https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b
CVE-2018-9335 (The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 ...)
	NOT-FOR-US: PAN-OS
CVE-2018-9334 (The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, ...)
	NOT-FOR-US: PAN-OS
CVE-2018-9333 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buff ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-9332 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: In ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows remote attac ...)
	NOT-FOR-US: zzcms
CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by t ...)
	NOT-FOR-US: Coremail XT3.0
CVE-2018-9329
	REJECTED
CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or ...)
	NOT-FOR-US: PHP Scripts Mall Redbus Clone Script
CVE-2018-9327 (Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute ar ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9326 (Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary co ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9325 (Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9324
	REJECTED
CVE-2018-9323
	REJECTED
CVE-2018-9322 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9321
	REJECTED
CVE-2018-9320 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: BMW (Head Unit HU_NBT component) on BMW vehicles
CVE-2018-9319
	REJECTED
CVE-2018-9318 (The Telematics Control Unit (aka Telematic Communication Box or TCB),  ...)
	NOT-FOR-US: Telematics Control Unit (aka Telematic Communication Box or TCB) on BMW vehicles
CVE-2018-9317
	REJECTED
CVE-2018-9316
	REJECTED
CVE-2018-9315
	REJECTED
CVE-2018-9314 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9313 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9312 (The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW ...)
	NOT-FOR-US: Head Unit HU_NBT (aka Infotainment) component on BMW vehicles
CVE-2018-9311 (The Telematics Control Unit (aka Telematic Communication Box or TCB),  ...)
	NOT-FOR-US: Telematics Control Unit (aka Telematic Communication Box or TCB) on BMW vehicles
CVE-2018-1000155 (OpenFlow version 1.0 onwards contains a Denial of Service and Improper ...)
	NOT-FOR-US: Flaw in the OpenFlow protocol
CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutr ...)
	- zammad <itp> (bug #841355)
CVE-2018-1000142 (An exposure of sensitive information vulnerability exists in Jenkins G ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000143 (An exposure of sensitive information vulnerability exists in Jenkins G ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000144 (A cross site scripting vulnerability exists in Jenkins Cucumber Living ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000145 (An exposure of sensitive information vulnerability exists in Jenkins P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000146 (An arbitrary code execution vulnerability exists in Liquibase Runner P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000147 (An exposure of sensitive information vulnerability exists in Jenkins P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000148 (An exposure of sensitive information vulnerability exists in Jenkins C ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000149 (A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000150 (An exposure of sensitive information vulnerability exists in Jenkins R ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000151 (A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.1 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000152 (An improper authorization vulnerability exists in Jenkins vSphere Plug ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000153 (A cross-site request forgery vulnerability exists in Jenkins vSphere P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-9310 (An issue was discovered in MagniComp SysInfo before 10-H82 if setuid r ...)
	NOT-FOR-US: MagniComp SysInfo
CVE-2018-9309 (An issue was discovered in zzcms 8.2. It allows SQL injection via the  ...)
	NOT-FOR-US: zzcms
CVE-2018-9308
	RESERVED
CVE-2018-9307 (dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.p ...)
	NOT-FOR-US: dsmall
CVE-2018-9306
	REJECTED
CVE-2018-9305 (In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in ip ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/263
CVE-2018-9304 (In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffim ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.26; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/262
CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigti ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.26; only affected experimental)
	NOTE: https://github.com/Exiv2/exiv2/issues/262
CVE-2018-9302 (SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpi ...)
	NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2018-9301
	RESERVED
CVE-2018-9300
	RESERVED
CVE-2018-9299
	RESERVED
CVE-2018-9298
	RESERVED
CVE-2018-9297
	RESERVED
CVE-2018-9296
	RESERVED
CVE-2018-9295
	RESERVED
CVE-2018-9294
	RESERVED
CVE-2018-9293
	RESERVED
CVE-2018-9292
	RESERVED
CVE-2018-9291
	RESERVED
CVE-2018-9290
	RESERVED
CVE-2018-9289
	RESERVED
CVE-2018-9288
	RESERVED
CVE-2018-9287
	RESERVED
CVE-2018-9286
	RESERVED
CVE-2018-9243 (GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vu ...)
	- gitlab 10.6.3+dfsg-1 (bug #894869)
	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-9244 (GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vu ...)
	- gitlab 10.6.3+dfsg-1 (bug #894868)
	[stretch] - gitlab <not-affected> (Vulnerable code introduced in 9.2)
	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-XXXX [Confidential issue comments in Slack, Mattermost, and webhook integrations]
	- gitlab 10.6.3+dfsg-1 (bug #894867)
	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-9285 (Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, RT ...)
	NOT-FOR-US: ASUS
CVE-2018-9284 (authentication.cgi on D-Link DIR-868L devices with Singapore StarHub f ...)
	NOT-FOR-US: D-Link
CVE-2018-9283 (An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 s ...)
	NOT-FOR-US: Creme CRM
CVE-2018-9282 (An XSS issue was discovered in Subsonic Media Server 6.1.1. The podcas ...)
	NOT-FOR-US: Subsonic Media Server
CVE-2018-9281 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administ ...)
	NOT-FOR-US: Eaton
CVE-2018-9280 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The applianc ...)
	NOT-FOR-US: Eaton
CVE-2018-9279 (An issue was discovered on Eaton UPS 9PX 8000 SP devices. The applianc ...)
	NOT-FOR-US: Eaton
CVE-2018-9278
	RESERVED
CVE-2018-9277
	RESERVED
CVE-2018-9276 (An issue was discovered in PRTG Network Monitor before 18.2.39. An att ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka pam_yubico ...)
	- yubico-pam 2.26-1 (bug #896491)
	[stretch] - yubico-pam <no-dsa> (Minor issue)
	[jessie] - yubico-pam <not-affected> (Vulnerable code introduced later)
	[wheezy] - yubico-pam <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1088027
	NOTE: Fixed by: https://github.com/Yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba
	NOTE: Introduced in: https://github.com/Yubico/yubico-pam/commit/d9780eacd9e61c5062cdabdce21c224de1884583 (2.18)
	NOTE: https://github.com/Yubico/yubico-pam/issues/136
CVE-2018-1002150 (Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access con ...)
	- koji <not-affected> (Issue introduced in 1.12.0, cf. #894832)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/04/1
	NOTE: https://docs.pagure.org/koji/CVE-2018-1002150/
	NOTE: https://pagure.io/koji/issue/850
	NOTE: Fixed by: https://pagure.io/koji/c/ab1ade7
CVE-2018-9274 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c  ...)
	- wireshark 2.4.6-1
	[stretch] - wireshark <not-affected> (Vulnerable code not present)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14489
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=211845aba4794720ae265c782cdffddae54a3e7a
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f38e895dfc0d97bce64f73ce99df706911d9aa07
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9273 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14488
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1f8f1456f1e73b6c09e50a64749e43413ac12df7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9272 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14487
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6e3b90824a82724f445a0374e99f0b76e4cf5e8b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
	NOTE: Applying patch for versions 1.12 and older requires introduction of a new
	NOTE: memory management system (wmem).
CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14486
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b0228945dc74ee82d2ab4a4e7af2bdfe7b75910
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a mem ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14485
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0fbc50f9b9219be54d6db47f04b65af19696a7c7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9268 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14483
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c69d710d2bf39fe633800db65efddf55701131b6
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9267 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: applying patch in jessie/wheezy requires introduction of a new memory management system (wmem)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14482
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ed057f7faa709dbde34b91f0715a957837f74d9
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9266 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14481
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9d3714e767cb104dcfa1647935fa5960b16bb8e1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9265 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packe ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: applying patch in jessie/wheezy requires introduction of a new memory management system (wmem)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14480
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b12cc581cd4878d74b6116ca02c7dbe650c1f242
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector cou ...)
	- wireshark 2.4.6-1
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
	[jessie] - wireshark <not-affected> (Vulnerable code not present (only adb_cs available))
	[wheezy] - wireshark <not-affected> (Vulnerable code not present (only adb_cs available))
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14460
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0290a62be0fca8da9bb190f59dc1fe26c1d65024
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-16.html
CVE-2018-9263 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissecto ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-23.html
CVE-2018-9262 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector co ...)
	{DLA-1634-1}
	- wireshark 2.4.6-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14469
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f05c3b91f9571210b86576ee6284e71a3306109d
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-19.html
CVE-2018-9261 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector co ...)
	{DSA-4217-1 DLA-1388-1}
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14471
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66bc372716e04d6a8afdf6712583c9b5d11fee55
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-18.html
CVE-2018-9260 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dis ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-17.html
CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector cou ...)
	{DLA-1634-1}
	- wireshark 2.4.6-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2113179835b37549f245ac7c05ff2b96276893e4
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-15.html
CVE-2018-9258 (In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was a ...)
	{DLA-1634-1 DLA-1388-1}
	- wireshark 2.4.6-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14472
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2d4695de1477df60b0188fd581c0c279db601978
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-21.html
CVE-2018-9257 (In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infini ...)
	- wireshark 2.4.6-1 (low)
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-22.html
CVE-2018-9256 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector c ...)
	{DLA-1634-1}
	- wireshark 2.4.6-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14467
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dac48f148538c706c446e5105d84ebcb54587528
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-20.html
CVE-2018-9255
	RESERVED
CVE-2018-9254
	RESERVED
CVE-2018-9253
	RESERVED
CVE-2018-9252 (JasPer 2.0.14 allows denial of service via a reachable assertion in th ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/173
	NOTE: Negligible impact
CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is  ...)
	- libxml2 <not-affected> (Fix for CVE-2017-18258 not applied, cf. bug #895195)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794914
	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
	NOTE: Before upstream commit https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
	NOTE: the memlimit argument to lzma_auto_decoder was set to UINT64_MAX, possibly
	NOTE: allowing a malicious LZMA compressed files to consume large amounts of memory
	NOTE: when decompressed. Setting memlimit to UINT64_MAX the limiter is effectively
	NOTE: disabled and "lzma_auto_decoder(&state->strm, UINT64_MAX, 0)" can never result
	NOTE: in LZMA_MEMLIMIT_ERROR outcome because there is no way to exceed UINT64_MAX.
	NOTE: Thus CVE-2018-9251 is only affecting libxml2 if e2a9122b8dde53d320750451e9907a7dcb2ca8bb
	NOTE: is applied.
CVE-2018-9250 (interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote ...)
	NOT-FOR-US: OpenEMR
CVE-2018-9249 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ...)
	NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices
CVE-2018-9248 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass vi ...)
	NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices
CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gx ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9246 (The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in ...)
	- libpgobject-util-dbadmin-perl 0.130.1-1 (bug #900942)
	[stretch] - libpgobject-util-dbadmin-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/2c25c3dbc8b832a657247d3ea63ae80f3c5df6b1
	NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/f4e684008ca9e182833a70793ae91288d2c80218
	NOTE: https://github.com/ledgersmb/PGObject-Util-DBAdmin/commit/dc48d0e1af0dbf861779b2c781e0f4c612c22cfb
	NOTE: https://archive.ledgersmb.org/ledger-smb-announce/msg00280.html
CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulne ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac login portal
CVE-2018-9242 (The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, ...)
	NOT-FOR-US: PAN-OS
CVE-2018-9241
	RESERVED
CVE-2018-9239
	RESERVED
CVE-2018-9238 (proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName paramet ...)
	NOT-FOR-US: Yahei-PHP Proberv
CVE-2018-9237 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site ...)
	NOT-FOR-US: iScripts EasyCreate
CVE-2018-9236 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site ...)
	NOT-FOR-US: iScripts EasyCreate
CVE-2018-9235 (iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query  ...)
	NOT-FOR-US: iScripts SonicBB
CVE-2018-9234 (GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ce ...)
	- gnupg2 2.2.7-1 (low; bug #894983)
	[stretch] - gnupg2 <no-dsa> (Minor issue)
	[jessie] - gnupg2 <no-dsa> (Minor issue)
	[wheezy] - gnupg2 <no-dsa> (Minor issue)
	NOTE: https://dev.gnupg.org/T3844
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=a17d2d1f690ebe5d005b4589a5fe378b6487c657
CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a u ...)
	{DLA-2186-1}
	- ncmpc 0.33-1 (low; bug #894724)
	[stretch] - ncmpc 0.25-0.1+deb9u1
	[wheezy] - ncmpc <no-dsa> (Minor issue)
CVE-2018-9233 (Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for passwo ...)
	NOT-FOR-US: Sophos
CVE-2018-9232 (Due to the lack of firmware authentication in the upgrade process of T ...)
	NOT-FOR-US: T&W WIFI Repeater BE126 devices
CVE-2018-9231
	RESERVED
CVE-2018-9230 (** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtai ...)
	NOT-FOR-US: OpenResty
CVE-2018-9229
	RESERVED
CVE-2018-9228
	RESERVED
CVE-2018-9227
	RESERVED
CVE-2018-9226
	RESERVED
CVE-2018-9225
	RESERVED
CVE-2018-9224
	RESERVED
CVE-2018-9223
	RESERVED
CVE-2018-9222
	RESERVED
CVE-2018-9221
	RESERVED
CVE-2018-9220
	RESERVED
CVE-2018-9219
	RESERVED
CVE-2018-9218
	RESERVED
CVE-2018-9217
	RESERVED
CVE-2018-9216
	RESERVED
CVE-2018-9215
	RESERVED
CVE-2018-9214
	RESERVED
CVE-2018-9213
	RESERVED
CVE-2018-9212
	RESERVED
CVE-2018-9211
	RESERVED
CVE-2018-9210
	RESERVED
CVE-2018-9209 (Unauthenticated arbitrary file upload vulnerability in FineUploader ph ...)
	NOT-FOR-US: FineUploader
CVE-2018-9208 (Unauthenticated arbitrary file upload vulnerability in jQuery Picture  ...)
	NOT-FOR-US: jQuery Picture
CVE-2018-9207 (Arbitrary file upload in jQuery Upload File &lt;= 4.0.2 ...)
	NOT-FOR-US: jQuery Upload File (different from src:libjs-jquery-file-upload)
CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery- ...)
	- libjs-jquery-file-upload 9.25.0-1
	NOTE: https://github.com/blueimp/jQuery-File-Upload/pull/3514
	NOTE: http://www.vapidlabs.com/advisory.php?v=204
CVE-2018-9205 (Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php ...)
	NOT-FOR-US: avatar_uploader
CVE-2018-9204
	RESERVED
CVE-2018-9203
	RESERVED
CVE-2018-9202
	RESERVED
CVE-2018-9201
	RESERVED
CVE-2018-9200
	RESERVED
CVE-2018-9199
	RESERVED
CVE-2018-9198
	RESERVED
CVE-2018-9197
	RESERVED
CVE-2018-9196
	RESERVED
CVE-2018-9195 (Use of a hardcoded cryptographic key in the FortiGuard services commun ...)
	NOT-FOR-US: FortiGuard
CVE-2018-9194 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-9193 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2018-9192 (A plaintext recovery of encrypted messages or a Man-in-the-middle (MiT ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2018-9191 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2018-9190 (A null pointer dereference vulnerability in Fortinet FortiClientWindow ...)
	NOT-FOR-US: Fortinet
CVE-2018-9189
	RESERVED
CVE-2018-9188
	RESERVED
CVE-2018-9187
	RESERVED
CVE-2018-9186 (A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthentica ...)
	NOT-FOR-US: Fortinet
CVE-2018-9185 (An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and  ...)
	NOT-FOR-US: Fortinet
CVE-2018-9184
	RESERVED
CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. ...)
	NOT-FOR-US: Joomla addon
CVE-2018-9182 (Twonky Server before 8.5.1 has XSS via a modified "language" parameter ...)
	NOT-FOR-US: Twonky Server
CVE-2018-9181
	RESERVED
CVE-2018-9180
	RESERVED
CVE-2018-9179
	RESERVED
CVE-2018-9178
	RESERVED
CVE-2018-9177 (Twonky Server before 8.5.1 has XSS via a folder name on the Shared Fol ...)
	NOT-FOR-US: Twonky Server
CVE-2018-9176
	RESERVED
CVE-2018-9175 (DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via  ...)
	NOT-FOR-US: DedeCMS
CVE-2018-9174 (sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arb ...)
	NOT-FOR-US: DedeCMS
CVE-2018-9173 (Cross-site scripting (XSS) vulnerability in admin/template/js/uploadif ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-9172 (The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9171
	RESERVED
CVE-2018-9170
	RESERVED
CVE-2018-9169 (Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit. ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-9168
	RESERVED
CVE-2018-9167
	RESERVED
CVE-2018-9166
	RESERVED
CVE-2018-9165 (The pushdup function in util/decompile.c in libming through 0.4.8 does ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/121
CVE-2018-9164
	RESERVED
CVE-2018-9163 (A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
	NOT-FOR-US: Zoho
CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication for new_u ...)
	NOT-FOR-US: Contec Smart Home
CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers ...)
	NOT-FOR-US: Prisma Industriale Checkweigher PrismaWEB
CVE-2018-9160 (SickRage before v2018.03.09-1 includes cleartext credentials in HTTP r ...)
	NOT-FOR-US: SickRage
CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended static fi ...)
	NOT-FOR-US: Spark Java framework (unrelated to src:spark)
CVE-2018-9158 (An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5 ...)
	NOT-FOR-US: AXIS
CVE-2018-9157 (** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) Fir ...)
	NOT-FOR-US: AXIS
CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) Firmw ...)
	NOT-FOR-US: AXIS
CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2. ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot in libj ...)
	- jasper <removed> (unimportant)
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-9152
	RESERVED
CVE-2018-9151 (A NULL pointer dereference bug in the function ObReferenceObjectByHand ...)
	NOT-FOR-US: Kingsoft Internet Security
CVE-2018-9150
	RESERVED
CVE-2018-9149 (The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a s ...)
	NOT-FOR-US: Zyxel
CVE-2018-9148 (Western Digital WD My Cloud v04.05.00-320 devices embed the session to ...)
	NOT-FOR-US: Western Digital WD My Cloud
CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage ...)
	NOT-FOR-US: Gespage
CVE-2018-9146
	REJECTED
CVE-2018-9145 (In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issu ...)
	- exiv2 <not-affected> (Vulnerable code introduced later; only affected experimental; bug #910909)
	NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
	NOTE: https://github.com/Exiv2/exiv2/pull/470
	NOTE: Fixed with: https://github.com/Exiv2/exiv2/commit/c03f73268f65c73f9d3d7b670f13e48e92692750
	NOTE: Issue introduced after https://github.com/Exiv2/exiv2/commit/163f3ce7f17a143f58d857a5cba3cb7b24436a2a
CVE-2018-9144 (In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::bina ...)
	- exiv2 0.27.2-6 (low)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Exiv2/exiv2/issues/254
	NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
	NOTE: https://github.com/Exiv2/exiv2/pull/180 intends to fix this
CVE-2018-9143 (On Samsung mobile devices with M(6.0) and N(7.x) software, a heap over ...)
	NOT-FOR-US: Samsung
CVE-2018-9142 (On Samsung mobile devices with N(7.x) software, attackers can install  ...)
	NOT-FOR-US: Samsung
CVE-2018-9141 (On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Ga ...)
	NOT-FOR-US: Samsung
CVE-2018-9140 (On Samsung mobile devices with M(6.0) software, the Email application  ...)
	NOT-FOR-US: Samsung
CVE-2018-9139 (On Samsung mobile devices with N(7.x) software, a buffer overflow in t ...)
	NOT-FOR-US: Samsung
CVE-2018-9138 (An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...)
	- binutils 2.32.51.20190707-1 (unimportant)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23008
	NOTE: binutils not covered by security support
CVE-2018-9137 (Open-AudIT before 2.2 has CSV Injection. ...)
	NOT-FOR-US: Open-AudIT
CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attacker ...)
	NOT-FOR-US: Jungo
CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...)
	- imagemagick 8:6.9.10.8+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1009
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/361ed689cc8e56fd125f9d0d6508e9eb303bdca6
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4f7196b0b7539b113f2580b6a77aa496813d8899
	NOTE: webp support not enabled, see #806425
CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename acti ...)
	NOT-FOR-US: DedeCMS
CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
	{DLA-2333-1}
	[experimental] - imagemagick 8:6.9.10.2+dfsg-1
	- imagemagick 8:6.9.10.2+dfsg-2 (low; bug #894848)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1072
	NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/089fca04e0130549fa15f48ace3f56e30a06049a
	NOTE: IM7: https://github.com/ImageMagick/ImageMagick/commit/19b96ba61431914e2ac316b72c0789965f2b7c09
CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/133
CVE-2018-9131
	REJECTED
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
	NOT-FOR-US: IBOS
CVE-2018-9129 (ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in ...)
	NOT-FOR-US: ZyXEL ZyWALL/USG series devices
CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf ...)
	NOT-FOR-US: DVD X Player Standard
CVE-2018-9127 (Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certi ...)
	- botan 2.4.0-5 (bug #894648)
CVE-2018-9126 (The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote a ...)
	NOT-FOR-US: DNN
CVE-2018-9125
	RESERVED
CVE-2018-9124
	RESERVED
CVE-2018-9123 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User ...)
	NOT-FOR-US: Crea8social
CVE-2018-9122 (In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the ...)
	NOT-FOR-US: Crea8social
CVE-2018-9121 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post ...)
	NOT-FOR-US: Crea8social
CVE-2018-9120 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post ...)
	NOT-FOR-US: Crea8social
CVE-2018-9119 (An attacker with physical access to a BrilliantTS FUZE card (MCU firmw ...)
	NOT-FOR-US: BrilliantTS FUZE card
CVE-2018-9118 (exports/download.php in the 99 Robots WP Background Takeover Advertise ...)
	NOT-FOR-US: 99 Robots WP Background Takeover Advertisements plugin for WordPress
CVE-2018-9117 (WireMock before 2.16.0 contains a vulnerability that allows a remote u ...)
	NOT-FOR-US: WireMock
CVE-2018-9116 (An XXE vulnerability within WireMock before 2.16.0 allows a remote una ...)
	NOT-FOR-US: WireMock
CVE-2018-9115 (Systematic SitaWare 6.4 SP2 does not validate input from other sources ...)
	NOT-FOR-US: Systematic SitaWare
CVE-2018-9114
	RESERVED
CVE-2018-9113 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows  ...)
	NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
CVE-2018-9112 (A low privileged admin account with a weak default password of admin e ...)
	NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
CVE-2018-9111 (Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_ ...)
	NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
CVE-2018-9110 (Studio 42 elFinder before 2.1.37 has a directory traversal vulnerabili ...)
	NOT-FOR-US: Studio 42 elFinder
CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has a directory traversal vulnerabili ...)
	NOT-FOR-US: Studio 42 elFinder
CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an u ...)
	NOT-FOR-US: QuickAppsCMS
CVE-2018-9107 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
	NOT-FOR-US: Acyba AcyMailing extension for Joomla!
CVE-2018-9106 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists  ...)
	NOT-FOR-US: Acyba AcyMailing extension for Joomla!
CVE-2018-9105 (NordVPN 3.3.10 for macOS suffers from a root privilege escalation vuln ...)
	NOT-FOR-US: NordVPN
CVE-2018-9104 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
	NOT-FOR-US: Mitel
CVE-2018-9103 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
	NOT-FOR-US: Mitel
CVE-2018-9102 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
	NOT-FOR-US: Mitel
CVE-2018-9101 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...)
	NOT-FOR-US: Mitel
CVE-2018-9100
	RESERVED
CVE-2018-9099
	RESERVED
CVE-2018-9098
	RESERVED
CVE-2018-9097
	RESERVED
CVE-2018-9096
	RESERVED
CVE-2018-9095
	RESERVED
CVE-2018-9094
	RESERVED
CVE-2018-9093
	RESERVED
CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 tha ...)
	NOT-FOR-US: MiniCMS
CVE-2018-9091 (A critical vulnerability in the KEMP LoadMaster Operating System (LMOS ...)
	NOT-FOR-US: KEMP LoadMaster Operating System
CVE-2018-9090 (CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Gr ...)
	NOT-FOR-US: CoreOS Tectonic
CVE-2018-9089
	RESERVED
CVE-2018-9088
	RESERVED
CVE-2018-9087
	RESERVED
CVE-2018-9086 (In some Lenovo ThinkServer-branded servers, a command injection vulner ...)
	NOT-FOR-US: Lenovo
CVE-2018-9085 (A write protection lock bit was left unset after boot on an older gene ...)
	NOT-FOR-US: IBM
CVE-2018-9084 (In System Management Module (SMM) versions prior to 1.06, if an attack ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-9083 (In System Management Module (SMM) versions prior to 1.06, the SMM cont ...)
	NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-9082 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9081 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9080 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9079 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9078 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9077 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9076 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9075 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9074 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662  ...)
	NOT-FOR-US: Lenovo
CVE-2018-9073 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes ...)
	NOT-FOR-US: Lenovo Chassis Management Module
CVE-2018-9072 (In versions prior to 5.5, LXCI for VMware allows an authenticated user ...)
	NOT-FOR-US: LXCI (Lenovo XClarity Integrator)
CVE-2018-9071 (Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows u ...)
	NOT-FOR-US: Lenovo Chassis Management Module
CVE-2018-9070 (For the Lenovo Smart Assistant Android app versions earlier than 12.1. ...)
	NOT-FOR-US: Lenovo
CVE-2018-9069 (In some Lenovo IdeaPad consumer notebook models, a race condition in t ...)
	NOT-FOR-US: Lenovo
CVE-2018-9068 (The IMM2 First Failure Data Capture function collects management modul ...)
	NOT-FOR-US: IBM
CVE-2018-9067 (The Lenovo Help Android app versions earlier than 6.1.2.0327 had insuf ...)
	NOT-FOR-US: Lenovo
CVE-2018-9066 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an authe ...)
	NOT-FOR-US: Lenovo xClarity Administrator
CVE-2018-9065 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an attac ...)
	NOT-FOR-US: Lenovo xClarity Administrator
CVE-2018-9064 (In Lenovo xClarity Administrator versions earlier than 2.1.0, an authe ...)
	NOT-FOR-US: Lenovo xClarity Administrator
CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo Sy ...)
	NOT-FOR-US: Lenovo
CVE-2018-9062 (In some Lenovo ThinkPad products, one BIOS region is not properly incl ...)
	NOT-FOR-US: Lenovo
CVE-2018-9061
	RESERVED
CVE-2018-9060
	REJECTED
CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2  ...)
	NOT-FOR-US: Easy File Sharing (EFS)
CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the  ...)
	- lrzip 0.631+git180517-1 (unimportant)
	NOTE: https://github.com/ckolivas/lrzip/issues/93
	NOTE: No security impact
CVE-2018-7600 (Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x be ...)
	{DSA-4156-1 DLA-1325-1}
	- drupal7 7.58-1 (bug #894259)
	NOTE: https://www.drupal.org/sa-core-2018-002
	NOTE: https://groups.drupal.org/security/faq-2018-002
	NOTE: https://www.drupal.org/psa-2018-001
	NOTE: Drupal 7.x Patch: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5
CVE-2018-9057 (aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform  ...)
	NOT-FOR-US: HashiCorp Terraform Amazon Web Services
CVE-2018-9056 (Systems with microprocessors utilizing speculative execution may allow ...)
	NOTE: Hardware side channel attack
	NOTE: http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf
CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable assertion in th ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/172
	NOTE: Negligible impact
CVE-2018-9054 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9053 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9052 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9051 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9050 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9049 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9048 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9047 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9046 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9045 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9044 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9043 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9042 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-9038 (Monstra CMS 3.0.4 allows remote attackers to delete files via an admin ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-9037 (Monstra CMS 3.0.4 allows remote code execution via an upload_file requ ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-9036 (CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Dis ...)
	NOT-FOR-US: CheckSec Canopy
CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9034 (Cross-site scripting (XSS) vulnerability in lib/interface.php of the R ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9033
	RESERVED
CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1 ...)
	NOT-FOR-US: D-Link
CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x devices prov ...)
	NOT-FOR-US: TNLSoftSolutions Sentry Vision 3.x devices
CVE-2018-9030
	RESERVED
CVE-2018-9029 (An improper input validation vulnerability in CA Privileged Access Man ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9028 (Weak cryptography used for passwords in CA Privileged Access Manager 2 ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9027 (A reflected cross-site scripting vulnerability in CA Privileged Access ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9026 (A session fixation vulnerability in CA Privileged Access Manager 2.x a ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9025 (An input validation vulnerability in CA Privileged Access Manager 2.x  ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9024 (An improper authentication vulnerability in CA Privileged Access Manag ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9023 (An input validation vulnerability in CA Privileged Access Manager 2.x  ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9022 (An authentication bypass vulnerability in CA Privileged Access Manager ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9021 (An authentication bypass vulnerability in CA Privileged Access Manager ...)
	NOT-FOR-US: CA Privileged Access Manager
CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9019 (SQL Injection vulnerability in Dolibarr before version 7.0.2 allows re ...)
	- dolibarr <removed>
	NOTE: https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739
CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImag ...)
	{DSA-4321-1 DLA-1456-1 DLA-1322-1}
	- graphicsmagick 1.3.28-2 (bug #894396)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee
CVE-2018-9017 (dsmall v20180320 allows XSS via the member search box at the public/in ...)
	NOT-FOR-US: dsmall
CVE-2018-9016 (dsmall v20180320 allows XSS via the main page search box at the public ...)
	NOT-FOR-US: dsmall
CVE-2018-9015 (dsmall v20180320 allows XSS via the public/index.php/home/predeposit/i ...)
	NOT-FOR-US: dsmall
CVE-2018-9014 (dsmall v20180320 allows physical path leakage via a public/index.php/h ...)
	NOT-FOR-US: dsmall
CVE-2018-9013
	RESERVED
CVE-2018-9012
	RESERVED
CVE-2018-9011
	RESERVED
CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote  ...)
	NOT-FOR-US: Intelbras
CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the decompileJUMP funct ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/131
CVE-2018-9008
	RESERVED
CVE-2018-9007 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9006 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9005 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9004 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9003 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9002 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9001 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9000 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-8999 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_wi ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-8998 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_x8 ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-8997 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8996 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8995 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8994 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8993 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8992 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8991 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8990 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8989 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8988 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8987
	RESERVED
CVE-2018-8986
	RESERVED
CVE-2018-8985
	RESERVED
CVE-2018-8984
	RESERVED
CVE-2018-8983
	RESERVED
CVE-2018-8982
	RESERVED
CVE-2018-8981
	RESERVED
CVE-2018-8980
	RESERVED
CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a u ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an  ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonm ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental, bug #894179)
	NOTE: https://github.com/Exiv2/exiv2/issues/247
CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial  ...)
	- exiv2 0.27.2-6 (low; bug #903813)
	[buster] - exiv2 <ignored> (Minor issue)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Exiv2/exiv2/issues/246
	NOTE: https://github.com/Exiv2/exiv2/pull/256
CVE-2018-8975 (The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through ...)
	- netpbm-free <not-affected> (Vulnerable code not present)
	NOTE: Debian uses an unaffected fork
CVE-2018-8974 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows  ...)
	NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an article, as de ...)
	NOT-FOR-US: OTCMS
CVE-2018-8972 (Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in ...)
	NOT-FOR-US: Creditwest Bank CMS Project (aka CWCMS)
CVE-2018-8970 (The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c ...)
	- libressl <itp> (bug #754513)
CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php allows rem ...)
	NOT-FOR-US: zzcms
CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows remote at ...)
	NOT-FOR-US: zzcms
CVE-2018-8967 (An issue was discovered in zzcms 8.2. It allows SQL injection via the  ...)
	NOT-FOR-US: zzcms
CVE-2018-8966 (An issue was discovered in zzcms 8.2. It allows PHP code injection via ...)
	NOT-FOR-US: zzcms
CVE-2018-8965 (An issue was discovered in zzcms 8.2. user/ppsave.php allows remote at ...)
	NOT-FOR-US: zzcms
CVE-2018-8964 (In libming 0.4.8, the decompileDELETE function of decompile.c has a us ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8963 (In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8962 (In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function o ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8961 (In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8960 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q1 ...)
	{DLA-2333-1}
	- imagemagick 8:6.9.9.39+dfsg-1 (low)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1020
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/23f6beef78cfe806cabc090a015e73557d60788e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7c0b29f621ebcce1a35c0e6c1992c9043b3bb1bd
CVE-2018-8959
	RESERVED
CVE-2018-8958
	RESERVED
CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...)
	NOT-FOR-US: CoverCMS
CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...)
	- ntp 1:4.2.8p14+dfsg-1 (low)
	[buster] - ntp <ignored> (Minor issue)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <postponed> (Minor issue, requires being part of same broadcast network, no patch)
	- ntpsec <not-affected> (Broadcast mode not present, see #961748)
	NOTE: https://arxiv.org/abs/2005.01783
	NOTE: https://nikhiltripathi.in/NTP_attack.pdf
	NOTE: https://tools.ietf.org/html/rfc5905
CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded string  ...)
	NOT-FOR-US: BitDefender GravityZone
CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...)
	NOT-FOR-US: CA Workload Control Center
CVE-2018-8953 (CA Workload Automation AE before r11.3.6 SP7 allows remote attackers t ...)
	NOT-FOR-US: CA Workload Automation AE
CVE-2018-8952
	RESERVED
CVE-2018-8951
	RESERVED
CVE-2018-8950
	RESERVED
CVE-2018-8949 (An issue was discovered in app/Model/Attribute.php in MISP before 2.4. ...)
	NOT-FOR-US: MISP
CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has mul ...)
	NOT-FOR-US: MISP
CVE-2018-8947 (rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encodin ...)
	NOT-FOR-US: rap2hpoutre Laravel Log Viewer
CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Access Cont ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/124
CVE-2018-1000140 (rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow  ...)
	{DSA-4151-1}
	- librelp 1.2.15-1
	[wheezy] - librelp <not-affected> (vulnerable code not present)
	NOTE: https://www.rsyslog.com/cve-2018-1000140/
	NOTE: Fixed by: https://github.com/rsyslog/librelp/commit/2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf
CVE-2018-1000139 (I, Librarian version 4.8 and earlier contains a Cross Site Scripting ( ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/119
CVE-2018-1000138 (I, Librarian version 4.8 and earlier contains a SSRF vulnerability in  ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/120
CVE-2018-1000137 (I, Librarian version 4.8 and earlier contains a Cross site Request For ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/121
CVE-2018-8971 (The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, a ...)
	{DSA-4206-1}
	- gitlab 10.5.6+dfsg-1 (bug #893905)
	NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8946
	RESERVED
CVE-2018-8945 (The bfd_section_from_shdr function in elf.c in the Binary File Descrip ...)
	- binutils 2.30.90.20180627-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22809
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=95a6d23566165208853a68d9cd3c6eedca840ec6
CVE-2018-8944 (PHPOK 4.8.338 has an arbitrary file upload vulnerability. ...)
	NOT-FOR-US: PHPOK
CVE-2018-8943 (There is a SQL injection in the PHPSHE 1.6 userbank parameter. ...)
	NOT-FOR-US: PHPSE
CVE-2018-8942 (Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. ...)
	NOT-FOR-US: Xiuno BBS
CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmware EU  ...)
	NOT-FOR-US: D-Link
CVE-2018-8940 (ClientServiceConfigController.cs in Enghouse Cloud Contact Center Plat ...)
	NOT-FOR-US: Enghouse Cloud Contact Center Platform
CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold bef ...)
	NOT-FOR-US: Ipswitch
CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswi ...)
	NOT-FOR-US: Ipswitch
CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is possible ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chip ...)
	NOT-FOR-US: AMD
CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms,  ...)
	NOT-FOR-US: AMD
CVE-2018-8934 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms,  ...)
	NOT-FOR-US: AMD
CVE-2018-8933 (The AMD EPYC Server processor chips have insufficient access control f ...)
	NOT-FOR-US: AMD
CVE-2018-8932 (The AMD Ryzen and Ryzen Pro processor chips have insufficient access c ...)
	NOT-FOR-US: AMD
CVE-2018-8931 (The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insuff ...)
	NOT-FOR-US: AMD
CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chip ...)
	NOT-FOR-US: AMD
CVE-2018-8929 (Improper restriction of communication channel to intended endpoints vu ...)
	NOT-FOR-US: Synology
CVE-2018-8928 (Cross-site scripting (XSS) vulnerability in Address Book Editor in Syn ...)
	NOT-FOR-US: Synology
CVE-2018-8927 (Improper authorization vulnerability in SYNO.Cal.Event in Calendar bef ...)
	NOT-FOR-US: Synology
CVE-2018-8926 (Permissive regular expression vulnerability in synophoto_dsm_user in S ...)
	NOT-FOR-US: Synology
CVE-2018-8925 (Cross-site request forgery (CSRF) vulnerability in admin/user.php in S ...)
	NOT-FOR-US: Synology
CVE-2018-8924 (Cross-site scripting (XSS) vulnerability in Title Tootip in Synology O ...)
	NOT-FOR-US: Synology
CVE-2018-8923 (Cross-site scripting (XSS) vulnerability in Attachment Preview in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-8922 (Improper access control vulnerability in Synology Drive before 1.0.2-1 ...)
	NOT-FOR-US: Synology Drive
CVE-2018-8921 (Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast  ...)
	NOT-FOR-US: Synology Drive
CVE-2018-8920 (Improper neutralization of escape vulnerability in Log Exporter in Syn ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2018-8919 (Information exposure vulnerability in SYNO.Core.Desktop.SessionData in ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2018-8918 (Cross-site scripting (XSS) vulnerability in info.cgi in Synology Route ...)
	NOT-FOR-US: Synology Router Manager
CVE-2018-8917 (Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskS ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2018-8916 (Unverified password change vulnerability in Change Password in Synolog ...)
	NOT-FOR-US: Synology
CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center in Syn ...)
	NOT-FOR-US: Synology
CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media Server befor ...)
	NOT-FOR-US: Synology Media Server
CVE-2018-8913 (Missing custom error page vulnerability in Synology Web Station before ...)
	NOT-FOR-US: Synology
CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in S ...)
	NOT-FOR-US: Synology Note Station
CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview in Syno ...)
	NOT-FOR-US: Synology Note Station
CVE-2018-8910 (Cross-site scripting (XSS) vulnerability in Attachment Preview in Syno ...)
	NOT-FOR-US: Synology
CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...)
	NOT-FOR-US: Wire application for Android
CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The ap ...)
	NOT-FOR-US: Frog CMS
CVE-2018-8907
	RESERVED
CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to public/index. ...)
	NOT-FOR-US: dsmall
CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function  ...)
	{DSA-4349-1 DLA-1411-1 DLA-1378-1 DLA-1377-1}
	- tiff 4.0.9-6 (bug #893806)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780
	NOTE: https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...)
	NOT-FOR-US: Windows Optimization Master
CVE-2018-8903 (Open-AudIT Professional 2.1 allows XSS via the Name or Description fie ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8902 (An issue was discovered in Ivanti Avalanche for all versions between 5 ...)
	NOT-FOR-US: Ivanti
CVE-2018-8901 (An issue was discovered in Ivanti Avalanche for all versions between 5 ...)
	NOT-FOR-US: Ivanti
CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentinel LD ...)
	NOT-FOR-US: HASP SRM
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 d ...)
	NOT-FOR-US: IdentityServer
CVE-2018-8898 (A flaw in the authentication mechanism in the Login Panel of router D- ...)
	NOT-FOR-US: D-Link
CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32  ...)
	{DSA-4201-1 DSA-4196-1 DLA-1577-1 DLA-1392-1 DLA-1383-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
	NOTE: https://xenbits.xen.org/xsa/advisory-260.html
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/08/4
CVE-2018-8896 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows  ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the abi ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-8892 (A cross-site request forgery (CSRF) vulnerability in the Management Co ...)
	NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8891 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Mana ...)
	NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8890 (An information disclosure vulnerability in the Management Console of B ...)
	NOT-FOR-US: BlackBerry
CVE-2018-8889 (A directory traversal vulnerability in the Connect Service of the Blac ...)
	NOT-FOR-US: BlackBerry
CVE-2018-8888 (A stored cross-site scripting (XSS) vulnerability in the Management Co ...)
	NOT-FOR-US: Management Console of BlackBerry UEM
CVE-2018-8887
	RESERVED
CVE-2018-8886
	RESERVED
CVE-2018-8885 (screenresolution-mechanism in screen-resolution-extra 0.17.2 does not  ...)
	NOT-FOR-US: screen-resolution-extra
CVE-2018-1000136 (Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0 ...)
	- electron <itp> (bug #842420)
CVE-2018-8884
	RESERVED
CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the pars ...)
	- nasm 2.14-1 (low; bug #894847)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392447
	NOTE: https://github.com/netwide-assembler/nasm/commit/3c755dac88039b718d52ef56e8f74b5f65f3b55b
CVE-2018-8882 (Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-rea ...)
	- nasm 2.14-1 (low; bug #894846)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392445
	NOTE: https://github.com/netwide-assembler/nasm/commit/c7c28357c85fb0bf4105419195bc204aea0fef35
CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read  ...)
	- nasm 2.13.02-0.1 (low)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446
	NOTE: https://github.com/netwide-assembler/nasm/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3)
CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check ...)
	NOT-FOR-US: Lutron Quantum BACnet Integration
CVE-2018-8879 (Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS device ...)
	NOT-FOR-US: ASUS
CVE-2018-8878 (Information disclosure in Asuswrt-Merlin firmware for ASUS devices old ...)
	NOT-FOR-US: ASUS
CVE-2018-8877 (Information disclosure in Asuswrt-Merlin firmware for ASUS devices old ...)
	NOT-FOR-US: ASUS
CVE-2018-8876 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8875 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8874 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows loc ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allo ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8872 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions  ...)
	NOT-FOR-US: Schneider
CVE-2018-8871 (In Delta Electronics Automation TPEditor version 1.89 or prior, parsin ...)
	NOT-FOR-US: Delta Electronics Automation TPEditor
CVE-2018-8870 (Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all ve ...)
	NOT-FOR-US: Medtronic
CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for a ...)
	NOT-FOR-US: Lantech
CVE-2018-8868 (Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all ve ...)
	NOT-FOR-US: Medtronic
CVE-2018-8867 (In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 v ...)
	NOT-FOR-US: GE PACSystems
CVE-2018-8866 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an ad ...)
	NOT-FOR-US: Vecna VGo Robot
CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulne ...)
	NOT-FOR-US: Lantech
CVE-2018-8864 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MH ...)
	NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
CVE-2018-8863
	RESERVED
CVE-2018-8862 (In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MH ...)
	NOT-FOR-US: ATI Systems Emergency Mass Notification Systems devices
CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environment (Br ...)
	NOT-FOR-US: Philips Brilliance
CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be a ...)
	NOT-FOR-US: Vecna VGo Robot
CVE-2018-8859 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
	NOT-FOR-US: Echelon
CVE-2018-8858 (If an attacker has access to the firmware from the VGo Robot (Versions ...)
	NOT-FOR-US: VGo Robot
CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, ...)
	NOT-FOR-US: Philips Brilliance
CVE-2018-8856 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8855 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
	NOT-FOR-US: Echelon
CVE-2018-8854 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8853 (Philips Brilliance CT devices operate user functions from within a con ...)
	NOT-FOR-US: Philips Brilliance
CVE-2018-8852 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Whe ...)
	NOT-FOR-US: Philips
CVE-2018-8851 (Echelon SmartServer 1 all versions, SmartServer 2 all versions prior t ...)
	NOT-FOR-US: Echelon
CVE-2018-8850 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Progra ...)
	NOT-FOR-US: Medtronic
CVE-2018-8848 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8847 (Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer  ...)
	NOT-FOR-US: Eaton
CVE-2018-8846 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-8844 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8843 (Rockwell Automation Arena versions 15.10.00 and prior contains a use a ...)
	NOT-FOR-US: Rockwell
CVE-2018-8842 (Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The ...)
	NOT-FOR-US: Philips
CVE-2018-8841 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-8840 (A remote attacker could send a carefully crafted packet in InduSoft We ...)
	NOT-FOR-US: InduSoft
CVE-2018-8839 (Delta PMSoft versions 2.10 and prior have multiple stack-based buffer  ...)
	NOT-FOR-US: Delta PMSoft
CVE-2018-8838 (A weakness in access controls in CENTUM CS 1000 all versions, CENTUM C ...)
	NOT-FOR-US: CENTUM
CVE-2018-8837 (Processing specially crafted .pm3 files in Advantech WebAccess HMI Des ...)
	NOT-FOR-US: Advantech
CVE-2018-8836 (Wago 750 Series PLCs with firmware version 10 and prior include a remo ...)
	NOT-FOR-US: Wago 750 Series PLCs
CVE-2018-8835 (Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7. ...)
	NOT-FOR-US: Advantech
CVE-2018-8834 (Parsing malformed project files in Omron CX-One versions 4.42 and prio ...)
	NOT-FOR-US: Omron
CVE-2018-8833 (Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI  ...)
	NOT-FOR-US: Advantech
CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable JavaScr ...)
	NOT-FOR-US: enhavo
CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through  ...)
	- kodi <not-affected> (Chorus not included in Kodi as shipped in Debian)
	- xbmc <removed>
	[jessie] - xbmc <no-dsa> (Minor issue)
	[wheezy] - xbmc <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/Apr/36
	NOTE: https://trac.kodi.tv/ticket/17814
	NOTE: Fixed in v18
CVE-2018-8830
	RESERVED
CVE-2018-8829
	RESERVED
CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x ...)
	{DSA-4148-1}
	- kamailio 5.1.2-1
	NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
	NOTE: https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
CVE-2018-8827 (The admin web interface on Technicolor MediaAccess TG789vac v2 HP devi ...)
	NOT-FOR-US: Technicolor
CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 ...)
	NOT-FOR-US: ASUS routers
CVE-2018-8825 (Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The i ...)
	- tensorflow <itp> (bug #804612)
CVE-2018-8824 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horiz ...)
	NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horiz ...)
	NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel function in fs ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and earlier contains a Information ...)
	[experimental] - network-manager 1.11.4-1
	- network-manager 1.12.0-2 (bug #895658)
	[stretch] - network-manager <no-dsa> (Minor issue)
	[jessie] - network-manager <no-dsa> (Minor issue)
	[wheezy] - network-manager <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=746422
	NOTE: https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=bg/dns-bgo746422
	NOTE: Merge: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d9782589248e61c0cb5aec90e3eb62612891116b
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553634
CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attacker ...)
	NOT-FOR-US: windrvr1260.sys in Jungo DriverWizard WinDriver
CVE-2018-8820 (An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQ ...)
	NOT-FOR-US: Square 9
CVE-2018-8819 (An XXE issue was discovered in Automated Logic Corporation (ALC) WebCT ...)
	NOT-FOR-US: Automated Logic Corporation (ALC) WebCTRL
CVE-2018-8818
	RESERVED
CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...)
	NOT-FOR-US: Wampserver
CVE-2018-8816
	RESERVED
CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in Al ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2018-8814 (Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 all ...)
	NOT-FOR-US: WolfCMS
CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter login fun ...)
	NOT-FOR-US: WolfCMS
CVE-2018-8812
	REJECTED
CVE-2018-8811 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in syst ...)
	NOT-FOR-US: OpenCMS
CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the get_iv ...)
	- radare2 2.6.0+dfsg-1 (bug #895749)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/issues/9727
	NOTE: https://github.com/radare/radare2/commit/06c9903be9a1ca46b74571d49027bee2168fbd69
CVE-2018-8809 (In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik ...)
	- radare2 2.6.0+dfsg-1 (low; bug #895751)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (minor issue, likely not even affected)
	NOTE: https://github.com/radare/radare2/issues/9726
	NOTE: https://github.com/radare/radare2/commit/24282de142000d2ed2c19783b40a1351872dfc54
CVE-2018-8808 (In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_ ...)
	- radare2 2.6.0+dfsg-1 (low; bug #895752)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (minor issue, likely not even affected)
	NOTE: https://github.com/radare/radare2/issues/9725
	NOTE: https://github.com/radare/radare2/commit/a88069940950999d5e2fd16cd7d16c7e956bf516
CVE-2018-8807 (In libming 0.4.8, these is a use-after-free in the function decompileC ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/129
CVE-2018-8806 (In libming 0.4.8, there is a use-after-free in the decompileArithmetic ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/128
CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via the c ...)
	NOT-FOR-US: Yxcms
CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remot ...)
	{DLA-2333-1}
	- imagemagick 8:6.9.9.39+dfsg-1 (low)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f55d3a622d234e940fb99325b92c6d3df578fa9b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6355db269e03f879c516cf9d592c72e157bc75d6
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1025
CVE-2018-8803
	RESERVED
CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal  Ma ...)
	NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...)
	- gitlab 10.5.6+dfsg-1 (bug #893905)
	NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8800 (rdesktop versions up to and including v1.8.3 contain a Heap-Based Buff ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8799 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8798 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8797 (rdesktop versions up to and including v1.8.3 contain a Heap-Based Buff ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8796 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8795 (rdesktop versions up to and including v1.8.3 contain an Integer Overfl ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8794 (rdesktop versions up to and including v1.8.3 contain an Integer Overfl ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8793 (rdesktop versions up to and including v1.8.3 contain a Heap-Based Buff ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8792 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8791 (rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds  ...)
	{DSA-4394-1 DLA-1683-1}
	- rdesktop 1.8.4-1
	NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4)
CVE-2018-8790 (Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF se ...)
	NOT-FOR-US: Check Point ZoneAlarm
CVE-2018-8789 (FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Read ...)
	{DLA-1666-1}
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6
CVE-2018-8788 (FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of  ...)
	{DLA-1666-1}
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
CVE-2018-8787 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that l ...)
	{DLA-1666-1}
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
CVE-2018-8786 (FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that ...)
	{DLA-1666-1}
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
CVE-2018-8785 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overfl ...)
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
	[jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d
CVE-2018-8784 (FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overfl ...)
	- freerdp2 2.0.0~git20181120.1.e21b72c95+dfsg1-1
	- freerdp <removed>
	[stretch] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
	[jessie] - freerdp <not-affected> (Vulnerable code not present, zgfx not yet supported)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/17c363a5162fd4dc77b1df54e48d7bd9bf6b3be7
CVE-2018-8783
	RESERVED
CVE-2018-8782
	RESERVED
CVE-2018-8781 (The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux  ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: https://patchwork.freedesktop.org/patch/211845/
	NOTE: Fixed by: https://git.kernel.org/linus/3b82a4db8eaccce735dffd50b4d4e1578099b8e8
CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
	NOTE: https://hackerone.com/reports/302338
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10)
CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
	NOTE: https://hackerone.com/reports/302997
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/8794dec6a5f11adc5cdd19a5ee91ea6b0816763f
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10)
	NOTE: ruby1.8: test examples from hackerone doesn't work. ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though.
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
	NOTE: https://hackerone.com/reports/298246
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10)
CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x b ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
CVE-2018-XXXX [Multiple vulnerabilities in CiviCRM]
	- civicrm 4.7.30+dfsg-1 (bug #887330)
	NOTE: https://civicrm.org/blog/dev-team/security-release-civicrm-4726-and-4633-monthly-release-4727
CVE-2018-8776
	RESERVED
CVE-2018-8775
	RESERVED
CVE-2018-8774
	RESERVED
CVE-2018-8773
	RESERVED
CVE-2018-8772 (Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on t ...)
	NOT-FOR-US: Coship RT3052 4.0.0.48 devices
CVE-2018-8771
	RESERVED
CVE-2018-8770 (Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via g ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-8769 (elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name func ...)
	- elfutils <not-affected> (Issue introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22976
	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q1/msg00078.html
	NOTE: Issue introduced with a merge/update of elf.h from glibc in
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=88f3d2daa107b09fdba376a82bce7ed534c93645
	NOTE: when SYMTAB_SHNDX was introduced, but not yet handled in the
	NOTE: ebl_dynamic_tag_name function.
CVE-2018-8767 (joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&amp;ta ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-8766 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-8765 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allo ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8764 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 plac ...)
	- ldap-account-manager 6.3-1
	[stretch] - ldap-account-manager 5.5-1+deb9u1
	[jessie] - ldap-account-manager <not-affected> (Issue introduced later)
	[wheezy] - ldap-account-manager <not-affected> (Issue introduced later)
	NOTE: https://www.ldap-account-manager.org/lamcms/node/354
	NOTE: https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688
CVE-2018-8763 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has  ...)
	{DSA-4165-1 DLA-1342-1}
	- ldap-account-manager 6.3-1
	NOTE: https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302
	NOTE: https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c
	NOTE: https://github.com/LDAPAccountManager/lam/commit/d4f0d6db966af4dd7d83c978125635f03895b81a
	NOTE: https://www.ldap-account-manager.org/lamcms/node/354
CVE-2018-8762
	RESERVED
CVE-2018-8761 (protected\apps\member\controller\shopcarController.php in Yxcms buildi ...)
	NOT-FOR-US: Yxcms
CVE-2018-8760
	RESERVED
CVE-2018-8759
	RESERVED
CVE-2018-8758
	RESERVED
CVE-2018-8757
	RESERVED
CVE-2018-8756 (Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7. ...)
	NOT-FOR-US: YzmCMS
CVE-2018-8755 (NuCom WR644GACV devices before STA006 allow an attacker to download th ...)
	NOT-FOR-US: NuCom
CVE-2018-8754 (** DISPUTED ** The libevt_record_values_read_event() function in libev ...)
	{DSA-4160-1}
	- libevt 20180317-1 (bug #893431)
	NOTE: https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734
	NOTE: Impact limited to OOB read, not write
CVE-2018-8753 (The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20. ...)
	NOT-FOR-US: Clavister cOS Core
CVE-2018-8752
	RESERVED
CVE-2018-8751
	RESERVED
CVE-2018-8750
	RESERVED
CVE-2018-8749
	RESERVED
CVE-2018-8748
	RESERVED
CVE-2018-8747
	RESERVED
CVE-2018-8746
	RESERVED
CVE-2018-8745
	RESERVED
CVE-2018-8744
	RESERVED
CVE-2018-8743
	RESERVED
CVE-2018-8742
	RESERVED
CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file c ...)
	{DLA-2432-1}
	- jupyter-notebook 5.4.1-1 (bug #893436)
	- ipython 5.1.0-2
	[jessie] - ipython <no-dsa> (Minor issue)
	[wheezy] - ipython <ignored> (Too invasive to fix)
	NOTE: After the reupload of ipython to Debian as 4.1.2-1 via experimental
	NOTE: src:ipython does not provide anymore the Notebook
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/15/2
	NOTE: Fixed by: https://github.com/jupyter/notebook/commit/4e79ebb49acac722b37b03f1fe811e67590d3831
	NOTE: Ipython in Wheezy lacks sanitization of untrusted HTML completely
	NOTE: which means in theory this CVE does not apply. However due to the absence of
	NOTE: sanitization it is recommended not to use Ipython's notebook with untrusted
	NOTE: content. This issue is no-dsa because it cannot be determined if Ipython
	NOTE: in Wheezy is still affected, a fix appears to be to intrusive though. We recommend to
	NOTE: upgrade to a newer version instead.
CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an authentica ...)
	{DSA-4168-1 DLA-1344-1}
	- squirrelmail <removed> (bug #893202)
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/17/2
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
	NOTE: https://sourceforge.net/p/squirrelmail/code/14751/
CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a  ...)
	{DLA-2340-1 DLA-1633-1}
	- sqlite3 3.22.0-2 (bug #893195)
	[wheezy] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
	NOTE: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964
CVE-2018-8739 (VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation ...)
	NOT-FOR-US: VPN Unlimited
CVE-2018-1000134 (UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c ...)
	NOT-FOR-US: UnboundID LDAP SDK
CVE-2018-1000133 (Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management  ...)
	NOT-FOR-US: Pitchfork
CVE-2018-8738 (Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. ...)
	NOT-FOR-US: Airties
CVE-2018-8737 (Bookme Control Panel 2.0 Application is vulnerable to stored XSS withi ...)
	NOT-FOR-US: Bookme Control Panel Application
CVE-2018-8736 (A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x  ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8735 (Remote command execution (RCE) vulnerability in Nagios XI 5.2.x throug ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8734 (SQL injection vulnerability in the core config manager in Nagios XI 5. ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8733 (Authentication bypass vulnerability in the core config manager in Nagi ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8732 (Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows re ...)
	NOT-FOR-US: WampServer
CVE-2018-8731
	RESERVED
CVE-2018-8730
	RESERVED
CVE-2018-8729 (Multiple cross-site scripting (XSS) vulnerabilities in the Activity Lo ...)
	NOT-FOR-US: Activity Log plugin for WordPress
CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows XSS i ...)
	NOT-FOR-US: Kontena
CVE-2018-8727 (Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earli ...)
	NOT-FOR-US: Path Traversal in Gateway in Mirasys DVMS Workstation
CVE-2018-8726 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buff ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-8725 (K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Bu ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-8724 (K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Inco ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-8723
	RESERVED
CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multip ...)
	NOT-FOR-US: Zoho
CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Store ...)
	NOT-FOR-US: Zoho
CVE-2018-8720 (ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name fie ...)
	NOT-FOR-US: ServiceNow ITSM
CVE-2018-8719 (An issue was discovered in the WP Security Audit Log plugin 3.1.1 for  ...)
	NOT-FOR-US: WP Security Audit Log plugin for WordPress
CVE-2018-8718 (Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1 ...)
	- jenkins-mailer-plugin <removed>
CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-8716 (WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing  ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2018-8715 (The Embedthis HTTP library, and Appweb versions before 7.0.3, have a l ...)
	NOT-FOR-US: Embedthis HTTP library / Appweb
CVE-2018-8714 (Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users ...)
	NOT-FOR-US: Honeywell MatrikonOPC OPC Controller
CVE-2018-8713
	RESERVED
CVE-2018-8712 (An issue was discovered in Webmin 1.840 and 1.880 when the default Yes ...)
	- webmin <removed>
CVE-2018-8711 (A local file inclusion issue was discovered in the WooCommerce Product ...)
	NOT-FOR-US: WooCommerce Products Filter (aka WOOF) plugin for WordPress
CVE-2018-8710 (A remote code execution issue was discovered in the WooCommerce Produc ...)
	NOT-FOR-US: WooCommerce Products Filter (aka WOOF) plugin for WordPress
CVE-2018-8709
	RESERVED
CVE-2018-8708
	RESERVED
CVE-2018-8707
	RESERVED
CVE-2018-8706
	RESERVED
CVE-2018-8705
	RESERVED
CVE-2018-8704
	RESERVED
CVE-2018-8703
	RESERVED
CVE-2018-8702
	RESERVED
CVE-2018-8701
	RESERVED
CVE-2018-8700
	RESERVED
CVE-2018-8699
	RESERVED
CVE-2018-8698
	RESERVED
CVE-2018-8697
	RESERVED
CVE-2018-8696
	RESERVED
CVE-2018-8695
	RESERVED
CVE-2018-8694
	RESERVED
CVE-2018-8693
	RESERVED
CVE-2018-8692
	RESERVED
CVE-2018-8691
	RESERVED
CVE-2018-8690
	RESERVED
CVE-2018-8689
	RESERVED
CVE-2018-8688
	RESERVED
CVE-2018-8687
	RESERVED
CVE-2018-8686
	RESERVED
CVE-2018-8685
	RESERVED
CVE-2018-8684
	RESERVED
CVE-2018-8683
	RESERVED
CVE-2018-8682
	RESERVED
CVE-2018-8681
	RESERVED
CVE-2018-8680
	RESERVED
CVE-2018-8679
	RESERVED
CVE-2018-8678
	RESERVED
CVE-2018-8677
	RESERVED
CVE-2018-8676
	RESERVED
CVE-2018-8675
	RESERVED
CVE-2018-8674
	RESERVED
CVE-2018-8673
	RESERVED
CVE-2018-8672
	RESERVED
CVE-2018-8671
	RESERVED
CVE-2018-8670
	RESERVED
CVE-2018-8669
	RESERVED
CVE-2018-8668
	RESERVED
CVE-2018-8667
	RESERVED
CVE-2018-8666
	RESERVED
CVE-2018-8665
	RESERVED
CVE-2018-8664
	RESERVED
CVE-2018-8663
	RESERVED
CVE-2018-8662
	RESERVED
CVE-2018-8661
	RESERVED
CVE-2018-8660
	RESERVED
CVE-2018-8659
	RESERVED
CVE-2018-8658
	RESERVED
CVE-2018-8657
	RESERVED
CVE-2018-8656
	RESERVED
CVE-2018-8655
	RESERVED
CVE-2018-8654 (An elevation of privilege vulnerability exists in Microsoft Dynamics 3 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8653 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2018-8652 (A Cross-site Scripting (XSS) vulnerability exists when Windows Azure P ...)
	NOT-FOR-US: Windows Azure Pack Rollup
CVE-2018-8651 (A cross site scripting vulnerability exists when Microsoft Dynamics NA ...)
	NOT-FOR-US: Microsoft Dynamics NAV
CVE-2018-8650 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2018-8649 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8648
	RESERVED
CVE-2018-8647
	RESERVED
CVE-2018-8646
	RESERVED
CVE-2018-8645
	RESERVED
CVE-2018-8644
	RESERVED
CVE-2018-8643 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8642
	RESERVED
CVE-2018-8641 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8640
	RESERVED
CVE-2018-8639 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8638 (An information disclosure vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8637 (An information disclosure vulnerability exists in Windows kernel that  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8636 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8635 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8634 (A remote code execution vulnerability exists in Windows where Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8633
	RESERVED
CVE-2018-8632
	RESERVED
CVE-2018-8631 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8630
	RESERVED
CVE-2018-8629 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8628 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8627 (An information disclosure vulnerability exists when Microsoft Excel so ...)
	NOT-FOR-US: Microsoft
CVE-2018-8626 (A remote code execution vulnerability exists in Windows Domain Name Sy ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8625 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8624 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8623
	RESERVED
CVE-2018-8622 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8621 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8620
	RESERVED
CVE-2018-8619 (A remote code execution vulnerability exists when the Internet Explore ...)
	NOT-FOR-US: Microsoft
CVE-2018-8618 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8617 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8616
	RESERVED
CVE-2018-8615
	RESERVED
CVE-2018-8614
	RESERVED
CVE-2018-8613
	RESERVED
CVE-2018-8612 (A Denial Of Service vulnerability exists when Connected User Experienc ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8611 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8610
	RESERVED
CVE-2018-8609 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8608 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8607 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8606 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8605 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8604 (A tampering vulnerability exists when Microsoft Exchange Server fails  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8603
	RESERVED
CVE-2018-8602 (A Cross-site Scripting (XSS) vulnerability exists when Team Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2018-8601
	RESERVED
CVE-2018-8600 (A Cross-site Scripting (XSS) vulnerability exists when Azure App Servi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8599 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8598 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8597 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8596 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8595 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8594
	RESERVED
CVE-2018-8593
	RESERVED
CVE-2018-8592 (An elevation of privilege vulnerability exists in Windows 10 version 1 ...)
	NOT-FOR-US: Microsoft
CVE-2018-8591
	RESERVED
CVE-2018-8590
	RESERVED
CVE-2018-8589 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8588 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8587 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8586
	RESERVED
CVE-2018-8585
	RESERVED
CVE-2018-8584 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8583 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8582 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8581 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...)
	NOT-FOR-US: Microsoft
CVE-2018-8580 (An information disclosure vulnerability exists where certain modes of  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8579 (An information disclosure vulnerability exists when attaching files to ...)
	NOT-FOR-US: Microsoft
CVE-2018-8578 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8577 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8576 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8575 (A remote code execution vulnerability exists in Microsoft Project soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8574 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8573 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2018-8572 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8571
	RESERVED
CVE-2018-8570 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8569 (A remote code execution vulnerability exists in the Yammer desktop app ...)
	NOT-FOR-US: Yammer
CVE-2018-8568 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8567 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...)
	NOT-FOR-US: Microsoft
CVE-2018-8566 (A security feature bypass vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8565 (An information disclosure vulnerability exists when the win32k compone ...)
	NOT-FOR-US: Microsoft
CVE-2018-8564 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
	NOT-FOR-US: Microsoft
CVE-2018-8563 (An information disclosure vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8562 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8561 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8560
	RESERVED
CVE-2018-8559
	RESERVED
CVE-2018-8558 (An information disclosure vulnerability exists when Microsoft Outlook  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8557 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8556 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8555 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8554 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8553 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8552 (An information disclosure vulnerability exists when VBScript improperl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8551 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8550 (An elevation of privilege exists in Windows COM Aggregate Marshaler, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8549 (A security feature bypass exists when Windows incorrectly validates ke ...)
	NOT-FOR-US: Microsoft
CVE-2018-8548
	RESERVED
CVE-2018-8547 (A cross-site-scripting (XSS) vulnerability exists when an open source  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8546 (A denial of service vulnerability exists in Skype for Business, aka "M ...)
	NOT-FOR-US: Microsoft
CVE-2018-8545 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2018-8544 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8543 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8542 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8541 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8540 (A remote code execution vulnerability exists when the Microsoft .NET F ...)
	NOT-FOR-US: Microsoft .NET
CVE-2018-8539 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2018-8538
	RESERVED
CVE-2018-8537
	RESERVED
CVE-2018-8536
	RESERVED
CVE-2018-8535
	RESERVED
CVE-2018-8534
	RESERVED
CVE-2018-8533 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-8532 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-8531 (A remote code execution vulnerability exists in the way that Azure IoT ...)
	NOT-FOR-US: Microsoft
CVE-2018-8530 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8529 (A remote code execution vulnerability exists when Team Foundation Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-8528
	RESERVED
CVE-2018-8527 (An information disclosure vulnerability exists in Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-8526
	RESERVED
CVE-2018-8525
	RESERVED
CVE-2018-8524 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8523
	RESERVED
CVE-2018-8522 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8521
	RESERVED
CVE-2018-8520
	RESERVED
CVE-2018-8519
	RESERVED
CVE-2018-8518 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8517 (A denial of service vulnerability exists when .NET Framework improperl ...)
	NOT-FOR-US: Microsoft .NET
CVE-2018-8516
	RESERVED
CVE-2018-8515
	RESERVED
CVE-2018-8514 (An information disclosure vulnerability exists when Remote Procedure C ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8513 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8512 (A security feature bypass vulnerability exists in Microsoft Edge when  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8511 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8510 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8509 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8508
	RESERVED
CVE-2018-8507
	RESERVED
CVE-2018-8506 (An Information Disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2018-8505 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8504 (A remote code execution vulnerability exists in Microsoft Word softwar ...)
	NOT-FOR-US: Microsoft
CVE-2018-8503 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8502 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8501 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8500 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8499
	RESERVED
CVE-2018-8498 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8497 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8496
	RESERVED
CVE-2018-8495 (A remote code execution vulnerability exists when Windows Shell improp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8494 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8493 (An information disclosure vulnerability exists when the Windows TCP/IP ...)
	NOT-FOR-US: Microsoft
CVE-2018-8492 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8491 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8490 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8489 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8488 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8487
	RESERVED
CVE-2018-8486 (An information disclosure vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8485 (An elevation of privilege vulnerability exists when DirectX improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8484 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8483
	RESERVED
CVE-2018-8482 (An information disclosure vulnerability exists when Windows Media Play ...)
	NOT-FOR-US: Microsoft
CVE-2018-8481 (An information disclosure vulnerability exists when Windows Media Play ...)
	NOT-FOR-US: Microsoft
CVE-2018-8480 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8479 (A spoofing vulnerability exists for the Azure IoT Device Provisioning  ...)
	NOT-FOR-US: Azure
CVE-2018-8478
	RESERVED
CVE-2018-8477 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2018-8476 (A remote code execution vulnerability exists in the way that Windows D ...)
	NOT-FOR-US: Microsoft
CVE-2018-8475 (A remote code execution vulnerability exists when Windows does not pro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8474 (A security feature bypass vulnerability exists when Lync for Mac 2011  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8473 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8472 (An information disclosure vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8471 (An elevation of privilege vulnerability exists in the way that the Mic ...)
	NOT-FOR-US: Microsoft
CVE-2018-8470 (A security feature bypass vulnerability exists in Internet Explorer du ...)
	NOT-FOR-US: Microsoft
CVE-2018-8469 (An elevation of privilege vulnerability exists in Microsoft Edge that  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8468 (An elevation of privilege vulnerability exists when Windows, allowing  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8467 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8466 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8465 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8464 (An remote code execution vulnerability exists when Microsoft Edge PDF  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8463 (An elevation of privilege vulnerability exists in Microsoft Edge that  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8462 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8461 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8460 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8459 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8458
	RESERVED
CVE-2018-8457 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8456 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8455 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8454 (An information disclosure vulnerability exists when Windows Audio Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-8453 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8452 (An information disclosure vulnerability exists when the scripting engi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8451
	RESERVED
CVE-2018-8450 (A remote code execution vulnerability exists when Windows Search handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8449 (A security feature bypass exists when Device Guard incorrectly validat ...)
	NOT-FOR-US: Microsoft
CVE-2018-8448 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8447 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8446 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8445 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8444 (An information disclosure vulnerability exists in the way that the Mic ...)
	NOT-FOR-US: Microsoft
CVE-2018-8443 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8442 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8441 (An elevation of privilege vulnerability exists due to an integer overf ...)
	NOT-FOR-US: Microsoft
CVE-2018-8440 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8439 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8438 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2018-8437 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2018-8436 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2018-8435 (A security feature bypass vulnerability exists when Windows Hyper-V BI ...)
	NOT-FOR-US: Microsoft
CVE-2018-8434 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2018-8433 (An information disclosure vulnerability exists when the Windows Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8432 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8431 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8430 (A remote code execution vulnerability exists in Microsoft Word if a us ...)
	NOT-FOR-US: Microsoft
CVE-2018-8429 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8428 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8427 (An information disclosure vulnerability exists in the way that Microso ...)
	NOT-FOR-US: Microsoft
CVE-2018-8426 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
	NOT-FOR-US: Microsoft
CVE-2018-8425 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
	NOT-FOR-US: Microsoft
CVE-2018-8424 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8423 (A remote code execution vulnerability exists in the Microsoft JET Data ...)
	NOT-FOR-US: Microsoft
CVE-2018-8422 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8421 (A remote code execution vulnerability exists when Microsoft .NET Frame ...)
	NOT-FOR-US: Microsoft
CVE-2018-8420 (A remote code execution vulnerability exists when the Microsoft XML Co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8419 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8418
	RESERVED
CVE-2018-8417 (A security feature bypass vulnerability exists in Microsoft JScript th ...)
	NOT-FOR-US: Microsoft
CVE-2018-8416 (A tampering vulnerability exists when .NET Core improperly handles spe ...)
	NOT-FOR-US: .dotnet CoreFX
CVE-2018-8415 (A tampering vulnerability exists in PowerShell that could allow an att ...)
	NOT-FOR-US: Microsoft
CVE-2018-8414 (A remote code execution vulnerability exists when the Windows Shell do ...)
	NOT-FOR-US: Microsoft
CVE-2018-8413 (A remote code execution vulnerability exists when "Windows Theme API"  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8412 (An elevation of privilege vulnerability exists when the Microsoft Auto ...)
	NOT-FOR-US: Microsoft
CVE-2018-8411 (An elevation of privilege vulnerability exists when NTFS improperly ch ...)
	NOT-FOR-US: Microsoft
CVE-2018-8410 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8409 (A denial of service vulnerability exists when System.IO.Pipelines impr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8408 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8407 (An information disclosure vulnerability exists when "Kernel Remote Pro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8406 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8405 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8404 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8403 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8402
	RESERVED
CVE-2018-8401 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8400 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8399 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8398 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8397 (A remote code execution vulnerability exists in the way that the Windo ...)
	NOT-FOR-US: Microsoft
CVE-2018-8396 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8395
	RESERVED
CVE-2018-8394 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8393 (A buffer overflow vulnerability exists in the Microsoft JET Database E ...)
	NOT-FOR-US: Microsoft
CVE-2018-8392 (A buffer overflow vulnerability exists in the Microsoft JET Database E ...)
	NOT-FOR-US: Microsoft
CVE-2018-8391 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8390 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8389 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8388 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
	NOT-FOR-US: Microsoft
CVE-2018-8387 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8386
	RESERVED
CVE-2018-8385 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8384 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8383 (A spoofing vulnerability exists when Microsoft Edge does not properly  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8382 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8381 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8380 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8379 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8378 (An information disclosure vulnerability exists when Microsoft Office s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8377 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8376 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8375 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8374 (A tampering vulnerability exists when Microsoft Exchange Server fails  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8373 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8372 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8371 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8370 (A information disclosure vulnerability exists when WebAudio Library im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8369
	RESERVED
CVE-2018-8368
	RESERVED
CVE-2018-8367 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8366 (An information disclosure vulnerability exists when the Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2018-8365
	RESERVED
CVE-2018-8364
	RESERVED
CVE-2018-8363
	RESERVED
CVE-2018-8362
	RESERVED
CVE-2018-8361
	RESERVED
CVE-2018-8360 (An information disclosure vulnerability exists in Microsoft .NET Frame ...)
	NOT-FOR-US: Microsoft
CVE-2018-8359 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8358 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8357 (An elevation of privilege vulnerability exists in Microsoft browsers a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8356 (A security feature bypass vulnerability exists when Microsoft .NET Fra ...)
	NOT-FOR-US: Microsoft .NET, doesn't affect src:mono
CVE-2018-8355 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8354 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8353 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8352
	RESERVED
CVE-2018-8351 (An information disclosure vulnerability exists when affected Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8350 (A remote code execution vulnerability exists when Microsoft Windows PD ...)
	NOT-FOR-US: Microsoft
CVE-2018-8349 (A remote code execution vulnerability exists in "Microsoft COM for Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8348 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8347 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...)
	NOT-FOR-US: Microsoft
CVE-2018-8346 (A remote code execution vulnerability exists in Microsoft Windows that ...)
	NOT-FOR-US: Microsoft
CVE-2018-8345 (A remote code execution vulnerability exists in Microsoft Windows that ...)
	NOT-FOR-US: Microsoft
CVE-2018-8344 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-8343 (An elevation of privilege vulnerability exists in the Network Driver I ...)
	NOT-FOR-US: Microsoft
CVE-2018-8342 (An elevation of privilege vulnerability exists in the Network Driver I ...)
	NOT-FOR-US: Microsoft
CVE-2018-8341 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8340 (A security feature bypass vulnerability exists when Active Directory F ...)
	NOT-FOR-US: Microsoft
CVE-2018-8339 (An elevation of privilege vulnerability exists in the Windows Installe ...)
	NOT-FOR-US: Microsoft
CVE-2018-8338
	RESERVED
CVE-2018-8337 (A security feature bypass vulnerability exists when Windows Subsystem  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8336 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8335 (A denial of service vulnerability exists in the Microsoft Server Block ...)
	NOT-FOR-US: Microsoft
CVE-2018-8334
	RESERVED
CVE-2018-8333 (An Elevation of Privilege vulnerability exists in Filter Manager when  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8332 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-8331 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8330 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8329 (An Elevation of Privilege vulnerability exists in Windows Subsystem fo ...)
	NOT-FOR-US: Microsoft
CVE-2018-8328
	RESERVED
CVE-2018-8327 (A remote code execution vulnerability exists in PowerShell Editor Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-8326 (A cross-site-scripting (XSS) vulnerability exists when an open source  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8325 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8324 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8323 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8322
	RESERVED
CVE-2018-8321
	RESERVED
CVE-2018-8320 (A security feature bypass vulnerability exists in DNS Global Blocklist ...)
	NOT-FOR-US: Microsoft
CVE-2018-8319 (A Security Feature Bypass vulnerability exists in MSR JavaScript Crypt ...)
	NOT-FOR-US: Microsoft
CVE-2018-8318
	RESERVED
CVE-2018-8317
	RESERVED
CVE-2018-8316 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8315 (An information disclosure vulnerability exists when the browser script ...)
	NOT-FOR-US: Microsoft
CVE-2018-8314 (An elevation of privilege vulnerability exists when Windows fails a ch ...)
	NOT-FOR-US: Microsoft
CVE-2018-8313 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8312 (A remote code execution vulnerability exists when Microsoft Access fai ...)
	NOT-FOR-US: Microsoft
CVE-2018-8311 (A remote code execution vulnerability exists when Skype for Business a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8310 (A tampering vulnerability exists when Microsoft Outlook does not prope ...)
	NOT-FOR-US: Microsoft
CVE-2018-8309 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8308 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8307 (A security feature bypass vulnerability exists when Microsoft WordPad  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8306 (A command injection vulnerability exists in the Microsoft Wireless Dis ...)
	NOT-FOR-US: Microsoft
CVE-2018-8305 (An information disclosure vulnerability exists in Windows Mail Client  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8304 (A denial of service vulnerability exists in Windows Domain Name System ...)
	NOT-FOR-US: Microsoft
CVE-2018-8303
	RESERVED
CVE-2018-8302 (A remote code execution vulnerability exists in Microsoft Exchange sof ...)
	NOT-FOR-US: Microsoft
CVE-2018-8301 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8300 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
	NOT-FOR-US: Microsoft
CVE-2018-8299 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8298 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8297 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8296 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8295
	RESERVED
CVE-2018-8294 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8293
	RESERVED
CVE-2018-8292 (An information disclosure vulnerability exists in .NET Core when authe ...)
	NOT-FOR-US: .dotnet CoreFX
	NOTE: https://github.com/dotnet/corefx/commit/56aae8a7076f283e334b88f642ef6bb7c59e02c3
CVE-2018-8291 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8290 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8289 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8288 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8287 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8286 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8285
	RESERVED
CVE-2018-8284 (A remote code execution vulnerability exists when the Microsoft .NET F ...)
	NOT-FOR-US: Microsoft
CVE-2018-8283 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8282 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8281 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-8280 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8279 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8278 (A spoofing vulnerability exists when Microsoft Edge improperly handles ...)
	NOT-FOR-US: Microsoft
CVE-2018-8277
	RESERVED
CVE-2018-8276 (A security feature bypass vulnerability exists in the Microsoft Chakra ...)
	NOT-FOR-US: Microsoft
CVE-2018-8275 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8274 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8273 (A buffer overflow vulnerability exists in the Microsoft SQL Server tha ...)
	NOT-FOR-US: Microsoft
CVE-2018-8272
	RESERVED
CVE-2018-8271 (An information disclosure vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8270
	RESERVED
CVE-2018-8269 (A denial of service vulnerability exists when OData Library improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8268
	RESERVED
CVE-2018-8267 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8266 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8265 (A remote code execution vulnerability exists in the way Microsoft Exch ...)
	NOT-FOR-US: Microsoft
CVE-2018-8264
	RESERVED
CVE-2018-8263
	RESERVED
CVE-2018-8262 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8261
	REJECTED
CVE-2018-8260 (A Remote Code Execution vulnerability exists in .NET software when the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8259
	RESERVED
CVE-2018-8258
	RESERVED
CVE-2018-8257
	RESERVED
CVE-2018-8256 (A remote code execution vulnerability exists when PowerShell improperl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8255
	RESERVED
CVE-2018-8254 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8253 (An elevation of privilege vulnerability exists when Microsoft Cortana  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8252 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8251 (A memory corruption vulnerability exists when Windows Media Foundation ...)
	NOT-FOR-US: Microsoft
CVE-2018-8250
	RESERVED
CVE-2018-8249 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8248 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8247 (An elevation of privilege vulnerability exists when Office Web Apps Se ...)
	NOT-FOR-US: Microsoft
CVE-2018-8246 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8245 (A remote code execution vulnerability exists when Microsoft Publisher  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8244 (An elevation of privilege vulnerability exists when Microsoft Outlook  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8243 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8242 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8241
	RESERVED
CVE-2018-8240
	RESERVED
CVE-2018-8239 (An information disclosure vulnerability exists when the Windows GDI co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8238 (A security feature bypass vulnerability exists when Skype for Business ...)
	NOT-FOR-US: Microsoft
CVE-2018-8237
	RESERVED
CVE-2018-8236 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8235 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8234 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8233 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8232 (A Tampering vulnerability exists when Microsoft Macro Assembler improp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8231 (A remote code execution vulnerability exists when HTTP Protocol Stack  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8230
	RESERVED
CVE-2018-8229 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8228
	RESERVED
CVE-2018-8227 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8226 (A denial of service vulnerability exists in the HTTP 2.0 protocol stac ...)
	NOT-FOR-US: Microsoft
CVE-2018-8225 (A remote code execution vulnerability exists in Windows Domain Name Sy ...)
	NOT-FOR-US: Microsoft
CVE-2018-8224 (An elevation of privilege vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8223
	RESERVED
CVE-2018-8222 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8221 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8220
	RESERVED
CVE-2018-8219 (An elevation of privilege vulnerability exists when Windows Hyper-V in ...)
	NOT-FOR-US: Microsoft
CVE-2018-8218 (A denial of service vulnerability exists when Microsoft Hyper-V Networ ...)
	NOT-FOR-US: Microsoft
CVE-2018-8217 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8216 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8215 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8214 (An elevation of privilege vulnerability exists in Windows when Desktop ...)
	NOT-FOR-US: Microsoft
CVE-2018-8213 (A remote code execution vulnerability exists when Windows improperly h ...)
	NOT-FOR-US: Microsoft
CVE-2018-8212 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8211 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8210 (A remote code execution vulnerability exists when Windows improperly h ...)
	NOT-FOR-US: Microsoft
CVE-2018-8209 (An information disclosure vulnerability exists when Windows allows a n ...)
	NOT-FOR-US: Microsoft
CVE-2018-8208 (An elevation of privilege vulnerability exists in Windows when Desktop ...)
	NOT-FOR-US: Microsoft
CVE-2018-8207 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8206 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8205 (A denial of service vulnerability exists when Windows improperly handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8204 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8203
	RESERVED
CVE-2018-8202 (An elevation of privilege vulnerability exists in .NET Framework which ...)
	NOT-FOR-US: Microsoft
CVE-2018-8201 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8200 (A security feature bypass vulnerability exists in Device Guard that co ...)
	NOT-FOR-US: Microsoft
CVE-2018-8199
	RESERVED
CVE-2018-8198
	RESERVED
CVE-2018-8197
	RESERVED
CVE-2018-8196
	RESERVED
CVE-2018-8195
	RESERVED
CVE-2018-8194
	RESERVED
CVE-2018-8193
	RESERVED
CVE-2018-8192
	RESERVED
CVE-2018-8191
	RESERVED
CVE-2018-8190
	RESERVED
CVE-2018-8189
	RESERVED
CVE-2018-8188
	RESERVED
CVE-2018-8187
	RESERVED
CVE-2018-8186
	RESERVED
CVE-2018-8185
	RESERVED
CVE-2018-8184
	RESERVED
CVE-2018-8183
	RESERVED
CVE-2018-8182
	RESERVED
CVE-2018-8181
	RESERVED
CVE-2018-8180
	RESERVED
CVE-2018-8179 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8178 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8177 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8176 (A remote code execution vulnerability exists in Microsoft PowerPoint s ...)
	NOT-FOR-US: Microsoft
CVE-2018-8175 (An denial of service vulnerability exists when Windows NT WEBDAV Minir ...)
	NOT-FOR-US: Microsoft
CVE-2018-8174 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft InfoPath whe ...)
	NOT-FOR-US: Microsoft
CVE-2018-8172 (A remote code execution vulnerability exists in Visual Studio software ...)
	NOT-FOR-US: Microsoft
CVE-2018-8171 (A Security Feature Bypass vulnerability exists in ASP.NET when the num ...)
	NOT-FOR-US: Microsoft
CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8169 (An elevation of privilege vulnerability exists when the (Human Interfa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8168 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8167 (An elevation of privilege vulnerability exists when the Windows Common ...)
	NOT-FOR-US: Microsoft
CVE-2018-8166 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8165 (An elevation of privilege vulnerability exists when the DirectX Graphi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8164 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8163 (An information disclosure vulnerability exists when Microsoft Excel im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8162 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8161 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-8160 (An information disclosure vulnerability exists in Outlook when a messa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8159 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8158 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-8157 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-8156 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8155 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8154 (A remote code execution vulnerability exists in Microsoft Exchange sof ...)
	NOT-FOR-US: Microsoft
CVE-2018-8153 (A spoofing vulnerability exists in Microsoft Exchange Server when Outl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8152 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8151 (An information disclosure vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8150 (A security feature bypass vulnerability exists when the Microsoft Outl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8149 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-8148 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8147 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-8146
	RESERVED
CVE-2018-8145 (An information disclosure vulnerability exists when Chakra improperly  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8144
	RESERVED
CVE-2018-8143
	RESERVED
CVE-2018-8142 (A security feature bypass exists when Windows incorrectly validates ke ...)
	NOT-FOR-US: Microsoft
CVE-2018-8141 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8140 (An Elevation of Privilege vulnerability exists when Cortana retrieves  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8139 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8138
	RESERVED
CVE-2018-8137 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8136 (A remote code execution vulnerability exists in the way that Windows h ...)
	NOT-FOR-US: Microsoft
CVE-2018-8135
	RESERVED
CVE-2018-8134 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8133 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8132 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8131
	RESERVED
CVE-2018-8130 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-8129 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8128 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8127 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8126 (A security feature bypass vulnerability exists when Internet Explorer  ...)
	NOT-FOR-US: Microsoft
CVE-2018-8125 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8122 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8121 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8120 (An elevation of privilege vulnerability exists in Windows when the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-8119 (A spoofing vulnerability exists when the Azure IoT Device Provisioning ...)
	NOT-FOR-US: Microsoft
CVE-2018-8118 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft Wirele ...)
	NOT-FOR-US: Microsoft
CVE-2018-8116 (A denial of service vulnerability exists in the way that Windows handl ...)
	NOT-FOR-US: Microsoft
CVE-2018-8115 (A remote code execution vulnerability exists when the Windows Host Com ...)
	NOT-FOR-US: Microsoft
CVE-2018-8114 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-8113 (A security feature bypass vulnerability exists in Internet Explorer th ...)
	NOT-FOR-US: Microsoft
CVE-2018-8112 (A security feature bypass vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-8111 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-8110 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
	NOT-FOR-US: Microsoft
CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect Access Control  ...)
	{DLA-2293-1 DLA-1414-1 DLA-1331-1}
	- mercurial 4.5.2-1 (bug #892964)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1 (4.5.2)
	NOTE: Backports for older branches in https://hg.mozilla.org/users/gszorc_mozilla.com/hg
	NOTE: 4.4: 4843835c835::7cf827e5f8af
	NOTE: 4.3: db527ae12671::86f9a022ccb8
CVE-2018-1000131 (Pradeep Makone wordpress Support Plus Responsive Ticket System version ...)
	NOT-FOR-US: Pradeep Makone wordpress Support Plus Responsive Ticket System
CVE-2018-1000130 (A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 i ...)
	NOT-FOR-US: Jolokia
CVE-2018-1000129 (An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the  ...)
	NOT-FOR-US: Jolokia
CVE-2018-8109
	RESERVED
CVE-2018-8108 (The select component in bui through 2018-03-13 has XSS because it perf ...)
	NOT-FOR-US: bui
CVE-2018-8107 (The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows atta ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8106 (The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8105 (The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allow ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8104 (The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows atta ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8103 (The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8102 (The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4 ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8101 (The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8100 (The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allo ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8099 (Incorrect returning of an error code in the index.c:read_entry() funct ...)
	[experimental] - libgit2 0.27.0+dfsg.1-0.1
	- libgit2 0.27.0+dfsg.1-0.6 (low; bug #892962)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe
CVE-2018-8098 (Integer overflow in the index.c:read_entry() function while decompress ...)
	[experimental] - libgit2 0.27.0+dfsg.1-0.1
	- libgit2 0.27.0+dfsg.1-0.6 (low; bug #892961)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1
	NOTE: https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0
CVE-2018-8097 (io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attac ...)
	NOT-FOR-US: pyeve
CVE-2018-8096 (Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (wi ...)
	NOT-FOR-US: Datalust Seq
CVE-2018-8095
	RESERVED
CVE-2018-1000128
	REJECTED
CVE-2018-1000127 (memcached version prior to 1.4.37 contains an Integer Overflow vulnera ...)
	{DSA-4218-1 DLA-1329-1}
	- memcached 1.5.0-1 (bug #894404)
	NOTE: https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
	NOTE: https://github.com/memcached/memcached/issues/271
CVE-2018-1000126 (Ajenti version 2 contains an Information Disclosure vulnerability in L ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000125 (inversoft prime-jwt version prior to version 1.3.0 or prior to commit  ...)
	NOT-FOR-US: inversoft prime-jwt
CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a XML Externa ...)
	- i-librarian <itp> (bug #649291)
CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25 ...)
	NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
CVE-2018-8094
	RESERVED
CVE-2018-8093
	RESERVED
CVE-2018-8092 (Mautic before 2.13.0 allows CSV injection. ...)
	NOT-FOR-US: Mautic
CVE-2018-8091
	RESERVED
CVE-2018-8090 (Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) -  ...)
	NOT-FOR-US: Quick Heal
CVE-2018-8089
	RESERVED
CVE-2018-8088 (org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before ...)
	- libslf4j-java 1.7.25-3 (bug #893684; unimportant)
	NOTE: slf4j-ext module is not built by default
	NOTE: https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405
	NOTE: https://jira.qos.ch/browse/SLF4J-430
	NOTE: https://jira.qos.ch/browse/SLF4J-431
CVE-2018-8087 (Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless ...)
	{DSA-4188-1}
	- linux 4.15.11-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/0ddcff49b672239dda94d70d0fcf50317a9f4b51
CVE-2018-8086
	REJECTED
CVE-2018-8085
	RESERVED
CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer  ...)
	{DSA-4167-1}
	- sharutils 1:4.15.2-3 (bug #893525)
	[wheezy] - sharutils <not-affected> (Vulnerable code not present)
	NOTE: http://seclists.org/bugtraq/2018/Feb/54
CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit 9b8e74a23 ...)
	NOT-FOR-US: tiny-json-http
CVE-2018-1000095 (oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vul ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1000094 (CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnera ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-8084
	RESERVED
CVE-2018-8083
	RESERVED
CVE-2018-8082
	RESERVED
CVE-2018-8081
	RESERVED
CVE-2018-8080
	RESERVED
CVE-2018-8079
	RESERVED
CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adv ...)
	NOT-FOR-US: YzmCMS
CVE-2018-8077
	RESERVED
CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability wi ...)
	NOT-FOR-US: ZenMate
CVE-2018-8075
	RESERVED
CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject unintended sea ...)
	- yii <itp> (bug #597899)
CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA ...)
	- yii <itp> (bug #597899)
CVE-2018-8072 (An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W thro ...)
	NOT-FOR-US: EDIMAX
CVE-2018-8071 (Mautic before v2.13.0 has stored XSS via a theme config file. ...)
	NOT-FOR-US: Mautic
CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the /guest/index.h ...)
	NOT-FOR-US: QCMS
CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the /backend/sys ...)
	NOT-FOR-US: QCMS
CVE-2018-8068
	RESERVED
CVE-2018-8067
	RESERVED
CVE-2018-8066
	RESERVED
CVE-2018-8065 (An issue was discovered in the web server in Flexense SyncBreeze Enter ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2018-8064
	RESERVED
CVE-2018-8063
	RESERVED
CVE-2018-8062 (A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devic ...)
	NOT-FOR-US: Comtrend
CVE-2018-8061 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
	NOT-FOR-US: HWiNFO AMD64 Kernel driver
CVE-2018-8060 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
	NOT-FOR-US: HWiNFO AMD64 Kernel driver
CVE-2018-8059 (The Djelibeybi configuration examples for use of NGINX in SUSE Portus  ...)
	NOT-FOR-US: Portus
CVE-2018-8058 (CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-8057 (A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8 ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-8056 (Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via a ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-8055
	RESERVED
CVE-2018-8054
	RESERVED
CVE-2018-8053
	RESERVED
CVE-2018-8052
	RESERVED
CVE-2018-8051
	RESERVED
CVE-2018-8050 (The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFL ...)
	- afflib 3.7.16-3 (unimportant; bug #892599)
	NOTE: https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c
	NOTE: Negligible security impact
CVE-2018-8049 (The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.199 ...)
	NOT-FOR-US: Unisys Stealth SVG
CVE-2018-8048 (In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attribu ...)
	{DSA-4171-1}
	- ruby-loofah 2.2.1-1 (bug #893596)
	NOTE: https://github.com/flavorjones/loofah/issues/144
	NOTE: https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7
	NOTE: https://github.com/flavorjones/loofah/commit/56e95a6696b1e17a242eb8ebbbab64d613c4f1fe
CVE-2018-8047 (vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XS ...)
	NOT-FOR-US: vtiger CRM
CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6 ...)
	NOT-FOR-US: Sencha
CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable ...)
	NOT-FOR-US: Joomla!
CVE-2018-8044 (K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Inco ...)
	NOT-FOR-US: K7Computing K7AntiVirus Premium
CVE-2018-8043 (The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...)
	- linux 4.16.5-1 (unimportant)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
	NOTE: Negligible security impact, only enabled on armhf
CVE-2018-8042 (Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential ...)
	NOT-FOR-US: Apache Ambari
CVE-2018-8041 (Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2 ...)
	NOT-FOR-US: Apache Camel Mail component
CVE-2018-8040 (Pages that are rendered using the ESI plugin can have access to the co ...)
	{DSA-4282-1}
	- trafficserver 7.1.4+ds-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/2
	NOTE: https://github.com/apache/trafficserver/pull/3926
	NOTE: https://github.com/apache/trafficserver/commit/cea07c03274807c1588dbdf03baa1537d958c92f
CVE-2018-8039 (It is possible to configure Apache CXF to use the com.sun.net.ssl impl ...)
	NOT-FOR-US: Apache CXF
CVE-2018-8038 (Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Docum ...)
	NOT-FOR-US: Apache CXF
CVE-2018-8037 (If an async request was completed by the application at the same time  ...)
	{DSA-4281-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.32-1
	[jessie] - tomcat8 <not-affected> (vulnerable code only present in 8.5.5 to 8.5.31 in 8.x series)
	- tomcat8.0 <not-affected> (Vulnerable code only present in 8.5.5 to 8.5.31 in 8.x series)
	NOTE: https://svn.apache.org/r1833906 (9.0.x)
	NOTE: https://svn.apache.org/r1833907 (8.5.x)
CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully c ...)
	- libpdfbox-java 1:1.8.15-1 (low; bug #902776)
	[stretch] - libpdfbox-java <no-dsa> (Minor issue)
	[jessie] - libpdfbox-java <no-dsa> (Minor issue)
	- libpdfbox2-java 2.0.11-1 (low)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/29/2
CVE-2018-8035 (This vulnerability relates to the user's browser processing of DUCC we ...)
	NOT-FOR-US: UIMA DUCC (subproject of Apache UIMA)
	NOTE: https://uima.apache.org/security_report#CVE-2018-8035
CVE-2018-8034 (The host name verification when using TLS with the WebSocket client wa ...)
	{DSA-4281-1 DLA-1491-1 DLA-1453-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.32-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1833757 (9.0.x)
	NOTE: https://svn.apache.org/r1833758 (8.5.x)
	NOTE: https://svn.apache.org/r1833759 (8.0.x)
	NOTE: https://svn.apache.org/r1833760 (7.0.x)
CVE-2018-8033 (In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apach ...)
	NOT-FOR-US: Apache OFBiz
CVE-2018-8032 (Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site  ...)
	- axis 1.4-28 (bug #905328)
	[stretch] - axis <no-dsa> (Minor issue)
	[jessie] - axis <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/browse/AXIS-2924
	NOTE: https://svn.apache.org/r1831943
CVE-2018-8031 (The Apache TomEE console (tomee-webapp) has a XSS vulnerability which  ...)
	NOT-FOR-US: Apache TomEE
CVE-2018-8030 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ve ...)
	- qpid-java <itp> (bug #840131)
CVE-2018-8029 (In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2 ...)
	- hadoop <itp> (bug #793644)
CVE-2018-8028 (An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS with ...)
	NOT-FOR-US: Apache Sentry
CVE-2018-8027 (Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in  ...)
	NOT-FOR-US: Apache Camel
CVE-2018-8026 (This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 re ...)
	- lucene-solr <not-affected> (Do not allow to upload configsets via the API)
	NOTE: Versions 5.x and earlier are not affected by the vulnerability, since
	NOTE: those versions do not allow to upload configsets via the API.
	NOTE: https://issues.apache.org/jira/browse/SOLR-12450
CVE-2018-8025 (CVE-2018-8025 describes an issue in Apache HBase that affects the opti ...)
	NOT-FOR-US: Apache HBase
CVE-2018-8024 (In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possib ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-8023 (Apache Mesos can be configured to require authentication to call the E ...)
	- apache-mesos <itp> (bug #760315)
CVE-2018-8022 (A carefully crafted invalid TLS handshake can cause Apache Traffic Ser ...)
	- trafficserver 7.0.0-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/1
	NOTE: Only affects 6.x, marking 7.0 as the fixed version
	NOTE: https://github.com/apache/trafficserver/pull/2147
CVE-2018-8021 (Versions of Superset prior to 0.23 used an unsafe load method from the ...)
	NOT-FOR-US: Apache Superset
CVE-2018-8020 (Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw t ...)
	{DLA-1475-1}
	- tomcat-native 1.2.17-1
	[stretch] - tomcat-native 1.2.12-2+deb9u2
	NOTE: https://svn.apache.org/r1832863
CVE-2018-8019 (When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and  ...)
	{DLA-1475-1}
	- tomcat-native 1.2.17-1
	[stretch] - tomcat-native 1.2.12-2+deb9u2
	NOTE: https://svn.apache.org/r1832832
CVE-2018-8018 (In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serializatio ...)
	NOT-FOR-US: Apache Ignite
CVE-2018-8017 (In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an in ...)
	- tika 1.20-1 (bug #914643)
	[jessie] - tika <ignored> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/19/6
CVE-2018-8016 (The default configuration in Apache Cassandra 3.8 through 3.11.1 binds ...)
	- cassandra <itp> (bug #585905)
CVE-2018-8015 (In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endle ...)
	NOT-FOR-US: Apache ORC
CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomcat 9. ...)
	{DSA-4596-1 DLA-1883-1 DLA-1400-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.32-1 (bug #898935)
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	[wheezy] - tomcat7 <not-affected> (vulnerable code not present)
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1831728 (8.5.x)
	NOTE: https://svn.apache.org/r1831729 (8.0.x)
	NOTE: https://svn.apache.org/r1831730 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
	NOTE: It is expected that users of the CORS filter will have configured it appropriately
	NOTE: for their einvironment rather than using it in the default configuration
CVE-2018-8013 (In Apache Batik 1.x before 1.10, when deserializing subclass of `Abstr ...)
	{DSA-4215-1 DLA-1385-1}
	- batik 1.10-1 (bug #899374)
	NOTE: https://issues.apache.org/jira/browse/BATIK-1222
	NOTE: https://svn.apache.org/r1831241
	NOTE: https://marc.info/?l=oss-security&m=152707788503264&w=2
CVE-2018-8012 (No authentication/authorization is enforced when a server attempts to  ...)
	{DSA-4214-1}
	- zookeeper 3.4.10-2 (bug #899332)
	[wheezy] - zookeeper <ignored> (changes are too intrusive to backport)
	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-1045
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/21/6
	NOTE: https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication
	NOTE: https://issues.apache.org/jira/secure/attachment/12840904/ZOOKEEPER-1045-br-3-4.patch
CVE-2018-8011 (By specially crafting HTTP requests, the mod_md challenge handler woul ...)
	- apache2 2.4.34-1 (bug #904107)
	[stretch] - apache2 <not-affected> (Vulnerable code not present; mod_md module)
	[jessie] - apache2 <not-affected> (Vulnerable code not present; mod_md module)
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/2
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011
CVE-2018-8010 (This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relat ...)
	- lucene-solr <not-affected> (Do not allow to upload configsets via the API)
	NOTE: Versions 5.x and earlier are not affected by the vulnerability, since
	NOTE: those versions do not allow to upload configsets via the API.
	NOTE: https://issues.apache.org/jira/browse/SOLR-12316
CVE-2018-8009 (Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2. ...)
	- hadoop <itp> (bug #793644)
CVE-2018-8008 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version ...)
	NOT-FOR-US: Apache Storm
CVE-2018-8007 (Apache CouchDB administrative users can configure the database server  ...)
	- couchdb <removed>
	NOTE: https://blog.couchdb.org/2018/07/10/cve-2018-8007/
CVE-2018-8006 (An instance of a cross-site scripting vulnerability was identified to  ...)
	- activemq 5.15.6-1 (unimportant)
	NOTE: https://issues.apache.org/jira/browse/AMQ-6954
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=d25de5d
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=d8c80a9
	NOTE: Admin console not enabled in the Debian package, see #702670)
	NOTE: Fixed in 5.15.6, 5.16.0
CVE-2018-8005 (When there are multiple ranges in a range request, Apache Traffic Serv ...)
	{DSA-4282-1}
	- trafficserver 7.1.4+ds-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/4
	NOTE: https://github.com/apache/trafficserver/pull/3106
	NOTE: https://github.com/apache/trafficserver/pull/3124
	NOTE: https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4
CVE-2018-8004 (There are multiple HTTP smuggling and cache poisoning issues when clie ...)
	{DSA-4282-1}
	- trafficserver 7.1.4+ds-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/5
	NOTE: https://github.com/apache/trafficserver/pull/3192
	NOTE: https://github.com/apache/trafficserver/pull/3201
	NOTE: https://github.com/apache/trafficserver/pull/3231
	NOTE: https://github.com/apache/trafficserver/pull/3251
	NOTE: https://github.com/apache/trafficserver/commit/05d734c773900dd589480ff07572c0d7db7c3d44
	NOTE: https://github.com/apache/trafficserver/commit/9659d12a21cf1870c2790fdd5acab712ed87f16e
	NOTE: https://github.com/apache/trafficserver/commit/2616e580de7d66b9098c464d503a049c7814e35a
	NOTE: https://github.com/apache/trafficserver/commit/3d2fdab8b0606bc8b35006f7aeb73729d364b333
CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory  ...)
	NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfPar ...)
	- libpodofo <unfixed> (low; bug #892557)
	[buster] - libpodofo <no-dsa> (Minor issue)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930
	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/
CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerabil ...)
	- libpodofo 0.9.6+dfsg-3 (low; bug #892556)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1549469
	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/14/
	NOTE: Upstream commit: http://sourceforge.net/p/podofo/code/1909
CVE-2018-8000 (In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerabili ...)
	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548918
	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/13/
	NOTE: Upstream tracked this down as a of CVE-2017-5886
CVE-2018-7999 (In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulner ...)
	- graphite2 1.3.11-2 (bug #892590)
	[stretch] - graphite2 <no-dsa> (Minor issue)
	[jessie] - graphite2 <no-dsa> (Minor issue)
	[wheezy] - graphite2 <no-dsa> (Minor issue)
	NOTE: https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6
	NOTE: https://github.com/silnrsi/graphite/issues/22
CVE-2018-7998 (In libvips before 8.6.3, a NULL function pointer dereference vulnerabi ...)
	{DLA-1306-1}
	- vips 8.4.5-2 (low; bug #892589)
	[stretch] - vips 8.4.5-1+deb9u1
	[jessie] - vips <no-dsa> (Minor issue)
	NOTE: https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5
	NOTE: https://github.com/jcupitt/libvips/issues/893
CVE-2018-7997 (Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file  ...)
	NOT-FOR-US: Eramba
CVE-2018-7996 (Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programSc ...)
	NOT-FOR-US: Eramba
CVE-2018-7994 (Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50;  ...)
	NOT-FOR-US: Huawei
CVE-2018-7993 (HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.3 ...)
	NOT-FOR-US: Huawei
CVE-2018-7992 (Mdapt Driver of Huawei MediaPad M3 BTV-W09C128B353CUSTC128D001; Mate 9 ...)
	NOT-FOR-US: Huawei
CVE-2018-7991 (Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0 ...)
	NOT-FOR-US: Huawei
CVE-2018-7990 (Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) ...)
	NOT-FOR-US: Huawei
CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1. ...)
	NOT-FOR-US: Huawei
CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability on seve ...)
	NOT-FOR-US: Huawei
CVE-2018-7987 (There is an out-of-bounds write vulnerability on Huawei P20 smartphone ...)
	NOT-FOR-US: Huawei
CVE-2018-7986
	REJECTED
CVE-2018-7985
	REJECTED
CVE-2018-7984
	REJECTED
CVE-2018-7983
	REJECTED
CVE-2018-7982
	REJECTED
CVE-2018-7981
	REJECTED
CVE-2018-7980
	REJECTED
CVE-2018-7979
	REJECTED
CVE-2018-7978
	REJECTED
CVE-2018-7977 (There is an information leakage vulnerability on several Huawei produc ...)
	NOT-FOR-US: Huawei
CVE-2018-7976 (There is a stored cross-site scripting (XSS) vulnerability in Huawei e ...)
	NOT-FOR-US: Huawei
CVE-2018-7975
	REJECTED
CVE-2018-7974
	REJECTED
CVE-2018-7973
	REJECTED
CVE-2018-7972
	REJECTED
CVE-2018-7971
	REJECTED
CVE-2018-7970
	REJECTED
CVE-2018-7969
	REJECTED
CVE-2018-7968
	REJECTED
CVE-2018-7967
	REJECTED
CVE-2018-7966
	REJECTED
CVE-2018-7965
	REJECTED
CVE-2018-7964
	REJECTED
CVE-2018-7963
	REJECTED
CVE-2018-7962
	RESERVED
CVE-2018-7961 (There is a smart SMS verification code vulnerability in some Huawei sm ...)
	NOT-FOR-US: Huawei
CVE-2018-7960 (There is a SRTP icon display vulnerability in Huawei eSpace product. A ...)
	NOT-FOR-US: Huawei
CVE-2018-7959 (There is a short key vulnerability in Huawei eSpace product. An unauth ...)
	NOT-FOR-US: Huawei
CVE-2018-7958 (There is an anonymous TLS cipher suites supported vulnerability in Hua ...)
	NOT-FOR-US: Huawei
CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an ...)
	NOT-FOR-US: Huawei
CVE-2018-7956 (Huawei VIP App is a mobile app for Malaysia customers that purchased P ...)
	NOT-FOR-US: Huawei
CVE-2018-7955
	REJECTED
CVE-2018-7954
	RESERVED
CVE-2018-7953
	RESERVED
CVE-2018-7952
	RESERVED
CVE-2018-7951 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei  ...)
	NOT-FOR-US: Huawei
CVE-2018-7950 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei  ...)
	NOT-FOR-US: Huawei
CVE-2018-7949 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei  ...)
	NOT-FOR-US: Huawei
CVE-2018-7948
	REJECTED
CVE-2018-7947 (Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.15 ...)
	NOT-FOR-US: Huawei
CVE-2018-7946 (There is an information leak vulnerability in some Huawei smartphones. ...)
	NOT-FOR-US: Huawei
CVE-2018-7945
	REJECTED
CVE-2018-7944 (Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8. ...)
	NOT-FOR-US: Huawei
CVE-2018-7943 (There is an authentication bypass vulnerability in some Huawei servers ...)
	NOT-FOR-US: Huawei
CVE-2018-7942 (The iBMC (Intelligent Baseboard Management Controller) of some Huawei  ...)
	NOT-FOR-US: Huawei
CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A ...)
	NOT-FOR-US: Huawei
CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...)
	NOT-FOR-US: Huawei
CVE-2018-7939 (Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the vers ...)
	NOT-FOR-US: Huawei
CVE-2018-7938 (P10 Huawei smartphones with the versions before Victoria-AL00AC00B217  ...)
	NOT-FOR-US: Huawei
CVE-2018-7937 (In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-1 ...)
	NOT-FOR-US: Huawei
CVE-2018-7936 (Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0 ...)
	NOT-FOR-US: Huawei
CVE-2018-7935
	RESERVED
CVE-2018-7934 (Some Huawei mobile phone with the versions before BLA-L29 8.0.0.145(C4 ...)
	NOT-FOR-US: Huawei
CVE-2018-7933 (Huawei home gateway products HiRouter-CD20 and WS5200 with the version ...)
	NOT-FOR-US: Huawei
CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascrip ...)
	NOT-FOR-US: Huawei
CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism  ...)
	NOT-FOR-US: Huawei
CVE-2018-7930 (The Near Field Communication (NFC) module in Mate 9 Huawei mobile phon ...)
	NOT-FOR-US: Mate 9 Huawei mobile phones
CVE-2018-7929 (Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.16 ...)
	NOT-FOR-US: Huawei
CVE-2018-7928 (There is a security vulnerability which could lead to Factory Reset Pr ...)
	NOT-FOR-US: Huawei
CVE-2018-7927
	REJECTED
CVE-2018-7926 (Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have  ...)
	NOT-FOR-US: Huawei
CVE-2018-7925 (The radio module of some Huawei smartphones Emily-AL00A The versions b ...)
	NOT-FOR-US: Huawei
CVE-2018-7924 (Anne-AL00 Huawei phones with versions earlier than 8.0.0.151(C00) have ...)
	NOT-FOR-US: Huawei
CVE-2018-7923 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.1 ...)
	NOT-FOR-US: Huawei
CVE-2018-7922 (Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.1 ...)
	NOT-FOR-US: Huawei
CVE-2018-7921 (Huawei B315s-22 products with software of 21.318.01.00.26 have an info ...)
	NOT-FOR-US: Huawei
CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R0 ...)
	NOT-FOR-US: Huawei
CVE-2018-7919
	RESERVED
CVE-2018-7918
	RESERVED
CVE-2018-7917
	RESERVED
CVE-2018-7916
	REJECTED
CVE-2018-7915
	REJECTED
CVE-2018-7914
	REJECTED
CVE-2018-7913
	REJECTED
CVE-2018-7912
	REJECTED
CVE-2018-7911 (Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00),  ...)
	NOT-FOR-US: Huawei
CVE-2018-7910 (Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118 ...)
	NOT-FOR-US: Huawei
CVE-2018-7909
	REJECTED
CVE-2018-7908
	REJECTED
CVE-2018-7907 (Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C1 ...)
	NOT-FOR-US: Huawei
CVE-2018-7906 (Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), ...)
	NOT-FOR-US: Huawei
CVE-2018-7905
	REJECTED
CVE-2018-7904 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON i ...)
	NOT-FOR-US: Huawei
CVE-2018-7903 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON i ...)
	NOT-FOR-US: Huawei
CVE-2018-7902 (Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON i ...)
	NOT-FOR-US: Huawei
CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software versions ear ...)
	NOT-FOR-US: Huawei
CVE-2018-7900 (There is an information leak vulnerability in some Huawei HG products. ...)
	NOT-FOR-US: Huawei
CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones w ...)
	NOT-FOR-US: Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones
CVE-2018-7898
	RESERVED
CVE-2018-7897
	RESERVED
CVE-2018-7896
	RESERVED
CVE-2018-7895
	RESERVED
CVE-2018-7894 (Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyR ...)
	NOT-FOR-US: Eramba
CVE-2018-7893 (CMS Made Simple (CMSMS) 2.2.6 has stored XSS in admin/moduleinterface. ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-7892
	RESERVED
CVE-2018-7891 (The Milestone XProtect Video Management Software (Corporate, Expert, P ...)
	NOT-FOR-US: Milestone XProtect Video Management Software
CVE-2018-7995 (** DISPUTED ** Race condition in the store_int_with_restart() function ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: https://lkml.org/lkml/2018/3/2/970
CVE-2018-7890 (A remote code execution issue was discovered in Zoho ManageEngine Appl ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on i ...)
	- calibre 3.19.0+dfsg-1 (bug #892242)
	[stretch] - calibre <no-dsa> (Minor issue)
	[jessie] - calibre <no-dsa> (Minor issue)
	[wheezy] - calibre <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/calibre/+bug/1753870
	NOTE: deserialization fix https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
	NOTE: insufficient as import also loads configuration files, which are python executables,
	NOTE: see https://lists.debian.org/87muy0usv1.fsf@curie.anarc.at
	NOTE: The CVE assignment is specific to the issue fixed by upstream commit
	NOTE: aeb5b036a0bf657951756688b3c72bd68b6e4a7d.
CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0  ...)
	{DSA-4136-1 DLA-1309-1}
	- curl 7.60.0-1 (bug #893546)
	NOTE: https://curl.haxx.se/docs/adv_2018-b047.html
	NOTE: https://curl.haxx.se/CVE-2018-1000122.patch
CVE-2018-1000121 (A NULL pointer dereference exists in curl 7.21.0 to and including curl ...)
	{DSA-4136-1 DLA-1309-1}
	- curl 7.60.0-1 (bug #893546)
	NOTE: https://curl.haxx.se/docs/adv_2018-97a2.html
	NOTE: https://curl.haxx.se/CVE-2018-1000121.patch
CVE-2018-1000120 (A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 i ...)
	{DSA-4136-1 DLA-1309-1}
	- curl 7.60.0-1 (bug #893546)
	NOTE: https://curl.haxx.se/docs/adv_2018-9cd6.html
	NOTE: https://curl.haxx.se/CVE-2018-1000120.patch
CVE-2018-7888
	RESERVED
CVE-2018-7887
	RESERVED
CVE-2018-7886 (An issue was discovered in CloudMe 1.11.0. An unauthenticated local at ...)
	NOT-FOR-US: CloudMe
CVE-2018-7885
	RESERVED
CVE-2018-7884 (An issue was discovered in DisplayLink Core Software Cleaner Applicati ...)
	NOT-FOR-US: DisplayLink Core Software Cleaner Application
CVE-2018-7883
	RESERVED
CVE-2018-7882
	RESERVED
CVE-2018-7881
	RESERVED
CVE-2018-7880
	RESERVED
CVE-2018-7879
	RESERVED
CVE-2018-7878
	RESERVED
CVE-2018-7877 (There is a heap-based buffer overflow in the getString function of uti ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/110
CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found in the f ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/109
CVE-2018-7875 (There is a heap-based buffer over-read in the getString function of ut ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/112
CVE-2018-7874 (An invalid memory address dereference was discovered in strlenext in u ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/115
CVE-2018-7873 (There is a heap-based buffer overflow in the getString function of uti ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/111
CVE-2018-7872 (An invalid memory address dereference was discovered in the function g ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/114
CVE-2018-7871 (There is a heap-based buffer over-read in the getName function of util ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/120
CVE-2018-7870 (An invalid memory address dereference was discovered in getString in u ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/117
CVE-2018-7869 (There is a memory leak triggered in the function dcinit of util/decomp ...)
	- ming <removed>
	[wheezy] - ming <ignored> (Minor issue present everywhere in the source code, hard to fix)
	NOTE: https://github.com/libming/libming/issues/119
CVE-2018-7868 (There is a heap-based buffer over-read in the getName function of util ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/113
CVE-2018-7867 (There is a heap-based buffer overflow in the getString function of uti ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/116
CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in util/decompile ...)
	{DLA-1386-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/118
CVE-2018-7865
	REJECTED
CVE-2018-7864
	REJECTED
CVE-2018-7863
	REJECTED
CVE-2018-7862
	REJECTED
CVE-2018-7861
	REJECTED
CVE-2018-7860
	RESERVED
CVE-2018-7859 (A security vulnerability in D-Link DGS-1510-series switches with firmw ...)
	NOT-FOR-US: D-Link
CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Em ...)
	- qemu 1:2.12~rc3+dfsg-1 (bug #892497)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
CVE-2018-7857 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7856 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7855 (A CWE-248 Uncaught Exception vulnerability exists in all versions of t ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7854 (A CWE-248 Uncaught Exception vulnerability exists in all versions of t ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7853 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7852 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7851 (CWE-119: Buffer errors vulnerability exists in Modicon M580 with firmw ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7850 (A CWE-807: Reliance on Untrusted Inputs in a Security Decision vulnera ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7849 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7848 (A CWE-200: Information Exposure vulnerability exists in all versions o ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7847 (A CWE-284: Improper Access Control vulnerability exists in all version ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7846 (A CWE-501: Trust Boundary Violation vulnerability on connection to the ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7845 (A CWE-125: Out-of-bounds Read vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7844 (A CWE-200: Information Exposure vulnerability exists in all versions o ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7843 (A CWE-248: Uncaught Exception vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7842 (A CWE-290: Authentication Bypass by Spoofing vulnerability exists in a ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7841 (A SQL Injection (CWE-89) vulnerability exists in U.motion Builder soft ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7840 (A Uncontrolled Search Path Element (CWE-427) vulnerability exists in V ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7839 (A Cryptographic Issue (CWE-310) vulnerability exists in IIoT Monitor 3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7838 (A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BME ...)
	NOT-FOR-US: Modicon
CVE-2018-7837 (An Improper Restriction of XML External Entity Reference ('XXE') vulne ...)
	NOT-FOR-US: IIoT Monitor (Schneider Electric)
CVE-2018-7836 (An unrestricted Upload of File with Dangerous Type vulnerability exist ...)
	NOT-FOR-US: IIoT Monitor (Schneider Electric)
CVE-2018-7835 (An Improper Limitation of a Pathname to a Restricted Directory ('Path  ...)
	NOT-FOR-US: IIoT Monitor (Schneider Electric)
CVE-2018-7834 (A CWE-79 Cross-Site Scripting vulnerability exists in all versions of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7833 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7832 (An Improper Input Validation vulnerability exists in Pro-Face GP-Pro E ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7831 (An Improper Neutralization of Script-Related HTML Tags in a Web Page ( ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7830 (Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Respo ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7829 (An Improper Neutralization of Special Elements in Query vulnerability  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7828 (A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Ge ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7827 (A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelc ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7826 (A Command Injection vulnerability exists in the web-based GUI of the 1 ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7825 (A Command Injection vulnerability exists in the web-based GUI of the 1 ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7824 (An Externally Controlled Reference to a Resource (CWE-610) vulnerabili ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7823 (A Environment (CWE-2) vulnerability exists in SoMachine Basic, all ver ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7822 (An Incorrect Default Permissions (CWE-276) vulnerability exists in SoM ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7821 (An Environment (CWE-2) vulnerability exists in SoMachine Basic, all ve ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7820 (A Credentials Management CWE-255 vulnerability exists in the APC UPS N ...)
	NOT-FOR-US: APC
CVE-2018-7819
	RESERVED
CVE-2018-7818
	RESERVED
CVE-2018-7817 (A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 a ...)
	NOT-FOR-US: Zolio
CVE-2018-7816 (A Permissions, Privileges, and Access Control vulnerability exists in  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7815 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schnei ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7814 (A Stack-based Buffer Overflow (CWE-121) vulnerability exists in Euroth ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7813 (A Type Confusion (CWE-843) vulnerability exists in Eurotherm by Schnei ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7812 (An Information Exposure through Discrepancy vulnerability exists in th ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7811 (An Unverified Password Change vulnerability exists in the embedded web ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7810 (An Improper Neutralization of Input During Web Page Generation ('Cross ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7809 (An Unverified Password Change vulnerability exists in the embedded web ...)
	NOT-FOR-US: Modicon (Schneider Electric)
CVE-2018-7808
	RESERVED
CVE-2018-7807 (Data Center Expert, versions 7.5.0 and earlier, allows for the upload  ...)
	NOT-FOR-US: Data Center Expert
CVE-2018-7806 (Data Center Operation allows for the upload of a zip file from its use ...)
	NOT-FOR-US: Data Center Operation
CVE-2018-7805
	RESERVED
CVE-2018-7804 (A URL Redirection to Untrusted Site vulnerability exists in the embedd ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7803 (A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnera ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7802 (A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 a ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7801 (A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7800 (A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2. ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7799 (A DLL hijacking vulnerability exists in Schneider Electric Software Up ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7798 (A Insufficient Verification of Data Authenticity (CWE-345) vulnerabili ...)
	NOT-FOR-US: Schneider
CVE-2018-7797 (A URL redirection vulnerability exists in Power Monitoring Expert, Ene ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7796 (A Buffer Error vulnerability exists in PowerSuite 2, all released vers ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7795 (A Cross Protocol Injection vulnerability exists in Schneider Electric' ...)
	NOT-FOR-US: Schneider
CVE-2018-7794 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...)
	NOT-FOR-US: Modicon
CVE-2018-7793 (A Credential Management vulnerability exists in FoxView HMI SCADA (All ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7792 (A Permissions, Privileges, and Access Control vulnerability exists in  ...)
	NOT-FOR-US: Schneider
CVE-2018-7791 (A Permissions, Privileges, and Access Control vulnerability exists in  ...)
	NOT-FOR-US: Schneider
CVE-2018-7790 (An Information Management Error vulnerability exists in Schneider Elec ...)
	NOT-FOR-US: Schneider
CVE-2018-7789 (An Improper Check for Unusual or Exceptional Conditions vulnerability  ...)
	NOT-FOR-US: Schneider
CVE-2018-7788 (A CWE-255 Credentials Management vulnerability exists in Modicon Quant ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7787 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7786 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7785 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7784 (In Schneider Electric U.motion Builder software versions prior to v1.3 ...)
	NOT-FOR-US: Schneider
CVE-2018-7783 (Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an X ...)
	NOT-FOR-US: Schneider
CVE-2018-7782 (In Schneider Electric Pelco Sarix Professional 1st generation cameras  ...)
	NOT-FOR-US: Schneider
CVE-2018-7781 (In Schneider Electric Pelco Sarix Professional 1st generation cameras  ...)
	NOT-FOR-US: Schneider
CVE-2018-7780 (In Schneider Electric Pelco Sarix Professional 1st generation cameras  ...)
	NOT-FOR-US: Schneider
CVE-2018-7779 (In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1  ...)
	NOT-FOR-US: Schneider
CVE-2018-7778 (In Schneider Electric Evlink Charging Station versions prior to v3.2.0 ...)
	NOT-FOR-US: Schneider
CVE-2018-7777 (The vulnerability is due to insufficient handling of update_file reque ...)
	NOT-FOR-US: Schneider
CVE-2018-7776 (The vulnerability exists within error.php in Schneider Electric U.moti ...)
	NOT-FOR-US: Schneider
CVE-2018-7775
	REJECTED
CVE-2018-7774 (The vulnerability exists within processing of localize.php in Schneide ...)
	NOT-FOR-US: Schneider
CVE-2018-7773 (The vulnerability exists within processing of nfcserver.php in Schneid ...)
	NOT-FOR-US: Schneider
CVE-2018-7772 (The vulnerability exists within processing of applets which are expose ...)
	NOT-FOR-US: Schneider
CVE-2018-7771 (The vulnerability exists within processing of editscript.php in Schnei ...)
	NOT-FOR-US: Schneider
CVE-2018-7770 (The vulnerability exists within processing of sendmail.php in Schneide ...)
	NOT-FOR-US: Schneider
CVE-2018-7769 (The vulnerability exists within processing of xmlserver.php in Schneid ...)
	NOT-FOR-US: Schneider
CVE-2018-7768 (The vulnerability exists within processing of loadtemplate.php in Schn ...)
	NOT-FOR-US: Schneider
CVE-2018-7767 (The vulnerability exists within processing of editobject.php in Schnei ...)
	NOT-FOR-US: Schneider
CVE-2018-7766 (The vulnerability exists within processing of track_getdata.php in Sch ...)
	NOT-FOR-US: Schneider
CVE-2018-7765 (The vulnerability exists within processing of track_import_export.php  ...)
	NOT-FOR-US: Schneider
CVE-2018-7764 (The vulnerability exists within runscript.php applet in Schneider Elec ...)
	NOT-FOR-US: Schneider
CVE-2018-7763 (The vulnerability exists within css.inc.php in Schneider Electric U.mo ...)
	NOT-FOR-US: Schneider
CVE-2018-7762 (A vulnerability exists in the web services to process SOAP requests in ...)
	NOT-FOR-US: Schneider
CVE-2018-7761 (A vulnerability exists in the HTTP request parser in Schneider Electri ...)
	NOT-FOR-US: Schneider
CVE-2018-7760 (An authorization bypass vulnerability exists in Schneider Electric's M ...)
	NOT-FOR-US: Schneider
CVE-2018-7759 (A buffer overflow vulnerability exists in Schneider Electric's Modicon ...)
	NOT-FOR-US: Schneider
CVE-2018-7758 (A denial of service vulnerability exists in Schneider Electric's MiCOM ...)
	NOT-FOR-US: Schneider
CVE-2018-7757 (Memory leak in the sas_smp_get_phy_events function in drivers/scsi/lib ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 (4.16-rc1)
CVE-2018-7756 (RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices d ...)
	NOT-FOR-US: RunExeFile.exe in the installer for DEWESoft X3 SP1 devices
CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in drivers/blo ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.18.10-1
	- linux-4.9 <removed>
	NOTE: https://lkml.org/lkml/2018/5/29/495
CVE-2018-7754 (The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the ...)
	- linux 4.15.4-1
	[stretch] - linux <ignored> (debugfs restricted to root by default)
	[jessie] - linux <ignored> (debugfs restricted to root by default)
	NOTE: https://git.kernel.org/linus/ad67b74d2469d9b82aaa572d76474c95bc484d57
CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4. ...)
	- ffmpeg 7:3.4.3-1
	[stretch] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko before 1.17. ...)
	{DLA-1556-1}
	- paramiko 2.4.2-0.1 (bug #892859)
	[stretch] - paramiko <no-dsa> (Minor issue)
	[wheezy] - paramiko <no-dsa> (Minor issue)
	NOTE: https://github.com/paramiko/paramiko/issues/1175
	NOTE: https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
CVE-2018-7749 (The SSH server implementation of AsyncSSH before 1.12.1 does not prope ...)
	- python-asyncssh 1.12.1-1 (bug #892787)
	NOTE: https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a
CVE-2018-7748 (report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier all ...)
	NOT-FOR-US: ServiceNow
CVE-2018-7747 (Multiple cross-site scripting (XSS) vulnerabilities in the Caldera For ...)
	NOT-FOR-US: Caldera Forms plugin for WordPress
CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentic ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7745 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentic ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7744
	RESERVED
CVE-2018-7743
	RESERVED
CVE-2018-7742
	RESERVED
CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created ...)
	NOT-FOR-US: Eramba
CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier contains a C ...)
	- electron <itp> (bug #842420)
CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the ...)
	{DSA-4154-1 DLA-1317-1}
	- net-snmp 5.7.3+dfsg-1.1 (bug #894110)
	NOTE: https://sourceforge.net/p/net-snmp/bugs/2821/
	NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
	NOTE: Same patch/commit as #788964 (as used for fixing CVE-2015-5621)
	NOTE: adresses CVE-2018-1000116 as well.
CVE-2018-7753 (An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that  ...)
	- python-bleach 2.1.3-1 (bug #892252)
	[stretch] - python-bleach <not-affected> (Vulnerable code introduced later)
	[jessie] - python-bleach <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/mozilla/bleach/pull/356
	NOTE: https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef
CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until 3.6.4 on Win ...)
	- python3.7 <not-affected> (Windows-specific)
	- python3.6 <not-affected> (Windows-specific)
	- python3.5 <not-affected> (Windows-specific)
	- python3.4 <not-affected> (Windows-specific)
	NOTE: http://hg.python.org/lookup/6921e73e33edc3c61bc2d78ed558eaa22a89a564
	NOTE: https://bugs.python.org/issue33001
CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in the Linux kernel thro ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199037
CVE-2018-7739 (antsle antman before 0.9.1a allows remote attackers to bypass authenti ...)
	NOT-FOR-US: antsle antman
CVE-2018-7737 (** DISPUTED ** In Z-BlogPHP 1.5.1.1740, there is Web Site physical pat ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-7736 (** DISPUTED ** In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLO ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-7735 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection  ...)
	NOT-FOR-US: Afian FileRun
CVE-2018-7734 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection  ...)
	NOT-FOR-US: Afian FileRun
CVE-2018-7733 (An issue was discovered in YxtCMF 3.1. RbacController.class.php has CS ...)
	NOT-FOR-US: YxtCMF
CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiCo ...)
	NOT-FOR-US: YxtCMF
CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. XMPFiles/source/Forma ...)
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <not-affected> (Vulnerable code introduced later)
	[wheezy] - exempi <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105247
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666
CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case of a 0 ...)
	{DLA-1310-1}
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105204
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=6cbd34025e5fd3ba47b29b602096e456507ce83b
CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a stack-base ...)
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	[wheezy] - exempi <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105206
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c
CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. XMPFiles/source/FileH ...)
	{DLA-1310-1}
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105205
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=e163667a06a9b656a047b0ec660b871f29a83c9f
CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory leak tri ...)
	- zziplib <unfixed> (unimportant)
	NOTE: https://github.com/gdraheim/zziplib/issues/40
	NOTE: https://github.com/gdraheim/zziplib/commit/83a2da55922f67e07f22048ac9671a44cc0d35c4 (v0.13.69)
	NOTE: unzzipcat-mem and unzzipdir-mem not installed into binary packages.
CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error cause ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (low; bug #913165)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <no-dsa> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/27
	NOTE: https://github.com/gdraheim/zziplib/issues/41
	NOTE: https://github.com/gdraheim/zziplib/commit/8f48323c181e20b7e527b8be7229d6eb1148ec5f (v0.13.69)
	NOTE: https://github.com/gdraheim/zziplib/commit/19c9e4dc6c5cf92a38d0d23dbccac6993f9c41be (v0.13.69)
	NOTE: https://github.com/gdraheim/zziplib/commit/feae4da1a5c92100c44ebfcbaaa895959cc0829b (v0.13.69)
CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address  ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (low; bug #913165)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <no-dsa> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/39
	NOTE: https://github.com/gdraheim/zziplib/commit/1ba660b3300d67b8ce9f6b96bbae0b36fa2d6b06 (v0.13.69)
CVE-2018-7724 (The management panel in Piwigo 2.9.3 has stored XSS via the name param ...)
	- piwigo <removed>
	NOTE: https://github.com/Piwigo/Piwigo/issues/872
	NOTE: https://github.com/Piwigo/Piwigo/commit/55a9754b111309d7a85c6dd86efe47954e984072
CVE-2018-7723 (The management panel in Piwigo 2.9.3 has stored XSS via the virtual_na ...)
	- piwigo <removed>
CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the name param ...)
	- piwigo <removed>
	NOTE: https://github.com/Piwigo/Piwigo/issues/871
	NOTE: https://github.com/Piwigo/Piwigo/commit/0ec289769ee1fc314dbc7d90fdc480389e786942
CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index ...)
	NOT-FOR-US: MetInfo
CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western Br ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. ...)
	NOT-FOR-US: Acrolinx Server
CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps  ...)
	{DLA-1693-1}
	- gpac 0.5.2-426-gc5ad4e4+dfsg5-4.1 (bug #892526)
	[stretch] - gpac 0.5.2-426-gc5ad4e4+dfsg5-3+deb9u1
	[wheezy] - gpac <not-affected> (vulnerable code not present)
	NOTE: https://github.com/gpac/gpac/issues/997
	NOTE: https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
	NOTE: CVE is for the issue in av_parsers.c and fixed in same commit as
	NOTE: CVE-2018-1000100
CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow vulne ...)
	- gpac <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/gpac/gpac/issues/994
	NOTE: https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
CVE-2018-7738 (In util-linux before 2.32-rc1, bash-completion/umount allows local use ...)
	{DSA-4134-1}
	- bash-completion <unfixed> (unimportant)
	- util-linux 2.31.1-0.5 (bug #892179)
	[jessie] - util-linux <not-affected> (umount completion added later)
	[wheezy] - util-linux <not-affected> (umount completion added later)
	NOTE: Fix in bash-completion's from util-linux:
	NOTE: https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55#diff-a47601b5dbce9dc06c3af1deb02758c7
	NOTE: src:util-linux/2.28-1 takes over the umount completion from
	NOTE: src:bash-completion (which in turn starting from 1:2.1-4.3
	NOTE: does not provide the umount completion in the binary packaage)
CVE-2018-7718 (An issue was discovered in Telexy QPath 5.4.462. A low privileged auth ...)
	NOT-FOR-US: Telexy QPath
CVE-2018-7717 (The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik ...)
	NOT-FOR-US: Kubik-Rubik Simple Image Gallery Extended (SIGE) extension for Joomla!
CVE-2018-7716 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation v ...)
	NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7715 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation v ...)
	NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7714 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...)
	NOTE: Non-issue, needs to be handled within applications using opencv
	NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7713 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...)
	NOTE: Non-issue, needs to be handled within applications using opencv
	NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7712 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...)
	NOTE: Non-issue, needs to be handled within applications using opencv
	NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7710
	RESERVED
CVE-2018-7709
	RESERVED
CVE-2018-7708
	RESERVED
CVE-2018-7707 (Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail befor ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7706 (Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.5 ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7705 (Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.5 ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7704 (SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users  ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7703 (Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail befor ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof t ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnv ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7700 (DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, becau ...)
	NOT-FOR-US: DedeCMS
CVE-2018-7699
	RESERVED
CVE-2018-7698 (An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933 ...)
	NOT-FOR-US: D-Link
CVE-2018-7697
	RESERVED
CVE-2018-7696
	RESERVED
CVE-2018-7695
	RESERVED
CVE-2018-7694
	RESERVED
CVE-2018-7693
	RESERVED
CVE-2018-7692 (Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2018-7691 (A potential Remote Unauthorized Access in Micro Focus Fortify Software ...)
	NOT-FOR-US: Micro Focus
CVE-2018-7690 (A potential Remote Unauthorized Access in Micro Focus Fortify Software ...)
	NOT-FOR-US: Micro Focus
CVE-2018-7689 (Lack of permission checks in the InitializeDevelPackage function in op ...)
	- open-build-service 2.9.4-1 (low; bug #903797)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1094819
	NOTE: https://github.com/openSUSE/open-build-service/commit/990ef7cccef6f38fc1d1a1bb22a08e174dcba43b
CVE-2018-7688 (A missing permission check in the review handling of openSUSE Open Bui ...)
	- open-build-service 2.9.4-1 (low; bug #903796)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1094820
	NOTE: https://github.com/openSUSE/open-build-service/commit/b15cf19e9e01115f653c76ffdc8f54cd97566553
CVE-2018-7687 (The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnera ...)
	NOT-FOR-US: Micro Focus Client for OES
CVE-2018-7686 (Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2018-7685 (The decoupled download and installation steps in libzypp before 17.5.0 ...)
	- libzypp 17.6.1-1
	[jessie] - libzypp <ignored> (Minor issue, very low popcon)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1091624
	NOTE: https://github.com/openSUSE/libzypp/commit/5186110992f29c5e3b1b5bfe9e1ca899a155399c
CVE-2018-7684
	RESERVED
CVE-2018-7683 (Micro Focus Solutions Business Manager versions prior to 11.4 might re ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7682 (Micro Focus Solutions Business Manager versions prior to 11.4 allows a ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7681 (Micro Focus Solutions Business Manager versions prior to 11.4 allows J ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7680 (Micro Focus Solutions Business Manager versions prior to 11.4 can refl ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7679 (Micro Focus Solutions Business Manager versions prior to 11.4 when ASP ...)
	NOT-FOR-US: Micro Focus Solutions Business Manager
CVE-2018-7678 (A cross site scripting vulnerability exist in the Administration Conso ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Serv ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-7676 (The NetIQ Identity Manager, in versions prior to 4.7, userapp with log ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sen ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2018-7674 (The NetIQ Identity Manager user console, in versions prior to 4.7, is  ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions prior to ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-7672
	RESERVED
CVE-2018-7671
	RESERVED
CVE-2018-7670
	RESERVED
CVE-2018-7669 (An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfi ...)
	NOT-FOR-US: Sitecore
CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read arbitrary atta ...)
	NOT-FOR-US: TestLink
CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
	{DLA-1311-1}
	- adminer 4.5.0-1 (bug #893668)
	[stretch] - adminer 4.2.5-3+deb9u1
	[jessie] - adminer 3.3.3-1+deb8u1
	NOTE: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
	NOTE: https://github.com/vrana/adminer/commit/0fae40fb611b5c8167fa2b8d40bf576a8935a380
	NOTE: adminer 4.4.0 disallows connecting to privileged ports, and thus not "enumerating"
	NOTE: services on (another) host for ports < 1024.
	NOTE: Additionally 4.4.0 rate-limits password-less login attempts from the same
	NOTE: IP address:
	NOTE: https://github.com/vrana/adminer/commit/0e5df34ea87ad34c1bc0ceac162eb86175d611a3
CVE-2018-7666 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL i ...)
	NOT-FOR-US: ClipBucket
CVE-2018-7665 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. A mal ...)
	NOT-FOR-US: ClipBucket
CVE-2018-7664 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any O ...)
	NOT-FOR-US: ClipBucket
CVE-2018-7663 (An issue was discovered in resources/views/layouts/app.blade.php in Vo ...)
	NOT-FOR-US: Voten.co
CVE-2018-7662 (Couch through 2.0 allows remote attackers to discover the full path vi ...)
	NOT-FOR-US: CouchCMS
CVE-2018-7661 (Papenmeier WiFi Baby Monitor Free &amp; Lite before 2.02.2 allows remo ...)
	NOT-FOR-US: Papenmeier WiFi Baby Monitor Free & Lite
CVE-2018-7660 (In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cros ...)
	NOT-FOR-US: OpenText Documentum D2 Webtop
CVE-2018-7659 (In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-S ...)
	NOT-FOR-US: OpenText Documentum D2 Webtop
CVE-2018-7711 (HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 h ...)
	{DLA-1314-1}
	- simplesamlphp 1.15.4-1
	[stretch] - simplesamlphp <no-dsa> (Minor issue)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: failure mode hard to trigger for an attacker, signing of redirect binding in many cases not that important
	NOTE: https://simplesamlphp.org/security/201803-01
	NOTE: https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
CVE-2018-7658 (NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 al ...)
	NOT-FOR-US: Softros Network Time System
CVE-2018-7657
	RESERVED
CVE-2018-7656
	RESERVED
CVE-2018-7655
	RESERVED
CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter "file" in the request "/api/ ...)
	NOT-FOR-US: 3CX 15.5.6354.2 devices
CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. ...)
	NOT-FOR-US: YzmCMS
CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.1 ...)
	NOT-FOR-US: Zonemaster Web GUI
	NOTE: The source (1.0.7) is in Salsa, but never uploaded: https://salsa.debian.org/perl-team/modules/packages/zonemaster-gui
CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ...)
	- node-ssri 5.2.4-1 (unimportant; bug #891980)
	NOTE: fixed in 5.2.2
	NOTE: https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
	NOTE: https://github.com/zkat/ssri/issues/10
	NOTE: https://nodesecurity.io/advisories/565
	NOTE: nodejs not covered by security support
CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier conta ...)
	{DSA-4247-1}
	- ruby-rack-protection 1.5.3-2.1 (bug #892250)
	[jessie] - ruby-rack-protection <ignored> (Low prio package and low prio vulnerability according to RedHat)
	[wheezy] - ruby-rack-protection <ignored> (Low prio package and low prio vulnerability according to RedHat)
	NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
	NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
	NOTE: https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb
CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Network Me ...)
	{DSA-4218-1}
	- memcached 1.5.6-1
	[wheezy] - memcached <no-dsa> (Minor issue; Debian defaults to listen only on localhost)
	NOTE: Upstream 1.5.6 disables by default the UDP protocol
	NOTE: https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
	NOTE: Documentation in memcached's config files clearly mentions the
	NOTE: issues: "Specify which IP address to listen on. The default
	NOTE: (upstream) is to listen on all IP addresses. [...] so make sure
	NOTE: it's listening on a firewalled interface."
CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Appli ...)
	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified Application
CVE-2018-7649 (Monitorix before 3.10.1 allows XSS via CGI variables. ...)
	NOT-FOR-US: Monitorix
CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. Th ...)
	- openjpeg2 2.3.1-1 (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/commit/cc3824767bde397fedb8a1ae4786a222ba860c8d
	NOTE: https://github.com/uclouvain/openjpeg/issues/1088
	NOTE: The Debian package is built with -DBUILD_MJ2:BOOL=OFF
CVE-2018-7647
	RESERVED
CVE-2018-7646
	RESERVED
CVE-2018-7645
	RESERVED
CVE-2018-7643 (The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allo ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22905
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d11ae95ea3403559f052903ab053f43ad7821e37
CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Descripto ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22887
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-2421-1 DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-2421-1 DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-2421-1 DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-2421-1 DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-2421-1 DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7636 (The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier  ...)
	NOT-FOR-US: PAN-OS
CVE-2018-7635 (Whale Browser before 1.0.41.8 displays no URL information but only a t ...)
	NOT-FOR-US: Whale Browser
CVE-2018-7634 (An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack mi ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2018-7633 (Code injection in the /ui/login form Language parameter in Epicentro E ...)
	NOT-FOR-US: Epicentro
CVE-2018-7632 (Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to cau ...)
	NOT-FOR-US: Epicentro
CVE-2018-7631 (Buffer Overflow in httpd in EpiCentro E_7.3.2+ allows attackers to exe ...)
	NOT-FOR-US: Epicentro
CVE-2018-7630
	RESERVED
CVE-2018-7629
	RESERVED
CVE-2018-7628
	RESERVED
CVE-2018-7627
	RESERVED
CVE-2018-7626
	RESERVED
CVE-2018-7625
	RESERVED
CVE-2018-7624
	RESERVED
CVE-2018-7623
	RESERVED
CVE-2018-7622
	RESERVED
CVE-2018-7621
	RESERVED
CVE-2018-7620
	RESERVED
CVE-2018-7619
	RESERVED
CVE-2018-7618
	RESERVED
CVE-2018-7617
	RESERVED
CVE-2018-7616
	RESERVED
CVE-2018-7615
	RESERVED
CVE-2018-7614
	RESERVED
CVE-2018-7613
	RESERVED
CVE-2018-7612
	RESERVED
CVE-2018-7611
	RESERVED
CVE-2018-7610
	RESERVED
CVE-2018-7609
	RESERVED
CVE-2018-7608
	RESERVED
CVE-2018-7607
	RESERVED
CVE-2018-7606
	RESERVED
CVE-2018-7605
	RESERVED
CVE-2018-7604
	RESERVED
CVE-2018-7603 (In Drupal's 3rd party module search auto complete prior to versions 7. ...)
	NOT-FOR-US: Drupal addon
CVE-2018-7602 (A remote code execution vulnerability exists within multiple subsystem ...)
	{DSA-4180-1 DLA-1365-1}
	- drupal7 <removed> (bug #896701)
	NOTE: https://www.drupal.org/psa-2018-003
	NOTE: https://www.drupal.org/sa-core-2018-004
	NOTE: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=080daa38f265ea28444c540832509a48861587d0
CVE-2018-7601
	RESERVED
CVE-2018-7599
	RESERVED
CVE-2018-7598
	RESERVED
CVE-2018-7597
	RESERVED
CVE-2018-7596
	RESERVED
CVE-2018-7595
	RESERVED
CVE-2018-7594
	RESERVED
CVE-2018-7593
	RESERVED
CVE-2018-7592
	RESERVED
CVE-2018-7591
	RESERVED
CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in acco ...)
	NOT-FOR-US: Hoosk
CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in CI ...)
	{DLA-2421-1 DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/184
	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read i ...)
	{DLA-2421-1 DLA-1934-1}
	- cimg 2.3.6+dfsg-1 (low; bug #892780)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/183
	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading a craft ...)
	- cimg <unfixed> (low; bug #892780; bug #940951)
	[buster] - cimg <no-dsa> (Minor issue)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery pat ...)
	NOT-FOR-US: nextgen-gallery plugin for WordPress
CVE-2018-7585
	RESERVED
CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and  ...)
	{DSA-4240-1 DLA-1397-1 DLA-1326-1}
	- php7.2 7.2.3-1
	- php7.1 7.1.15-1
	- php7.0 7.0.28-1
	- php5 <removed>
	NOTE: Fixed in 5.6.34, 7.0.28, 7.1.15, 7.2.3
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75981
	NOTE: https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
CVE-2018-7583 (Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash ...)
	NOT-FOR-US: Proxy.exe in DualDesk 20
CVE-2018-7582 (WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Servic ...)
	NOT-FOR-US: WebLog Expert Web Server Enterprise
CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert We ...)
	NOT-FOR-US: WebLog Expert Web Server Enterprise
CVE-2018-7580 (Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN ...)
	NOT-FOR-US: Philips Hue
CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has  ...)
	NOT-FOR-US: YzmCMS
CVE-2018-7578
	RESERVED
CVE-2018-7577 (Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Go ...)
	- tensorflow <itp> (bug #804612)
	NOTE: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md
CVE-2018-7576 (Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Deref ...)
	- tensorflow <itp> (bug #804612)
CVE-2018-7575 (Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow v ...)
	- tensorflow <itp> (bug #804612)
CVE-2018-7574
	REJECTED
CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP server ca ...)
	NOT-FOR-US: FTPShell Client
CVE-2018-7572 (Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to a ...)
	NOT-FOR-US: Pulse Secure Client
CVE-2018-7571
	RESERVED
CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in elf.c in t ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22881
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d
CVE-2018-7569 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as  ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22895
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=12c963421d045a127c413a0722062b9932c50aa9
CVE-2018-7568 (The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22894
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eef104664efb52965d85a28bc3fc7c77e52e48e2
CVE-2018-1000103
	REJECTED
CVE-2018-1000102
	REJECTED
CVE-2018-1000114 (An improper authorization vulnerability exists in Jenkins Promoted Bui ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000113 (A cross-site scripting vulnerability exists in Jenkins TestLink Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000112 (An improper authorization vulnerability exists in Jenkins Mercurial Pl ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000111 (An improper authorization vulnerability exists in Jenkins Subversion P ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000110 (An improper authorization vulnerability exists in Jenkins Git Plugin v ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000109 (An improper authorization vulnerability exists in Jenkins Google Play  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000108 (A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin  ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000107 (An improper authorization vulnerability exists in Jenkins Job and Node ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000106 (An improper authorization vulnerability exists in Jenkins Gerrit Trigg ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000105 (An improper authorization vulnerability exists in Jenkins Gerrit Trigg ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000104 (A plaintext storage of a password vulnerability exists in Jenkins Cove ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-7567 (** DISPUTED ** In the Admin Package Manager in Open Ticket Request Sys ...)
	- otrs2 <unfixed> (unimportant)
	NOTE: PoC https://0day.today/exploit/29938
	NOTE: Admin Package Manager works as designed and warns if a package is beeing
	NOTE: installed which is not verified by the OTRS Group. Responsiblity of the
	NOTE: respective admin to check packages before installation.
CVE-2018-7566 (The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/d15d662e89fc667b90cd294b0eb45694e33144da
CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...)
	NOT-FOR-US: Polycom QDX 6000 devices
CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
	NOT-FOR-US: Polycom QDX 6000 devices
CVE-2018-7563 (An issue was discovered in GLPI through 9.2.1. The application is affe ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7562 (A remote code execution issue was discovered in GLPI through 9.2.1. Th ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices V15.03.05.14 ...)
	NOT-FOR-US: Tenda AC9 devices
CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...)
	NOT-FOR-US: aws-lambda-multipart-parser NPM package
CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample Code  ...)
	NOT-FOR-US: OPC UA .NET
CVE-2018-7558
	RESERVED
CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg 2.8 thro ...)
	{DSA-4249-1 DLA-1630-1}
	- ffmpeg 7:3.4.3-1
	- libav <removed>
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
	NOTE: Fixed in 3.2.11
CVE-2018-7556 (LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3. ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-7555
	RESERVED
CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that leads to a  ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/29
	NOTE: https://github.com/pts/sam2p/commit/a6621e996f976912252018be8a8836ee6a966ee3
	NOTE: https://github.com/pts/sam2p/commit/118cb8102b767df4100d8a14184e44b33a822861
	NOTE: https://github.com/pts/sam2p/commit/1e43ec5fe34b009cb43f90a9d562442ca347cd75
	NOTE: https://github.com/pts/sam2p/commit/beea3bd8dd05a731fddfa447ff0bad19fe32c973
	NOTE: https://github.com/pts/sam2p/commit/47378716ab03d6b39ee959c949df551c643942f1
CVE-2018-7553 (There is a heap-based buffer overflow in the pcxLoadRaster function of ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/32
CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp  ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/30
	NOTE: CVE-2018-7554 patches will address this issue too.
CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that leads t ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/28
CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ( ...)
	{DSA-4213-1 DLA-1497-1 DLA-1351-1 DLA-1350-1}
	- qemu 1:2.12~rc3+dfsg-1 (bug #892041)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=patch;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8
CVE-2018-7549 (In params.c in zsh through 5.4.2, there is a crash during a copy of an ...)
	- zsh 5.5-1 (unimportant)
	NOTE: https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd
	NOTE: no security impact
CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a NULL pointer dereference w ...)
	- zsh 5.5-1 (unimportant)
	NOTE: https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
	NOTE: no security impact
CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /a ...)
	NOT-FOR-US: lyadmin
CVE-2018-7546 (wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 al ...)
	NOT-FOR-US: Kingsoft WPS Office 2016 and Jinshan PDF
CVE-2018-7545
	RESERVED
CVE-2018-7544 (** DISPUTED ** A cross-protocol scripting issue was discovered in the  ...)
	- openvpn <unfixed> (unimportant)
	NOTE: Not a security issue per se, later versions might explicitly warn in
	NOTE: affected problematic configurations in both the documentation and with
	NOTE: a runtime warning.
CVE-2018-7543 (Cross-site scripting (XSS) vulnerability in installer/build/view.step4 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-7539 (On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is p ...)
	NOT-FOR-US: Appear TV XC5000 and XC5100 devices
CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of Enalean  ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH g ...)
	{DSA-4131-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	[jessie] - xen <not-affected> (Vulnerable code introduced later)
	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
	NOTE: https://xenbits.xen.org/xsa/advisory-256.html
CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS users  ...)
	{DSA-4131-1 DLA-1577-1 DLA-1300-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-255.html
CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
	{DSA-4131-1 DLA-1577-1 DLA-1300-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-252.html
CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp b ...)
	{DSA-4127-1 DLA-1298-1}
	- simplesamlphp 1.15.3-1
	NOTE: https://simplesamlphp.org/security/201802-01
	NOTE: Fixed by: https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
CVE-2018-7537 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...)
	{DSA-4161-1 DLA-1303-1}
	- python-django 1:1.11.11-1
	NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
	NOTE: Patch https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.1 ...)
	{DSA-4161-1 DLA-1303-1}
	- python-django 1:1.11.11-1
	NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
	NOTE: Patch https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
CVE-2018-7535 (An issue was discovered in TotalAV v4.1.7. An unprivileged user could  ...)
	NOT-FOR-US: TotalAV
CVE-2018-7534 (In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Sol ...)
	NOT-FOR-US: Stealth Authorization Server
CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI Da ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7532 (Unauthentication vulnerabilities have been identified in Geutebruck G- ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI Data A ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7530 (Parsing malformed project files in Omron CX-One versions 4.42 and prio ...)
	NOT-FOR-US: Omron
CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in OSIsoft PI ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7528 (An SQL injection vulnerability has been identified in Geutebruck G-Cam ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7527 (A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1 ...)
	NOT-FOR-US: LeviStudio HMI Editor
CVE-2018-7526 (In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Syste ...)
	NOT-FOR-US: TotalAlert Web Application
CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7524 (A cross-site request forgery vulnerability has been identified in Geut ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed proj ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7522 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions  ...)
	NOT-FOR-US: Schneider
CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnera ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7520 (An improper access control vulnerability has been identified in Geuteb ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed proj ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7518 (In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Syste ...)
	NOT-FOR-US: TotalAlert Web Application
CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed proj ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7516 (A server-side request forgery vulnerability has been identified in Geu ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialize ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7514 (Parsing malformed project files in Omron CX-One versions 4.42 and prio ...)
	NOT-FOR-US: Omron
CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed proj ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7512 (A cross-site scripting vulnerability has been identified in Geutebruck ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases  ...)
	NOT-FOR-US: Eaton ELCSoft
CVE-2018-7510 (In the web application in BeaconMedaes TotalAlert Scroll Medical Air S ...)
	NOT-FOR-US: BeaconMedaes TotalAlert
CVE-2018-7509 (WPLSoft in Delta Electronics versions 2.45.0 and prior writes data fro ...)
	NOT-FOR-US: Delta Electronics
CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web API vers ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7507 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixe ...)
	NOT-FOR-US: Delta Electronics
CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 and prio ...)
	NOT-FOR-US: Moxa
CVE-2018-7505 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI Visi ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7503 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7502 (Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2 ...)
	NOT-FOR-US: Beckhoff TwinCAT
CVE-2018-7501 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7499 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of proper  ...)
	NOT-FOR-US: Philips Alice 6 System
CVE-2018-7497 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision vers ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7495 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ver ...)
	NOT-FOR-US: Advantech
CVE-2018-7494 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixe ...)
	NOT-FOR-US: Delta Electronics
CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege escalati ...)
	NOT-FOR-US: CactusVPN for macOS
CVE-2018-7492 (A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_ ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerabil ...)
	NOT-FOR-US: PrestaShop
CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the ...)
	{DSA-4142-1}
	- uwsgi 2.0.15-10.4 (bug #891639)
	[wheezy] - uwsgi <not-affected> (plugin package introduced in jessie)
	NOTE: Fixed in 2.0.17 upstream
	NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
	NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
CVE-2018-7489 (FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2 ...)
	{DSA-4190-1}
	- jackson-databind 2.9.5-1 (bug #891614)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1931
	NOTE: https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
CVE-2018-7488
	RESERVED
CVE-2018-7487 (There is a heap-based buffer overflow in the LoadPCX function of in_pc ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u2
	NOTE: https://github.com/pts/sam2p/issues/18
CVE-2018-7486 (Blue River Mura CMS before v7.0.7029 supports inline function calls wi ...)
	NOT-FOR-US: Blue River Mura CMS
CVE-2018-7485 (The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC ...)
	- unixodbc <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24
	NOTE: Issue introduced with https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9
	NOTE: when actually fixing another potential (security) issue, "Buffer
	NOTE: overflows and missing null checks in SQLConfigDataSource,
	NOTE: SQLInstallDriverEx, and SQLWriteFileDSN"
CVE-2018-7484 (An issue was discovered in PureVPN through 5.19.4.0 on Windows. The cl ...)
	NOT-FOR-US: PureVPN on Windows
CVE-2018-7483
	RESERVED
CVE-2018-7482 (** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access ...)
	NOT-FOR-US: K2 component for Joomla!
CVE-2018-1000099 (Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninit ...)
	{DSA-4170-1}
	- pjproject 2.7.2~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html
	NOTE: https://trac.pjsip.org/repos/ticket/2092
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2018-1000098 (Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vuln ...)
	{DSA-4170-1}
	- pjproject 2.7.2~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
	NOTE: https://trac.pjsip.org/repos/ticket/2093
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier contains an Improper Null Terminat ...)
	- mingw-w64 <unfixed> (low; bug #897196)
	[bullseye] - mingw-w64 <ignored> (Minor issue)
	[buster] - mingw-w64 <ignored> (Minor issue)
	[stretch] - mingw-w64 <ignored> (Minor issue)
	[jessie] - mingw-w64 <ignored> (Minor issue)
	[wheezy] - mingw-w64 <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/mingw-w64/bugs/709/
CVE-2018-7481
	RESERVED
CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux kerne ...)
	{DSA-4188-1}
	- linux 4.11.6-1
	[jessie] - linux <not-affected> (Issue introduced later)
	[wheezy] - linux <not-affected> (Issue introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258
CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via a dir ...)
	NOT-FOR-US: YzmCMS
CVE-2018-7478
	RESERVED
CVE-2018-7477 (SQL Injection exists in PHP Scripts Mall School Management Script 3.0. ...)
	NOT-FOR-US: PHP Scripts Mall School Management Script
CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site S ...)
	NOT-FOR-US: FineCms
CVE-2018-7475 (Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in Ic ...)
	NOT-FOR-US: IceWarp
CVE-2018-7474 (An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is po ...)
	- textpattern <removed>
CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot web inte ...)
	NOT-FOR-US: SO Connect SO WIFI
CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of service d ...)
	NOT-FOR-US: INVT Studio
CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage API read ...)
	NOT-FOR-US: KingView
CVE-2018-7470 (An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLo ...)
	- imagemagick 8:6.9.9.39+dfsg-1 (unimportant; bug #891420)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/998
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e80713e5132a3bd26702ee0a833306f7e801469
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8130e12eb30685ef958f4e62fe624da393920be7
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7305dacfcdf5e51c4f8d0ba9f77fa97792f8acf7
	NOTE: webp support not enabled, see #806425
CVE-2018-7469 (PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the  ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-7468
	RESERVED
CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2 ...)
	NOT-FOR-US: AxxonSoft Axxon Next
CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows remote atta ...)
	NOT-FOR-US: TestLink
CVE-2018-7465 (An XSS issue was discovered in VirtueMart before 3.2.14. All the texta ...)
	NOT-FOR-US: VirtueMart
CVE-2018-7464
	RESERVED
CVE-2018-7463 (SQL injection vulnerability in files.php in the "files" component in A ...)
	NOT-FOR-US: ASANHAMAYESH CMS
CVE-2018-7462
	RESERVED
CVE-2018-7461
	RESERVED
CVE-2018-7460
	RESERVED
CVE-2018-7459
	RESERVED
CVE-2018-7458
	RESERVED
CVE-2018-7457
	RESERVED
CVE-2018-7456 (A NULL Pointer Dereference occurs in the function TIFFPrintDirectory i ...)
	{DSA-4349-1 DLA-1411-1 DLA-1347-1 DLA-1346-1}
	- tiff 4.0.9-5 (bug #891288)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2778
	NOTE: https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b
CVE-2018-7455 (An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xp ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7454 (A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpd ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7453 (Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?p=814#p814
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7452 (A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc i ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7451
	RESERVED
CVE-2018-7450
	RESERVED
CVE-2018-7449 (SEGGER FTP Server for Windows before 3.22a allows remote attackers to  ...)
	NOT-FOR-US: SEGGER embOS/IP FTP Server
CVE-2018-7448 (Remote code execution vulnerability in /cmsms-2.1.6-install.php/index. ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-7447 (** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persist ...)
	NOT-FOR-US: mojoPortal
CVE-2018-7446
	RESERVED
CVE-2018-7445 (A buffer overflow was found in the MikroTik RouterOS SMB service when  ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2018-7444
	RESERVED
CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q1 ...)
	{DLA-2333-1 DLA-1293-1}
	- imagemagick 8:6.9.9.39+dfsg-1 (low; bug #891291)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/999
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1f7c6b153882896e7a569a6e8a362ce2a11a8b1f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5c0e1a31bc44829b1024ce599097f43285a05a42
CVE-2018-7434 (zzcms 8.2 allows remote attackers to discover the full path via a dire ...)
	NOT-FOR-US: zzcms
CVE-2018-7433 (The iThemes Security plugin before 6.9.1 for WordPress does not proper ...)
	NOT-FOR-US: iThemes Security plugin for WordPress
CVE-2018-7432 (Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x befo ...)
	NOT-FOR-US: Splunk
CVE-2018-7431 (Directory traversal vulnerability in the Splunk Django App in Splunk E ...)
	NOT-FOR-US: Splunk
CVE-2018-7430
	RESERVED
CVE-2018-7429 (Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11,  ...)
	NOT-FOR-US: Splunk
CVE-2018-7428
	RESERVED
CVE-2018-7427 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...)
	NOT-FOR-US: Splunk
CVE-2018-7426
	RESERVED
CVE-2018-7425
	RESERVED
CVE-2018-7424
	RESERVED
CVE-2018-7423
	RESERVED
CVE-2018-7422 (A Local File Inclusion vulnerability in the Site Editor plugin through ...)
	NOT-FOR-US: Site Editor plugin for WordPress
CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector cou ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (Vulnerable code introduced later)
	[wheezy] - wireshark <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14408
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=656812ee1f2a8ddfd383b02a066e888f5919e17a
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e8be5adae469ba563acfad2c2b98673e1afaf901
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7420 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parse ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14403
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=129e41f9f63885ad8224ef413c2860788fb9e849
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-11.html
CVE-2018-7419 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector co ...)
	{DSA-4217-1 DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14443
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bebd3a1f50b0a27738d8d3da5b33c1b392eb7273
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-14.html
CVE-2018-7418 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14410
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=29d920b8309905dda11ad397596fe8aafc9b4bf7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-13.html
CVE-2018-7417 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector co ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14409
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81216a176b25dd8a616e11808a951e141a467009
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-12.html
CVE-2018-7416
	RESERVED
CVE-2018-7439 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892
CVE-2018-7438 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889
CVE-2018-7437 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885
CVE-2018-7436 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883
CVE-2018-7435 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based  ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879
CVE-2018-7415
	RESERVED
CVE-2018-7414
	RESERVED
CVE-2018-7413
	RESERVED
CVE-2018-7412
	RESERVED
CVE-2018-7411
	RESERVED
CVE-2018-7410
	RESERVED
CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to ...)
	- unixodbc 2.3.6-0.1 (bug #891596)
	[stretch] - unixodbc <no-dsa> (Minor issue)
	[jessie] - unixodbc <no-dsa> (Minor issue)
	[wheezy] - unixodbc <ignored> (Minor issue)
	NOTE: Fixed by: https://sourceforge.net/p/unixodbc/code/136/
	NOTE: https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9
CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...)
	- npm <not-affected> (Vulnerable code introduced later)
CVE-2018-7407 (An issue was discovered in Foxit Reader before 9.1 and PhantomPDF befo ...)
	NOT-FOR-US: Foxit
CVE-2018-7406 (An issue was discovered in Foxit Reader before 9.1 and PhantomPDF befo ...)
	NOT-FOR-US: Foxit
CVE-2018-7405 (Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer befo ...)
	NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
CVE-2018-7404
	RESERVED
CVE-2018-7403
	RESERVED
CVE-2018-7402
	RESERVED
CVE-2018-7401
	RESERVED
CVE-2018-7400
	RESERVED
CVE-2018-7399
	RESERVED
CVE-2018-7398
	RESERVED
CVE-2018-7397
	RESERVED
CVE-2018-7396
	RESERVED
CVE-2018-7395
	RESERVED
CVE-2018-7394
	RESERVED
CVE-2018-7393
	RESERVED
CVE-2018-7392
	RESERVED
CVE-2018-7391
	RESERVED
CVE-2018-7390
	RESERVED
CVE-2018-7389
	RESERVED
CVE-2018-7388
	RESERVED
CVE-2018-7387
	RESERVED
CVE-2018-7386
	RESERVED
CVE-2018-7385
	RESERVED
CVE-2018-7384
	RESERVED
CVE-2018-7383
	RESERVED
CVE-2018-7382
	RESERVED
CVE-2018-7381
	RESERVED
CVE-2018-7380
	RESERVED
CVE-2018-7379
	RESERVED
CVE-2018-7378
	RESERVED
CVE-2018-7377
	RESERVED
CVE-2018-7376
	RESERVED
CVE-2018-7375
	RESERVED
CVE-2018-7374
	RESERVED
CVE-2018-7373
	RESERVED
CVE-2018-7372
	RESERVED
CVE-2018-7371
	RESERVED
CVE-2018-7370
	RESERVED
CVE-2018-7369
	RESERVED
CVE-2018-7368
	REJECTED
CVE-2018-7367
	REJECTED
CVE-2018-7366 (ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions  ...)
	NOT-FOR-US: ZTE
CVE-2018-7365 (All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product ...)
	NOT-FOR-US: ZTE
CVE-2018-7364 (All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product Europe ...)
	NOT-FOR-US: ZTE
CVE-2018-7363 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7362 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7361 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7360 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7359 (All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted  ...)
	NOT-FOR-US: ZTE
CVE-2018-7358 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V ...)
	NOT-FOR-US: ZTE ZXHN H168N product
CVE-2018-7357 (ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V ...)
	NOT-FOR-US: ZTE ZXHN H168N product
CVE-2018-7356 (All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impac ...)
	NOT-FOR-US: ZTE ZXR10 8905E
CVE-2018-7355 (All versions up to V1.0.0B05 of ZTE MF65 and all versions up to V1.0.0 ...)
	NOT-FOR-US: ZTE
CVE-2018-7354
	RESERVED
CVE-2018-7353
	RESERVED
CVE-2018-7352
	RESERVED
CVE-2018-7351
	RESERVED
CVE-2018-7350
	RESERVED
CVE-2018-7349
	RESERVED
CVE-2018-7348
	RESERVED
CVE-2018-7347
	RESERVED
CVE-2018-7346
	RESERVED
CVE-2018-7345
	RESERVED
CVE-2018-7344
	RESERVED
CVE-2018-7343
	RESERVED
CVE-2018-7342
	RESERVED
CVE-2018-7341
	RESERVED
CVE-2018-7340 (Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the resu ...)
	NOT-FOR-US: Duo Network Gateway
CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Ent ...)
	- mp4v2 <removed> (low; bug #893544)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	[wheezy] - mp4v2 <ignored> (Minor issue)
	NOTE: https://github.com/pingsuewim/libmp4_bof
CVE-2018-7338
	RESERVED
	NOT-FOR-US: Duo Network Gateway
	NOTE: https://duo.com/labs/psa/duo-psa-2017-003
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2018-7337 (In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14446
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=511a8b0b546d25413e289dc5a7d3a455a33994c2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-08.html
CVE-2018-7336 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol diss ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b56f598f1bc04f5d00f13b38c713763928cedb7c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-09.html
CVE-2018-7335 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 disse ...)
	{DSA-4217-1 DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14442
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2901dcf45c9f1b07abfbf2a0b0cd654371d72a4
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-05.html
CVE-2018-7334 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissecto ...)
	{DSA-4217-1 DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14339
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ed705e1227d3d582e3f0de435bba606d053d686
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-07.html
CVE-2018-7333 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.7)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.7)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14449
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bd6313181317bfe83842b27650b65f3c2b8d5dc9
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7332 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7331 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1}
	- wireshark 2.4.5-1 (low)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=157712b2f5f89b19ef2497ea89c5938eb29529da
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7330 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7329 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14423
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8a0cbc4f2979e0b1cadbe79f0b8b4ecb92477be
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7328 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7327 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14420
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=563989f888e51258edb9a27db56124bdc33c9afe
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7326 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14419
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=293b999425e998d6cde0d9149648e421ea7687d0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7325 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1}
	- wireshark 2.4.5-1 (low)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14414
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7be234d06ea39ab6a88115ae41d71060f1f15e3c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7324 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14413
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9e7695bbee18525eaa6d12b32230313ae8a36a81
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7323 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14412
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f9199ea8cff56c6704e9828c3d80360b27c4565
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5d45b69b590cabc5127282d1ade3bca1598e5f5c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7322 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	{DLA-1634-1 DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14411
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afc780e2c796e971bb7d164103f4f0d10d3c25b5
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7321 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packe ...)
	- wireshark 2.4.5-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.6)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.6)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14379
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c784d551ad50864de1035ce54e72837301cf6aca
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7320 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol  ...)
	- wireshark 2.4.5-1
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
	[jessie] - wireshark <not-affected> (Vulnerable code introduced later)
	[wheezy] - wireshark <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14398
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=015e3399390b8b5cfbfcfcda30589983ab6cc129
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-10.html
CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 component f ...)
	NOT-FOR-US: OS Property Real Estate component for Joomla!
CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for Joomla! via  ...)
	NOT-FOR-US: CheckList component for Joomla!
CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for Joomla! via ...)
	NOT-FOR-US: Proclaim component for Joomla!
CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component for Jooml ...)
	NOT-FOR-US: Proclaim component for Joomla!
CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via th ...)
	NOT-FOR-US: Ek Rishta component for Joomla!
CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! v ...)
	NOT-FOR-US: PrayerCenter component for Joomla!
CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via th ...)
	NOT-FOR-US: CW Tags component for Joomla!
CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 component fo ...)
	NOT-FOR-US: Alexandria Book Library component for Joomla!
CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root privile ...)
	NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7310
	RESERVED
CVE-2018-7309
	RESERVED
CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin hosting thr ...)
	NOT-FOR-US: DanWin hosting
CVE-2018-7307 (The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles t ...)
	NOT-FOR-US: Auth0 Auth0.js library
CVE-2018-7306
	RESERVED
CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitra ...)
	NOT-FOR-US: MyBB
CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; consequ ...)
	- tikiwiki <removed>
CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
	- tikiwiki <removed>
CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content,  ...)
	- tikiwiki <removed>
CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port witho ...)
	NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices
CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in  ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7299 (Remote Code Execution in the addon installation process in eQ-3 AG Hom ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7298 (In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG Homemat ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method i ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7295 (ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Wi ...)
	NOT-FOR-US: Final Fantasy
CVE-2018-7294
	RESERVED
CVE-2018-7293
	RESERVED
CVE-2018-7292
	RESERVED
CVE-2018-7291
	RESERVED
CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, an ...)
	- tikiwiki <removed>
CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...)
	NOT-FOR-US: Armadito
CVE-2018-7288
	RESERVED
CVE-2018-7287 (An issue was discovered in res_http_websocket.c in Asterisk 15.x throu ...)
	- asterisk <not-affected> (Only affects Asterisk 15.x)
	NOTE: downloads.digium.com/pub/security/AST-2018-006.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27658
CVE-2018-7286 (An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7 ...)
	{DSA-4320-1}
	- asterisk 1:13.20.0~dfsg-1 (bug #891228)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-005.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27618
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-005-13.diff
CVE-2018-7285 (A NULL pointer access issue was discovered in Asterisk 15.x through 15 ...)
	- asterisk <not-affected> (Only affects Asterisk 15.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-001.html
CVE-2018-7284 (A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14 ...)
	{DSA-4320-1}
	- asterisk 1:13.20.0~dfsg-1 (bug #891227)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-004.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27640
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-004-13.diff
CVE-2018-7283
	RESERVED
CVE-2018-7282 (The username parameter of the TITool PrintMonitor solution during the  ...)
	NOT-FOR-US: TITool
CVE-2018-7281 (CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnera ...)
	NOT-FOR-US: CactusVPN for macOS
CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-1000093 (CryptoNote version version 0.8.9 and possibly later contain a local RP ...)
	NOT-FOR-US: CryptoNote
CVE-2018-1000092 (CMS Made Simple version versions 2.2.5 contains a Cross ite Request Fo ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-1000091 (KadNode version version 2.2.0 contains a Buffer Overflow vulnerability ...)
	NOT-FOR-US: KadNode
CVE-2018-1000090 (textpattern version version 4.6.2 contains a XML Injection vulnerabili ...)
	- textpattern <removed>
CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 contains a CWE- ...)
	- django-anymail 1.4-1 (bug #890097)
	[stretch] - django-anymail <ignored> (Minor issue; non-free/contrib not security supported)
	NOTE: https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef
CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting ...)
	- ruby-doorkeeper 4.3.1-1 (bug #891069)
	[stretch] - ruby-doorkeeper <no-dsa> (Minor issue)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970
CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site Script ...)
	NOT-FOR-US: WolfCMS
CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a  ...)
	NOT-FOR-US: pym.js
CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap memory rea ...)
	{DLA-1307-1}
	- clamav 0.99.3~beta1+dfsg-1
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
	NOTE: https://www.openwall.com/lists/oss-security/2017/09/29/4
CVE-2018-1000084 (WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site S ...)
	NOT-FOR-US: WolfCMS
CVE-2018-1000083 (Ajenti version version 2 contains a Improper Error Handling vulnerabil ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000082 (Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) v ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000081 (Ajenti version version 2 contains a Input Validation vulnerability in  ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000080 (Ajenti version version 2 contains a Insecure Permissions vulnerability ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1421-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
	- rubygems 3.2.0~rc.1-1
	[wheezy] - rubygems <not-affected> (Vulnerable code not present)
	- jruby 9.1.17.0-1 (bug #895778)
	[jessie] - jruby <not-affected> (Vulnerable code not present)
	[wheezy] - jruby <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759
	NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems 3.2.0~rc.1-1
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems 3.2.0~rc.1-1
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems 3.2.0~rc.1-1
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1421-1 DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems 3.2.0~rc.1-1
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1796-1 DLA-1480-1 DLA-1352-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
	- rubygems 3.2.0~rc.1-1
	[wheezy] - rubygems <no-dsa> (Minor issue)
	- jruby 9.1.17.0-1 (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:  ...)
	{DSA-4259-1 DSA-4219-1 DLA-1480-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present)
	- rubygems 3.2.0~rc.1-1
	[wheezy] - rubygems <not-affected> (Vulnerable code not present)
	- jruby 9.1.17.0-2.1 (bug #895778; bug #925986)
	[jessie] - jruby <not-affected> (Vulnerable code not present)
	[wheezy] - jruby <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000072 (iRedMail version prior to commit f04b8ef contains a Insecure Permissio ...)
	NOT-FOR-US: iRedMail
CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permissions v ...)
	- roundcube 1.3.10+dfsg.1-1 (unimportant; bug #897014)
	[buster] - roundcube 1.3.10+dfsg.1-1~deb10u1
	[stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2
	NOTE: https://github.com/roundcube/roundcubemail/issues/6173
	NOTE: https://github.com/roundcube/roundcubemail/commit/48417c5fc9f6eb4b90500c09596606d489c700b5
	NOTE: https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt
	NOTE: That plugin is not functional in stretch due to a missing package dependency, setting it
	NOTE: up would require several additional manual changes on the admin's side
	NOTE: Can be mitigated by moving home folder outside the scope of the webserver
CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or after com ...)
	NOT-FOR-US: PyBitmessage
CVE-2018-1000069 (FreePlane version 1.5.9 and earlier contains a XML External Entity (XX ...)
	{DSA-4175-1 DLA-1316-1}
	- freeplane 1.6.6-1 (bug #893663)
	NOTE: https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser
	NOTE: https://github.com/freeplane/freeplane/commit/a5dce7f9f
CVE-2018-7279 (A remote code execution issue was discovered in AlienVault USM and OSS ...)
	NOT-FOR-US: AlienVault
CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2 ...)
	NOT-FOR-US: RLE Protocol Converter FDS-PC / FDS-PC-DP devices
CVE-2018-7277 (An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent X ...)
	NOT-FOR-US: RLE Wi-MGR/FDS-Wi 6.2 devices
CVE-2018-7276 (An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firm ...)
	NOT-FOR-US: Lutron Quantum BACnet Integration 2.0 devices
CVE-2018-7275
	RESERVED
CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scr ...)
	NOT-FOR-US: Yab Quarx
CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the addr ...)
	- linux 4.15.4-1
	[stretch] - linux <ignored> (Minor issue)
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <ignored> (Minor issue)
	- linux-4.9 <removed>
	NOTE: https://lkml.org/lkml/2018/2/20/669
CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as par ...)
	NOT-FOR-US: ForgeRock AM
CVE-2018-7271 (An issue was discovered in MetInfo 6.0.0. In install/install.php in th ...)
	NOT-FOR-US: MetInfo
CVE-2018-7270
	RESERVED
CVE-2018-7269 (The findByCondition function in framework/db/ActiveRecord.php in Yii 2 ...)
	- yii <itp> (bug #597899)
CVE-2018-7268 (MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automa ...)
	NOT-FOR-US: MagniComp
CVE-2018-7267
	RESERVED
CVE-2018-7266
	RESERVED
CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that e ...)
	NOT-FOR-US: Shimmie
CVE-2018-7264 (The Pictview image processing library embedded in the ActivePDF toolki ...)
	NOT-FOR-US: ActivePDF
CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad through ...)
	NOTE: Seems like a duplicate of CVE-2017-11552 relates to the issue raised in
	NOTE: https://bugs.debian.org/870608
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784
	NOTE: MITRE stated, that "[...] However, if there are two different code
	NOTE: paths by which libmad is used incorrectly, and both code paths result
	NOTE: in "double free or corruption" errors, then we would represent this
	NOTE: with two CVEs."
CVE-2018-7262 (In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGW ...)
	- ceph <not-affected> (Issue introduced later)
	NOTE: See details in https://bugs.debian.org/891963#15 . Ceph as present in
	NOTE: Debian up to 10.2.5-7.2 is not vulnerable as they contain an older
	NOTE: version of the embedded webserver in RADOS gateway which does not return
	NOTE: null strings on malformed HTTP requests.
	NOTE: Original pull request: https://github.com/ceph/ceph/pull/20403
	NOTE: Superseeded by: https://github.com/ceph/ceph/pull/20488
CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4 ...)
	NOT-FOR-US: Radiant CMS
CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in db_central_columns.php in  ...)
	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #893539)
	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3e8745e8845633ae8a0054b5ee4d8babd5
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-1/
CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a ...)
	NOT-FOR-US: Flight Sim Labs
CVE-2018-7258
	RESERVED
CVE-2018-7257
	RESERVED
CVE-2018-7256
	RESERVED
CVE-2018-7255
	RESERVED
CVE-2018-7252
	RESERVED
CVE-2018-7251 (An issue was discovered in config/error.php in Anchor 0.12.3. The erro ...)
	NOT-FOR-US: Anchor CMS
CVE-2018-7250 (An issue was discovered in secdrv.sys as shipped in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2018-7249 (An issue was discovered in secdrv.sys as shipped in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2018-7254 (The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5 ...)
	{DSA-4125-1}
	- wavpack 5.1.0-3 (bug #889274)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/dbry/WavPack/issues/26
	NOTE: https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
CVE-2018-7253 (The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPa ...)
	{DSA-4125-1}
	- wavpack 5.1.0-3 (bug #889559)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/dbry/WavPack/issues/28
	NOTE: https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
CVE-2018-7248 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Buil ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2018-7247 (An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Lepto ...)
	- leptonlib 1.76.0-1 (unimportant)
	NOTE: https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
CVE-2018-7246 (A cleartext transmission of sensitive information vulnerability exists ...)
	NOT-FOR-US: Schneider
CVE-2018-7245 (An improper authorization vulnerability exists In Schneider Electric's ...)
	NOT-FOR-US: Schneider
CVE-2018-7244 (An information disclosure vulnerability exists In Schneider Electric's ...)
	NOT-FOR-US: Schneider
CVE-2018-7243 (An authorization bypass vulnerability exists In Schneider Electric's 6 ...)
	NOT-FOR-US: Schneider
CVE-2018-7242 (Vulnerable hash algorithms exists in Schneider Electric's Modicon Prem ...)
	NOT-FOR-US: Schneider
CVE-2018-7241 (Hard coded accounts exist in Schneider Electric's Modicon Premium, Mod ...)
	NOT-FOR-US: Schneider
CVE-2018-7240 (A vulnerability exists in Schneider Electric's Modicon Quantum in all  ...)
	NOT-FOR-US: Schneider
CVE-2018-7239 (A DLL hijacking vulnerability exists in Schneider Electric's SoMove So ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7238 (A buffer overflow vulnerability exist in the web-based GUI of Schneide ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7237 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7236 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7235 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7234 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7233 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7232 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7231 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7230 (A XML external entity (XXE) vulnerability exists in the import.cgi of  ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7229 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7228 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7227 (A vulnerability exists in Schneider Electric's Pelco Sarix Professiona ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7226 (An issue was discovered in vcSetXCutTextProc() in VNConsole.c in Linux ...)
	- vncterm <unfixed> (low; bug #898453)
	[stretch] - vncterm <no-dsa> (Minor issue)
	NOTE: https://github.com/LibVNC/vncterm/issues/6
CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClie ...)
	{DSA-4221-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-1332-1}
	- libvncserver 0.9.11+dfsg-1.1 (bug #894045)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	- tightvnc 1:1.3.9-9.1
	[buster] - tightvnc 1:1.3.9-9deb10u1
	[stretch] - tightvnc 1:1.3.9-9+deb9u1
	- vino 3.22.0-6 (bug #945784)
	[buster] - vino <no-dsa> (Minor issue)
	[stretch] - vino <no-dsa> (Minor issue)
	NOTE: https://github.com/LibVNC/libvncserver/issues/218
	NOTE: https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
CVE-2018-7224
	RESERVED
CVE-2018-7223
	RESERVED
CVE-2018-7222
	RESERVED
CVE-2018-7221
	RESERVED
CVE-2018-7220
	RESERVED
CVE-2018-7219 (application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as d ...)
	NOT-FOR-US: NoneCms
CVE-2018-7218 (The AppFirewall functionality in Citrix NetScaler Application Delivery ...)
	NOT-FOR-US: Citrix
CVE-2018-7217 (In Bravo Tejari Procurement Portal, uploaded files are not properly va ...)
	NOT-FOR-US: Bravo Tejari Procurement Portal
CVE-2018-7216 (Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profil ...)
	NOT-FOR-US: Bravo Tejari Procurement Portal
CVE-2018-7215
	RESERVED
CVE-2018-7214
	RESERVED
CVE-2018-7213 (The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428  ...)
	NOT-FOR-US: Password Manager Extension in Abine Blur
CVE-2018-7212 (An issue was discovered in rack-protection/lib/rack/protection/path_tr ...)
	NOT-FOR-US: Sinatra
CVE-2018-7211 (An issue was discovered in iDashboards 9.6b. The SSO implementation is ...)
	NOT-FOR-US: iDashboards
CVE-2018-7210 (An issue was discovered in iDashboards 9.6b. It allows remote attacker ...)
	NOT-FOR-US: iDashboards
CVE-2018-7209 (An issue was discovered in iDashboards 9.6b. It allows remote attacker ...)
	NOT-FOR-US: iDashboards
CVE-2018-7208 (In the coff_pointerize_aux function in coffgen.c in the Binary File De ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22741
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb77f6a4621795367a39cdd30957903af9dbb815
CVE-2018-7207
	REJECTED
CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0 ...)
	NOT-FOR-US: JupyterHub
CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design ...)
	NOT-FOR-US: Kentico
CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for Wor ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 throu ...)
	NOT-FOR-US: Twonky Server
CVE-2018-7202 (An issue was discovered in ProjectSend before r1053. XSS exists in the ...)
	NOT-FOR-US: ProjectSend
CVE-2018-7201 (CSV Injection was discovered in ProjectSend before r1053, affecting vi ...)
	NOT-FOR-US: ProjectSend
CVE-2018-7200
	RESERVED
CVE-2018-7199
	RESERVED
CVE-2018-7198 (October CMS through 1.0.431 allows XSS by entering HTML on the Add Pos ...)
	NOT-FOR-US: October CMS
CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored cross-site sc ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-7196 (Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhances ...)
	NOT-FOR-US: osTicket
CVE-2018-7195 (Enhancesoft osTicket before 1.10.2 allows remote attackers to reset ar ...)
	NOT-FOR-US: osTicket
CVE-2018-7194 (Integer format vulnerability in the ticket number generator in Enhance ...)
	NOT-FOR-US: osTicket
CVE-2018-7193 (Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enha ...)
	NOT-FOR-US: osTicket
CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic  ...)
	NOT-FOR-US: osTicket
CVE-2018-7191 (In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.56-1+deb8u1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743792
	NOTE: https://git.kernel.org/linus/0ad646c81b2182f7fa67ec0c8c825e0ee165696d
	NOTE: https://git.kernel.org/linus/5c25f65fd1e42685f7ccd80e0621829c105785d9
CVE-2018-7190
	RESERVED
CVE-2018-7189
	RESERVED
CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an au ...)
	- tikiwiki <removed>
CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure command-li ...)
	{DSA-4380-1 DSA-4379-1 DLA-1294-1}
	- golang-1.10 1.10.1-1
	- golang-1.9 <removed> (bug #895663)
	- golang-1.8 <removed> (bug #895664)
	- golang-1.7 <removed> (bug #895665)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/23867
	NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
CVE-2018-7185 (The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attac ...)
	- ntp 1:4.2.8p11+dfsg-1 (low)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <ignored> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating  ...)
	- ntp 1:4.2.8p11+dfsg-1 (low)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <ignored> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
	NOTE: http://bk.ntp.org/ntp-stable/?PAGE=cset&REV=5a76f46bK1M87GD1tJounOczC-5Zow
CVE-2018-7183 (Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 throu ...)
	- ntp 1:4.2.8p11+dfsg-1 (low)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3414
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7182 (The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows r ...)
	- ntp 1:4.2.8p11+dfsg-1
	[stretch] - ntp <postponed> (Can be fixed along in a future update)
	[jessie] - ntp <postponed> (Can be fixed along in a future update)
	[wheezy] - ntp <not-affected> (Issue not present)
	- ntpsec 1.0.0+dfsg1-5
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3412
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
	NOTE: Fixed by (ntpsec): https://gitlab.com/NTPsec/ntpsec/commit/6d6aa6da0fe685011f5a9633c3618409af8349d7
	NOTE: https://lists.ntpsec.org/pipermail/devel/2018-March/006008.html
CVE-2018-7181
	RESERVED
CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters in a % ...)
	{DLA-1302-1}
	- leptonlib 1.75.3-2 (low; bug #890548)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <no-dsa> (Minor issue)
	NOTE: https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
CVE-2018-7180 (SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! v ...)
	NOT-FOR-US: Saxum Astro component for Joomla!
CVE-2018-7179 (SQL Injection exists in the SquadManagement 1.0.3 component for Joomla ...)
	NOT-FOR-US: SquadManagement component for Joomla!
CVE-2018-7178 (SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla!  ...)
	NOT-FOR-US: Saxum Picker component for Joomla!
CVE-2018-7177 (SQL Injection exists in the Saxum Numerology 3.0.4 component for Jooml ...)
	NOT-FOR-US: Saxum Numerology component for Joomla!
CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding  ...)
	- frontaccounting <removed> (bug #890604)
	[wheezy] - frontaccounting <end-of-life> (unsupported in wheezy, already vulnerable to SQL injection in CVE-2014-3973)
	NOTE: https://securitywarrior9.blogspot.ca/2018/02/cross-site-request-forgery-front.html
CVE-2018-7175 (An issue was discovered in xpdf 4.00. A NULL pointer dereference in re ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
CVE-2018-7174 (An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref a ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=605
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
CVE-2018-7173 (A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an  ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=607
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins versions  ...)
	- jenkins <removed>
CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins versions 2.1 ...)
	- jenkins <removed>
CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, remote attackers can delete ar ...)
	NOT-FOR-US: WonderCMS
CVE-2018-7171 (Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5  ...)
	NOT-FOR-US: Twonky Server
CVE-2018-7170 (ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authen ...)
	- ntp 1:4.2.8p11+dfsg-1
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3415
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is  ...)
	- shadow 1:4.7-1 (low; bug #890557)
	[buster] - shadow <no-dsa> (Minor issue)
	[stretch] - shadow <no-dsa> (Minor issue)
	[jessie] - shadow <no-dsa> (Minor issue)
	[wheezy] - shadow <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
	NOTE: https://github.com/shadow-maint/shadow/pull/97
CVE-2018-7168
	RESERVED
CVE-2018-7167 (Calling Buffer.fill() or Buffer.alloc() with some parameters can lead  ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#calls-to-buffer-fill-and-or-buffer-alloc-may-hang-cve-2018-7167
	NOTE: Doesn't affect 10.x, marking first 10.x upload to sid as fixed
CVE-2018-7166 (In all versions of Node.js 10 prior to 10.9.0, an argument processing  ...)
	- nodejs <not-affected> (Only affects 10.x and later)
	NOTE: https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
	NOTE: https://github.com/nodejs/node/commit/40a7beeddac9b9ec9ef5b49157daaf8470648b08
CVE-2018-7165
	RESERVED
CVE-2018-7164 (Node.js versions 9.7.0 and later and 10.x are vulnerable and the sever ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	[stretch] - nodejs <not-affected> (Only affects >= 9.x)
	[jessie] - nodejs <not-affected> (Only affects >= 9.x)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#memory-exhaustion-dos-on-v9-x-cve-2018-7164
	NOTE: https://github.com/nodejs/node/commit/3217e8e66fa81e
CVE-2018-7163
	RESERVED
CVE-2018-7162 (All versions of Node.js 9.x and 10.x are vulnerable and the severity i ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	[stretch] - nodejs <not-affected> (Only affects >= 8.x)
	[jessie] - nodejs <not-affected> (Only affects >= 8.x)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#denial-of-service-vulnerability-in-tls-cve-2018-7162
	NOTE: https://github.com/nodejs/node/commit/0cb3325f1
CVE-2018-7161 (All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the seve ...)
	- nodejs 10.15.0~dfsg-6 (unimportant)
	[stretch] - nodejs <not-affected> (Only affects >= 8.x)
	[jessie] - nodejs <not-affected> (Only affects >= 8.x)
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/#denial-of-service-vulnerability-in-http-2-cve-2018-7161
	NOTE: https://github.com/nodejs/node/commit/8bf213dbdc7e
CVE-2018-7160 (The Node.js inspector, in 6.x and later is vulnerable to a DNS rebindi ...)
	- nodejs 8.11.1~dfsg-2 (unimportant)
	[stretch] - nodejs <not-affected> (Vulnerable code not present)
	[jessie] - nodejs <not-affected> (Vulnerable code not present)
	[wheezy] - nodejs <not-affected> (Vulnerable code not present)
CVE-2018-7159 (The HTTP parser in all current versions of Node.js ignores spaces in t ...)
	- nodejs 8.11.1~dfsg-2 (unimportant)
CVE-2018-7158 (The `'path'` module in the Node.js 4.x release line contains a potenti ...)
	- nodejs 6.0.0~dfsg-1 (unimportant)
CVE-2018-7157
	REJECTED
CVE-2018-7156
	REJECTED
CVE-2018-7155
	REJECTED
CVE-2018-7154
	REJECTED
CVE-2018-7153
	REJECTED
CVE-2018-7152
	REJECTED
CVE-2018-7151
	REJECTED
CVE-2018-7150
	REJECTED
CVE-2018-7149
	REJECTED
CVE-2018-7148
	REJECTED
CVE-2018-7147
	REJECTED
CVE-2018-7146
	REJECTED
CVE-2018-7145
	REJECTED
CVE-2018-7144
	REJECTED
CVE-2018-7143
	REJECTED
CVE-2018-7142
	REJECTED
CVE-2018-7141
	REJECTED
CVE-2018-7140
	REJECTED
CVE-2018-7139
	REJECTED
CVE-2018-7138
	REJECTED
CVE-2018-7137
	REJECTED
CVE-2018-7136
	REJECTED
CVE-2018-7135
	REJECTED
CVE-2018-7134
	REJECTED
CVE-2018-7133
	REJECTED
CVE-2018-7132
	REJECTED
CVE-2018-7131
	REJECTED
CVE-2018-7130
	REJECTED
CVE-2018-7129
	REJECTED
CVE-2018-7128
	REJECTED
CVE-2018-7127
	REJECTED
CVE-2018-7126
	REJECTED
CVE-2018-7125 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7124 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7123 (A remote denial of service vulnerability was identified in HPE Intelli ...)
	NOT-FOR-US: HPE
CVE-2018-7122 (A remote disclosure of information vulnerability was identified in HPE ...)
	NOT-FOR-US: HPE
CVE-2018-7121 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7120 (A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Chan ...)
	NOT-FOR-US: HPE
CVE-2018-7119 (A Local Disclosure of Sensitive Information vulnerability was identifi ...)
	NOT-FOR-US: HPE
CVE-2018-7118 (A local access restriction bypass vulnerability was identified in HPE  ...)
	NOT-FOR-US: HPE Service Pack for ProLiant (SPP) Bundled Software
CVE-2018-7117 (A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerab ...)
	NOT-FOR-US: HPE
CVE-2018-7116 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
	NOT-FOR-US: HPE
CVE-2018-7115 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
	NOT-FOR-US: HPE
CVE-2018-7114 (HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P0 ...)
	NOT-FOR-US: HPE
CVE-2018-7113 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior  ...)
	NOT-FOR-US: HPE
CVE-2018-7112 (The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7 ...)
	NOT-FOR-US: HPE
CVE-2018-7111 (A remote unauthorized access vulnerability was identified in HPE UIoT  ...)
	NOT-FOR-US: HPE
CVE-2018-7110 (A remote unauthorized disclosure of information vulnerability was iden ...)
	NOT-FOR-US: HPE
CVE-2018-7109 (HPE has addressed a remote arbitrary file modification vulnerability i ...)
	NOT-FOR-US: HPE
CVE-2018-7108 (HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to ...)
	NOT-FOR-US: HPE
CVE-2018-7107 (A potential security vulnerability has been identified in HPE Device E ...)
	NOT-FOR-US: HPE
CVE-2018-7106
	REJECTED
CVE-2018-7105 (A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) for HP ...)
	NOT-FOR-US: HPE
CVE-2018-7104 (A Remote Code Execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7103 (A Remote Code Execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7102 (A security vulnerability in HPE Intelligent Management Center (iMC) PL ...)
	NOT-FOR-US: HPE
CVE-2018-7101 (A potential remote denial of service security vulnerability has been i ...)
	NOT-FOR-US: HPE
CVE-2018-7100 (A potential security vulnerability has been identified in HPE OfficeCo ...)
	NOT-FOR-US: HPE OfficeConnect 1810 Switch Series
CVE-2018-7099 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7098 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7097 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7096 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7095 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7094 (A security vulnerability was identified in 3PAR Service Processor (SP) ...)
	NOT-FOR-US: 3PAR
CVE-2018-7093 (A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90 ...)
	NOT-FOR-US: HPE
CVE-2018-7092 (A potential security vulnerability has been identified in HPE Intellig ...)
	NOT-FOR-US: HPE
CVE-2018-7091 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has open UR ...)
	NOT-FOR-US: HPE
CVE-2018-7090 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has local a ...)
	NOT-FOR-US: HPE
CVE-2018-7089
	REJECTED
CVE-2018-7088
	REJECTED
CVE-2018-7087
	REJECTED
CVE-2018-7086
	REJECTED
CVE-2018-7085
	REJECTED
CVE-2018-7084 (A command injection vulnerability is present that permits an unauthent ...)
	NOT-FOR-US: Aruba
CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave behind ...)
	NOT-FOR-US: Aruba
CVE-2018-7082 (A command injection vulnerability is present in Aruba Instant that per ...)
	NOT-FOR-US: Aruba
CVE-2018-7081 (A remote code execution vulnerability is present in network-listening  ...)
	NOT-FOR-US: Aruba
CVE-2018-7080 (A vulnerability exists in the firmware of embedded BLE radios that are ...)
	NOT-FOR-US: Aruba
CVE-2018-7079 (Aruba ClearPass Policy Manager guest authorization failure. Certain ad ...)
	NOT-FOR-US: Aruba
CVE-2018-7078 (A remote code execution was identified in HPE Integrated Lights-Out 4  ...)
	NOT-FOR-US: HPE
CVE-2018-7077 (A security vulnerability in HPE XP P9000 Command View Advanced Edition ...)
	NOT-FOR-US: HPE
CVE-2018-7076 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7075 (A remote cross-site scripting (XSS) vulnerability was identified in HP ...)
	NOT-FOR-US: HPE
CVE-2018-7074 (A remote code execution vulnerability was identified in HPE Intelligen ...)
	NOT-FOR-US: HPE
CVE-2018-7073 (A local arbitrary file modification vulnerability was identified in HP ...)
	NOT-FOR-US: HPE
CVE-2018-7072 (A remote bypass of security restrictions vulnerability was identified  ...)
	NOT-FOR-US: HPE
CVE-2018-7071 (HPE has identified a remote access to sensitive information vulnerabil ...)
	NOT-FOR-US: HPE
CVE-2018-7070 (HPE has identified a remote disclosure of information vulnerability in ...)
	NOT-FOR-US: HPE
CVE-2018-7069 (HPE has identified a remote unauthenticated access to files vulnerabil ...)
	NOT-FOR-US: HPE
CVE-2018-7068 (HPE has identified a remote HOST header attack vulnerability in HPE Ce ...)
	NOT-FOR-US: HPE
CVE-2018-7067 (A Remote Authentication bypass in Aruba ClearPass Policy Manager leads ...)
	NOT-FOR-US: Aruba
CVE-2018-7066 (An unauthenticated remote command execution exists in Aruba ClearPass  ...)
	NOT-FOR-US: Aruba
CVE-2018-7065 (An authenticated SQL injection vulnerability in Aruba ClearPass Policy ...)
	NOT-FOR-US: Aruba
CVE-2018-7064 (A reflected cross-site scripting (XSS) vulnerability is present in an  ...)
	NOT-FOR-US: Aruba
CVE-2018-7063 (In Aruba ClearPass, disabled API admins can still perform read/write o ...)
	NOT-FOR-US: Aruba
CVE-2018-7062
	REJECTED
CVE-2018-7061
	REJECTED
CVE-2018-7060 (Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulne ...)
	NOT-FOR-US: Aruba ClearPass
CVE-2018-7059 (Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that hel ...)
	NOT-FOR-US: Aruba ClearPass
CVE-2018-7058 (Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by  ...)
	NOT-FOR-US: Aruba ClearPass
CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName  ...)
	NOT-FOR-US: RoomWizard
CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potentially  ...)
	NOT-FOR-US: RoomWizard
CVE-2018-7055 (GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the u ...)
	NOT-FOR-US: RoomWizard
CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #890674)
	[jessie] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
	[wheezy] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Some netsplit related changes as introduced in 1.0.0 were reverted:
	NOTE: https://github.com/irssi/irssi/commit/7605f67f95b6ee1ac26dd8fb7f3121f319497943
	NOTE: https://github.com/irssi/irssi/commit/fa8508404f4c4a02749cae5148662e2322c2abf0
	NOTE: https://github.com/irssi/irssi/commit/a4f99ae746efb121185fe76c392a64d743a9eb92
	NOTE: But the CVE is specifically for the use-after-free issue.
CVE-2018-7053 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #890674)
	[jessie] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
	[wheezy] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c
CVE-2018-7052 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1 DLA-1289-1}
	- irssi 1.0.7-1 (bug #890676)
	[jessie] - irssi <ignored> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/5b5bfef03596d95079c728f65f523570dd7b03aa
CVE-2018-7051 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1 DLA-1318-1}
	- irssi 1.0.7-1 (bug #890677)
	[jessie] - irssi <ignored> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af
CVE-2018-7050 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1.  ...)
	{DSA-4162-1 DLA-1289-1}
	- irssi 1.0.7-1 (bug #890678)
	[jessie] - irssi <ignored> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/e91da9e4098e449dc36eaa15354aff67650e7703
CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There  ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-7048 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There  ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-7047 (An issue was discovered in the MBeans Server in Wowza Streaming Engine ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-7046 (** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 thr ...)
	NOT-FOR-US: Kentico
CVE-2018-7045
	RESERVED
CVE-2018-7044
	RESERVED
CVE-2018-7043
	RESERVED
CVE-2018-7042
	RESERVED
CVE-2018-7041
	RESERVED
CVE-2018-7040
	RESERVED
CVE-2018-7039 (CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-7038
	RESERVED
CVE-2018-7037
	RESERVED
CVE-2018-7036
	RESERVED
CVE-2018-7035 (Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 mi ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B0 ...)
	NOT-FOR-US: TRENDnet devices
CVE-2018-7033 (SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL In ...)
	{DSA-4254-1 DLA-1437-1 DLA-1367-1}
	- slurm-llnl 17.11.5-1 (bug #893044)
	NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4792 (not yet public)
	NOTE: https://github.com/SchedMD/slurm/commit/db468895240ad6817628d07054fe54e71273b2fe
	NOTE: https://github.com/SchedMD/slurm/commit/2f5e924bf6e018dbcef24bcda9683d6b3662f6d4
CVE-2018-7031
	REJECTED
CVE-2018-7030
	REJECTED
CVE-2018-7029
	REJECTED
CVE-2018-7028
	REJECTED
CVE-2018-7027
	REJECTED
CVE-2018-7026
	REJECTED
CVE-2018-7025
	REJECTED
CVE-2018-7024
	REJECTED
CVE-2018-7023
	REJECTED
CVE-2018-7022
	REJECTED
CVE-2018-7021
	REJECTED
CVE-2018-7020
	REJECTED
CVE-2018-7019
	REJECTED
CVE-2018-7018
	REJECTED
CVE-2018-7017
	REJECTED
CVE-2018-7016
	REJECTED
CVE-2018-7015
	REJECTED
CVE-2018-7014
	REJECTED
CVE-2018-7013
	REJECTED
CVE-2018-7012
	REJECTED
CVE-2018-7011
	REJECTED
CVE-2018-7010
	REJECTED
CVE-2018-7009
	REJECTED
CVE-2018-7008
	REJECTED
CVE-2018-7007
	REJECTED
CVE-2018-7006
	REJECTED
CVE-2018-7005
	REJECTED
CVE-2018-7004
	REJECTED
CVE-2018-7003
	REJECTED
CVE-2018-7002
	REJECTED
CVE-2018-7001
	REJECTED
CVE-2018-7000
	REJECTED
CVE-2018-6999
	REJECTED
CVE-2018-6998
	REJECTED
CVE-2018-6997
	REJECTED
CVE-2018-6996
	REJECTED
CVE-2018-6995
	REJECTED
CVE-2018-6994
	REJECTED
CVE-2018-6993
	REJECTED
CVE-2018-6992
	REJECTED
CVE-2018-6991
	REJECTED
CVE-2018-6990
	REJECTED
CVE-2018-6989
	REJECTED
CVE-2018-6988
	REJECTED
CVE-2018-6987
	REJECTED
CVE-2018-6986
	REJECTED
CVE-2018-6985
	REJECTED
CVE-2018-6984
	RESERVED
CVE-2018-6983 (VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fus ...)
	NOT-FOR-US: VMware
CVE-2018-6982 (VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 witho ...)
	NOT-FOR-US: VMware
	NOTE: https://seclists.org/bugtraq/2018/Nov/12
CVE-2018-6981 (VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 witho ...)
	NOT-FOR-US: VMware
	NOTE: https://seclists.org/bugtraq/2018/Nov/12
CVE-2018-6980 (VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2 ...)
	NOT-FOR-US: VMware
CVE-2018-6979 (The VMware Workspace ONE Unified Endpoint Management Console (A/W Cons ...)
	NOT-FOR-US: VMware
CVE-2018-6978 (vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.112 ...)
	NOT-FOR-US: VMware
CVE-2018-6977 (VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (1 ...)
	NOT-FOR-US: VMware
CVE-2018-6976 (The VMware Content Locker for iOS prior to 4.14 contains a data protec ...)
	NOT-FOR-US: VMware
CVE-2018-6975 (The AirWatch Agent for iOS prior to 5.8.1 contains a data protection v ...)
	NOT-FOR-US: AirWatch Agent for iOS
CVE-2018-6974 (VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-20180 ...)
	NOT-FOR-US: VMware
CVE-2018-6973 (VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3 ...)
	NOT-FOR-US: VMware
CVE-2018-6972 (VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-20180 ...)
	NOT-FOR-US: VMware
CVE-2018-6971 (VMware Horizon View Agents (7.x.x before 7.5.1) contain a local inform ...)
	NOT-FOR-US: VMware
CVE-2018-6970 (VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), ...)
	NOT-FOR-US: VMware
CVE-2018-6969 (VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds  ...)
	NOT-FOR-US: VMware
CVE-2018-6968 (The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent  ...)
	NOT-FOR-US: VMware AirWatch Agent
CVE-2018-6967 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x befor ...)
	NOT-FOR-US: VMware
CVE-2018-6966 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x befor ...)
	NOT-FOR-US: VMware
CVE-2018-6965 (VMware ESXi (6.7 before ESXi670-201806401-BG), Workstation (14.x befor ...)
	NOT-FOR-US: VMware
CVE-2018-6964 (VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains  ...)
	NOT-FOR-US: VMware
CVE-2018-6963 (VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2 ...)
	NOT-FOR-US: VMware
CVE-2018-6962 (VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnera ...)
	NOT-FOR-US: VMware
CVE-2018-6961 (VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a  ...)
	NOT-FOR-US: VMware NSX SD-WAN Edge by VeloCloud
CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken authenticatio ...)
	NOT-FOR-US: VMware Horizon DaaS
CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a vulnerabili ...)
	NOT-FOR-US: VMware vRealize Automation
CVE-2018-6958 (VMware vRealize Automation (vRA) prior to 7.3.1 contains a vulnerabili ...)
	NOT-FOR-US: VMware vRealize Automation
CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before  ...)
	NOT-FOR-US: VMware
CVE-2018-7032 (webcheckout in myrepos through 1.20171231 does not sanitize URLs that  ...)
	- myrepos 1.20180726 (bug #840014)
	[stretch] - myrepos <no-dsa> (Minor issue)
	[jessie] - myrepos <no-dsa> (Minor issue)
	- mr 1.16
	[wheezy] - mr <no-dsa> (Minor issue)
	NOTE: 1.16 was made a source-based transitional package to myrepos not containg
	NOTE: in particular webcheckout anymore.
	NOTE: http://source.myrepos.branchable.com/?p=source.git;a=commitdiff;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8
CVE-2018-6956
	RESERVED
CVE-2018-6955
	RESERVED
CVE-2018-6954 (systemd-tmpfiles in systemd through 237 mishandles symlinks present in ...)
	- systemd 238-1 (low; bug #890779)
	[stretch] - systemd <ignored> (Minor issue, too intrusive to backport)
	[jessie] - systemd <postponed> (Minor issue, revisit if/when fixed upstream)
	[wheezy] - systemd <not-affected> (/etc/tmpfiles.d not supported in Wheezy)
	NOTE: https://github.com/systemd/systemd/issues/7986
	NOTE: https://github.com/systemd/systemd/pull/8822
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/22/1
CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain  ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in GNU patc ...)
	- patch <unfixed> (unimportant)
	NOTE: https://savannah.gnu.org/bugs/index.php?53133
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
	NOTE: When fixing this issue make sure to not apply only the incomplete fix,
	NOTE: and opening CVE-2019-20633, cf. https://savannah.gnu.org/bugs/index.php?56683
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6951 (An issue was discovered in GNU patch through 2.7.6. There is a segment ...)
	- patch <unfixed> (unimportant)
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a
	NOTE: https://savannah.gnu.org/bugs/index.php?53132
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6950
	RESERVED
CVE-2018-6949
	RESERVED
CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a bu ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-6947 (An uninitialised stack variable in the nxfuse component that is part o ...)
	NOT-FOR-US: DokanFS
CVE-2018-6946
	RESERVED
CVE-2018-6945
	RESERVED
CVE-2018-6944 (core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 fo ...)
	NOT-FOR-US: UltimateMember plugin for WordPress
CVE-2018-6943 (core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 f ...)
	NOT-FOR-US: UltimateMember plugin for WordPress
CVE-2018-6942 (An issue was discovered in FreeType 2 through 2.9. A NULL pointer dere ...)
	- freetype 2.9.1-3 (bug #890450)
	[stretch] - freetype <not-affected> (Vulnerable code introduced later)
	[jessie] - freetype <not-affected> (Vulnerable code introduced later)
	[wheezy] - freetype <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
	NOTE: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
CVE-2018-6941 (A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 B ...)
	NOT-FOR-US: NAT32 devices
CVE-2018-6940 (A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Bu ...)
	NOT-FOR-US: NAT32 devices
CVE-2018-6939
	RESERVED
CVE-2018-6938
	RESERVED
CVE-2018-6937
	RESERVED
CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via t ...)
	NOT-FOR-US: D-Link
CVE-2018-6935 (PHP Scripts Mall Student Profile Management System Script v2.0.6 has X ...)
	NOT-FOR-US: PHP Scripts Mall Student Profile Management System Script
CVE-2018-6934 (CSRF exists in student/personal-info in PHP Scripts Mall Online Tutori ...)
	NOT-FOR-US: PHP Scripts Mall Online Tutoring Script
CVE-2018-6933
	RESERVED
CVE-2018-6932
	RESERVED
CVE-2018-6931
	RESERVED
CVE-2018-6930 (A stack-based buffer over-read in the ComputeResizeImage function in t ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/967
CVE-2018-6929
	RESERVED
CVE-2018-6928 (PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a sea ...)
	NOT-FOR-US: PHP Scripts Mall News Website Script
CVE-2018-1000066
	REJECTED
CVE-2018-1000065
	REJECTED
CVE-2018-1000064
	REJECTED
CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel befor ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server setti ...)
	NOT-FOR-US: MISP
CVE-2018-6925 (In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE- ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:11.listen.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6924 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4 ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.freebsd.org/advisories/FreeBSD-SA-18:12.elf.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6923 (In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip f ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6922 (One of the data structures that holds TCP segments in all versions of  ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.kb.cert.org/vuls/id/962459
	NOTE: kfreebsd not covered by security support
CVE-2018-6921 (In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to in ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6920 (In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE( ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6919 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6918 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6917 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-18:04.vt.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELE ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/patches/SA-18:01/ipsec-10.patch
	NOTE: kfreebsd not covered by security support
CVE-2018-6915
	RESERVED
CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in the tm ...)
	{DSA-4259-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
	NOTE: https://hackerone.com/reports/302298
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/10b96900b90914b0cc1dba36f9736c038db2859d
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/e9ddf2ba41a0bffe1047e33576affd48808c5d0b (2.2.10)
CVE-2018-1000063
	REJECTED
CVE-2018-6913 (Heap-based buffer overflow in the pack function in Perl before 5.26.2  ...)
	{DSA-4172-1 DLA-1345-1}
	- perl 5.26.1-6
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131844
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/0fcf83230df5f8c52602ae22fde57c7ea885534d
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/a9d5c6e11891b48be06d4e06eeed18642bc98527
CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...)
	- ffmpeg 7:4.0.1-2 (low)
	[stretch] - ffmpeg <not-affected> (Code in 3.2 is different/not affected)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3 ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-6910 (DedeCMS 5.7 allows remote attackers to discover the full path via a di ...)
	NOT-FOR-US: DedeCMS
CVE-2018-6909 (A missing X-Frame-Options header in the Green Electronics RainMachine  ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6908 (An authentication bypass vulnerability exists in the Green Electronics ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6907 (A Cross Site Request Forgery (CSRF) vulnerability in the Green Electro ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6906 (A persistent Cross Site Scripting (XSS) vulnerability in the Green Ele ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBAL ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life>
CVE-2018-6904 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name fie ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2018-6903 (PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the cli ...)
	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
CVE-2018-6902 (PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name  ...)
	NOT-FOR-US: PHP Scripts Mall Image Sharing Script
CVE-2018-6901
	RESERVED
CVE-2018-6900 (PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name ...)
	NOT-FOR-US: PHP Scripts Mall Website Broker Script
CVE-2018-6899
	RESERVED
CVE-2018-6898
	RESERVED
CVE-2018-6897
	RESERVED
CVE-2018-6896
	RESERVED
CVE-2018-6895
	RESERVED
CVE-2018-6894
	RESERVED
CVE-2018-6893 (controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection:  ...)
	NOT-FOR-US: FineCms
CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthenticated r ...)
	NOT-FOR-US: CloudMe
CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a jQue ...)
	NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite
CVE-2018-6890 (Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the p ...)
	NOT-FOR-US: Wolf CMS
CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a Host head ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions page ( ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-6887
	RESERVED
CVE-2018-6886
	RESERVED
CVE-2018-6885 (An issue was discovered in MicroStrategy Web Services (the Microsoft O ...)
	NOT-FOR-US: MicroStrategy Web Services
CVE-2018-6884
	RESERVED
CVE-2018-6883 (Piwigo before 2.9.3 has SQL injection in admin/tags.php in the adminis ...)
	- piwigo <removed>
CVE-2018-6882 (Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttac ...)
	NOT-FOR-US: Zimbra
CVE-2018-1000062 (WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File ...)
	NOT-FOR-US: WonderCMS
CVE-2018-1000061
	REJECTED
CVE-2018-1000060 (Sensu, Inc. Sensu Core version Before 1.2.0 &amp; before commit 46ff10 ...)
	- sensu <itp> (bug #838484)
CVE-2018-1000059 (ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnera ...)
	NOT-FOR-US: ValidFormBuilder
CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to discover the full path via an ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-6879 (PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to e ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
CVE-2018-6877
	RESERVED
CVE-2018-6876 (The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used i ...)
	NOT-FOR-US: libfpx
CVE-2018-6875 (Format String vulnerability in KeepKey version 4.0.0 allows attackers  ...)
	NOT-FOR-US: KeepKey
CVE-2018-6874 (CSRF exists in the Auth0 authentication service through 14591 if the L ...)
	NOT-FOR-US: Auth0
CVE-2018-6873 (The Auth0 authentication service before 2017-10-15 allows privilege es ...)
	NOT-FOR-US: Auth0
CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descriptor (B ...)
	- binutils 2.30-4
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22788
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6
CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers  ...)
	{DSA-4111-2 DSA-4111-1}
	- libreoffice 1:6.0.1-1
	[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 v ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a c ...)
	{DLA-2258-1 DLA-1287-1}
	- zziplib 0.13.62-3.2 (bug #889089)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	NOTE: https://github.com/gdraheim/zziplib/issues/22
	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / Dea ...)
	NOT-FOR-US: PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script
CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Sc ...)
	NOT-FOR-US: PHP Scripts Mall Alibaba Clone Script
CVE-2018-6866 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Exa ...)
	NOT-FOR-US: PHP Scripts Mall Learning and Examination Management System Script
CVE-2018-6865
	RESERVED
CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion R ...)
	NOT-FOR-US: PHP Scripts Mall Multi religion Responsive Matrimonial
CVE-2018-6863 (SQL Injection exists in PHP Scripts Mall Select Your College Script 2. ...)
	NOT-FOR-US: PHP Scripts Mall Select Your College Script
CVE-2018-6862 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM Soft ...)
	NOT-FOR-US: PHP Scripts Mall Bitcoin MLM Software
CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Sc ...)
	NOT-FOR-US: PHP Scripts Mall Lawyer Search Script
CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts M ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert Management Scri ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone S ...)
	NOT-FOR-US: PHP Scripts Mall Facebook Clone Script
CVE-2018-6857 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6856 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6855 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6854 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6853 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6852 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6851 (Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00. ...)
	NOT-FOR-US: Sophos
CVE-2018-6850
	RESERVED
CVE-2018-6849 (In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site ...)
	NOT-FOR-US: DuckDuckGo
CVE-2018-6848
	RESERVED
CVE-2018-6847
	RESERVED
CVE-2018-6846 (Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via  ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-6845 (PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Multi Language Olx Clone Script
CVE-2018-6844 (MyBB 1.8.14 has XSS via the Title or Description field on the Edit For ...)
	NOT-FOR-US: MyBB
CVE-2018-6843 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in th ...)
	NOT-FOR-US: Kentico CMS
CVE-2018-6842 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a craf ...)
	NOT-FOR-US: Kentico CMS
CVE-2018-6841
	RESERVED
CVE-2018-6840
	RESERVED
CVE-2018-6839
	RESERVED
CVE-2018-6838
	RESERVED
CVE-2018-6837
	RESERVED
CVE-2018-6836 (The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshar ...)
	- wireshark <not-affected> (Vulnerable code introduced in v2.5.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397
	NOTE: Introduced by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=52823805b29a44a83eacd0e5b415b11227ec313b
	NOTE: Fixed by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28960d79cca262ac6b974f339697b299a1e28fef
CVE-2018-6835 (node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandl ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-6834 (static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via wind ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-6833
	RESERVED
CVE-2018-6832 (Stack-based buffer overflow in the getSWFlag function in Foscam Camera ...)
	NOT-FOR-US: Foscam Cameras
CVE-2018-6831 (The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 wit ...)
	NOT-FOR-US: Foscam Cameras
CVE-2018-6830 (Directory traversal vulnerability in Foscam Cameras C1 Lite V3, and C1 ...)
	NOT-FOR-US: Foscam Cameras
CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ...)
	- libgcrypt20 <unfixed> (unimportant)
	- libgcrypt11 <removed> (unimportant)
	- gnupg1 <unfixed> (unimportant)
	- gnupg <removed> (unimportant)
	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
	NOTE: GnuPG uses ElGamal in hybrid mode only.
	NOTE: This is not a vulnerability in libgcrypt, but in an application using
	NOTE: it in an insecure manner, see also
	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html
CVE-2018-6828
	RESERVED
CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates fr ...)
	NOT-FOR-US: VOBOT CLOCK
CVE-2018-6826 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Clearte ...)
	NOT-FOR-US: VOBOT CLOCK
CVE-2018-6825 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH  ...)
	NOT-FOR-US: VOBOT CLOCK
CVE-2018-6824 (Cozy version 2 has XSS allowing remote attackers to obtain administrat ...)
	NOT-FOR-US: Cozy
CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com ...)
	NOT-FOR-US: Mailbutler Shimo
CVE-2018-6822 (In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an unpro ...)
	NOT-FOR-US: PureVPN
CVE-2018-6821
	REJECTED
CVE-2018-6820
	REJECTED
CVE-2018-6819
	REJECTED
CVE-2018-6818
	REJECTED
CVE-2018-6817
	REJECTED
CVE-2018-6816
	RESERVED
CVE-2018-6815
	RESERVED
CVE-2018-6814
	RESERVED
CVE-2018-6813
	RESERVED
CVE-2018-6812
	RESERVED
CVE-2018-6811 (Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScale ...)
	NOT-FOR-US: Citrix
CVE-2018-6810 (Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, a ...)
	NOT-FOR-US: Citrix
CVE-2018-6809 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5,  ...)
	NOT-FOR-US: Citrix
CVE-2018-6808 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5,  ...)
	NOT-FOR-US: Citrix
CVE-2018-6807
	RESERVED
CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read arbitrary file ...)
	NOT-FOR-US: Marked 2
CVE-2018-6805
	RESERVED
CVE-2018-6804
	RESERVED
CVE-2018-6803
	RESERVED
CVE-2018-6802
	RESERVED
CVE-2018-6801
	RESERVED
CVE-2018-6800
	RESERVED
CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagi ...)
	{DSA-4321-1 DLA-1456-1 DLA-1282-1}
	- graphicsmagick 1.3.28-1
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/531/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/532/
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d30ed06e9b87
CVE-2018-6798 (An issue was discovered in Perl 5.22 through 5.26. Matching a crafted  ...)
	- perl 5.26.1-6
	[stretch] - perl 5.24.1-3+deb9u3
	[jessie] - perl <not-affected> (Issue introduced later)
	[wheezy] - perl <not-affected> (Issue introduced later)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132063
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/8e6f44c90c7fa1f63c19a44c45482b09a407e15b
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/8b80ce67ff257aaa36e47eaf4194d27a51595524
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920
CVE-2018-6797 (An issue was discovered in Perl 5.18 through 5.26. A crafted regular e ...)
	- perl 5.26.1-6
	[stretch] - perl 5.24.1-3+deb9u3
	[jessie] - perl <ignored> (Backport of fixes too intrusive and risky for regressions)
	[wheezy] - perl <ignored> (Backport of fixes too intrusive and risky for regressions)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132227
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/510cc261d965ccfa427900ebb368fc4d337442d2
CVE-2018-6796 (PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored X ...)
	NOT-FOR-US: PHP Scripts Mall Multilanguage Real Estate MLM Script
CVE-2018-6795 (PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every pr ...)
	NOT-FOR-US: PHP Scripts Mall Naukri Clone Script
CVE-2018-6794 (Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerabili ...)
	{DLA-1603-1}
	- suricata 1:4.0.4-1 (bug #889842)
	[stretch] - suricata <no-dsa> (Minor issue)
	[wheezy] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2427
	NOTE: https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1
CVE-2018-6793
	RESERVED
CVE-2018-6792 (Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow  ...)
	NOT-FOR-US: Saifor CVMS HUB
CVE-2018-6791 (An issue was discovered in soliduiserver/deviceserviceaction.cpp in KD ...)
	{DSA-4116-1}
	- plasma-workspace 4:5.12.0-2
	- kde-runtime <not-affected> (Performs correct escaping)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=389815
	NOTE: https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57 (Plasma/5.12)
	NOTE: https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212 (Plasma/5.8)
CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. dataeng ...)
	- plasma-workspace 4:5.12.0-2
	[stretch] - plasma-workspace <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://phabricator.kde.org/D10188
	NOTE: https://github.com/KDE/plasma-workspace/commit/5bc696b5abcdb460c1017592e80b2d7f6ed3107c
	NOTE: https://github.com/KDE/plasma-workspace/commit/8164beac15ea34ec0d1564f0557fe3e742bdd938
CVE-2018-6789 (An issue was discovered in the base64d function in the SMTP listener i ...)
	{DSA-4110-1 DLA-1274-1}
	- exim4 4.90.1-1 (bug #890000)
	NOTE: https://www.openwall.com/lists/oss-security/2018/02/07/2
	NOTE: https://exim.org/static/doc/security/CVE-2018-6789.txt
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2235
	NOTE: https://git.exim.org/exim.git/commit/062990cc1b2f9e5d82a413b53c8f0569075de700
CVE-2018-6788 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows lo ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6787 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows lo ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6786 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows lo ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6785 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6784 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6783 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6782 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6781 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6780 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6779 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6778 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6777 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows lo ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6776 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6775 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6774 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6773 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6772 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6771 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6770 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6769 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6768 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allow ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6766 (Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could al ...)
	NOT-FOR-US: Swisscom TVMediaHelper
CVE-2018-6765 (Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that ...)
	NOT-FOR-US: Swisscom MySwisscomAssistant
CVE-2018-6763
	RESERVED
CVE-2018-6762
	RESERVED
CVE-2018-6761
	RESERVED
CVE-2018-6760
	RESERVED
CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig function o ...)
	{DSA-4125-1}
	- wavpack 5.1.0-3 (bug #889276)
	[jessie] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
	NOTE: https://github.com/dbry/WavPack/issues/27
	NOTE: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
CVE-2018-6764 (util/virlog.c in libvirt does not properly determine the hostname on L ...)
	- libvirt 4.0.0-2 (bug #889839)
	[stretch] - libvirt 3.0.0-4+deb9u3
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later in 1.3.1)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later in 1.3.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1541444
	NOTE: introduced-by https://libvirt.org/git/?p=libvirt.git;a=commit;h=759b4d1b0fe5f4d84d98b99153dfa7ac289dd167
CVE-2018-6759 (The bfd_get_debug_link_info_1 function in opncls.c in the Binary File  ...)
	- binutils 2.30-3
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22794
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=64e234d417d5685a4aec0edc618114d9991c031b
CVE-2018-6757 (Privilege Escalation vulnerability in Microsoft Windows client in McAf ...)
	NOT-FOR-US: McAfee True Key
CVE-2018-6756 (Authentication Abuse vulnerability in Microsoft Windows client in McAf ...)
	NOT-FOR-US: McAfee True Key
CVE-2018-6755 (Weak Directory Permission Vulnerability in Microsoft Windows client in ...)
	NOT-FOR-US: McAfee True Key
CVE-2018-6754
	RESERVED
CVE-2018-6753
	RESERVED
CVE-2018-6752
	RESERVED
CVE-2018-6751
	RESERVED
CVE-2018-6750
	RESERVED
CVE-2018-6749
	RESERVED
CVE-2018-6748
	RESERVED
CVE-2018-6747
	RESERVED
CVE-2018-6746
	RESERVED
CVE-2018-6745
	RESERVED
CVE-2018-6744
	RESERVED
CVE-2018-6743
	RESERVED
CVE-2018-6742
	RESERVED
CVE-2018-6741
	RESERVED
CVE-2018-6740
	RESERVED
CVE-2018-6739
	RESERVED
CVE-2018-6738
	RESERVED
CVE-2018-6737
	RESERVED
CVE-2018-6736
	RESERVED
CVE-2018-6735
	RESERVED
CVE-2018-6734
	RESERVED
CVE-2018-6733
	RESERVED
CVE-2018-6732
	RESERVED
CVE-2018-6731
	RESERVED
CVE-2018-6730
	RESERVED
CVE-2018-6729
	RESERVED
CVE-2018-6728
	RESERVED
CVE-2018-6727
	RESERVED
CVE-2018-6726
	RESERVED
CVE-2018-6725
	RESERVED
CVE-2018-6724
	RESERVED
CVE-2018-6723
	RESERVED
CVE-2018-6722
	RESERVED
CVE-2018-6721
	RESERVED
CVE-2018-6720
	RESERVED
CVE-2018-6719
	RESERVED
CVE-2018-6718
	RESERVED
CVE-2018-6717
	RESERVED
CVE-2018-6716
	RESERVED
CVE-2018-6715
	RESERVED
CVE-2018-6714
	RESERVED
CVE-2018-6713
	RESERVED
CVE-2018-6712
	RESERVED
CVE-2018-6711
	RESERVED
CVE-2018-6710
	RESERVED
CVE-2018-6709
	RESERVED
CVE-2018-6708
	RESERVED
CVE-2018-6707 (Denial of Service through Resource Depletion vulnerability in the agen ...)
	NOT-FOR-US: McAfee
CVE-2018-6706 (Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 ...)
	NOT-FOR-US: McAfee
CVE-2018-6705 (Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0. ...)
	NOT-FOR-US: McAfee
CVE-2018-6704 (Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0. ...)
	NOT-FOR-US: McAfee
CVE-2018-6703 (Use After Free in Remote logging (which is disabled by default) in McA ...)
	NOT-FOR-US: McAfee
CVE-2018-6702
	RESERVED
CVE-2018-6701
	RESERVED
CVE-2018-6700 (DLL Search Order Hijacking vulnerability in Microsoft Windows Client i ...)
	NOT-FOR-US: McAfee
CVE-2018-6699
	RESERVED
CVE-2018-6698
	RESERVED
CVE-2018-6697
	RESERVED
CVE-2018-6696
	RESERVED
CVE-2018-6695 (SSH host keys generation vulnerability in the server in McAfee Threat  ...)
	NOT-FOR-US: McAfee
CVE-2018-6694
	RESERVED
CVE-2018-6693 (An unprivileged user can delete arbitrary files on a Linux system runn ...)
	NOT-FOR-US: McAfee
CVE-2018-6692 (Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin ...)
	NOT-FOR-US: Belkin Wemo Insight Smart Plug
CVE-2018-6691
	RESERVED
CVE-2018-6690 (Accessing, modifying, or executing executable files vulnerability in M ...)
	NOT-FOR-US: McAfee
CVE-2018-6689 (Authentication Bypass vulnerability in McAfee Data Loss Prevention End ...)
	NOT-FOR-US: McAfee
CVE-2018-6688
	RESERVED
CVE-2018-6687 (Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSu ...)
	NOT-FOR-US: McAfee
CVE-2018-6686 (Authentication Bypass vulnerability in TPM autoboot in McAfee Drive En ...)
	NOT-FOR-US: McAfee
CVE-2018-6685
	RESERVED
CVE-2018-6684
	RESERVED
CVE-2018-6683 (Exploiting Incorrectly Configured Access Control Security Levels vulne ...)
	NOT-FOR-US: McAfee
CVE-2018-6682 (Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earl ...)
	NOT-FOR-US: McAfee
CVE-2018-6681 (Abuse of Functionality vulnerability in the web interface in McAfee Ne ...)
	NOT-FOR-US: McAfee
CVE-2018-6680
	RESERVED
CVE-2018-6679
	RESERVED
CVE-2018-6678 (Configuration/Environment manipulation vulnerability in the administra ...)
	NOT-FOR-US: McAfee
CVE-2018-6677 (Directory Traversal vulnerability in the administrative user interface ...)
	NOT-FOR-US: McAfee
CVE-2018-6676
	RESERVED
CVE-2018-6675
	RESERVED
CVE-2018-6674 (Privilege Escalation vulnerability in Microsoft Windows client (McTray ...)
	NOT-FOR-US: McAfee
CVE-2018-6673
	RESERVED
CVE-2018-6672 (Information disclosure vulnerability in McAfee ePolicy Orchestrator (e ...)
	NOT-FOR-US: McAfee
CVE-2018-6671 (Application Protection Bypass vulnerability in McAfee ePolicy Orchestr ...)
	NOT-FOR-US: McAfee
CVE-2018-6670 (External Entity Attack vulnerability in the ePO extension in McAfee Co ...)
	NOT-FOR-US: McAfee
CVE-2018-6669 (A whitelist bypass vulnerability in McAfee Application Control / Chang ...)
	NOT-FOR-US: McAfee
CVE-2018-6668 (A whitelist bypass vulnerability in McAfee Application Control / Chang ...)
	NOT-FOR-US: McAfee
CVE-2018-6667 (Authentication Bypass vulnerability in the administrative user interfa ...)
	NOT-FOR-US: McAfee
CVE-2018-6666
	RESERVED
CVE-2018-6665
	RESERVED
CVE-2018-6664 (Application Protections Bypass vulnerability in Microsoft Windows in M ...)
	NOT-FOR-US: McAfee
CVE-2018-6663
	RESERVED
CVE-2018-6662 (Privilege Escalation vulnerability in McAfee Management of Native Encr ...)
	NOT-FOR-US: McAfee
CVE-2018-6661 (DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee T ...)
	NOT-FOR-US: McAfee
CVE-2018-6660 (Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...)
	NOT-FOR-US: McAfee
CVE-2018-6659 (Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchest ...)
	NOT-FOR-US: McAfee
CVE-2018-6658
	RESERVED
CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through  ...)
	{DLA-1275-1}
	- uwsgi 2.0.15-10.2 (bug #889753)
	[stretch] - uwsgi 2.0.14+20161117-3+deb9u1
	[jessie] - uwsgi 2.0.7-1+deb8u2
	NOTE: http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
	NOTE: https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
CVE-2018-6657
	RESERVED
CVE-2018-6656 (Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbi ...)
	NOT-FOR-US: PHP Scripts Mall Doctor Search Script
CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote att ...)
	NOT-FOR-US: Grammarly extension for Chrome
CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in  ...)
	NOT-FOR-US: comforte SWAP
CVE-2018-6652
	RESERVED
CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as ...)
	NOT-FOR-US: uncurl
CVE-2018-6650
	RESERVED
CVE-2018-6649
	RESERVED
CVE-2018-6648
	RESERVED
CVE-2018-6647
	RESERVED
CVE-2018-6646
	RESERVED
CVE-2018-6645
	RESERVED
CVE-2018-6644 (SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) ...)
	- sblim-sfcb <itp> (bug #754493)
CVE-2018-6643 (Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/ ...)
	NOT-FOR-US: Infoblox NetMRI
CVE-2018-6642
	RESERVED
CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered in Desi ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6640 (A Heap Overflow (Remote Code Execution) issue was discovered in Design ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6639 (An out-of-bounds write (Remote Code Execution) issue was discovered in ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6638 (A stack-based buffer overflow (Remote Code Execution) issue was discov ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6637
	RESERVED
CVE-2018-6636
	RESERVED
CVE-2018-6635 (System Manager in Avaya Aura before 7.1.2 does not properly use SSL in ...)
	NOT-FOR-US: System Manager in Avaya Aura
CVE-2018-6634 (A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 ...)
	NOT-FOR-US: Parsec
CVE-2018-6633 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6632 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6631 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6630 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6629 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6628 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6627 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS ...)
	NOT-FOR-US: WatchDog Anti-Malware
CVE-2018-6626 (In Micropoint proactive defense software 2.0.20266.0146, the driver fi ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS ...)
	NOT-FOR-US: WatchDog Anti-Malware
CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass auth ...)
	NOT-FOR-US: OMRON NS devices
CVE-2018-6623 (An issue was discovered in Hola 1.79.859. An unprivileged user could m ...)
	NOT-FOR-US: Hola
CVE-2018-1000058 (Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbi ...)
	NOT-FOR-US: jenkins-plugin-workflow-support
CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it ...)
	NOT-FOR-US: jenkins-plugin-credentials-binding
CVE-2018-1000056 (Jenkins JUnit Plugin 1.23 and earlier processes XML external entities  ...)
	NOT-FOR-US: jenkins-plugin-junit
CVE-2018-1000055 (Jenkins Android Lint Plugin 2.5 and earlier processes XML external ent ...)
	NOT-FOR-US: Jenkins Android Lint Plugin
CVE-2018-1000054 (Jenkins CCM Plugin 3.1 and earlier processes XML external entities in  ...)
	NOT-FOR-US: Jenkins CCM Plugin
CVE-2018-1000053 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request For ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-1000052 (fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890a ...)
	- fmtlib 5.2.1+ds-1 (unimportant; bug #890033)
	NOTE: https://github.com/fmtlib/fmt/issues/642
	NOTE: https://github.com/fmtlib/fmt/commit/8cf30aa2be256eba07bb1cefb998c52326e846e7
	NOTE: This looks bogus, how would that come from untrusted input
CVE-2018-1000051 (Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability i ...)
	{DSA-4152-1}
	- mupdf 1.12.0+ds1-1 (bug #891245)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present, introduced in version 1.3)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698825
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698873
	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384
CVE-2018-1000050 (Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Ove ...)
	- libstb <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/nothings/stb/commit/dfff6f5e7cd412876fe6282f157c1928b99d1de9
	NOTE: Potentially affects liblivemedia, retroarch, godot, yquake2, pax-britannica, libxmp, faudio
CVE-2018-1000049 (Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote ...)
	NOT-FOR-US: nanopool Claymore Dual Miner
CVE-2018-1000048 (NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerabilit ...)
	NOT-FOR-US: NASA RtRetrievalFramework
CVE-2018-1000047 (NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak li ...)
	NOT-FOR-US: NASA Kodiak
CVE-2018-1000046 (NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in R ...)
	NOT-FOR-US: NASA Pyblock
CVE-2018-1000045 (NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA S ...)
	NOT-FOR-US: NASA Singledop
CVE-2018-1000044 (Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a ...)
	NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000043 (Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a ...)
	NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000042 (Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a ...)
	NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000041 (GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd52 ...)
	{DLA-1278-1}
	- librsvg <not-affected> (Specific to Windows)
	NOTE: Merge of changes: https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea
	NOTE: https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0
CVE-2018-6622 (An issue was discovered that affects all producers of BIOS firmware wh ...)
	NOT-FOR-US: Generic TPM issue
CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...)
	{DSA-4249-1 DLA-1630-1}
	- ffmpeg 7:3.4.2-1 (low)
	- libav <removed>
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
	NOTE: Fixed in 3.2.11
CVE-2018-6620
	REJECTED
CVE-2018-6619 (Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attac ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6618 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtai ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6617 (Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6616 (In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_c ...)
	{DSA-4405-1 DLA-1614-1}
	- openjpeg2 2.3.0-2 (bug #889683)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1059
	NOTE: https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
CVE-2018-6615
	RESERVED
CVE-2018-6614
	RESERVED
CVE-2018-6613
	RESERVED
CVE-2018-6612 (An integer underflow bug in the process_EXIF function of the exif.c fi ...)
	- jhead 1:3.00-6 (unimportant; bug #889272)
	NOTE: https://anonscm.debian.org/git/collab-maint/jhead.git/diff/debian/patches/0008-heap-buffer-overflow.patch?id=01f09ab772d0d341cdc1326490dd2aa5aa2a7784
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6611 (soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt be ...)
	- libopenmpt 0.3.6-1 (bug #889545)
	[stretch] - libopenmpt <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/OpenMPT/openmpt/commit/61fc6d3030a4d4283105cb5fb46b27b42fa5575e
CVE-2018-6610 (Information Leakage exists in the jLike 1.0 component for Joomla! via  ...)
	NOT-FOR-US: jLike component for Joomla!
CVE-2018-6609 (SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via  ...)
	NOT-FOR-US: JSP Tickets component for Joomla!
CVE-2018-6608 (In the WebRTC component in Opera 51.0.2830.55, after visiting a web si ...)
	NOT-FOR-US: WebRTC component in Opera
CVE-2018-6607
	RESERVED
CVE-2018-6606 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
	NOT-FOR-US: MalwareFox AntiMalware
CVE-2018-6605 (SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla!  ...)
	NOT-FOR-US: Zh BaiduMap component for Joomla!
CVE-2018-6604 (SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! ...)
	NOT-FOR-US: Zh YandexMap component for Joomla!
CVE-2018-6603 (Promise Technology WebPam Pro-E devices allow remote attackers to cond ...)
	NOT-FOR-US: Promise Technology WebPam Pro-E devices
CVE-2018-6602
	RESERVED
CVE-2018-6601
	RESERVED
CVE-2018-6600
	RESERVED
CVE-2018-6599 (An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G4 ...)
	NOT-FOR-US: Orbic
CVE-2018-6598 (An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G4 ...)
	NOT-FOR-US: Orbic
CVE-2018-6597 (The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US ...)
	NOT-FOR-US: Alcatel A30 device
CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone ...)
	{DSA-4107-1}
	- django-anymail 1.3-1 (bug #889450)
	NOTE: https://github.com/anymail/django-anymail/commit/db586ede1fbb41dce21310ea28ae15a1cf1286c5 (v1.3)
	NOTE: https://github.com/anymail/django-anymail/commit/c07998304b4a31df4c61deddcb03d3607a04691b (v1.2.x-branch)
CVE-2018-6595
	RESERVED
CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates we ...)
	- pycryptodome 3.4.11-1 (bug #889998)
	- python-crypto 2.6.1-9 (bug #889999)
	[stretch] - python-crypto <no-dsa> (Minor issue)
	[jessie] - python-crypto <no-dsa> (Minor issue)
	[wheezy] - python-crypto <no-dsa> (Minor issue)
	NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253
	NOTE: The issue is found as well in pycryptodome (fork from python-crypto)
	NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90
	NOTE: PyCrytpodome: https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8 (3.4.10)
	NOTE: See further discussion as per https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537
	NOTE: Upstream feels that this is not a vulnerability in pycryptodome/python-crypto,
	NOTE: but in an application using it in an insecure manner.
CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
	NOT-FOR-US: MalwareFox AntiMalware
CVE-2018-6592 (Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local user ...)
	NOT-FOR-US: Unisys Stealth Windows endpoints
CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers to obtai ...)
	NOT-FOR-US: Converse.js
CVE-2018-6590 (CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an un ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-6589 (CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to 10 ...)
	NOT-FOR-US: CA Spectrum
CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflecte ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflecte ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored c ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-1000040 (In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs  ...)
	{DSA-4334-1}
	- mupdf 1.13.0+ds1-1
	[jessie] - mupdf <not-affected> (vulnerable code not present)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5596
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5600
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5603
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5609
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5610
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=83d4dae44c71816c084a635550acc1a51529b881;hp=f597300439e62f5e921f0d7b1e880b5c1a1f1607
CVE-2018-1000039 (In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the  ...)
	- mupdf 1.13.0+ds1-1
	[stretch] - mupdf <not-affected> (vulnerable code not present)
	[jessie] - mupdf <not-affected> (vulnerable code not present)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5492
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5513
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5521
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5604
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=4dcc6affe04368461310a21238f7e1871a752a05;hp=8ec561d1bccc46e9db40a9f61310cd8b3763914e
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
CVE-2018-1000038 (In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_l ...)
	- mupdf 1.13.0+ds1-1
	[stretch] - mupdf <not-affected> (vulnerable code not present)
	[jessie] - mupdf <not-affected> (vulnerable code not present)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5494
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f597300439e62f5e921f0d7b1e880b5c1a1f1607;hp=093fc3b098dc5fadef5d8ad4b225db9fb124758b
CVE-2018-1000037 (In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF  ...)
	{DSA-4334-1}
	- mupdf 1.13.0+ds1-1
	[jessie] - mupdf <not-affected> (vulnerable code not present)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5490
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5501
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5503
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5511
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5564
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=71ceebcf56e682504da22c4035b39a2d451e8ffd;hp=7f82c01523505052615492f8e220f4348ba46995
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=8a3257b01faa899dd9b5e35c6bb3403cd709c371;hp=de39f005f12a1afc6973c1f5cec362d6545f70cb
	NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=b2e7d38e845c7d4922d05e6e41f3a2dc1bc1b14a;hp=f51836b9732c38d945b87fda0770009a77ba680c
CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser a ...)
	- mupdf 1.14.0+ds1-1 (unimportant; bug #900129)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5502
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699695
	NOTE: https://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2
	NOTE: negligible security impact, memory leak in CLI tool
CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version &lt;= 6. ...)
	{DLA-2082-1}
	- unzip 6.0-22 (bug #889838)
	[stretch] - unzip 6.0-21+deb9u1
	[wheezy] - unzip <no-dsa> (Harmless crash, builds with fortified source)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
	NOTE: Patch used in openSUSE:Factory/unzip: https://bugzilla.suse.com/attachment.cgi?id=759406
CVE-2018-1000034 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that al ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000033 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that al ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000032 (A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22  ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000031 (A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22  ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-6585 (SQL Injection exists in the JTicketing 2.0.16 component for Joomla! vi ...)
	NOT-FOR-US: JTicketing component for Joomla!
CVE-2018-6584 (SQL Injection exists in the DT Register 3.2.7 component for Joomla! vi ...)
	NOT-FOR-US: DT Register component for Joomla!
CVE-2018-6583 (SQL Injection exists in the Timetable Responsive Schedule 1.5 componen ...)
	NOT-FOR-US: Timetable Responsive Schedule component for Joomla!
CVE-2018-6582 (SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! ...)
	NOT-FOR-US: Zh GoogleMap component for Joomla!
CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via  ...)
	NOT-FOR-US: JMS Music component for Joomla!
CVE-2018-6580 (Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component  ...)
	NOT-FOR-US: Jimtawl component for Joomla!
CVE-2018-6579 (SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for  ...)
	NOT-FOR-US: JEXTN Reverse Auction component for Joomla!
CVE-2018-6578 (SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! ...)
	NOT-FOR-US: JE PayperVideo component for Joomla!
CVE-2018-6577 (SQL Injection exists in the JEXTN Membership 3.1.0 component for Jooml ...)
	NOT-FOR-US: JEXTN Membership component for Joomla!
CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id paramet ...)
	NOT-FOR-US: Event Manager
CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component for Jooml ...)
	NOT-FOR-US: JEXTN Membership component for Joomla!
CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases befor ...)
	{DSA-4380-1}
	- golang-1.10 1.10~rc2-1
	- golang-1.9 1.9.4-1
	- golang-1.8 <removed>
	- golang-1.7 <removed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	[wheezy] - golang <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/23672
	NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6
	NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
CVE-2018-6573
	RESERVED
CVE-2018-6572
	RESERVED
CVE-2018-6571
	RESERVED
CVE-2018-6570
	RESERVED
CVE-2018-6569 (West Wind Web Server 6.x does not require authentication for /ADMIN.AS ...)
	NOT-FOR-US: West Wind Web Server
CVE-2018-6568
	RESERVED
CVE-2018-6567
	RESERVED
CVE-2018-6566
	RESERVED
CVE-2018-6565
	RESERVED
CVE-2018-6564
	RESERVED
CVE-2018-6563 (Multiple cross-site request forgery (CSRF) vulnerabilities in totemoma ...)
	NOT-FOR-US: totemomail Encryption Gateway
CVE-2018-6562 (totemomail Encryption Gateway before 6.0_b567 allows remote attackers  ...)
	NOT-FOR-US: totemomail Encryption Gateway
CVE-2018-6561 (dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute  ...)
	- dojo 1.13.0+dfsg1-1 (bug #898944)
	[jessie] - dojo <ignored> (Minor issue)
	[wheezy] - dojo <no-dsa> (Minor issue)
	NOTE: https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
CVE-2018-6560 (In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0 ...)
	- flatpak 0.10.3-1 (bug #888842)
	[stretch] - flatpak 0.8.9-0+deb9u1
	NOTE: https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6
CVE-2018-6559 (The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows ...)
	- linux <not-affected> (Ubuntu-specific issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793458
CVE-2018-6558 (The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore ...)
	- fscrypt 0.2.4-1 (bug #907074)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/fscrypt/+bug/1787548
	NOTE: https://github.com/google/fscrypt/issues/77
	NOTE: https://github.com/google/fscrypt/pull/103
CVE-2018-6557 (The MOTD update script in the base-files package in Ubuntu 18.04 LTS b ...)
	- base-files <not-affected> (Ubuntu specific motd update code; vulnerable code not present)
CVE-2018-6556 (lxc-user-nic when asked to delete a network interface will uncondition ...)
	- lxc 1:2.0.9-6.1 (bug #905586)
	[stretch] - lxc <not-affected> (Vulnerable code introduced later)
	[jessie] - lxc <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591
	NOTE: Prerequisite: https://github.com/lxc/lxc/commit/f96f5f3c1341e73ee51c8b49bef4ba571c562d8c
	NOTE: Fixed by: https://github.com/lxc/lxc/commit/5eb45428b312e978fb9e294dde16efb14dd9fa4d
CVE-2018-6555 (The irda_setsockopt function in net/irda/af_irda.c and later in driver ...)
	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.3-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6554 (Memory leak in the irda_bind function in net/irda/af_irda.c and later  ...)
	{DSA-4308-1 DLA-1715-1 DLA-1531-1 DLA-1529-1}
	- linux 4.17.3-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/09/04/2
CVE-2018-6553 (The CUPS AppArmor profile incorrectly confined the dnssd backend due t ...)
	{DSA-4243-1 DLA-1426-1}
	- cups 2.2.8-5 (bug #903605)
CVE-2018-6552 (Apport does not properly handle crashes originating from a PID namespa ...)
	NOT-FOR-US: Apport
CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc6), f ...)
	[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
	- glibc 2.27-1
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <not-affected> (Issue introduced in 2.24, 2.26 only for i386)
	- eglibc <not-affected> (Issue introduced in 2.24 for powerpc, 2.26 only for i386)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22774
	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in plugins/box ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-6549
	RESERVED
CVE-2018-6548 (A use-after-free issue was discovered in libwebm through 2018-02-02. I ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: Chromium is built with support for VP9 disabled in Debian
	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493
	NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md
CVE-2018-6547 (plays_service.exe in the plays.tv service before 1.27.7.0, as distribu ...)
	NOT-FOR-US: plays_service.exe in the plays.tv service
CVE-2018-6546 (plays_service.exe in the plays.tv service before 1.27.7.0, as distribu ...)
	NOT-FOR-US: plays_service.exe in the plays.tv service
CVE-2018-6545 (Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (X ...)
	NOT-FOR-US: Ipswitch MoveIt
CVE-2018-6544 (pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could refer ...)
	{DSA-4152-1}
	- mupdf 1.12.0+ds1-1 (bug #891245)
	[wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
	NOTE: https://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
	NOTE: above patch is not needed in Jessie, as there is no fz_try() used in this version
	NOTE: https://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698830
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698965
	NOTE: https://lists.debian.org/debian-lts/2018/03/msg00043.html
CVE-2018-6543 (In GNU Binutils 2.30, there's an integer overflow in the function load ...)
	- binutils 2.30-3
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22769
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2023ce7e8d70b0155cc6206c901e185260918f0
CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trail ...)
	- zziplib <unfixed> (unimportant)
	NOTE: https://github.com/gdraheim/zziplib/issues/17
	NOTE: https://github.com/gdraheim/zziplib/commit/931f962ddfec0e00d6f486df2c56d9857b55944e (v0.13.68)
	NOTE: Negligible impact and unzzipcat utility not installed into binary packages
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (bug #889089)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/16
	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a misali ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (bug #923659)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/15
	NOTE: https://github.com/gdraheim/zziplib/commit/72ec933663f738d8e166979aa7fd5590b2104a07 (v0.13.68)
CVE-2018-6539
	RESERVED
CVE-2018-6538
	REJECTED
CVE-2018-6537 (A buffer overflow vulnerability in the control protocol of Flexense Sy ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2018-6536 (An issue was discovered in Icinga 2.x through 2.8.1. The daemon create ...)
	- icinga2 2.8.4-1
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/issues/5991
CVE-2018-6535 (An issue was discovered in Icinga 2.x through 2.8.1. The lack of a con ...)
	- icinga2 2.8.4-1 (low; bug #897301)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/issues/4920
	NOTE: https://github.com/Icinga/icinga2/pull/5715
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6534 (An issue was discovered in Icinga 2.x through 2.8.1. By sending specia ...)
	- icinga2 2.8.4-1 (low; bug #897301)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/pull/6104
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6533 (An issue was discovered in Icinga 2.x through 2.8.1. By editing the in ...)
	- icinga2 2.8.4-1 (low; bug #897301)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/pull/5850
	NOTE: CVE is related to CVE-2017-16933 but for "the issue in using
	NOTE: init.conf to support run-time reconfiguration of an account is
	NOTE: design flaw". CVE-2018-6533 larger issue than CVE-2017-16933.
CVE-2018-6532 (An issue was discovered in Icinga 2.x through 2.8.1. By sending specia ...)
	- icinga2 2.8.4-1 (low)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/pull/6103
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6531
	RESERVED
CVE-2018-6530 (OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin ...)
	NOT-FOR-US: D-Link
CVE-2018-6529 (XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR- ...)
	NOT-FOR-US: D-Link
CVE-2018-6528 (XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR ...)
	NOT-FOR-US: D-Link
CVE-2018-6527 (XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Lin ...)
	NOT-FOR-US: D-Link
CVE-2018-6526 (view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://mantisbt.org/bugs/view.php?id=23921
CVE-2018-6525 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) all ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6524 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) all ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6523 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) all ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6522 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) a ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL  ...)
	{DSA-4127-1 DLA-1273-1}
	- simplesamlphp 1.15.2-1
	NOTE: https://simplesamlphp.org/security/201801-03
CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open  ...)
	- simplesamlphp 1.15.2-1
	[stretch] - simplesamlphp <no-dsa> (Minor issue)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	[wheezy] - simplesamlphp <not-affected> (Vulnerable code introduced in 1.12)
	NOTE: https://simplesamlphp.org/security/201801-02
CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1. ...)
	{DSA-4127-1}
	- simplesamlphp 1.15.2-1
	[wheezy] - simplesamlphp <not-affected> (Vulnerable code not present)
	NOTE: minor issue
	NOTE: https://simplesamlphp.org/security/201801-01
	NOTE: The issue lies in the simplesamlphp/saml2 part, which is
	NOTE: updated in 1.15.2 to the respective fixed version.
	NOTE: https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d
CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the site_name parameter in a page=admi ...)
	NOT-FOR-US: Composr CMS
CVE-2018-6517 (Prior to version 0.3.0, chloride's use of net-ssh resulted in host fin ...)
	NOT-FOR-US: chloride
CVE-2018-6516 (On Windows only, with a specifically crafted configuration file an att ...)
	- puppet <not-affected> (Specific issue Windows only)
CVE-2018-6515 (Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3. ...)
	- puppet <not-affected> (Specific issue Windows only)
	NOTE: https://puppet.com/security/cve/CVE-2018-6515
CVE-2018-6514 (In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5 ...)
	- facter <not-affected> (Specific to Facter on Windows)
	NOTE: https://puppet.com/security/cve/CVE-2018-6514
CVE-2018-6513 (Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017. ...)
	- puppet <not-affected> (Windows-specific)
	NOTE: https://puppet.com/security/cve/CVE-2018-6513
CVE-2018-6512 (The previous version of Puppet Enterprise 2018.1 is vulnerable to unsa ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
	NOTE: https://puppet.com/security/cve/CVE-2018-6512
CVE-2018-6511 (A cross-site scripting vulnerability in Puppet Enterprise Console of P ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2018-6510 (A cross-site scripting vulnerability in Puppet Enterprise Console of P ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2018-6509
	RESERVED
CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remot ...)
	- puppet-module-puppetlabs-apt <unfixed> (unimportant)
	- puppet-module-puppetlabs-apache <unfixed> (unimportant)
	- puppet-module-puppetlabs-mysql <unfixed> (unimportant)
	NOTE: https://puppet.com/security/cve/CVE-2018-6508
	NOTE: Issue in various puppet modules: facter_task, puppet_conf, apt, apache and mysql modules
	NOTE: https://github.com/puppetlabs/puppetlabs-facter_task/commit/dd37c72e78c8a37e671e20becb05d6ceafdbd81c
	NOTE: https://github.com/puppetlabs/puppetlabs-puppet_conf/commit/ba434605717e16d935cba45ab38ca5866780a36b
	NOTE: https://github.com/puppetlabs/puppetlabs-apt/commit/81879be960d5723016e3d0b4ff155ee704261bbc
	NOTE: https://github.com/puppetlabs/puppetlabs-apache/commit/81bc5119ceced1faa4bf261efa4b7cd3731ef3ef
	NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c
	NOTE: This is only exploitable with Puppet Tasks, which aren't packaged/available in Debian
CVE-2018-6507
	RESERVED
CVE-2018-6506 (Cross-Site Scripting (XSS) exists in the Add Forum feature in the Admi ...)
	NOT-FOR-US: miniBB
CVE-2018-6505 (A potential Unauthenticated File Download vulnerability has been ident ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6504 (A potential Cross-Site Request Forgery (CSRF) vulnerability has been i ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6503 (A potential Access Control vulnerability has been identified in ArcSig ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6502 (A potential Reflected Cross-Site Scripting (XSS) Security vulnerabilit ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6501 (Potential security vulnerability of Insufficient Access Controls has b ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6500 (A potential Directory Traversal Security vulnerability has been identi ...)
	NOT-FOR-US: ArcSight Management Center (ArcMC)
CVE-2018-6499 (Remote Code Execution in the following products Hybrid Cloud Managemen ...)
	NOT-FOR-US: Hybrid Cloud Management Containerized Suite
CVE-2018-6498 (Remote Code Execution in the following products Hybrid Cloud Managemen ...)
	NOT-FOR-US: Hybrid Cloud Management Containerized Suite
CVE-2018-6497 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
	NOT-FOR-US: UCMDB Server
CVE-2018-6496 (Remote Cross-site Request forgery (CSRF) potential has been identified ...)
	NOT-FOR-US: UCMBD Browser
CVE-2018-6495 (Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.2 ...)
	NOT-FOR-US: Micro Focus
CVE-2018-6494 (Remote SQL Injection against the HP Service Manager Software Web Tier, ...)
	NOT-FOR-US: HP
CVE-2018-6493 (SQL Injection in HP Network Operations Management Ultimate, version 20 ...)
	NOT-FOR-US: HP
CVE-2018-6492 (Persistent Cross-Site Scripting, and non-persistent HTML Injection in  ...)
	NOT-FOR-US: HP
CVE-2018-6491 (Local Escalation of Privilege vulnerability to Micro Focus Universal C ...)
	NOT-FOR-US: Micro Focus Universal CMDB
CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations Orchestratio ...)
	NOT-FOR-US: Micro Focus Operations Orchestration Software
CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project and Por ...)
	NOT-FOR-US: Micro Focus Project and Portfolio Management Center
CVE-2018-6488 (Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB,  ...)
	NOT-FOR-US: Micro Focus Universal CMDB
CVE-2018-6487 (Remote Disclosure of Information in Micro Focus Universal CMDB Foundat ...)
	NOT-FOR-US: Micro Focus Universal CMDB Foundation Software
CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit W ...)
	NOT-FOR-US: Micro Focus Fortify Audit Workbench
CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign in mem ...)
	[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
	- glibc 2.27-1 (bug #878159)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus error in ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (bug #889089)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/14
	NOTE: https://github.com/gdraheim/zziplib/commit/0c0c9256b0903f664bca25dd8d924211f81e01d3 (v0.13.68)
CVE-2018-6483
	RESERVED
CVE-2018-6482
	RESERVED
CVE-2018-6481 (A buffer overflow vulnerability in the control protocol of Disk Savvy  ...)
	NOT-FOR-US: Disk Savvy Enterprise
CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to a memo ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An unauthenticat ...)
	NOT-FOR-US: Netwave IP Camera devices
CVE-2018-6478
	RESERVED
CVE-2018-6477
	RESERVED
CVE-2018-6476 (In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS driv ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6475 (In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe  ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6474 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASK ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6473 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASK ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6472 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASK ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASK ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6470 (Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each directo ...)
	NOT-FOR-US: Nibbleblog on macOS
CVE-2018-6469 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the fli ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6468 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the fli ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6467 (The flickrRSS plugin 5.3.1 for WordPress has CSRF via wp-admin/options ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6466 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the fli ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the bo ...)
	NOT-FOR-US: PropertyHive plugin for WordPress
CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a T ...)
	NOT-FOR-US: Simditor
CVE-2018-6463
	RESERVED
CVE-2018-6462 (Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandl ...)
	NOT-FOR-US: Tracker PDF-XChange Viewer and Viewer AX SDK
CVE-2018-6461 (March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R ...)
	NOT-FOR-US: March Hare
CVE-2018-6460 (Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and ...)
	NOT-FOR-US: Hotspot Shield
CVE-2018-6459 (The rsa_pss_params_parse function in libstrongswan/credentials/keys/si ...)
	- strongswan 5.6.2-1
	[stretch] - strongswan <not-affected> (Vulnerable code introduced later)
	[jessie] - strongswan <not-affected> (Vulnerable code introduced later)
	[wheezy] - strongswan <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html
CVE-2018-6458 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers t ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6457
	RESERVED
CVE-2018-6456
	RESERVED
CVE-2018-6455
	RESERVED
CVE-2018-6454
	RESERVED
CVE-2018-6453
	RESERVED
CVE-2018-6452
	RESERVED
CVE-2018-6451
	RESERVED
CVE-2018-6450
	RESERVED
CVE-2018-6449 (Host Header Injection vulnerability in the http management interface i ...)
	NOT-FOR-US: Brocade Fabric OS
CVE-2018-6448 (A vulnerability in the management interface in Brocade Fabric OS Versi ...)
	NOT-FOR-US: Brocade Fabric OS
CVE-2018-6447 (A Reflective XSS Vulnerability in HTTP Management Interface in Brocade ...)
	NOT-FOR-US: Brocade Fabric OS
CVE-2018-6446 (A vulnerability in Brocade Network Advisor Version Before 14.3.1 could ...)
	NOT-FOR-US: Brocade
CVE-2018-6445 (A Vulnerability in Brocade Network Advisor versions before 14.0.3 coul ...)
	NOT-FOR-US: Brocade
CVE-2018-6444 (A Vulnerability in Brocade Network Advisor versions before 14.1.0 coul ...)
	NOT-FOR-US: Brocade
CVE-2018-6443 (A vulnerability in Brocade Network Advisor Versions before 14.3.1 coul ...)
	NOT-FOR-US: Brocade
CVE-2018-6442 (A vulnerability in the Brocade Webtools firmware update section of Bro ...)
	NOT-FOR-US: Brocade
CVE-2018-6441 (A vulnerability in Secure Shell implementation of Brocade Fabric OS ve ...)
	NOT-FOR-US: Brocade
CVE-2018-6440 (A vulnerability in the proxy service of Brocade Fabric OS versions bef ...)
	NOT-FOR-US: Brocade
CVE-2018-6439 (A Vulnerability in the configdownload command of Brocade Fabric OS com ...)
	NOT-FOR-US: Brocade
CVE-2018-6438 (A Vulnerability in the supportsave command of Brocade Fabric OS comman ...)
	NOT-FOR-US: Brocade
CVE-2018-6437 (A Vulnerability in the help command of Brocade Fabric OS command line  ...)
	NOT-FOR-US: Brocade
CVE-2018-6436 (A Vulnerability in the firmwaredownload command of Brocade Fabric OS c ...)
	NOT-FOR-US: Brocade
CVE-2018-6435 (A Vulnerability in the secryptocfg command of Brocade Fabric OS comman ...)
	NOT-FOR-US: Brocade
CVE-2018-6434 (A vulnerability in the web management interface of Brocade Fabric OS v ...)
	NOT-FOR-US: Brocade
CVE-2018-6433 (A vulnerability in the secryptocfg export command of Brocade Fabric OS ...)
	NOT-FOR-US: Brocade
CVE-2018-6432
	RESERVED
CVE-2018-6431
	RESERVED
CVE-2018-6430
	RESERVED
CVE-2018-6429
	RESERVED
CVE-2018-6428
	RESERVED
CVE-2018-6427
	RESERVED
CVE-2018-6426
	RESERVED
CVE-2018-6425
	RESERVED
CVE-2018-6424
	RESERVED
CVE-2018-6423
	RESERVED
CVE-2018-6422
	RESERVED
CVE-2018-6421
	RESERVED
CVE-2018-6420
	RESERVED
CVE-2018-6419
	RESERVED
CVE-2018-6418
	RESERVED
CVE-2018-6417
	RESERVED
CVE-2018-6416
	RESERVED
CVE-2018-6415
	RESERVED
CVE-2018-6414 (A buffer overflow vulnerability in the web server of some Hikvision IP ...)
	NOT-FOR-US: Hikvision IP Cameras
CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4. ...)
	NOT-FOR-US: Hikvision Camera DS-2CD9111-S
CVE-2018-6412 (In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c ...)
	{DLA-1423-1}
	- linux 4.16.5-1 (unimportant)
	[stretch] - linux 4.9.107-1
	[jessie] - linux 3.16.57-1
	[wheezy] - linux 3.2.102-1
	NOTE: https://marc.info/?l=linux-fbdev&m=151734425901499&w=2
	NOTE: The issue only affects SPARC systems.
CVE-2018-6411 (An issue was discovered in Appnitro MachForm before 4.2.3. When the fo ...)
	NOT-FOR-US: Appnitro MachForm
CVE-2018-6410 (An issue was discovered in Appnitro MachForm before 4.2.3. There is a  ...)
	NOT-FOR-US: Appnitro MachForm
CVE-2018-6409 (An issue was discovered in Appnitro MachForm before 4.2.3. The module  ...)
	NOT-FOR-US: Appnitro MachForm
CVE-2018-6408 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devi ...)
	NOT-FOR-US: CIPCAMPTIWL devices
CVE-2018-6407 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devi ...)
	NOT-FOR-US: CIPCAMPTIWL devices
CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libw ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: Chromium is built with support for VP9 disabled in Debian
	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492
	NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0 ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/964
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
CVE-2018-6404
	RESERVED
CVE-2018-6403
	RESERVED
CVE-2018-6402 (Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and c ...)
	NOT-FOR-US: Ecobee Ecobee4 4.2.0.171 devices
CVE-2018-6401 (Meross MSS110 devices before 1.1.24 contain a TELNET listener providin ...)
	NOT-FOR-US: Meross
CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privil ...)
	NOT-FOR-US: Kingsoft WPS Office Free
CVE-2018-6399
	RESERVED
CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for Joom ...)
	NOT-FOR-US: CP Event Calendar component for Joomla!
CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4 component for ...)
	NOT-FOR-US: Picture Calendar  component for Joomla!
CVE-2018-6396 (SQL Injection exists in the Google Map Landkarten through 4.2.3 compon ...)
	NOT-FOR-US: Google Map Landkarten component for Joomla!
CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla ...)
	NOT-FOR-US: Visual Calendar component for Joomla!
CVE-2018-6394 (SQL Injection exists in the InviteX 3.0.5 component for Joomla! via th ...)
	NOT-FOR-US: InviteX component for Joomla!
CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-17 ...)
	NOT-FOR-US: FreePBX
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg thro ...)
	{DSA-4249-1 DLA-1740-1}
	- ffmpeg 7:3.4.2-1
	- libav <removed>
	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
	NOTE: Needs as well: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
	NOTE: fixing a (functional) regression introduced by the original fix.
	NOTE: Fixed in 3.2.11, the commit in the 3.2 branch (c4ba170cad2ccdd896ea6fd3a890980008606541)
	NOTE: has the regression fix squashed in
	NOTE: The vulnerable function is filter_frame in libav.
CVE-2018-6391 (A cross-site request forgery web vulnerability has been discovered on  ...)
	NOT-FOR-US: Netis WF2419 V2.2.36123 devices
CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.710 ...)
	NOT-FOR-US: Kingsoft WPS Office
CVE-2018-6389 (In WordPress through 4.9.2, unauthenticated attackers can cause a deni ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
	NOTE: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
	NOTE: https://wpvulndb.com/vulnerabilities/9021
	NOTE: disputed by upstream as best fixed at the server level
	NOTE: patch in progress in https://core.trac.wordpress.org/ticket/43308
	NOTE: Architectual limitation, marginal impact
CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote au ...)
	NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcode ...)
	NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
CVE-2018-6386
	RESERVED
CVE-2018-6385
	RESERVED
CVE-2018-6384 (Unquoted Windows search path vulnerability in NSClient++ before 0.4.1. ...)
	NOT-FOR-US: NSClient++
CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete "forbidden types" list tha ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL Injec ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
	NOTE: https://mantisbt.org/bugs/view.php?id=23908
CVE-2018-6381 (In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64 and 0.13.63 there is a s ...)
	{DLA-2258-1}
	- zziplib 0.13.62-3.2 (bug #889096)
	[stretch] - zziplib 0.13.62-3.2~deb9u1
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/12
	NOTE: https://github.com/gdraheim/zziplib/commit/a803559fa9194be895422ba3684cf6309b6bb598 (v0.13.68)
CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes leads  ...)
	NOT-FOR-US: Joomla!
CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ( ...)
	NOT-FOR-US: Joomla!
CVE-2018-6378 (In Joomla! Core before 3.8.8, inadequate filtering of file and folder  ...)
	NOT-FOR-US: Joomla!
CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in com_fields lead ...)
	NOT-FOR-US: Joomla!
CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable in a S ...)
	NOT-FOR-US: Joomla!
CVE-2018-1000030 (Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Hea ...)
	- python3.7 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.6 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.5 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.4 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.2 <not-affected> (Reading ahead of file objects implemented differently)
	- python2.7 2.7.14-5 (unimportant)
	- python2.6 <removed> (unimportant)
	NOTE: Original report: https://bugs.python.org/issue31530
	NOTE: https://bugs.python.org/file47157/0001-stop-crashes-when-iterating-over-a-file-on-multiple-.patch
	NOTE: which was followed by a pull request to fix the issue:
	NOTE: https://github.com/python/cpython/pull/3670
	NOTE: https://github.com/python/cpython/pull/3672
	NOTE: https://github.com/python/cpython/commit/6401e5671781eb217ee1afb4603cc0d1b0367ae6
	NOTE: The original approach caused a regression leading to
	NOTE: https://github.com/python/cpython/pull/5060
	NOTE: https://bugs.python.org/msg309265
	NOTE: where the 6401e56 commit was mostly reverted again.
	NOTE: Needed: https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b
	NOTE: No practical security impact, why DWF assigned a CVE ID is hard to tell
CVE-2018-1000029 (mcholste Enterprise Log Search and Archive (ELSA) version revision 120 ...)
	NOT-FOR-US: mcholste Enterprise Log Search and Archive
CVE-2018-1000026 (Linux Linux kernel version at least v4.8 onwards, probably well before ...)
	{DLA-1771-1}
	- linux 4.16.5-1
	[stretch] - linux 4.9.161-1
	[jessie] - linux <ignored> (Minor issue, requires core networking changes)
	- linux-4.9 <removed>
	NOTE: https://patchwork.ozlabs.org/patch/859410/
	NOTE: http://lists.openwall.net/netdev/2018/01/16/40
	NOTE: http://lists.openwall.net/netdev/2018/01/18/96
	NOTE: https://git.kernel.org/linus/8914a595110a6eca69a5e275b323f5d09e18f4f9
	NOTE: https://git.kernel.org/linus/2b16f048729bf35e6c28a40cbfad07239f9dcd90
CVE-2018-1000025 (Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 co ...)
	NOT-FOR-US: Jerome Gamez Firebase Admin SDK for PHP
CVE-2018-1000023 (Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CW ...)
	NOT-FOR-US: Bitpay/insight-api Insight-api
CVE-2018-1000021 (GIT version 2.15.1 and earlier contains a Input Validation Error vulne ...)
	- git <unfixed> (unimportant; bug #889680)
	NOTE: http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
	NOTE: Terminal emulators need to perform proper escaping
CVE-2018-1000020 (OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) vulnerabil ...)
	NOT-FOR-US: OpenEMR
CVE-2018-1000019 (OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in ...)
	NOT-FOR-US: OpenEMR
CVE-2018-6375
	RESERVED
CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients  ...)
	NOT-FOR-US: PulseUI in Pulse Secure Desktop Linux clients
CVE-2018-6373 (SQL Injection exists in the Fastball 2.5 component for Joomla! via the ...)
	NOT-FOR-US: Fastball component for Joomla!
CVE-2018-6372 (SQL Injection exists in the JB Bus 2.3 component for Joomla! via the o ...)
	NOT-FOR-US: JB Bus component for Joomla!
CVE-2018-6371
	RESERVED
CVE-2018-6370 (SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via t ...)
	NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2018-6369
	RESERVED
CVE-2018-6368 (SQL Injection exists in the JomEstate PRO through 3.7 component for Jo ...)
	NOT-FOR-US: JomEstate PRO component for Joomla!
CVE-2018-6367 (SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9  ...)
	NOT-FOR-US: Vastal I-Tech Buddy Zone Facebook Clone
CVE-2018-6366
	RESERVED
CVE-2018-6365 (SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site ...)
	NOT-FOR-US: TSiteBuilder
CVE-2018-6364 (SQL Injection exists in Multilanguage Real Estate MLM Script through 3 ...)
	NOT-FOR-US: Multilanguage Real Estate MLM Script
CVE-2018-6363 (SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php  ...)
	NOT-FOR-US: Task Rabbit Clone
CVE-2018-6362 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop  ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6361 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parame ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6360 (mpv through 0.28.0 allows remote attackers to execute arbitrary code v ...)
	{DSA-4105-1}
	- mpv 0.27.0-3 (bug #888654)
	[jessie] - mpv <not-affected> (Vulnerable code not present, youtube-dl hook script added in 0.7.0)
	NOTE: https://github.com/mpv-player/mpv/issues/5456
	NOTE: https://github.com/mpv-player/mpv/commit/e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43
CVE-2018-6359 (The decompileIF function (util/decompile.c) in libming through 0.4.8 i ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/105
CVE-2018-6358 (The printDefineFont2 function (util/listfdb.c) in libming through 0.4. ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/104
CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the acurax ...)
	NOT-FOR-US: acurax-social-media-widget plugin for WordPress
CVE-2018-6356 (Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly pr ...)
	- jenkins <removed>
CVE-2018-6355 (/goform/setLang on iBall 300M devices with "iB-WRB302N_1.0.1-Sep 8 201 ...)
	NOT-FOR-US: iBall 300M devices
CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS  ...)
	NOT-FOR-US: Formspree
CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 sup ...)
	- electrum 3.2.3-1 (bug #890003; unimportant)
	NOTE: https://github.com/spesmilo/electrum/issues/3678
	NOTE: https://github.com/spesmilo/electrum/pull/3700
CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::Rea ...)
	- libpodofo 0.9.6+dfsg-3
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1539237
	NOTE: https://sourceforge.net/p/podofo/tickets/3/
CVE-2018-6351
	RESERVED
CVE-2018-6350 (An out-of-bounds read was possible in WhatsApp due to incorrect parsin ...)
	NOT-FOR-US: WhatsApp
CVE-2018-6349 (When receiving calls using WhatsApp for Android, a missing size check  ...)
	NOT-FOR-US: WhatsApp
CVE-2018-6348
	RESERVED
CVE-2018-6347 (An issue in the Proxygen handling of HTTP2 parsing of headers/trailers ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2018-6346 (A potential denial-of-service issue in the Proxygen handling of invali ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2018-6345 (The function number_format is vulnerable to a heap overflow issue when ...)
	- hhvm <removed>
CVE-2018-6344 (A heap corruption in WhatsApp can be caused by a malformed RTP packet  ...)
	NOT-FOR-US: Whatsapp
CVE-2018-6343 (Proxygen fails to validate that a secondary auth manager is set before ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2018-6342 (react-dev-utils on Windows allows developers to run a local webserver  ...)
	NOT-FOR-US: react-dev-utils
CVE-2018-6341 (React applications which rendered to HTML using the ReactDOMServer API ...)
	NOT-FOR-US: React
CVE-2018-6340 (The Memcache::getextendedstats function can be used to trigger an out- ...)
	- hhvm <removed>
CVE-2018-6339 (When receiving calls using WhatsApp on Android, a stack allocation fai ...)
	NOT-FOR-US: WhatsApp
CVE-2018-6338
	RESERVED
CVE-2018-6337 (folly::secureRandom will re-use a buffer between parent and child proc ...)
	- hhvm <not-affected> (Only affects 3.26)
	NOTE: https://github.com/facebook/hhvm/commit/e2d10a1e32d01f71aaadd81169bcb9ae86c5d6b8
	NOTE: https://hhvm.com/blog/2018/05/24/hhvm-3.26.3.html
CVE-2018-6336 (An issue was discovered in osquery. A maliciously crafted Universal/fa ...)
	NOT-FOR-US: osquery
CVE-2018-6335 (A Malformed h2 frame can cause 'std::out_of_range' exception when pars ...)
	- hhvm 3.24.7+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
CVE-2018-6334 (Multipart-file uploads call variables to be improperly registered in t ...)
	- hhvm 3.24.7+dfsg-1 (bug #895194)
	NOTE: https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
	NOTE: https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
CVE-2018-6333 (The hhvm-attach deep link handler in Nuclide did not properly sanitize ...)
	NOT-FOR-US: Nuclide
CVE-2018-6332 (A potential denial-of-service issue in the Proxygen handling of invali ...)
	- hhvm 3.24.7+dfsg-1 (bug #895194)
	NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
CVE-2018-6331 (Buck parser-cache command loads/saves state using Java serialized obje ...)
	NOT-FOR-US: Buck parser-cache
CVE-2018-6330 (Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php  ...)
	NOT-FOR-US: Laravel Framework
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpex ...)
	NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user in ...)
	NOT-FOR-US: Unitrends Backup
CVE-2018-6327
	RESERVED
CVE-2018-6326
	RESERVED
CVE-2018-6325
	RESERVED
CVE-2018-6324 (F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redi ...)
	NOT-FOR-US: F-Secure Radar
CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descriptor ( ...)
	- binutils 2.30-3
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22746
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=38e64b0ecc7f4ee64a02514b8d532782ac057fa2
CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain privileges o ...)
	NOT-FOR-US: Panda Global Protection
CVE-2018-6321 (Unquoted Windows search path vulnerability in the panda_url_filtering  ...)
	NOT-FOR-US: Panda Global Protection
CVE-2018-6320 (A vulnerability has been discovered in login.cgi in Pulse Secure Pulse ...)
	NOT-FOR-US: Pulse Secure
CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special Devic ...)
	NOT-FOR-US: Sophos Tester Tool
CVE-2018-6318 (In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context o ...)
	NOT-FOR-US: Sophos Tester Tool
CVE-2018-6317 (The remote management interface in Claymore Dual Miner 10.5 and earlie ...)
	NOT-FOR-US: Claymore's Dual Ethereum
CVE-2018-6316 (Ivanti Endpoint Security (formerly HEAT Endpoint Management and Securi ...)
	NOT-FOR-US: Ivanti Endpoint Security
CVE-2018-6315 (The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming th ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/101
CVE-2018-6314
	RESERVED
CVE-2018-6313 (Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticat ...)
	NOT-FOR-US: WBCE CMS
CVE-2018-6312 (A privileged account with a weak default password on the Foxconn femto ...)
	NOT-FOR-US: Foxconn femtocell FEMTO AP-FC4064-T
CVE-2018-6311 (One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T ve ...)
	NOT-FOR-US: Foxconn femtocell FEMTO AP-FC4064-T
CVE-2018-6310
	RESERVED
CVE-2018-6309
	RESERVED
CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and ...)
	NOT-FOR-US: SugarCRM
CVE-2018-6307 (LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains ...)
	{DSA-4383-1 DLA-1979-1 DLA-1617-1}
	- libvncserver 0.9.11+dfsg-1.2 (bug #916941)
	- italc <removed>
	[stretch] - italc 1:3.0.3+dfsg1-1+deb9u1
	NOTE: https://github.com/LibVNC/libvncserver/issues/241
	NOTE: https://github.com/LibVNC/libvncserver/commit/ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
	NOTE: https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/
CVE-2018-6306 (Unauthorized code execution from specific DLL and is known as DLL Hija ...)
	NOT-FOR-US: Kaspersky Password Manager
CVE-2018-6305 (Denial of service in Gemalto's Sentinel LDK RTE version before 7.65 ...)
	NOT-FOR-US: Gemalto
CVE-2018-6304 (Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE vers ...)
	NOT-FOR-US: Gemalto
CVE-2018-6303 (Denial of service by uploading malformed firmware in Hanwha Techwin Sm ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6302 (Denial of service by blocking of new camera registration on the cloud  ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6301 (Arbitrary camera access and monitoring via cloud in Hanwha Techwin Sma ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6300 (Remote password change in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6299 (Authentication bypass in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6298 (Remote code execution in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6297 (Buffer overflow in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6296 (An undocumented (hidden) capability for switching the web interface in ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6295 (Unencrypted way of remote control and communications in Hanwha Techwin ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6294 (Unsecured way of firmware update in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6293 (Arbitrary File Read in Saperion Web Client version 7.5.2 83166. ...)
	NOT-FOR-US: Saperion Web Client
CVE-2018-6292 (Remote Code Execution in Saperion Web Client version 7.5.2 83166. ...)
	NOT-FOR-US: Saperion Web Client
CVE-2018-6291 (WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway versi ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6290 (Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1. ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6289 (Configuration file injection leading to Code Execution as Root in Kasp ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6288 (Cross-site Request Forgery leading to Administrative account takeover  ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6287
	RESERVED
CVE-2018-6286
	RESERVED
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6285
	RESERVED
CVE-2018-6284
	RESERVED
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6283
	RESERVED
CVE-2018-6282
	RESERVED
CVE-2018-6281
	RESERVED
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6280
	RESERVED
CVE-2018-6279
	RESERVED
CVE-2018-6278
	RESERVED
CVE-2018-6277
	RESERVED
CVE-2018-6276
	RESERVED
CVE-2018-6275
	RESERVED
CVE-2018-6274
	RESERVED
CVE-2018-6273
	RESERVED
CVE-2018-6272
	RESERVED
CVE-2018-6271 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in whi ...)
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6270
	RESERVED
CVE-2018-6269 (NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where  ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6268 (NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, ...)
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6267 (NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in whi ...)
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6266 (NVIDIA GeForce Experience contains a vulnerability in all versions pri ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6265 (NVIDIA GeForce Experience contains a vulnerability in all versions pri ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6264
	RESERVED
CVE-2018-6263 (NVIDIA GeForce Experience contains a vulnerability in all versions pri ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6262 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when  ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6261 (NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when  ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6260 (NVIDIA graphics driver contains a vulnerability that may allow access  ...)
	[experimental] - nvidia-graphics-drivers 418.43-1
	- nvidia-graphics-drivers 410.104-1 (bug #913467)
	[stretch] - nvidia-graphics-drivers 390.116-1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-390xx 390.116-1
	[buster] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4738
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4772
CVE-2018-6259 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a pote ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6258 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a pote ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6257 (NVIDIA GeForce Experience all versions prior to 3.14.1 contains a pote ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2018-6256
	RESERVED
CVE-2018-6255
	RESERVED
CVE-2018-6254 (In Android before the 2018-05-05 security patch level, NVIDIA Media Se ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in the DirectX and  ...)
	- nvidia-graphics-drivers 390.48-1 (bug #894338)
	[stretch] - nvidia-graphics-drivers 384.130-1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in the Dire ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6250 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode laye ...)
	- nvidia-graphics-drivers 390.48-1 (bug #894338)
	[stretch] - nvidia-graphics-drivers 384.130-1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[bullseye] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported, no updates provided by Nvidia for 340)
	[stretch] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <ignored> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6247 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6246 (In Android before the 2018-05-05 security patch level, NVIDIA Widevine ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2018-6245
	RESERVED
CVE-2018-6244
	RESERVED
CVE-2018-6243 (NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability i ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contain a b ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6241 (NVIDIA Tegra Gralloc module contains a vulnerability in driver in whic ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6240 (NVIDIA Tegra contains a vulnerability in BootRom where a user with ker ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6239 (NVIDIA Jetson TX2 contains a vulnerability by means of speculative exe ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6238
	RESERVED
CVE-2018-6237 (A vulnerability in Trend Micro Smart Protection Server (Standalone) 3. ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6236 (A Time-of-Check Time-of-Use privilege escalation vulnerability in Tren ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6235 (An Out-of-Bounds write privilege escalation vulnerability in Trend Mic ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6234 (An Out-of-Bounds Read Information Disclosure vulnerability in Trend Mi ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6233 (A buffer overflow privilege escalation vulnerability in Trend Micro Ma ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6232 (A buffer overflow privilege escalation vulnerability in Trend Micro Ma ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6231 (A server auth command injection authentication bypass vulnerability in ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6230 (A SQL injection vulnerability in an Trend Micro Email Encryption Gatew ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6229 (A SQL injection vulnerability in an Trend Micro Email Encryption Gatew ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6228 (A SQL injection vulnerability in a Trend Micro Email Encryption Gatewa ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6227 (A stored cross-site scripting (XSS) vulnerability in Trend Micro Email ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6226 (Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micr ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6225 (An XML external entity injection (XXE) vulnerability in Trend Micro Em ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6224 (A lack of cross-site request forgery (CSRF) protection vulnerability i ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6223 (A missing authentication for appliance registration vulnerability in T ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6222 (Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 co ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6221 (An unvalidated software update vulnerability in Trend Micro Email Encr ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6220 (An arbitrary file write vulnerability in Trend Micro Email Encryption  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6219 (An Insecure Update via HTTP vulnerability in Trend Micro Email Encrypt ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6218 (A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Modul ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS Offi ...)
	NOT-FOR-US: Kingsoft WPS Office
CVE-2018-6216
	RESERVED
CVE-2018-6215
	RESERVED
CVE-2018-6214
	RESERVED
CVE-2018-6213 (In the web server on D-Link DIR-620 devices with a certain customized  ...)
	NOT-FOR-US: D-Link
CVE-2018-6212 (On D-Link DIR-620 devices with a certain customized (by ISP) variant o ...)
	NOT-FOR-US: D-Link
CVE-2018-6211 (On D-Link DIR-620 devices with a certain customized (by ISP) variant o ...)
	NOT-FOR-US: D-Link
CVE-2018-6210 (D-Link DIR-620 devices, with a certain Rostelekom variant of firmware  ...)
	NOT-FOR-US: D-Link
CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32. ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6207 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32. ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6206 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32. ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6205 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxProtector32. ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6204 (In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) a ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6203 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allo ...)
	NOT-FOR-US: eScan Antivirus
CVE-2018-6202 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allo ...)
	NOT-FOR-US: eScan Antivirus
CVE-2018-6201 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allo ...)
	NOT-FOR-US: eScan Antivirus
CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the r ...)
	NOT-FOR-US: vBulletin
CVE-2018-6199
	RESERVED
CVE-2018-6195 (admin/partials/wp-splashing-admin-main.php in the Splashing Images plu ...)
	NOT-FOR-US: WordPress plugin wp-splashing-images
CVE-2018-6194 (A cross-site scripting (XSS) vulnerability in admin/partials/wp-splash ...)
	NOT-FOR-US: WordPress plugin wp-splashing-images
CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...)
	NOT-FOR-US: Routers2
CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xre ...)
	{DSA-4334-1 DLA-1838-1}
	- mupdf 1.13.0+ds1-1 (bug #888487)
	[wheezy] - mupdf <no-dsa> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?5e411a99604ff6be5db9e273ee84737204113299
CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has a ...)
	- mujs <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=25821e6d74fab5fcc200fe5e818362e03e114428
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698920
CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description field on ...)
	NOT-FOR-US: Netis WF2419 V3.2.41381 devices
CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when the ~/ ...)
	- w3m 0.5.3-36 (bug #888097; unimportant)
	[stretch] - w3m 0.5.3-34+deb9u1
	NOTE: https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
	NOTE: Neutralised by kernel hardening
CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formU ...)
	{DLA-2195-1}
	- w3m 0.5.3-36 (low)
	[stretch] - w3m 0.5.3-34+deb9u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/89
	NOTE: https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlinepr ...)
	{DLA-2195-1}
	- w3m 0.5.3-36 (low)
	[stretch] - w3m 0.5.3-34+deb9u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/88
	NOTE: https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92
CVE-2018-6189 (F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors inv ...)
	NOT-FOR-US: F-Secure Radar
CVE-2018-6188 (django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0. ...)
	- python-django 1:1.11.10-1
	[stretch] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
	[jessie] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
	[wheezy] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
	NOTE: https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnera ...)
	{DSA-4334-1}
	- mupdf 1.13.0+ds1-1 (bug #888464)
	[jessie] - mupdf <no-dsa> (Minor issue)
	[wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698908
	NOTE: https://lists.debian.org/debian-lts/2018/03/msg00041.html
	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?3e30fbb7bf5efd88df431e366492356e7eb969ec
	NOTE: issued covered by: http://www.ghostscript.com/cgi-bin/findgit.cgi?fa9cd085533f68367c299e058ab3fbb7ad8a2dc6
CVE-2018-6186 (Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via ...)
	NOT-FOR-US: Citrix NetScaler VPX
CVE-2018-6185 (In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ...)
	NOT-FOR-US: Cloudera Navigator Key Trustee KMS
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next r ...)
	NOT-FOR-US: ZEIT Next.js
CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges  ...)
	NOT-FOR-US: BitDefender Total Security
CVE-2018-6182 (Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before  ...)
	- mahara <removed>
CVE-2018-6181
	RESERVED
CVE-2018-6180 (A flaw in the profile section of Online Voting System 1.0 allows an un ...)
	NOT-FOR-US: Online Voting System
CVE-2018-1000017
	REJECTED
CVE-2018-1000018 (An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7  ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-6179 (Insufficient enforcement of file access permission in the activeTab ca ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6178 (Eliding from the wrong side in an infobar in DevTools in Google Chrome ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6177 (Information leak in media engine in Google Chrome prior to 68.0.3440.7 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6176 (Insufficient file type enforcement in Extensions API in Google Chrome  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6175 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6174 (Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.7 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6173 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6172 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6171 (Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 all ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6170 (A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6169 (Lack of timeout on extension install prompt in Extensions in Google Ch ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6168 (Information leak in media engine in Google Chrome prior to 68.0.3440.7 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6167 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6166 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6165 (Incorrect handling of reloads in Navigation in Google Chrome prior to  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6164 (Insufficient origin checks for CSS content in Blink in Google Chrome p ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6163 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6162 (Improper deserialization in WebGL in Google Chrome on Mac prior to 68. ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6161 (Insufficient policy enforcement in Blink in Google Chrome prior to 68. ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6160 (JavaScript alert handling in Prompts in Google Chrome prior to 68.0.34 ...)
	- chromium-browser <not-affected> (Only affects Chrome on iOS)
CVE-2018-6159 (Insufficient policy enforcement in ServiceWorker in Google Chrome prio ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6158 (A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allo ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6157 (Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowe ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6156 (Incorect derivation of a packet length in WebRTC in Google Chrome prio ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	- firefox 70.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2018-6156
CVE-2018-6155 (Incorrect handling of frames in the VP8 parser in Google Chrome prior  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6154 (Insufficient data validation in WebGL in Google Chrome prior to 68.0.3 ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6153 (A precision error in Skia in Google Chrome prior to 68.0.3440.75 allow ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6152 (The implementation of the Page.downloadBehavior backend unconditionall ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6151 (Bad cast in DevTools in Google Chrome on Win, Linux, Mac, Chrome OS pr ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6150 (Incorrect handling of CORS in ServiceWorker in Google Chrome prior to  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6149 (Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 al ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.87-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6148 (Incorrect implementation in Content Security Policy in Google Chrome p ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.79-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6147 (Lack of secure text entry mode in Browser UI in Google Chrome on Mac p ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6146
	RESERVED
CVE-2018-6145 (Insufficient data validation in HTML parser in Google Chrome prior to  ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6144 (Off-by-one error in PDFium in Google Chrome prior to 67.0.3396.62 allo ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6143 (Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 a ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6142 (Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.6 ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6141 (Insufficient validation of an image filter in Skia in Google Chrome pr ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6140 (Allowing the chrome.debugger API to attach to Web UI pages in DevTools ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6139 (Insufficient target checks on the chrome.debugger API in DevTools in G ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6138 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6137 (CSS Paint API in Blink in Google Chrome prior to 67.0.3396.62 allowed  ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6136 (Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowe ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6135 (Lack of clearing the previous site before loading alerts from a new on ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6134 (Information leak in Blink in Google Chrome prior to 67.0.3396.62 allow ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6133 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6132 (Uninitialized data in WebRTC in Google Chrome prior to 67.0.3396.62 al ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6131 (Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3 ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6130 (Incorrect handling of object lifetimes in WebRTC in Google Chrome prio ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6129 (Out of bounds array access in WebRTC in Google Chrome prior to 67.0.33 ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6128 (Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0. ...)
	- chromium-browser <not-affected> (ios specific)
CVE-2018-6127 (Early free of object in use in IndexDB in Google Chrome prior to 67.0. ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6126 (A precision error in Skia in Google Chrome prior to 67.0.3396.62 allow ...)
	{DSA-4237-1 DSA-4220-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- firefox 60.0.2-1
	- firefox-esr 52.8.1esr-1
	- skia <itp> (bug #818180)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/
CVE-2018-6125
	RESERVED
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6124 (Type confusion in ReadableStreams in Blink in Google Chrome prior to 6 ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6123 (A use after free in Blink in Google Chrome prior to 67.0.3396.62 allow ...)
	{DSA-4237-1}
	- chromium-browser 67.0.3396.62-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6122
	RESERVED
	{DSA-4237-1}
	- chromium-browser 66.0.3359.181-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6121 (Insufficient validation of input in Blink in Google Chrome prior to 66 ...)
	{DSA-4237-1}
	- chromium-browser 66.0.3359.181-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6120 (An integer overflow that could lead to an attacker-controlled heap out ...)
	{DSA-4237-1}
	- chromium-browser 66.0.3359.181-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6119 (Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.1 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6118 (A double-eviction in the Incognito mode cache that lead to a user-afte ...)
	{DSA-4237-1}
	- chromium-browser 66.0.3359.139-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6117 (Confusing settings in Autofill in Google Chrome prior to 66.0.3359.117 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6116 (A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.33 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6115 (Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file download ...)
	- chromium-browser <not-affected> (windows specific)
CVE-2018-6114 (Incorrect enforcement of CSP for &lt;object&gt; tags in Blink in Googl ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6113 (Improper handling of pending navigation entries in Navigation in Googl ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6112 (Making URLs clickable and allowing them to be styled in DevTools in Go ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6111 (An object lifetime issue in the developer tools network handler in Goo ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6110 (Parsing documents as HTML in Downloads in Google Chrome prior to 66.0. ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6109 (readAsText() can indefinitely read the file picked by the user, rather ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6108 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6107 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6106 (An asynchronous generator may return an incorrect state in V8 in Googl ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6105 (Incorrect handling of confusable characters in Omnibox in Google Chrom ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6104 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6103 (A stagnant permission prompt in Prompts in Google Chrome prior to 66.0 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6102 (Missing confusable characters in Internationalization in Google Chrome ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6101 (A lack of host validation in DevTools in Google Chrome prior to 66.0.3 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6100 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6099 (A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6098 (Incorrect handling of confusable characters in URL Formatter in Google ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6097 (Incorrect handling of asynchronous methods in Fullscreen in Google Chr ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6096 (A JavaScript focused window could overlap the fullscreen notification  ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6095 (Inappropriate dismissal of file picker on keyboard events in Blink in  ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6094 (Inline metadata in GarbageCollection in Google Chrome prior to 66.0.33 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6093 (Insufficient origin checks in Blink in Google Chrome prior to 66.0.335 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6092 (An integer overflow on 32-bit systems in WebAssembly in Google Chrome  ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6091 (Service Workers can intercept any request made by an &lt;embed&gt; or  ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6090 (An integer overflow that lead to a heap buffer-overflow in Skia in Goo ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6089 (A lack of CORS checks, after a Service Worker redirected to a cross-or ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6088 (An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0. ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6087 (A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.11 ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6086 (A double-eviction in the Incognito mode cache that lead to a user-afte ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6085 (Re-entry of a destructor in Networking Disk Cache in Google Chrome pri ...)
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6084 (Insufficiently sanitized distributed objects in Updater in Google Chro ...)
	- chromium-browser <not-affected> (Specific to MacOS)
CVE-2018-6083 (Failure to disallow PWA installation from CSP sandboxed pages in AppMa ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6082 (Including port 22 in the list of allowed FTP ports in Networking in Go ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6081 (XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.33 ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6080 (Lack of access control checks in Instrumentation in Google Chrome prio ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6079 (Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6078 (Incorrect handling of confusable characters in Omnibox in Google Chrom ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6077 (Displacement map filters being applied to cross-origin images in Blink ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6076 (Insufficient encoding of URL fragment identifiers in Blink in Google C ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6075 (Incorrect handling of specified filenames in file downloads in Google  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6074 (Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior t ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6073 (A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.14 ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6072 (An integer overflow leading to use after free in PDFium in Google Chro ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6071 (An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 al ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6070 (Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6069 (Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6068 (Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6067 (Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.332 ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6066 (Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Go ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6065 (Integer overflow in computing the required allocation size when instan ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6064 (Type Confusion in the implementation of __defineGetter__ in V8 in Goog ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6063 (Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6062 (Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 al ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6061 (A race in the handling of SharedArrayBuffers in WebAssembly in Google  ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6060 (Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 all ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6059
	RESERVED
	- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
CVE-2018-6058
	RESERVED
	- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
CVE-2018-6057 (Lack of special casing of Android ashmem in Google Chrome prior to 65. ...)
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6056 (Type confusion could lead to a heap out-of-bounds write in V8 in Googl ...)
	{DSA-4182-1}
	[experimental] - chromium-browser 65.0.3325.73-1
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6055 (Insufficient policy enforcement in Catalog Service in Google Chrome pr ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6054 (Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowe ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6053 (Inappropriate implementation in New Tab Page in Google Chrome prior to ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6052 (Lack of support for a non standard no-referrer policy value in Blink i ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6051 (XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure th ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6050 (Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.1 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6049 (Incorrect security UI in permissions prompt in Google Chrome prior to  ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6048 (Insufficient policy enforcement in Blink in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6047 (Insufficient policy enforcement in WebGL in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6046 (Insufficient data validation in DevTools in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6045 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6044
	RESERVED
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-6043 (Insufficient data validation in External Protocol Handler in Google Ch ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6042 (Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.1 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6041 (Incorrect security UI in navigation in Google Chrome prior to 64.0.328 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6040 (Insufficient policy enforcement in Blink in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6039 (Insufficient data validation in DevTools in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6038 (Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119  ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6037 (Inappropriate implementation in autofill in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6036 (Insufficient data validation in V8 in Google Chrome prior to 64.0.3282 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6035 (Insufficient policy enforcement in DevTools in Google Chrome prior to  ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6034 (Insufficient data validation in WebGL in Google Chrome prior to 64.0.3 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6033 (Insufficient data validation in Downloads in Google Chrome prior to 64 ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6032 (Insufficient policy enforcement in Blink in Google Chrome prior to 64. ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6031 (Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allow ...)
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6030
	RESERVED
CVE-2018-1000016
	REJECTED
CVE-2018-1000015 (On Jenkins instances with Authorize Project plugin, the authentication ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000014 (Jenkins Translation Assistance Plugin 1.15 and earlier did not require ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000013 (Jenkins Release Plugin 2.9 and earlier did not require form submission ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000012 (Jenkins Warnings Plugin 4.64 and earlier processes XML external entiti ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000011 (Jenkins FindBugs Plugin 4.71 and earlier processes XML external entiti ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000010 (Jenkins DRY Plugin 2.49 and earlier processes XML external entities in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000009 (Jenkins Checkstyle Plugin 3.49 and earlier processes XML external enti ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000008 (Jenkins PMD Plugin 3.49 and earlier processes XML external entities in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-6029 (The copy function in application/admin/controller/Article.php in NoneC ...)
	NOT-FOR-US: NoneCms
CVE-2018-6028
	RESERVED
CVE-2018-6027
	RESERVED
CVE-2018-6026
	RESERVED
CVE-2018-6025
	RESERVED
CVE-2018-6024 (SQL Injection exists in the Project Log 1.5.3 component for Joomla! vi ...)
	NOT-FOR-US: Project Log component for Joomla!
CVE-2018-6023 (Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts  ...)
	NOT-FOR-US: Fastweb FASTgate
CVE-2018-6022 (Directory traversal vulnerability in application/admin/controller/Main ...)
	NOT-FOR-US: NoneCms
CVE-2018-6021 (Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN)  ...)
	NOT-FOR-US: Silex Technology products
CVE-2018-6020 (In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 a ...)
	NOT-FOR-US: Silex Technology products
CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows man-in-th ...)
	NOT-FOR-US: Samsung Display Solutions App for Android
CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ap ...)
	NOT-FOR-US: Tinder
CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder Androi ...)
	NOT-FOR-US: Tinder
CVE-2018-6016 (Unquoted Windows search path vulnerability in the srvInventoryWebServe ...)
	NOT-FOR-US: 10-Strike Network Monitor
CVE-2018-6015 (An issue was discovered in the "Email Subscribers &amp; Newsletters" p ...)
	NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain="*" Flash cro ...)
	NOT-FOR-US: Subsonic
CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users t ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-6012 (The 'Weather Service' feature of the Green Electronics RainMachine Min ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6011 (The time-based one-time-password (TOTP) function in the application lo ...)
	NOT-FOR-US: Green Electronics
CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain pote ...)
	- yii <itp> (bug #597899)
CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in web ...)
	- yii <itp> (bug #597899)
CVE-2018-6008 (Arbitrary File Download exists in the Jtag Members Directory 5.3.7 com ...)
	NOT-FOR-US: Jtag Members Directory component for Joomla!
CVE-2018-6007 (CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and a ...)
	NOT-FOR-US: Support Ticket component for Joomla!
CVE-2018-6006 (SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via t ...)
	NOT-FOR-US: JS Autoz component for Joomla!
CVE-2018-6005 (SQL Injection exists in the Realpin through 1.5.04 component for Jooml ...)
	NOT-FOR-US: Realpin component for Joomla!
CVE-2018-6004 (SQL Injection exists in the File Download Tracker 3.0 component for Jo ...)
	NOT-FOR-US: File Download Tracker component for Joomla!
CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in dec ...)
	{DSA-4106-1}
	- libtasn1-6 4.13-2
	[jessie] - libtasn1-6 <not-affected> (Vulnerable code introduced in 4.3)
	- libtasn1-3 <not-affected> (Vulnerable code introduced in 4.3)
	NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2018-01/msg00000.html
	NOTE: Affected function introduced in: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9 (libtasn1_4_3)
	NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97 (libtasn1_4_13)
CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has Cro ...)
	NOT-FOR-US: Soundy Background Music plugin for WordPress
CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross ...)
	NOT-FOR-US: Soundy Audio Playlist plugin for WordPress
CVE-2018-6000 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vp ...)
	NOT-FOR-US: AsusWRT
CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the ha ...)
	NOT-FOR-US: AsusWRT
CVE-2018-5998
	RESERVED
CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.0 ...)
	NOT-FOR-US: RAVPower Filehub
CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authentication data ...)
	{DSA-4098-1 DLA-1263-1}
	- curl 7.58.0-1
	NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
	NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
CVE-2018-5996 (Insufficient exception handling in the method NCompress::NRar3::CDecod ...)
	- p7zip-rar 16.02-2 (bug #888314)
	[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
	[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
	[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
	NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
CVE-2018-5995 (The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel ...)
	{DSA-4497-1 DLA-1885-1 DLA-1799-1}
	- linux 4.15.4-1
CVE-2018-5994 (SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via th ...)
	NOT-FOR-US: JS Jobs component for Joomla!
CVE-2018-5993 (SQL Injection exists in the Aist through 2.0 component for Joomla! via ...)
	NOT-FOR-US: Aist component for Joomla!
CVE-2018-5992 (SQL Injection exists in the Staff Master through 1.0 RC 1 component fo ...)
	NOT-FOR-US: Staff Master component for Joomla!
CVE-2018-5991 (SQL Injection exists in the Form Maker 3.6.12 component for Joomla! vi ...)
	NOT-FOR-US: Form Maker component for Joomla!
CVE-2018-5990 (SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joo ...)
	NOT-FOR-US: AllVideos Reloaded component for Joomla!
CVE-2018-5989 (SQL Injection exists in the ccNewsletter 2.x component for Joomla! via ...)
	NOT-FOR-US: ccNewsletter component for Joomla!
CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobi ...)
	NOT-FOR-US: Flexible Poll
CVE-2018-5987 (SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 compon ...)
	NOT-FOR-US: Pinterest Clone Social Pinboard component for Joomla!
CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or s_row  ...)
	NOT-FOR-US: Easy Car Script
CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Jooml ...)
	NOT-FOR-US: LiveCRM SaaS Cloud
CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 comp ...)
	NOT-FOR-US: Tumder
CVE-2018-5983 (SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joom ...)
	NOT-FOR-US: JquickContact component for Joomla!
CVE-2018-5982 (SQL Injection exists in the Advertisement Board 3.1.0 component for Jo ...)
	NOT-FOR-US: Advertisement Board component for Joomla!
CVE-2018-5981 (SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via ...)
	NOT-FOR-US: Gallery WD component for Joomla!
CVE-2018-5980 (SQL Injection exists in the Solidres 2.5.1 component for Joomla! via t ...)
	NOT-FOR-US: Solidres component for Joomla!
CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1. ...)
	NOT-FOR-US: Wchat Fully Responsive PHP AJAX Chat Script
CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via th ...)
	NOT-FOR-US: Facebook Style Php Ajax Chat Zechat
CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop Management Syste ...)
	NOT-FOR-US: Affiligator Affiliate Webshop Management System
CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 ...)
	NOT-FOR-US: RSVP Invitation Online
CVE-2018-5975 (SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! ...)
	NOT-FOR-US: Smart Shoutbox component for Joomla!
CVE-2018-5974 (SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! ...)
	NOT-FOR-US: SimpleCalendar component for Joomla!
CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 via th ...)
	NOT-FOR-US: Professional Local Directory Script
CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keyword ...)
	NOT-FOR-US: Classified Ads CMS Quickad
CVE-2018-5971 (SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joo ...)
	NOT-FOR-US: MediaLibrary Free component for Joomla!
CVE-2018-5970 (SQL Injection exists in the JGive 2.0.9 component for Joomla! via the  ...)
	NOT-FOR-US: JGive component for Joomla!
CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via cl ...)
	NOT-FOR-US: Photography CMS
CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allo ...)
	{DSA-4114-1}
	- jackson-databind 2.9.4-1 (bug #888316)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
	NOTE: https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description paramete ...)
	NOT-FOR-US: Netis WF2419 V2.2.36123 devices
CVE-2018-5966
	RESERVED
CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0 ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has X ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of or ...)
	NOT-FOR-US: Zenario
CVE-2018-5959
	RESERVED
CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows loca ...)
	NOT-FOR-US: Zillya! Antivirus
CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows loca ...)
	NOT-FOR-US: Zillya! Antivirus
CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows loca ...)
	NOT-FOR-US: Zillya! Antivirus
CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled in ...)
	NOT-FOR-US: GitStack
CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a denial  ...)
	NOT-FOR-US: phpFreeChat
CVE-2018-5953 (The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel t ...)
	{DLA-1731-1}
	- linux 4.15.4-1
	[stretch] - linux 4.9.161-1
CVE-2018-5952
	RESERVED
CVE-2018-5951 (An issue was discovered in Mikrotik RouterOS. Crafting a packet that h ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in Mailman befo ...)
	{DSA-4108-1 DLA-1272-1}
	- mailman 1:2.1.26-1 (bug #888201)
	NOTE: https://mail.python.org/pipermail/mailman-users/2018-February/083011.html
	NOTE: Patch: https://launchpadlibrarian.net/355686141/options.patch
	NOTE: https://bugs.launchpad.net/mailman/+bug/1747209
CVE-2018-5949
	RESERVED
CVE-2018-5948
	RESERVED
CVE-2018-5947
	RESERVED
CVE-2018-5946
	RESERVED
CVE-2018-5945
	RESERVED
CVE-2018-5944
	RESERVED
CVE-2018-5943
	RESERVED
CVE-2018-5942
	RESERVED
CVE-2018-5941
	RESERVED
CVE-2018-5940
	RESERVED
CVE-2018-5939
	RESERVED
CVE-2018-5938
	RESERVED
CVE-2018-5937
	RESERVED
CVE-2018-5936
	RESERVED
CVE-2018-5935
	RESERVED
CVE-2018-5934
	RESERVED
CVE-2018-5933
	RESERVED
CVE-2018-5932
	RESERVED
CVE-2018-5931
	RESERVED
CVE-2018-5930
	RESERVED
CVE-2018-5929
	RESERVED
CVE-2018-5928
	RESERVED
CVE-2018-5927 (HP Support Assistant before 8.7.50.3 allows an unauthorized person wit ...)
	NOT-FOR-US: HP Support Assistant
CVE-2018-5926 (A potential vulnerability has been identified in HP Remote Graphics So ...)
	NOT-FOR-US: HP
CVE-2018-5925 (A security vulnerability has been identified with certain HP Inkjet pr ...)
	NOT-FOR-US: HP Inkjet printers
CVE-2018-5924 (A security vulnerability has been identified with certain HP Inkjet pr ...)
	NOT-FOR-US: HP Inkjet printers
CVE-2018-5923 (In HP LaserJet Enterprise, HP PageWide Enterprise, HP LaserJet Managed ...)
	NOT-FOR-US: HP
CVE-2018-5922
	RESERVED
CVE-2018-5921 (A potential security vulnerability has been identified with certain HP ...)
	NOT-FOR-US: HP printers
CVE-2018-5920
	RESERVED
CVE-2018-5919 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Android
CVE-2018-5918 (Possible buffer overflow in DRM Trusted application due to lack of che ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5917 (Possible buffer overflow in OEM crypto function due to improper input  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5916 (Buffer overread while decoding PDP modify request or network initiated ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5915 (Exception in Modem IP stack while processing IPv6 packet in snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5914 (Improper input validation in TZ led to array out of bound in TZ functi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5913 (A non-time constant function memcmp is used which creates a side chann ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5912 (Potential buffer overflow in Video due to lack of input validation in  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5911 (Buffer overflow in WLAN function due to improper check of buffer size  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5910 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5909 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5908 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5907 (Possible buffer overflow in msm_adsp_stream_callback_put due to lack o ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5906 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5905 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5904 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5903 (Out of bounds read occurs due to improper validation of array while pr ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5902
	RESERVED
CVE-2018-5901
	RESERVED
CVE-2018-5900
	RESERVED
CVE-2018-5899 (In Android releases from CAF using the linux kernel (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5898 (Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5897 (While reading the data from buffer in dci_process_ctrl_status() there  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5896 (In Android releases from CAF using the linux kernel (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5895 (Buffer over-read may happen in wma_process_utf_event() due to improper ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5894 (Improper Validation of Array Index in Multimedia While parsing an mp4  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5893 (While processing a message from firmware in htt_t2h_msg_handler_fast() ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5892 (The Touch Pal application can collect user behavior data without aware ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5891 (While processing modem SSR after IMS is registered, the IMS data daemo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5890 (If the fdt_totalsize is reported as 0 for the current device tree, it  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5889 (While processing a compressed kernel image, a buffer overflow can occu ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5888 (While processing the system path, an out of bounds access can occur in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5887 (While processing the USB StrSerialDescriptor array, an array index out ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5886 (A pointer in an ADSPRPC command is not properly validated in all Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5885 (While loading dynamic fonts, a buffer overflow may occur if the number ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5884 (Improper Access Control in Multimedia in Snapdragon Mobile and Snapdra ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5883 (Buffer overflow in WLAN driver event handlers due to improper validati ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5882 (While parsing a Flac file with a corrupted comment block, a buffer ove ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5881 (Improper validation of buffer length checks in the lwm2m device manage ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5880 (Improper data length check while processing an event report indication ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5879 (Improper length check while processing an MQTT message can lead to hea ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5878 (While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5877 (In the device programmer target-side code for firehose, a string may n ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5876 (While parsing an mp4 file, a buffer overflow can occur in Snapdragon A ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5875 (While parsing an mp4 file, an integer overflow leading to a buffer ove ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5874 (While parsing an mp4 file, a stack-based buffer overflow can occur in  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5873 (An issue was discovered in the __ns_get_path function in fs/nsfs.c in  ...)
	- linux 4.11.6-1
	[stretch] - linux 4.9.82-1+deb9u1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/073c516ff73557a8f7315066856c04b50383ac34
CVE-2018-5872 (While parsing over-the-air information elements in all Android release ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5871 (In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5870 (While loading a service image, an untrusted pointer dereference can oc ...)
	NOT-FOR-US: Snapdragon
CVE-2018-5869 (Improper input validation in the QTEE keymaster app can lead to invali ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5868 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5867 (Lack of checking input size can lead to buffer overflow In WideVine in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5866 (While processing logs, data is copied into a buffer pointed to by an u ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5865 (While processing a debug log event from firmware in all Android releas ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5864 (While processing a WMI_APFIND event in all Android releases from CAF u ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5863 (If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg802 ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5862 (In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5861 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5860 (In the MDSS driver in all Android releases(Android for MSM, Firefox OS ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5859 (Due to a race condition in the MDSS MDP driver in all Android releases ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5858 (In the audio debugfs in all Android releases from CAF using the Linux  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5857 (In the WCD CPE codec, a Use After Free condition can occur in all Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5856 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5855 (While padding or shrinking a nested wmi packet in all Android releases ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all Android r ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5853 (A race condition exists in a driver in all Android releases from CAF u ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5852
	RESERVED
CVE-2018-5851 (Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMP ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5850 (In the function csr_update_fils_params_rso(), insufficient validation  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5849 (Due to a race condition in the QTEECOM driver in all Android releases  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5848 (In the function wmi_set_ie(), the length validation code does not hand ...)
	{DLA-1731-1 DLA-1715-1}
	- linux 4.16.5-1
	[stretch] - linux 4.9.144-1
	NOTE: Fixed by: https://git.kernel.org/linus/b5a8ffcae4103a9d823ea3aa3a761f65779fbe2a (4.16-rc1)
CVE-2018-5847 (Early or late retirement of rotation requests can result in a Use Afte ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5846 (A Use After Free condition can occur in the IPA driver whenever the IP ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5845 (A race condition in drm_atomic_nonblocking_commit() in the display dri ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5844 (In the video driver function set_output_buffers(), binfo can be access ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5843 (In the function wma_pdev_div_info_evt_handler() in all Android release ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5842 (An arbitrary address write can occur if a compromised WLAN firmware se ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5841 (dcc_curr_list is initialized with a default invalid value that is expe ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5840 (Buffer Copy without Checking Size of Input can occur during the DRM SD ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5839 (Improperly configured memory protection allows read/write access to mo ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5838 (Improper Validation of Array Index In the adreno OpenGL driver in Snap ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5837 (In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5836 (In wma_nan_rsp_event_handler() in Android releases from CAF using the  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5835 (If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in _ ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5834 (In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potential ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5833
	RESERVED
CVE-2018-5832 (Due to a race condition in a camera driver ioctl handler in Android re ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5831 (In the KGSL driver in Android releases from CAF using the linux kernel ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5830 (While processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, a buf ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5829 (In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF u ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5828 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5827 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5826 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5825 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5824 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5823 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5822 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5821 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5819 (An error within the "parse_sinar_ia()" function (internal/dcraw_common ...)
	{DLA-1734-1}
	- libraw 0.19.1-1
	[stretch] - libraw <no-dsa> (Minor issue)
	NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
	NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5818 (An error within the "parse_rollei()" function (internal/dcraw_common.c ...)
	{DLA-1734-1}
	- libraw 0.19.1-1
	[stretch] - libraw <no-dsa> (Minor issue)
	NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
	NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5817 (A type confusion error within the "unpacked_load_raw()" function withi ...)
	{DLA-1734-1}
	- libraw 0.19.1-1
	[stretch] - libraw <no-dsa> (Minor issue)
	NOTE: https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
	NOTE: https://github.com/LibRaw/LibRaw/commit/9eb76dc153f5acf42ec7325a33fe7ccdcadaf8d6
CVE-2018-5816 (An integer overflow error within the "identify()" function (internal/d ...)
	- libraw 0.18.13-1 (low)
	[stretch] - libraw <not-affected> (Fix for CVE-2018-5804 not released in stretch)
	[jessie] - libraw <not-affected> (Fix for CVE-2018-5804 not in jessie LTS)
	NOTE: http://seclists.org/bugtraq/2018/Jul/58
	NOTE: Issue caused by an incomplete fix for CVE-2018-5804
CVE-2018-5815 (An integer overflow error within the "parse_qt()" function (internal/d ...)
	- libraw 0.18.13-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: http://seclists.org/bugtraq/2018/Jul/58
CVE-2018-5814 (In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4. ...)
	{DLA-1423-1 DLA-1422-1}
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	NOTE: https://git.kernel.org/linus/22076557b07c12086eeb16b8ce2b0b735f7a27e7
	NOTE: https://git.kernel.org/linus/c171654caa875919be3c533d3518da8be5be966e
CVE-2018-5813 (An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibR ...)
	- libraw 0.18.11-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-13/
CVE-2018-5812 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5811 (An error within the "nikon_coolscan_load_raw()" function (internal/dcr ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5810 (An error within the "rollei_load_raw()" function (internal/dcraw_commo ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5809 (An error within the "LibRaw::parse_exif()" function (internal/dcraw_co ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
	NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5808 (An error within the "find_green()" function (internal/dcraw_common.cpp ...)
	{DLA-1734-1}
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/
	NOTE: https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9
CVE-2018-5807 (An error within the "samsung_load_raw()" function (internal/dcraw_comm ...)
	- libraw 0.18.11-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/
CVE-2018-5806 (An error within the "leaf_hdr_load_raw()" function (internal/dcraw_com ...)
	- libraw 0.18.8-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5805 (A boundary error within the "quicktake_100_load_raw()" function (inter ...)
	- libraw 0.18.8-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5804 (A type confusion error within the "identify()" function (internal/dcra ...)
	- libraw 0.18.8-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2018-03
CVE-2018-5803 (In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4 ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
CVE-2018-5802 (An error within the "kodak_radc_load_raw()" function (internal/dcraw_c ...)
	{DLA-1734-1}
	- libraw 0.18.7-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <ignored> (Minor issue)
	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5801 (An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) i ...)
	{DLA-1734-1}
	- libraw 0.18.7-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <ignored> (Minor issue)
	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5800 (An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" functi ...)
	{DLA-1734-1}
	- libraw 0.18.7-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <ignored> (Minor issue)
	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, ...)
	- electron <itp> (bug #842420)
	NOTE: Linux is not affected
	NOTE: https://electronjs.org/blog/protocol-handler-fix
	NOTE: https://nodesecurity.io/advisories/563
CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows ...)
	NOT-FOR-US: Zoho
CVE-2018-5798 (This CVE relates to an unspecified cross site scripting vulnerability  ...)
	NOT-FOR-US: Cloudera Manager
CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5796 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5795 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5794 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5793 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5792 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5791 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5790 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5789 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5788 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x b ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
	- lrzip 0.631+git180517-1 (bug #888506)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/91
CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bo ...)
	{DSA-4405-1}
	- openjpeg2 2.3.0-2 (low; bug #888533)
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1057
	NOTE: https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
	NOTE: vulnerable code introduced in
	NOTE: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8
CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the ...)
	{DSA-4349-1 DLA-1411-1 DLA-1391-1}
	- tiff 4.0.9-4 (bug #890441)
	- tiff3 <removed>
	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2772
	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef
CVE-2018-5783 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoD ...)
	- libpodofo 0.9.6+dfsg-4 (bug #916142)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/4/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1536179
	NOTE: https://sourceforge.net/p/podofo/code/1949
CVE-2018-5782 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5781 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5780 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5779 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1  ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1  ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2018-5775
	RESERVED
CVE-2018-5774
	RESERVED
CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) through 2. ...)
	NOT-FOR-US: python-markdown2 (not our markdown, different code base)
CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in MediaEle ...)
	- wordpress 4.9.2+dfsg-1 (bug #887596)
	[stretch] - wordpress <not-affected> (Vulnerable files have been removed before)
	[jessie] - wordpress <not-affected> (Vulnerable files have been removed before)
	[wheezy] - wordpress <not-affected> (Vulnerable files have been removed before)
	NOTE: For jessie and stretch version the files silverlightmediaelement.xap and
	NOTE: flashmediaelement.swf have been removed with the 4.1+dfsg-1 version.
	NOTE: sid in version 4.9.1+dfsg-1 did as well *not* have the files but track here the
	NOTE: final wordpress version 4.9.2 which finally removed the mediaelement files.
	NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
CVE-2018-5772 (In Exiv2 0.26, there is a segmentation fault caused by uncontrolled re ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #888862)
	NOTE: https://github.com/Exiv2/exiv2/issues/216
CVE-2018-5771
	RESERVED
CVE-2018-5770 (An issue was discovered on Tenda AC15 devices. A remote, unauthenticat ...)
	NOT-FOR-US: Tenda AC15 devices
CVE-2018-5769
	RESERVED
CVE-2018-5768 (A remote, unauthenticated attacker can gain remote code execution on t ...)
	NOT-FOR-US: Tenda AC15 router
CVE-2018-5767 (An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A rem ...)
	NOT-FOR-US: Tenda AC15 V15.03.1.16_multi devices
CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packet_ref ...)
	{DLA-1907-1}
	- libav <removed>
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1112
CVE-2018-5765
	RESERVED
CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before 3. ...)
	{DLA-1725-1 DLA-1247-1}
	- rsync 3.1.2-2.2 (bug #887588)
	[stretch] - rsync <no-dsa> (Minor issue)
	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7  ...)
	NOT-FOR-US: OXID eShop Enterprise Edition
CVE-2018-5762 (The TLS implementation in the TCP/IP networking module in Unisys Clear ...)
	NOT-FOR-US: Unisys ClearPath MCP systems
CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was found  ...)
	NOT-FOR-US: Rubrik CDM
CVE-2018-5760
	RESERVED
CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...)
	- mujs <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=4d45a96e57fbabf00a7378b337d0ddcace6f38c1
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698868
CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0. ...)
	NOT-FOR-US: Aurea Jive Jive-n
CVE-2018-5757 (An issue was discovered on AudioCodes 450HD IP Phone devices with firm ...)
	NOT-FOR-US: AudioCodes 450HD IP Phone devices
CVE-2018-5756 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5755 (Absolute path traversal vulnerability in the readerengine component in ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5754 (Cross-site scripting (XSS) vulnerability in the office-web component i ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5753 (The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31 ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5752 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5751 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, ...)
	NOT-FOR-US: Open-Xchange
CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux ke ...)
	{DSA-4187-1 DSA-4120-1 DLA-1369-1}
	- linux 4.15.4-1
	NOTE: https://patchwork.kernel.org/patch/10174835/
CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and P ...)
	NOT-FOR-US: Minecraft Servers List Lite
CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of s ...)
	{DLA-1315-1}
	- libvirt 4.0.0-1 (bug #887700)
	[stretch] - libvirt 3.0.0-4+deb9u2
	[jessie] - libvirt 1.2.9-9+deb8u5
	NOTE: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the  ...)
	- lrzip 0.631+git180517-1 (bug #898451)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/90
CVE-2018-5746
	REJECTED
CVE-2018-5745 ("managed-keys" is a feature which allows a BIND resolver to automatica ...)
	{DSA-4440-1 DLA-1697-1}
	- bind9 1:9.11.5.P4+dfsg-1 (low; bug #922954)
	NOTE: https://kb.isc.org/docs/cve-2018-5745
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/235a64a5a4c0143b183bd55f6ed756741d4d7880
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/38c2bdba0a5b785ef9f2da2329838b931754b3e4 (test)
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/f09352d20a9d360e50683cd1d2fc52ccedcd77a0
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/3022633d795bc9f04103ac9a354c026ce9b4eea3 (test)
CVE-2018-5744 (A failure to free memory can occur when processing messages having a s ...)
	- bind9 1:9.11.5.P4+dfsg-1 (bug #922953)
	[stretch] - bind9 <not-affected> (Vulnerable code introduced later; in .9.10 branch in 9.10.7 only)
	[jessie] - bind9 <not-affected> (Vulnerable code introduced later)
	NOTE: https://kb.isc.org/docs/cve-2018-5744
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/35025b6e88b726ae89caacbb312d1b40e5c20b4d
	NOTE: Test: https://gitlab.isc.org/isc-projects/bind9/commit/fe4810f1f8f75a4d5a96542fc6085109c94a3ee5
CVE-2018-5743 (By design, BIND is intended to limit the number of TCP clients that ca ...)
	{DSA-4440-1 DLA-1859-1}
	- bind9 1:9.11.5.P4+dfsg-4 (bug #927932)
	NOTE: https://kb.isc.org/docs/cve-2018-5743
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9689ffc485df8f971f0ad81ab8ab1f5389493776
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/55a7a458e30e47874d34bdf1079eb863a0512396
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9446629b730c59c4215f08d37fbaf810282fbccb
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/87d431161450777ea093821212abfb52d51b36e3
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/13f7c918b8720d890408f678bd73c20e634539d9
	NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/d01023aaac35543daffbdf48464e320150235d41
	NOTE: Additionally: https://lists.isc.org/pipermail/bind-users/2019-April/101673.html
	NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/1864.patch
CVE-2018-5742 (While backporting a feature for a newer branch of BIND9, RedHat introd ...)
	- bind9 <not-affected> (Introduced via RedHat specific backport of Negative Trust Anchor (NTA) feature)
	NOTE: https://www.openwall.com/lists/oss-security/2018/12/19/6
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1655844
	NOTE: https://bugs.centos.org/view.php?id=15528
	NOTE: Introduced by https://bugzilla.redhat.com/show_bug.cgi?id=1452091
CVE-2018-5741 (To provide fine-grained controls over the ability to use Dynamic DNS ( ...)
	- bind9 1:9.11.5+dfsg-1 (unimportant; bug #908595)
	NOTE: https://kb.isc.org/docs/cve-2018-5741
	NOTE: No code fix provided; Incorrect documentation of krb5-subdomain and ms-subdomain update policies.
	NOTE: Will be adressed in 9.11.5, 9.12.3
CVE-2018-5740 ("deny-answer-aliases" is a little-used feature intended to help recurs ...)
	{DLA-1485-1}
	- bind9 1:9.11.4.P1+dfsg-1 (bug #905743)
	[stretch] - bind9 <postponed> (Can be fixed along in the next DSA)
	NOTE: https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
	NOTE: https://gitlab.isc.org/isc-projects/bind9/merge_requests/607/commits
CVE-2018-5739 (An extension to hooks capabilities which debuted in Kea 1.4.0 introduc ...)
	- isc-kea <not-affected> (Vulnerable code introduced in Kea 1.4.0)
	NOTE: https://kb.isc.org/article/AA-01626
	NOTE: 1.4.0-1 was uploaded to experimental as https://tracker.debian.org/news/973011
	NOTE: Tracking bug as #903729 with RC severity so this version does
	NOTE: not enter unstable without fix.
CVE-2018-5738 (Change #4777 (introduced in October 2017) introduced an unforeseen iss ...)
	- bind9 1:9.11.3+dfsg-2 (bug #901483)
	[stretch] - bind9 <not-affected> (Vulnerable code introduced later)
	[jessie] - bind9 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by upstream change #4777
	NOTE: Introduced by: https://gitlab.isc.org/isc-projects/bind9/commit/89636d8f305956ad42e95a988502c7345e85ffe1
	NOTE: https://kb.isc.org/article/AA-01616/0/CVE-2018-5738
CVE-2018-5737 (A problem with the implementation of the new serve-stale feature in BI ...)
	- bind9 <not-affected> (only affects 9.12, not yet packaged)
	NOTE: https://kb.isc.org/article/AA-01606
CVE-2018-5736 (An error in zone database reference counting can lead to an assertion  ...)
	- bind9 <not-affected> (only affects 9.12, not yet packaged)
	NOTE: https://kb.isc.org/article/AA-01602
CVE-2018-5735 (The Debian backport of the fix for CVE-2017-3137 leads to assertion fa ...)
	{DLA-1285-1}
	- bind9 1:9.9.3.dfsg.P2-1 (bug #889285)
	NOTE: Issue similar/closely related to the CVE-2017-3139 issue in Red Hat.
	NOTE: Mark as fixed version the 1:9.9.3.dfsg.P2-1 as the related code was
	NOTE: added upstream in 9.9.3b1. The issue though does not affect bind9 upstream
	NOTE: and is only triggered as described in #889285.
CVE-2018-5734 (While handling a particular type of malformed packet BIND erroneously  ...)
	- bind9 <not-affected> (Only affects Supported Preview Edition/Subscription Edition)
	NOTE: https://kb.isc.org/article/AA-01562/74/CVE-2018-5734
CVE-2018-5733 (A malicious client which is allowed to send very large amounts of traf ...)
	{DSA-4133-1 DLA-1313-1}
	- isc-dhcp 4.3.5-3.1 (bug #891785)
	NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733
	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47140
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=197b26f25309f947b97a83b8fdfc414b767798f8 (4.4.1)
	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-5732 (Failure to properly bounds-check a buffer used for processing DHCP opt ...)
	{DSA-4133-1 DLA-1313-1}
	- isc-dhcp 4.3.5-3.1 (bug #891786)
	NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47139
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1)
	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in  ...)
	- curl 7.58.0-1
	[stretch] - curl 7.52.1-5+deb9u4
	[jessie] - curl <not-affected> (Vulnerable code introduce later)
	[wheezy] - curl <not-affected> (Vulnerable code introduce later)
	NOTE: https://github.com/curl/curl/pull/2231
	NOTE: https://curl.haxx.se/docs/adv_2018-824a.html
	NOTE: Introduced by: https://github.com/curl/curl/commit/0761a51ee0551ad9e5
	NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch
CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the scannin ...)
	NOT-FOR-US: Heimdal PRO
CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
	{DLA-1643-1}
	- krb5 1.16.1-1 (bug #891869)
	[stretch] - krb5 <no-dsa> (Minor issue)
	[wheezy] - krb5 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with permission t ...)
	{DLA-1643-1}
	- krb5 1.16.1-1 (bug #891869)
	[stretch] - krb5 <no-dsa> (Minor issue)
	[wheezy] - krb5 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5727 (In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the o ...)
	- openjpeg2 2.3.1-1 (unimportant; bug #888532)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1053
	NOTE: https://github.com/rouault/openjpeg/commit/a1d32a596a94280178c44a55d7e
	NOTE: ubsan error (integer overflow), no security impact per se and unlikely
	NOTE: to trigger any security relevant issue
CVE-2018-5726 (MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain  ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5725 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configurati ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5724 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configurati ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5723 (MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1 ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5722
	RESERVED
CVE-2018-5721 (Stack-based buffer overflow in the ej_update_variables function in rou ...)
	NOT-FOR-US: ASUS routers
CVE-2018-5720 (An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Ran ...)
	NOT-FOR-US: DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices
CVE-2018-5719
	RESERVED
CVE-2018-5718 (Improper restriction of write operations within the bounds of a memory ...)
	NOT-FOR-US: SoftControl
CVE-2018-5717 (Memory write mechanism in NCR S2 Dispenser controller before firmware  ...)
	NOT-FOR-US: NCR S2 Dispenser controller
CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This vulnerab ...)
	NOT-FOR-US: Reprise License Manager
CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the quer ...)
	NOT-FOR-US: SugarCRM
CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allow ...)
	NOT-FOR-US: Malwarefox Anti-Malware
CVE-2018-5713 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allow ...)
	NOT-FOR-US: Malwarefox Anti-Malware
CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1 ...)
	{DSA-4081-1 DSA-4080-1 DLA-1251-1}
	- php7.1 7.1.13-1
	- php7.0 7.0.27-1
	- php5 <removed>
	NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74782
CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP bef ...)
	{DSA-4081-1 DSA-4080-1 DLA-1651-1 DLA-1248-1}
	- php7.1 7.1.13-1 (unimportant)
	- php7.0 7.0.27-1 (unimportant)
	- php5 <removed> (unimportant)
	- hhvm 3.24.7+dfsg-1
	NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75571
	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
	- libgd2 2.2.5-4.1 (bug #887485)
	[stretch] - libgd2 2.2.4-2+deb9u3
	NOTE: https://github.com/libgd/libgd/issues/420
	NOTE: https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
	- krb5 1.16.1-1 (bug #889685)
	[stretch] - krb5 <no-dsa> (Minor issue)
	[jessie] - krb5 <no-dsa> (Minor issue)
	[wheezy] - krb5 <not-affected> (all strlen() parameters are checked for NULL)
	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)
	NOTE: The CVE is a duplicate of the #891869 issue(s) due to reporter not
	NOTE: having coordinated with upstream and the CVE assignment ist sill for
	NOTE: slight different coverage. Thus keep it distinct (for now) and mark
	NOTE: CVE-2018-5710 issue as well as fixed once #891869 is adressed.
CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
	- krb5 <unfixed> (unimportant; bug #889684)
	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
	NOTE: non-issue, codepath is only run on trusted input, potential integer
	NOTE: overflow is non-issue
CVE-2018-5708 (An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on  ...)
	NOT-FOR-US: D-Link
CVE-2018-5707
	RESERVED
CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with  ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-5705 (Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected f ...)
	NOT-FOR-US: Reservo Image Hosting
CVE-2018-1000003 (Improper input validation bugs in DNSSEC validators components in Powe ...)
	- pdns-recursor 4.1.1-1
	[stretch] - pdns-recursor <not-affected> (Only affects 4.1)
	[jessie] - pdns-recursor <not-affected> (Only affects 4.1)
	[wheezy] - pdns-recursor <not-affected> (Only affects 4.1)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
CVE-2018-1000002 (Improper input validation bugs in DNSSEC validators components in Knot ...)
	- knot-resolver 1.5.2-1
	NOTE: https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html
	NOTE: prior to 1.5.1 memcached module was called kmemcached
CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use  ...)
	{DSA-4093-1 DLA-1253-1}
	- openocd 0.10.0-4 (bug #887488)
	NOTE: https://sourceforge.net/p/openocd/mailman/message/36188041/
	NOTE: http://openocd.zylin.com/4330
	NOTE: http://openocd.zylin.com/4331
	NOTE: http://openocd.zylin.com/4335
CVE-2018-5703 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux  ...)
	- linux 4.15.11-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2018/1/16/53
CVE-2018-5701 (In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys ...)
	NOT-FOR-US: Iolo System Shield AntiVirus and AntiSpyware
CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by authenticat ...)
	NOT-FOR-US: Winmail Server
CVE-2018-5699
	RESERVED
CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over ...)
	- r-cran-haven 1.1.1-1
	NOTE: https://github.com/WizardMac/ReadStat/issues/108
	NOTE: https://github.com/WizardMac/ReadStat/commit/79793dba3b665ff037ca60140441a6679a8971cf
CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to ...)
	NOT-FOR-US: Icy Phoenix
CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection ...)
	NOT-FOR-US: iJoomla com_adagency plugin for Joomla!
CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the ...)
	NOT-FOR-US: WpJobBoard plugin for WordPress
CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas Gudino ( ...)
	NOT-FOR-US: Nicolas Gudino (aka Asternic) Flash Operator Panel
CVE-2018-5693 (The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows lo ...)
	NOT-FOR-US: LinuxMagic MagicSpam extension for Plesk
CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `install ...)
	- piwigo <removed>
	NOTE: https://github.com/Piwigo/Piwigo/issues/847
	NOTE: https://github.com/Piwigo/Piwigo/commit/18e4b861992e8412fd70a3a7e0b2bf9b676c42ed
CVE-2018-5691 (SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` ...)
	NOT-FOR-US: SonicWall Global Management System
CVE-2018-5690 (Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclea ...)
	- dotclear <removed>
CVE-2018-5689 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear ...)
	- dotclear <removed>
CVE-2018-5688 (ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader  ...)
	NOT-FOR-US: ILIAS
CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings under ad ...)
	NOT-FOR-US: NewsBee CMS
CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and applicati ...)
	{DSA-4334-1 DLA-1838-1}
	- mupdf 1.13.0+ds1-1 (bug #887130)
	[wheezy] - mupdf <no-dsa> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
	NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not consider
	NOTE: EOF.
	NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079
CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ha ...)
	{DSA-4321-1 DLA-1456-1 DLA-1245-1}
	- graphicsmagick 1.3.27-4 (bug #887158)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/541/
	NOTE: Before 1.3.27, the problem only affects 32-bit architectures (i.e., 4-byte long) it
	NOTE: expanded to 64-bit architectures with upstream commit be5e89e6032d
CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ff_mov_r ...)
	- libav <removed>
	[jessie] - libav <not-affected> (vulnerable code is not present)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1110
CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged us ...)
	{DSA-4213-1 DLA-1497-1}
	- qemu 1:2.12~rc3+dfsg-1 (bug #887392)
	[wheezy] - qemu <postponed> (Minor issue, can be fixed along in next DLA)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Minor issue, can be fixed along in next DLA)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02131.html
CVE-2018-5682 (PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feat ...)
	NOT-FOR-US: PrestaShop
CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages &gt;  ...)
	NOT-FOR-US: PrestaShop
CVE-2018-5680 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5679 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5678 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5677 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5676 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5675 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5674 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit
CVE-2018-5673 (An issue was discovered in the booking-calendar plugin 2.1.7 for WordP ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5672 (An issue was discovered in the booking-calendar plugin 2.1.7 for WordP ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5671 (An issue was discovered in the booking-calendar plugin 2.1.7 for WordP ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5670 (An issue was discovered in the booking-calendar plugin 2.1.7 for WordP ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5669 (An issue was discovered in the read-and-understood plugin 2.1 for Word ...)
	NOT-FOR-US: read-and-understood plugin for WordPress
CVE-2018-5668 (An issue was discovered in the read-and-understood plugin 2.1 for Word ...)
	NOT-FOR-US: read-and-understood plugin for WordPress
CVE-2018-5667 (An issue was discovered in the read-and-understood plugin 2.1 for Word ...)
	NOT-FOR-US: read-and-understood plugin for WordPress
CVE-2018-5666 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5665 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5664 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5663 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5662 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5661 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5660 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5659 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5658 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5657 (An issue was discovered in the responsive-coming-soon-page plugin 1.1. ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5656 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 f ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5655 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 f ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5654 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 f ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5653 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 f ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5652 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...)
	NOT-FOR-US: dark-mode plugin for WordPress
CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...)
	NOT-FOR-US: dark-mode plugin for WordPress
CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and app ...)
	- lrzip 0.631+git180517-1 (bug #887065)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/88
	NOTE: https://github.com/ckolivas/lrzip/commit/50cfb3b9f68c7458822795e8b87a07dc06b39816
CVE-2018-5649
	RESERVED
CVE-2018-5648
	RESERVED
CVE-2018-5647
	RESERVED
CVE-2018-5646
	RESERVED
CVE-2018-5645
	RESERVED
CVE-2018-5644
	RESERVED
CVE-2018-5643
	RESERVED
CVE-2018-5642
	RESERVED
CVE-2018-5641
	RESERVED
CVE-2018-5640
	RESERVED
CVE-2018-5639
	RESERVED
CVE-2018-5638
	RESERVED
CVE-2018-5637
	RESERVED
CVE-2018-5636
	RESERVED
CVE-2018-5635
	RESERVED
CVE-2018-5634
	RESERVED
CVE-2018-5633
	RESERVED
CVE-2018-5632
	RESERVED
CVE-2018-5631
	RESERVED
CVE-2018-5630
	RESERVED
CVE-2018-5629
	RESERVED
CVE-2018-5628
	RESERVED
CVE-2018-5627
	RESERVED
CVE-2018-5626
	RESERVED
CVE-2018-5625
	RESERVED
CVE-2018-5624
	RESERVED
CVE-2018-5623
	RESERVED
CVE-2018-5622
	RESERVED
CVE-2018-5621
	RESERVED
CVE-2018-5620
	RESERVED
CVE-2018-5619
	RESERVED
CVE-2018-5618
	RESERVED
CVE-2018-5617
	RESERVED
CVE-2018-5616
	RESERVED
CVE-2018-5615
	RESERVED
CVE-2018-5614
	RESERVED
CVE-2018-5613
	RESERVED
CVE-2018-5612
	RESERVED
CVE-2018-5611
	RESERVED
CVE-2018-5610
	RESERVED
CVE-2018-5609
	RESERVED
CVE-2018-5608
	RESERVED
CVE-2018-5607
	RESERVED
CVE-2018-5606
	RESERVED
CVE-2018-5605
	RESERVED
CVE-2018-5604
	RESERVED
CVE-2018-5603
	RESERVED
CVE-2018-5602
	RESERVED
CVE-2018-5601
	RESERVED
CVE-2018-5600
	RESERVED
CVE-2018-5599
	RESERVED
CVE-2018-5598
	RESERVED
CVE-2018-5597
	RESERVED
CVE-2018-5596
	RESERVED
CVE-2018-5595
	RESERVED
CVE-2018-5594
	RESERVED
CVE-2018-5593
	RESERVED
CVE-2018-5592
	RESERVED
CVE-2018-5591
	RESERVED
CVE-2018-5590
	RESERVED
CVE-2018-5589
	RESERVED
CVE-2018-5588
	RESERVED
CVE-2018-5587
	RESERVED
CVE-2018-5586
	RESERVED
CVE-2018-5585
	RESERVED
CVE-2018-5584
	RESERVED
CVE-2018-5583
	RESERVED
CVE-2018-5582
	RESERVED
CVE-2018-5581
	RESERVED
CVE-2018-5580
	RESERVED
CVE-2018-5579
	RESERVED
CVE-2018-5578
	RESERVED
CVE-2018-5577
	RESERVED
CVE-2018-5576
	RESERVED
CVE-2018-5575
	RESERVED
CVE-2018-5574
	RESERVED
CVE-2018-5573
	RESERVED
CVE-2018-5572
	RESERVED
CVE-2018-5571
	RESERVED
CVE-2018-5570
	RESERVED
CVE-2018-5569
	RESERVED
CVE-2018-5568
	RESERVED
CVE-2018-5567
	RESERVED
CVE-2018-5566
	RESERVED
CVE-2018-5565
	RESERVED
CVE-2018-5564
	RESERVED
CVE-2018-5563
	RESERVED
CVE-2018-5562
	RESERVED
CVE-2018-5561
	RESERVED
CVE-2018-5560 (A reliance on a static, hard-coded credential in the design of the clo ...)
	NOT-FOR-US: Guardzilla
CVE-2018-5559 (In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are  ...)
	NOT-FOR-US: Rapid7 Komand
CVE-2018-5558
	RESERVED
CVE-2018-5557
	RESERVED
CVE-2018-5556
	RESERVED
CVE-2018-5555
	RESERVED
CVE-2018-5554
	RESERVED
CVE-2018-5553 (The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS- ...)
	NOT-FOR-US: Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices
CVE-2018-5552 (Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLI ...)
	NOT-FOR-US: DocuTrac QuicDoc and Office Therapy
CVE-2018-5551 (Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLI ...)
	NOT-FOR-US: DocuTrac QuicDoc and Office Therapy
CVE-2018-5550 (Versions of Epson AirPrint released prior to January 19, 2018 contain  ...)
	NOT-FOR-US: Epson AirPrint
CVE-2018-5549 (On BIG-IP APM 11.6.0-11.6.3.1, 12.1.0-12.1.3.3, 13.0.0, and 13.1.0-13. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5548 (On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5547 (Windows Logon Integration feature of F5 BIG-IP APM client prior to ver ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5546 (The svpn and policyserver components of the F5 BIG-IP APM client prior ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5545 (On F5 WebSafe Alert Server 1.0.0-4.2.6, a malicious, authenticated use ...)
	NOT-FOR-US: F5 WebSafe Alert Server
CVE-2018-5544 (When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5543 (The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) p ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5542 (F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS hea ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5541 (When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1,  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5540 (On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5539 (Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5538 (On F5 BIG-IP DNS 13.1.0-13.1.0.7, 12.1.3-12.1.3.5, DNS Express / DNS Z ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5537 (A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5536 (A remote attacker via undisclosed measures, may be able to exploit an  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5535 (On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 sp ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5534 (Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0- ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5533 (Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5532 (On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5531 (Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5530 (F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5529 (The svpn component of the F5 BIG-IP APM client prior to version 7.1.7  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5528 (Under certain conditions, TMM may restart and produce a core file whil ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5527 (On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5526 (Under certain conditions, on F5 BIG-IP ASM 13.1.0-13.1.0.5, Behavioral ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5525 (A local file vulnerability exists in the F5 BIG-IP Configuration utili ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5524 (Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5523 (On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5522 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5521 (On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 s ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, adm ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5518 (On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5517 (On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5516 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enter ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses fr ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frame ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5513 (On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.3, 11.6.1-11.6.3.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrat ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5510 (On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel (TM ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5509 (On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5508 (On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.5 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5507 (On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or 11.5. ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5506 (In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 t ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5505 (On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both pro ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5504 (In some circumstances, the Traffic Management Microkernel (TMM) does n ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5503 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may  ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5502 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disr ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5501 (In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5499 (ATTO FibreBridge 7500N firmware version 2.95 is susceptible to a vulne ...)
	NOT-FOR-US: ATTO FibreBridge 7500N firmware
CVE-2018-5498 (Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vul ...)
	NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5497 (Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are su ...)
	NOT-FOR-US: Clustered Data ONTAP
CVE-2018-5496 (Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptib ...)
	NOT-FOR-US: Data ONTAP
CVE-2018-5495 (All StorageGRID Webscale versions are susceptible to a vulnerability w ...)
	NOT-FOR-US: NetApp
CVE-2018-5494
	RESERVED
CVE-2018-5493 (ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible ...)
	NOT-FOR-US: ATTO
CVE-2018-5492 (NetApp E-Series SANtricity OS Controller Software 11.30 and later vers ...)
	NOT-FOR-US: NetApp
CVE-2018-5491
	REJECTED
CVE-2018-5490 (Read-Only export policy rules are not correctly enforced in Clustered  ...)
	NOT-FOR-US: NetApp Data ONTAP
CVE-2018-5489 (NetApp 7-Mode Transition Tool allows users with valid credentials to a ...)
	NOT-FOR-US: NetApp
CVE-2018-5488 (NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2 ...)
	NOT-FOR-US: NetApp SANtricity Web Services Proxy
CVE-2018-5487 (NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 sh ...)
	NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 shi ...)
	NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
CVE-2018-5485 (NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3  ...)
	NOT-FOR-US: NetApp OnCommand Unified Manager for Windows
CVE-2018-5484
	REJECTED
CVE-2018-5483
	RESERVED
CVE-2018-5482 (NetApp SnapCenter Server prior to 4.1 does not set the secure flag for ...)
	NOT-FOR-US: NetApp SnapCenter Server
CVE-2018-5481 (OnCommand Unified Manager for 7-Mode (core package) prior to 5.2.4 use ...)
	NOT-FOR-US: OnCommand Unified Manager
CVE-2018-5480
	REJECTED
CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is vulnerable ...)
	NOT-FOR-US: FoxSash ImgHosting
CVE-2018-5478
	RESERVED
CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS Web Appl ...)
	NOT-FOR-US: ABB netCADOPS Web Application
CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta Electronic ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-5475 (A Stack-based Buffer Overflow issue was discovered in GE D60 Line Dist ...)
	NOT-FOR-US: GE D60 Line Distance Relay devices
CVE-2018-5474 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5473 (An Improper Restriction of Operations within the Bounds of a Memory Bu ...)
	NOT-FOR-US: GE D60 Line Distance Relay devices
CVE-2018-5472 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insec ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5471 (A Cleartext Transmission of Sensitive Information issue was discovered ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5470 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an u ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5469 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5468 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5467 (An Information Exposure Through Query Strings in GET Request issue was ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5466 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a se ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5465 (A Session Fixation issue was discovered in Belden Hirschmann RS, RSR,  ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5464 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an u ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5463 (A structured exception handler overflow vulnerability in Leao Consulto ...)
	NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA
CVE-2018-5462 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an S ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in Belden Hirsc ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5460
	RESERVED
CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 Series  ...)
	NOT-FOR-US: WAGO PFC200
CVE-2018-5458 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vu ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire Medi ...)
	NOT-FOR-US: Vyaire Medical CareFusion Upgrade Utility
CVE-2018-5456
	RESERVED
CVE-2018-5455 (A Reliance on Cookies without Validation and Integrity Checking issue  ...)
	NOT-FOR-US: Moxa
CVE-2018-5454 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vu ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was disco ...)
	NOT-FOR-US: Moxa
CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process  ...)
	NOT-FOR-US: Emerson Process Management ControlWave Micro Process Automation Controller
CVE-2018-5451 (In Philips Alice 6 System version R8.0.2 or prior, when an actor claim ...)
	NOT-FOR-US: Philips Alice 6 System
CVE-2018-5450
	RESERVED
CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell G3100-H ...)
	NOT-FOR-US: Moxa
CVE-2018-5448 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
	NOT-FOR-US: Medtronic
CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 rel ...)
	NOT-FOR-US: Nari PCS-9611 relay
CVE-2018-5446 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
	NOT-FOR-US: Medtronic
CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ver ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2018-5444
	RESERVED
CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA vers ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2018-5442 (A Stack-based Buffer Overflow issue was discovered in Fuji Electric V- ...)
	NOT-FOR-US: Fuji Electric V-Server VPR
CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered i ...)
	NOT-FOR-US: PHOENIX CONTACT mGuard firmware
CVE-2018-5440 (A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS ...)
	NOT-FOR-US: 3S-Smart
CVE-2018-5439 (A Command Injection issue was discovered in Nortek Linear eMerge E3 se ...)
	NOT-FOR-US: Nortek Linear eMerge E3 series
CVE-2018-5438 (Philips ISCV application prior to version 2.3.0 has an insufficient se ...)
	NOT-FOR-US: Philips ISCV application
CVE-2018-5437 (The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client compone ...)
	NOT-FOR-US: TIBCO Spotfire
CVE-2018-5436 (The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire  ...)
	NOT-FOR-US: TIBCO Spotfire
CVE-2018-5435 (The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client compone ...)
	NOT-FOR-US: TIBCO Spotfire
CVE-2018-5434 (The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Ag ...)
	NOT-FOR-US: TIBCO Runtime Agent
CVE-2018-5433 (The TIBCO Administrator server component of TIBCO Software Inc.'s TIBC ...)
	NOT-FOR-US: TIBCO Administrator
CVE-2018-5432 (The TIBCO Administrator server component of of TIBCO Software Inc.'s T ...)
	NOT-FOR-US: TIBCO Administrator
CVE-2018-5431 (The domain designer component of TIBCO Software Inc.'s TIBCO JasperRep ...)
	- jasperreports <undetermined>
	[jessie] - jasperreports <end-of-life> (not supported in Jessie)
	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
	NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431
CVE-2018-5430 (The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Serv ...)
	- jasperreports <undetermined>
	[jessie] - jasperreports <end-of-life> (not supported in Jessie)
	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
	NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430
CVE-2018-5429 (A vulnerability in the report scripting component of TIBCO Software In ...)
	- jasperreports <undetermined>
	[jessie] - jasperreports <end-of-life> (not supported in Jessie)
	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
	NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429
CVE-2018-5428 (The version control adapters component of TIBCO Data Virtualization (f ...)
	NOT-FOR-US: TIBCO Data Virtualization
CVE-2018-5427
	REJECTED
CVE-2018-5426
	REJECTED
CVE-2018-5425
	REJECTED
CVE-2018-5424
	REJECTED
CVE-2018-5423
	REJECTED
CVE-2018-5422
	REJECTED
CVE-2018-5421
	REJECTED
CVE-2018-5420
	REJECTED
CVE-2018-5419
	REJECTED
CVE-2018-5418
	REJECTED
CVE-2018-5417
	REJECTED
CVE-2018-5416
	REJECTED
CVE-2018-5415
	REJECTED
CVE-2018-5414
	REJECTED
CVE-2018-5413 (Imperva SecureSphere running v13.0, v12.0, or v11.5 allows low privile ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-5412 (Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitra ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-5411 (Pixar's Tractor software, versions 2.2 and earlier, contain a stored c ...)
	NOT-FOR-US: Pixar Tractor
CVE-2018-5410 (Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a ...)
	NOT-FOR-US: Dokan
CVE-2018-5409 (The PrinterLogic Print Management software, versions up to and includi ...)
	NOT-FOR-US: PrinterLogic Print Management software
CVE-2018-5408 (The PrinterLogic Print Management software, versions up to and includi ...)
	NOT-FOR-US: PrinterLogic Print Management software
CVE-2018-5407 (Simultaneous Multi-threading (SMT) in processors can enable local user ...)
	{DSA-4355-1 DSA-4348-1 DLA-1586-1}
	- openssl 1.1.1~~pre9-1
	- openssl1.0 1.0.2q-1
	NOTE: https://www.openssl.org/news/secadv/20181112.txt
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b18162a7c9bbfb57112459a4d6631fa258fd8c0c
	NOTE: https://www.openwall.com/lists/oss-security/2018/11/01/4
	NOTE: https://github.com/bbbrumley/portsmash
	NOTE: This is not an issue in software but in a hardware issue. Issue can be
	NOTE: mitigated e.g. for OpenSSL.
CVE-2018-5406 (The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a re ...)
	NOT-FOR-US: Quest Kace K1000 Appliance
CVE-2018-5405 (The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an a ...)
	NOT-FOR-US: Quest Kace K1000 Appliance
CVE-2018-5404 (The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an a ...)
	NOT-FOR-US: Quest Kace K1000 Appliance
CVE-2018-5403 (Imperva SecureSphere gateway (GW) running v13, for both pre-First Time ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2018-5402 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
	NOT-FOR-US: Auto-Maskin
CVE-2018-5401 (The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App ...)
	NOT-FOR-US: Auto-Maskin
CVE-2018-5400 (The Auto-Maskin products utilize an undocumented custom protocol to se ...)
	NOT-FOR-US: Auto-Maskin
CVE-2018-5399 (The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SS ...)
	NOT-FOR-US: Auto-Maskin
CVE-2018-5398
	RESERVED
CVE-2018-5397
	RESERVED
CVE-2018-5396
	RESERVED
CVE-2018-5395
	RESERVED
CVE-2018-5394
	RESERVED
CVE-2018-5393 (The TP-LINK EAP Controller is TP-LINK's software for remotely controll ...)
	NOT-FOR-US: TP-LINK
CVE-2018-5392 (mingw-w64 version 5.0.4 by default produces executables that opt in to ...)
	- mingw-w64 <unfixed> (unimportant; bug #968277)
	NOTE: https://sourceforge.net/p/mingw-w64/mailman/message/31034877/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17321
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19011
	NOTE: https://www.kb.cert.org/vuls/id/307144 (describes workaround)
CVE-2018-5391 (The Linux kernel, versions 3.9+, is vulnerable to a denial of service  ...)
	{DSA-4272-1 DLA-1715-1 DLA-1529-1 DLA-1466-1}
	- linux 4.17.15-1
	NOTE: Mitigation: Change the default values of net.ipv4.ipfrag_high_thresh and
	NOTE: net.ipv4.ipfrag_low_thresh back to 256kB and 192 kB (respectively) or
	NOTE: below.
CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive calls  ...)
	{DSA-4266-1 DLA-1466-1}
	- linux 4.17.14-1 (bug #905751)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.kb.cert.org/vuls/id/962459
CVE-2018-5389 (The Internet Key Exchange v1 main mode is vulnerable to offline dictio ...)
	- strongswan <unfixed> (unimportant)
	- libreswan <unfixed> (unimportant)
	- ipsec-tools <unfixed> (unimportant)
	- isakmpd <unfixed> (unimportant)
	NOTE: https://www.usenix.org/conference/usenixsecurity18/presentation/felsch
	NOTE: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf
	NOTE: https://www.usenix.org/sites/default/files/conference/protected-files/security18_slides_felsch.pdf
	NOTE: vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-key cryptography
CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet length ...)
	{DSA-4229-1}
	- strongswan 5.6.3-1
	[stretch] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
	[jessie] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
	[wheezy] - strongswan <no-dsa> (needs root priv for access to the stroke socket)
	NOTE: https://www.kb.cert.org/vuls/id/338343
	NOTE: https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4
	NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html
	NOTE: https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html
CVE-2018-5387 (Wizkunde SAMLBase may incorrectly utilize the results of XML DOM trave ...)
	NOT-FOR-US: Wizkunde SAMLBase
CVE-2018-5386 (Some Navarino Infinity functions, up to version 2.2, placed in the URL ...)
	NOT-FOR-US: Navarino Infinity
CVE-2018-5385 (Navarino Infinity is prone to session fixation attacks. The server acc ...)
	NOT-FOR-US: Navarino Infinity
CVE-2018-5384 (Navarino Infinity web interface up to version 2.2 exposes an unauthent ...)
	NOT-FOR-US: Navarino Infinity
CVE-2018-5383 (Bluetooth firmware or operating system software drivers in macOS versi ...)
	{DLA-1747-1}
	- firmware-nonfree 20190114-1
	[stretch] - firmware-nonfree 20161130-5
	NOTE: http://www.cs.technion.ac.il/~biham/BT/
CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that i ...)
	- bouncycastle 1.48+dfsg-2
	[wheezy] - bouncycastle <ignored> (this only affects the integrity verification and not the content of the BKS keystore)
	NOTE: https://insights.sei.cmu.edu/cert/2018/03/the-curious-case-of-the-bouncy-castle-bks-passwords.html
	NOTE: https://www.kb.cert.org/vuls/id/306792
	NOTE: Issue fixed in 1.47 upstream. The default MAC for a BKS key store was
	NOTE: 2 bytes before and has been upgraded to 20 bytes.
CVE-2018-5381 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its p ...)
	{DSA-4115-1 DLA-1286-1}
	- quagga 1.2.4-1 (bug #890563)
	NOTE: https://www.quagga.net/security/Quagga-2018-1975.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=ce07207c50a3d1f05d6dd49b5294282e59749787
CVE-2018-5380 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun intern ...)
	{DSA-4115-1 DLA-1286-1}
	- quagga 1.2.4-1 (bug #890563)
	NOTE: https://www.quagga.net/security/Quagga-2018-1550.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=9e5251151894aefdf8e9392a2371615222119ad8
CVE-2018-5379 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free me ...)
	{DSA-4115-1 DLA-1286-1}
	- quagga 1.2.4-1 (bug #890563)
	NOTE: https://www.quagga.net/security/Quagga-2018-1114.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=e69b535f92eafb599329bf725d9b4c6fd5d7fded
CVE-2018-5378 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly  ...)
	- quagga 1.2.4-1 (bug #890563)
	[stretch] - quagga 1.1.1-3+deb9u2
	[jessie] - quagga <not-affected> (Vulnerable code not present)
	[wheezy] - quagga <not-affected> (Vulnerable code not present)
	NOTE: https://www.quagga.net/security/Quagga-2018-0543.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=cc2e6770697e343f4af534114ab7e633d5beabec
CVE-2018-5377 (Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.ph ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5702 (Transmission through 2.92 relies on X-Transmission-Session-Id (which i ...)
	{DSA-4087-1 DLA-1246-1}
	- transmission 2.92-3 (bug #886990)
	NOTE: https://www.openwall.com/lists/oss-security/2018/01/12/1
	NOTE: https://github.com/transmission/transmission/pull/468
	NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
CVE-2018-5374 (The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Inj ...)
	NOT-FOR-US: Dbox 3D Slider Lite plugin for WordPress
CVE-2018-5373 (The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection ...)
	NOT-FOR-US: Smooth Slider plugin for WordPress
CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Inje ...)
	NOT-FOR-US: Testimonial Slider plugin for WordPress
CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME ...)
	NOT-FOR-US: D-Link
CVE-2018-5370 (BizLogic xnami 1.0 has XSS via the comment parameter in an addComment  ...)
	NOT-FOR-US: BizLogic xnami
CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslat ...)
	NOT-FOR-US: SrbTransLatin plugin for WordPress
CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtransla ...)
	NOT-FOR-US: SrbTransLatin plugin for WordPress
CVE-2018-5367 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5366 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5365 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5364 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5363 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_optio ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options. ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstr ...)
	- tiff 4.0.6-3
	[jessie] - tiff <no-dsa> (Minor issue, duplicate of CVE-2014-8127)
	- tiff3 <undetermined>
	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
	NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
	NOTE: Same issue as http://bugzilla.maptools.org/show_bug.cgi?id=2500 (CVE-2014-8127)
	NOTE: fixed as per 2016-10-25 (first release to ship the patch seems to be 4.0.7)
	NOTE: https://gitlab.com/libtiff/libtiff/commit/739dcd28a061738b317c1e9f91029d9cbc157159
CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be e ...)
	NOT-FOR-US: Flexense SysGauge
CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/939
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e72d445220287727d7886a5f17a10caf944a802
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed80c93e4cbf2727ead75fd8bd5e5d9ecbe762f9
CVE-2018-5357 (ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/941
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4b60459202805cb4c9a96cdeeb70db594b1d3c72
	NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/152d81b91fc83d72da1989518685b1d70fc5e60a
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fcce81295235f39aace870e1ed4785eec40790c1
CVE-2018-5356
	RESERVED
CVE-2018-5355
	RESERVED
CVE-2018-5354 (The custom GINA/CP module in ANIXIS Password Reset Client before versi ...)
	NOT-FOR-US: ANIXIS
CVE-2018-5353 (The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus befo ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2018-5352
	RESERVED
CVE-2018-5351
	RESERVED
CVE-2018-5350
	RESERVED
CVE-2018-5349 (A vulnerability has been found in Heimdal PRO v2.2.190, but it is most ...)
	NOT-FOR-US: Heimdal PRO
CVE-2018-5348
	RESERVED
CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticated com ...)
	NOT-FOR-US: Seagate Media Server in Seagate Personal Cloud
CVE-2018-5346
	RESERVED
CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ra ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of getcwd()  ...)
	- glibc 2.26-4 (bug #887001)
	[stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
	[jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
	- eglibc <removed>
	[wheezy] - eglibc <postponed> (Minor issue, can be fixed along in next DSA)
	NOTE: https://www.openwall.com/lists/oss-security/2018/01/11/5
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be e ...)
	{DSA-4095-1}
	- gcab 0.7-7 (bug #887776)
	NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b
CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles l ...)
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	[wheezy] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
CVE-2018-5343
	RESERVED
CVE-2018-5342 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5341 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5340 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5339 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5338 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5337 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124  ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5336 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, X ...)
	{DSA-4101-1 DLA-1258-1}
	- wireshark 2.4.4-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-01.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14253
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f4c95cf46ba6adbd10b09747e10742801bc706b
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6702e49a9720d173246668495eece6d77eca5b0
CVE-2018-5335 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector cou ...)
	{DSA-4101-1 DLA-1258-1}
	- wireshark 2.4.4-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-04.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07
CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file p ...)
	{DSA-4101-1 DLA-1258-1}
	- wireshark 2.4.4-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-03.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d
CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in n ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
CVE-2018-5332 (In the Linux kernel through 3.2, the rds_message_alloc_sgs() function  ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c
CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/s ...)
	NOT-FOR-US: Discuz!
CVE-2018-5330 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of s ...)
	NOT-FOR-US: ZyXEL
CVE-2018-5329 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Re ...)
	NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2018-5328 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /User ...)
	NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2018-5327 (Cheetah Mobile Armorfly Browser &amp; Downloader 1.1.05.0010, when ins ...)
	NOT-FOR-US: Cheetah Mobile Armorfly Browser & Downloader
CVE-2018-5326 (Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified  ...)
	NOT-FOR-US: Cheetah Mobile CM Browser
CVE-2018-5325
	RESERVED
CVE-2018-5324
	RESERVED
CVE-2018-5323
	RESERVED
CVE-2018-5322
	RESERVED
CVE-2018-5321
	RESERVED
CVE-2018-5320
	RESERVED
CVE-2018-5319 (RAVPower FileHub 2.000.056 allows remote users to steal sensitive info ...)
	NOT-FOR-US: RAVPower FileHub
CVE-2018-5318
	RESERVED
CVE-2018-5317
	RESERVED
CVE-2018-5316 (The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for W ...)
	NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for WordPress
CVE-2018-5315 (The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Inject ...)
	NOT-FOR-US: Wachipi WP Events Calendar plugin for WordPress
CVE-2018-5314 (Command injection vulnerability in Citrix NetScaler ADC and NetScaler  ...)
	NOT-FOR-US: Citrix
CVE-2018-5313 (A vulnerability allows local attackers to escalate privilege on Rapid  ...)
	NOT-FOR-US: Rapid Scada
CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_ti ...)
	NOT-FOR-US: tabs-responsive plugin for WordPress
CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via th ...)
	NOT-FOR-US: Easy Custom Auto Excerpt plugin for WordPress
CVE-2018-5310 (In the "Media from FTP" plugin before 9.85 for WordPress, Directory Tr ...)
	NOT-FOR-US: "Media from FTP" plugin for WordPress
CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamPa ...)
	- libpodofo 0.9.6+dfsg-3 (low)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/5/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1907
CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMem ...)
	- libpodofo 0.9.5-9 (low; bug #854602)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532390
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876
	NOTE: duplicate CVE: CVE-2017-5854
CVE-2018-5307 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus  ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-5306 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus  ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-5305
	RESERVED
CVE-2018-5304 (An issue was discovered on the Impinj Speedway Connect R420 RFID Reade ...)
	NOT-FOR-US: Impinj Speedway Connect R420 RFID Reader
CVE-2018-5303 (An issue was discovered on the Impinj Speedway Connect R420 RFID Reade ...)
	NOT-FOR-US: Impinj Speedway Connect R420 RFID Reader
CVE-2018-5302
	RESERVED
CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1 ...)
	NOT-FOR-US: Magento
CVE-2018-1000028 (Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4 ...)
	- linux 4.14.17-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420
	NOTE: Introducing commit backported to 4.14.8 and 4.9.76. But Debian stretch
	NOTE: did never contain the vulnerable code alone without the fix.
CVE-2018-1000027 (The Squid Software Foundation Squid HTTP Caching Proxy version prior t ...)
	{DSA-4122-1 DLA-1267-1 DLA-1266-1}
	[experimental] - squid 4.0.23-1~exp8
	- squid 4.1-1
	- squid3 3.5.27-1 (bug #888720)
	NOTE: src:squid as source package reintroduced for 4.x in experimental
	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024 (The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to  ...)
	{DSA-4122-1 DLA-1266-1}
	[experimental] - squid 4.0.23-1~exp8
	- squid 4.1-1
	[wheezy] - squid <not-affected> (Not affected according to upstream advisory)
	- squid3 3.5.27-1 (bug #888719)
	NOTE: src:squid as source package reintroduced for 4.x in experimental
	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
	NOTE: Squid3 in Debian builds to use the libxml2 or libexpat XML parsers.
CVE-2018-1000022 (Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to ve ...)
	- electrum 3.0.5-1 (bug #886683)
	[jessie] - electrum <not-affected> (Only affects >= 2.6)
	NOTE: https://github.com/spesmilo/electrum/issues/3374
	NOTE: https://www.openwall.com/lists/oss-security/2018/01/10/4
CVE-2018-5300
	RESERVED
CVE-2018-5299 (A stack-based Buffer Overflow Vulnerability exists in the web server i ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-5298 (In the Procter &amp; Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) a ...)
	NOT-FOR-US: Procter & Gamble "Oral-B App" for Android
CVE-2018-5297
	RESERVED
CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the Pdf ...)
	- libpodofo 0.9.6+dfsg-3 (low)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/6/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1925
CVE-2018-5295 (In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamPars ...)
	- libpodofo 0.9.5-9 (low; bug #889511)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: upstream thread: https://sourceforge.net/p/podofo/mailman/message/36180168/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1889
CVE-2018-5294 (In libming 0.4.8, there is an integer overflow (caused by an out-of-ra ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/98
CVE-2018-5293 (The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5292 (The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5291 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal  ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5290 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal  ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5289 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal  ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5288 (The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5287 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal  ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5286 (The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5285 (The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/option ...)
	NOT-FOR-US: ImageInject plugin for WordPress
CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid ...)
	NOT-FOR-US: ImageInject plugin for WordPress
CVE-2018-5283 (The Photos in Wifi application 1.0.1 for iOS has directory traversal v ...)
	NOT-FOR-US: Photos in Wifi application for iOS
CVE-2018-5282 (** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer overf ...)
	NOT-FOR-US: Kentico
CVE-2018-5281 (SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices  ...)
	NOT-FOR-US: SonicWall SonicOS
CVE-2018-5280 (SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices  ...)
	NOT-FOR-US: SonicWall SonicOS
CVE-2018-5279 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5278 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5277 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5276 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5275 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5274 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5273 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5272 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5271 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file (FA ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in cv::RBaseStream::setP ...)
	{DLA-1438-1 DLA-1354-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #886675)
	[stretch] - opencv <ignored> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/10540
	NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDec ...)
	{DLA-1438-1 DLA-1354-1}
	[experimental] - opencv 3.4.4+dfsg-1~exp1
	- opencv 3.2.0+dfsg-6 (bug #886674)
	[stretch] - opencv <no-dsa> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/10541
	NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypa ...)
	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to obta ...)
	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5265 (Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attacke ...)
	NOT-FOR-US: Ubiquiti EdgeOS
CVE-2018-5264 (Ubiquiti UniFi 52 devices, when Hotspot mode is used, allow remote att ...)
	NOT-FOR-US: Ubiquiti UniFi 52 devices
CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0. ...)
	NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier  ...)
	NOT-FOR-US: Flexense DiskBoss
CVE-2018-5261 (An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due t ...)
	NOT-FOR-US: Flexense DiskBoss
CVE-2018-5260
	RESERVED
CVE-2018-5259 (Discuz! DiscuzX X3.4 allows remote authenticated users to bypass inten ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5258 (The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL se ...)
	NOT-FOR-US: Neon app
CVE-2018-5257
	RESERVED
CVE-2018-5256 (CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-t ...)
	NOT-FOR-US: CoreOS Tectonic
CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before 4.20. ...)
	NOT-FOR-US: Arista
CVE-2018-5254 (Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of ...)
	NOT-FOR-US: Arista EOS
CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has a ...)
	NOT-FOR-US: Bento4
CVE-2018-5252 (libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, ha ...)
	NOT-FOR-US: ImageWorsener
CVE-2018-5251 (In libming 0.4.8, there is an integer signedness error vulnerability ( ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/97
CVE-2018-5250
	RESERVED
CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0 ...)
	- shaarli <not-affected> (Fixed before initial re-upload to the archive)
CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in ...)
	{DSA-4245-1 DSA-4204-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #886588)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/927
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c76434c16b5ac8861ee0c5d5c3ab8974fae3d624
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0272305f91763b5ce119a2c7a0e0084d8241a58d
CVE-2018-5247 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/928
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0ecb22aa909e52d86b4545aa7a51f7a0922147e6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d85c34f8bd699c31b94118babc6c0445eecc9920
CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImag ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/929
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c3dd700bbb17837ee6f540aff3eafc76262accf
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e59dc85e6ce58fd7618c3680b2a8def62050582f
CVE-2018-5245
	RESERVED
CVE-2018-5243 (The Symantec Encryption Management Server (SEMS) product, prior to ver ...)
	NOT-FOR-US: Symantec
CVE-2018-5242 (Norton App Lock prior to version 1.3.0.329 can be susceptible to a byp ...)
	NOT-FOR-US: Norton App Lock
CVE-2018-5241 (Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6 ...)
	NOT-FOR-US: Symantec
CVE-2018-5240 (The Inventory Plugin for Symantec Management Agent prior to 7.6 POST H ...)
	NOT-FOR-US: Inventory Plugin for Symantec Management Agent
CVE-2018-5239 (Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exp ...)
	NOT-FOR-US: Norton
CVE-2018-5238 (Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) ...)
	NOT-FOR-US: Norton
CVE-2018-5237 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 coul ...)
	NOT-FOR-US: Symantec
CVE-2018-5236 (Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may  ...)
	NOT-FOR-US: Symantec
CVE-2018-5235 (Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Prel ...)
	NOT-FOR-US: Norton
CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a command i ...)
	NOT-FOR-US: Norton Core router
CVE-2018-5244 (In Xen 4.10, new infrastructure was introduced as part of an overhaul  ...)
	- xen <not-affected> (Only affects Xen 4.10 onwards)
	NOTE: https://xenbits.xen.org/xsa/advisory-253.html
CVE-2018-5233 (Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twi ...)
	NOT-FOR-US: Grav CMS admin plugin
CVE-2018-5232 (The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and ...)
	NOT-FOR-US: Atlassian Jira
CVE-2018-5231 (The ForgotLoginDetails resource in Atlassian Jira before version 7.6.6 ...)
	NOT-FOR-US: Atlassian
CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, from versi ...)
	NOT-FOR-US: Atlassian
CVE-2018-5229 (The NotificationRepresentationFactoryImpl class in Atlassian Universal ...)
	NOT-FOR-US: Atlassian
CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible before ver ...)
	NOT-FOR-US: Atlassian
CVE-2018-5227 (Various administrative application link resources in Atlassian Applica ...)
	NOT-FOR-US: Atlassian
CVE-2018-5226 (There was an argument injection vulnerability in Sourcetree for Window ...)
	NOT-FOR-US: Atlassian
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 b ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial repository UR ...)
	NOT-FOR-US: Atlassian
CVE-2018-5223 (Fisheye and Crucible did not correctly check if a configured Mercurial ...)
	NOT-FOR-US: Atlassian
CVE-2018-5222
	RESERVED
CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX con ...)
	NOT-FOR-US: BarCodeWiz BarCode
CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5218 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5217 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5216 (Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_ ...)
	NOT-FOR-US: Radiant CMS
CVE-2018-5215 (Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title paramet ...)
	NOT-FOR-US: Fork CMS
CVE-2018-5214 (The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS vi ...)
	NOT-FOR-US: "Add Link to Facebook" plugin for WordPress
CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS  ...)
	NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS  ...)
	NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5211 (PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack o ...)
	NOT-FOR-US: PHP Melody
CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, at ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-5209
	RESERVED
CVE-2018-5208 (In Irssi before 1.0.6, a calculation error in the completion code coul ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5207 (When using an incomplete variable argument, Irssi before 1.0.6 may acc ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5206 (When the channel topic is set without specifying a sender, Irssi befor ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5205 (When using incomplete escape codes, Irssi before 1.0.6 may access data ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5204 (ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a v ...)
	NOT-FOR-US: ML Report
CVE-2018-5203 (DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerabil ...)
	NOT-FOR-US: DEXTUploadX5
CVE-2018-5202 (SKCertService 2.5.5 and earlier contains a vulnerability that could al ...)
	NOT-FOR-US: SKCertService
CVE-2018-5201 (Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10 ...)
	NOT-FOR-US: Hancom Office
CVE-2018-5200 (KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulner ...)
	NOT-FOR-US: KMPlayer (different from src:kmplayer)
CVE-2018-5199 (In Veraport G3 ALL on MacOS, due to insufficient domain validation, It ...)
	NOT-FOR-US: Veraport G3 ALL
CVE-2018-5198 (In Veraport G3 ALL on MacOS, a race condition when calling the Verapor ...)
	NOT-FOR-US: Veraport G3 ALL
CVE-2018-5197 (A vulnerability in the ExtCommon.dll user extension module version 9.2 ...)
	NOT-FOR-US: Xplatform ActiveX
CVE-2018-5196 (Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused b ...)
	NOT-FOR-US: ALZip
CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vuln ...)
	NOT-FOR-US: Hancom NEO
CVE-2018-5194
	RESERVED
CVE-2018-5193
	RESERVED
CVE-2018-5192
	RESERVED
CVE-2018-5191
	REJECTED
CVE-2018-5190 (PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows rem ...)
	NOT-FOR-US: PicturesPro Photo Cart
CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to cause a ...)
	NOT-FOR-US: Jungo Windriver
CVE-2018-5188 (Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox  ...)
	{DSA-4244-1 DSA-4235-1 DLA-1425-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:52.9.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5188
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-5188
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-5188
CVE-2018-5187 (Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of t ...)
	{DSA-4295-1 DLA-1575-1}
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-5187
CVE-2018-5186 (Memory safety bugs present in Firefox 60. Some of these bugs showed ev ...)
	- firefox 61.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5186
CVE-2018-5185 (Plaintext of decrypted emails can leak through by user submitting an e ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
CVE-2018-5184 (Using remote content in encrypted messages can lead to the disclosure  ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1 (bug #898631)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184
CVE-2018-5183 (Mozilla developers backported selected changes in the Skia library. Th ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5183
CVE-2018-5182 (If a text string that happens to be a filename in the operating system ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5182
CVE-2018-5181 (If a URL using the "file:" protocol is dragged and dropped onto an ope ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5181
CVE-2018-5180 (A use-after-free vulnerability can occur during WebGL operations. Whil ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
CVE-2018-5179 (A service worker can send the activate event on itself periodically wh ...)
	{DSA-4330-1}
	- chromium-browser 70.0.3538.67-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
CVE-2018-5178 (A buffer overflow was found during UTF8 to Unicode string conversion w ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5178
CVE-2018-5177 (A vulnerability exists in XSLT during number formatting where a negati ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5177
CVE-2018-5176 (The JSON Viewer displays clickable hyperlinks for strings that are par ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5176
CVE-2018-5175 (A mechanism to bypass Content Security Policy (CSP) protections on sit ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5175
CVE-2018-5174 (In the Windows 10 April 2018 Update, Windows Defender SmartScreen hono ...)
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5174
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5174
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5174
CVE-2018-5173 (The filename appearing in the "Downloads" panel improperly renders som ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5173
CVE-2018-5172 (The Live Bookmarks page and the PDF viewer can run injected script con ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5172
CVE-2018-5171
	RESERVED
CVE-2018-5170 (It is possible to spoof the filename of an attachment and display an a ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
CVE-2018-5169 (If manipulated hyperlinked text with "chrome:" URL contained in it is  ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
CVE-2018-5168 (Sites can bypass security checks on permissions to install lightweight ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5168
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5168
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5168
CVE-2018-5167 (The web console and JavaScript debugger do not sanitize all output tha ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5167
CVE-2018-5166 (WebExtensions can use request redirection and a "filterReponseData" fi ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5166
CVE-2018-5165 (In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Ena ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5165
CVE-2018-5164 (Content Security Policy (CSP) is not applied correctly to all parts of ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5164
CVE-2018-5163 (If a malicious attacker has used another vulnerability to gain full co ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5163
CVE-2018-5162 (Plaintext of decrypted emails can leak through the src attribute of re ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162
CVE-2018-5161 (Crafted message headers can cause a Thunderbird process to hang on rec ...)
	{DSA-4209-1 DLA-1382-1}
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161
CVE-2018-5160 (WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
CVE-2018-5159 (An integer overflow can occur in the Skia library due to 32-bit intege ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5159
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5159
CVE-2018-5158 (The PDF viewer does not sufficiently sanitize PostScript calculator fu ...)
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- gitlab 11.8.6+dfsg-1 (bug #926482)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5158
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
	NOTE: https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2018-5157 (Same-origin protections for the PDF viewer can be bypassed, allowing a ...)
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5157
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
CVE-2018-5156 (A vulnerability can occur when capturing a media stream when the media ...)
	{DSA-4295-1 DSA-4235-1 DLA-1575-1 DLA-1406-1}
	- firefox-esr 52.9.0esr-1
	- firefox 61.0-1
	- thunderbird 1:60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5156
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/#CVE-2018-5156
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/#CVE-2018-5156
CVE-2018-5155 (A use-after-free vulnerability can occur while adjusting layout during ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5155
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5155
CVE-2018-5154 (A use-after-free vulnerability can occur while enumerating attributes  ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5154
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5154
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5154
CVE-2018-5153 (If websocket data is sent with mixed text and binary in a single messa ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5153
CVE-2018-5152 (WebExtensions with the appropriate permissions can attach content scri ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5152
CVE-2018-5151 (Memory safety bugs were reported in Firefox 59. Some of these bugs sho ...)
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
CVE-2018-5150 (Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and  ...)
	{DSA-4209-1 DSA-4199-1 DLA-1382-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5150
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5150
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5150
CVE-2018-5149
	RESERVED
CVE-2018-5148 (A use-after-free vulnerability can occur in the compositor during cert ...)
	{DSA-4153-1 DLA-1321-1}
	- firefox 59.0.2-1
	- firefox-esr 52.7.3esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/
CVE-2018-5147 (The libtremor library has the same flaw as CVE-2018-5146. This library ...)
	{DSA-4143-1 DSA-4141-1 DLA-1319-1 DLA-1312-1}
	- firefox 59.0.1-1
	- firefox-esr 52.7.2esr-1
	- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
	NOTE: https://git.xiph.org/?p=tremor.git;a=commit;h=562307a4a7082e24553f3d2c55dab397a17c4b4f
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
CVE-2018-5146 (An out of bounds memory write while processing Vorbis audio data was r ...)
	{DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1368-1 DLA-1327-1 DLA-1319-1}
	- firefox 59.0.1-1
	- firefox-esr 52.7.2esr-1
	- thunderbird 1:52.7.0-1
	- libvorbis 1.3.5-4.2 (bug #893130)
	NOTE: https://github.com/xiph/vorbis/commit/667ceb4aab60c1f74060143bb24e5f427b3cce5f (v1.3.6)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5145 (Memory safety bugs were reported in Firefox ESR 52.6. These bugs showe ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5144 (An integer overflow can occur during conversion of text to some Unicod ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5143 (URLs using "javascript:" have the protocol removed when pasted into th ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5142 (If Media Capture and Streams API permission is requested from document ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5141 (A vulnerability in the notifications Push API where notifications can  ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5140 (Image for moz-icons can be accessed through the "moz-icon:" protocol t ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5139
	RESERVED
CVE-2018-5138 (A spoofing vulnerability can occur when a malicious site with an extre ...)
	- firefox <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5137 (A legacy extension's non-contentaccessible, defined resources can be l ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5136 (A shared worker created from a "data:" URL in one tab can be shared by ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5135 (WebExtensions can bypass normal restrictions in some circumstances and ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5134 (WebExtensions may use "view-source:" URLs to view local "file:" URL co ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5133 (If the "app.support.baseURL" preference is changed by a malicious loca ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5132 (The Find API for WebExtensions can search some privileged pages, such  ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5131 (Under certain circumstances the "fetch()" API can return transient loc ...)
	{DSA-4139-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5130 (When packets with a mismatched RTP payload type are sent in WebRTC con ...)
	{DSA-4139-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5129 (A lack of parameter validation on IPC messages results in a potential  ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5128 (A use-after-free vulnerability can occur when manipulating elements, e ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5127 (A buffer overflow can occur when manipulating the SVG "animatedPathSeg ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5126 (Memory safety bugs were reported in Firefox 58. Some of these bugs sho ...)
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5125 (Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. S ...)
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5124 (Unsanitized output in the browser UI leaves HTML tags in place and can ...)
	- firefox 58.0.1-1
	- firefox-esr <not-affected> (Vulnerable code introduced later than 52)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
CVE-2018-5123 (A third party website can access information available to a user with  ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
CVE-2018-5122 (A potential integer overflow in the "DoCrypt" function of WebCrypto wa ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5122
CVE-2018-5121 (Low descenders on some Tibetan characters in several fonts on OS X are ...)
	- firefox <not-affected> (Only affects Firefox on Mac OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5121
CVE-2018-5120
	RESERVED
CVE-2018-5119 (The reader view will display cross-origin content when CORS headers ar ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5119
CVE-2018-5118 (The screenshot images displayed in the Activity Stream page displayed  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
CVE-2018-5117 (If right-to-left text is used in the addressbar with left-to-right ali ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5117
CVE-2018-5116 (WebExtensions with the "ActiveTab" permission are able to access frame ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5116
CVE-2018-5115 (If an HTTP authentication prompt is triggered by a background network  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5115
CVE-2018-5114 (If an existing cookie is changed to be "HttpOnly" while a document is  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5114
CVE-2018-5113 (The "browser.identity.launchWebAuthFlow" function of WebExtensions is  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5113
CVE-2018-5112 (Development Tools panels of an extension are required to load URLs for ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5112
CVE-2018-5111 (When the text of a specially formatted URL is dragged to the addressba ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5111
CVE-2018-5110 (If cursor visibility is toggled by script using from 'none' to an imag ...)
	- firefox <not-affected> (Only affects Firefox on Mac OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5110
CVE-2018-5109 (An audio capture session can started under an incorrect origin from th ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5109
CVE-2018-5108 (A Blob URL can violate origin attribute segregation, allowing it to be ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5108
CVE-2018-5107 (The printing process can bypass local access protections to read files ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
CVE-2018-5106 (Style editor traffic in the Developer Tools can be routed through a se ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5106
CVE-2018-5105 (WebExtensions can bypass user prompts to first save and then open an a ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
CVE-2018-5104 (A use-after-free vulnerability can occur during font face manipulation ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104
CVE-2018-5103 (A use-after-free vulnerability can occur during mouse event handling d ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103
CVE-2018-5102 (A use-after-free vulnerability can occur when manipulating HTML media  ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5102
CVE-2018-5101 (A use-after-free vulnerability can occur when manipulating floating "f ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5101
CVE-2018-5100 (A use-after-free vulnerability can occur when arguments passed to the  ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
CVE-2018-5099 (A use-after-free vulnerability can occur when the widget listener is h ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099
CVE-2018-5098 (A use-after-free vulnerability can occur when form input elements, foc ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098
CVE-2018-5097 (A use-after-free vulnerability can occur during XSL transformations wh ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097
CVE-2018-5096 (A use-after-free vulnerability can occur while editing events in form  ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096
CVE-2018-5095 (An integer overflow vulnerability in the Skia library when allocating  ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- skia <itp> (bug #818180)
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5095
CVE-2018-5094 (A heap buffer overflow vulnerability may occur in WebAssembly when "sh ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5094
CVE-2018-5093 (A heap buffer overflow vulnerability may occur in WebAssembly during M ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5093
CVE-2018-5092 (A use-after-free vulnerability can occur when the thread for a Web Wor ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
CVE-2018-5091 (A use-after-free vulnerability can occur during WebRTC connections whe ...)
	{DSA-4096-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091
CVE-2018-5090 (Memory safety bugs were reported in Firefox 57. Some of these bugs sho ...)
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090
CVE-2018-5089 (Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. S ...)
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5089
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5089
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5089
CVE-2018-5088 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5087 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5086 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5085 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5084 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5083 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5082 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5081 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5080 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5079 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5078 (Online Ticket Booking has XSS via the admin/eventlist.php cast paramet ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5077 (Online Ticket Booking has XSS via the admin/movieedit.php moviename pa ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5076 (Online Ticket Booking has XSS via the admin/newsedit.php newstitle par ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5075 (Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_nam ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5074 (Online Ticket Booking has XSS via the admin/manageownerlist.php contac ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5073 (Online Ticket Booking has CSRF via admin/movieedit.php. ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5072 (Online Ticket Booking has XSS via the admin/sitesettings.php keyword p ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5071 (Persistent XSS exists in the web server on Cobham Sea Tel 116 build 22 ...)
	NOT-FOR-US: Cobham Sea Tel 116 build 222429 satellite communication system devices
CVE-2018-5070 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5069 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5068 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5067 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5066 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5065 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5064 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5063 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5062 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5061 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5060 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5059 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5058 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5057 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5056 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5055 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5054 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5053 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5052 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5051 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5050 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5049 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5048 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5047 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5046 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5045 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5044 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5043 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5042 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5041 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5040 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5039 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5038 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5037 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5036 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5035 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5034 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5033 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5032 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5031 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5030 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5029 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5028 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5027 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5026 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5025 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5024 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5023 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5022 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5021 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5020 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5019 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5018 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5017 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5016 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5015 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5014 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5013
	REJECTED
CVE-2018-5012 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5011 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5010 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5009 (Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 an ...)
	NOT-FOR-US: Adobe
CVE-2018-5008 (Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-boun ...)
	NOT-FOR-US: Adobe
CVE-2018-5007 (Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusi ...)
	NOT-FOR-US: Adobe
CVE-2018-5006 (Adobe Experience Manager versions 6.4 and earlier have a Server-Side R ...)
	NOT-FOR-US: Adobe
CVE-2018-5005 (Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a C ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2018-5004 (Adobe Experience Manager versions 6.2 and 6.3 have a Server-Side Reque ...)
	NOT-FOR-US: Adobe
CVE-2018-5003 (Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer)  ...)
	NOT-FOR-US: Adobe
CVE-2018-5002 (Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based  ...)
	NOT-FOR-US: Adobe
CVE-2018-5001 (Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-boun ...)
	NOT-FOR-US: Adobe
CVE-2018-5000 (Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Ove ...)
	NOT-FOR-US: Adobe
CVE-2018-4999 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4998 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4997 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4996 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4995 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4994 (Adobe Connect versions 9.7.5 and earlier have an exploitable Authentic ...)
	NOT-FOR-US: Adobe
CVE-2018-4993 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4992 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlie ...)
	NOT-FOR-US: Adobe
CVE-2018-4991 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlie ...)
	NOT-FOR-US: Adobe
CVE-2018-4990 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4989 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4988 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4987 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4986 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4985 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4984 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4983 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4982 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4981 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4980 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4979 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4978 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4977 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4976 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4975 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4974 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4973 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4972 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4971 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4970 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4969 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4968 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4967 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4966 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4965 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4964 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4963 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4962 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4961 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4960 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4959 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4958 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4957 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4956 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4955 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4954 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4953 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4952 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: VMware Xenon
CVE-2018-4951 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4950 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4949 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4948 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4947 (Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011 ...)
	NOT-FOR-US: VMware Xenon
CVE-2018-4946 (Adobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, an ...)
	NOT-FOR-US: Adobe
CVE-2018-4945 (Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusi ...)
	NOT-FOR-US: Adobe
CVE-2018-4944 (Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4943 (Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an exploita ...)
	NOT-FOR-US: Adobe
CVE-2018-4942 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4941 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4940 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4939 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4938 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 1 ...)
	NOT-FOR-US: Adobe
CVE-2018-4937 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4936 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4935 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4934 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4933 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4932 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4931 (Adobe Experience Manager versions 6.1 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2018-4930 (Adobe Experience Manager versions 6.3 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2018-4929 (Adobe Experience Manager versions 6.2 and earlier have an exploitable  ...)
	NOT-FOR-US: Adobe
CVE-2018-4928 (Adobe InDesign versions 13.0 and below have an exploitable Memory corr ...)
	NOT-FOR-US: Adobe
CVE-2018-4927 (Adobe InDesign versions 13.0 and below have an exploitable Untrusted S ...)
	NOT-FOR-US: Adobe
CVE-2018-4926 (Adobe Digital Editions versions 4.5.7 and below have an exploitable St ...)
	NOT-FOR-US: Adobe
CVE-2018-4925 (Adobe Digital Editions versions 4.5.7 and below have an exploitable Ou ...)
	NOT-FOR-US: Adobe
CVE-2018-4924 (Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Inje ...)
	NOT-FOR-US: Adobe
CVE-2018-4923 (Adobe Connect versions 9.7 and earlier have an exploitable OS Command  ...)
	NOT-FOR-US: Adobe
CVE-2018-4922
	REJECTED
CVE-2018-4921 (Adobe Connect versions 9.7 and earlier have an exploitable unrestricte ...)
	NOT-FOR-US: Adobe
CVE-2018-4920 (Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4919 (Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4918 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4917 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011 ...)
	NOT-FOR-US: Adobe
CVE-2018-4916 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4915 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4914 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4913 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4912 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4911 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4910 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4909 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4908 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4907 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4906 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4905 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4904 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4903 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4902 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4901 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4900 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4899 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4898 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4897 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4896 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4895 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4894 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4893 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4892 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4891 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4890 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4889 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4888 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4887 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4886 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4885 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4884 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4883 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4882 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4881 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4880 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4879 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4878 (A use-after-free vulnerability was discovered in Adobe Flash Player be ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2018-4877 (A use-after-free vulnerability was discovered in Adobe Flash Player be ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2018-4876 (Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to  ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2018-4875 (Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a refl ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2018-4874
	REJECTED
CVE-2018-4873 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlie ...)
	NOT-FOR-US: Adobe
CVE-2018-4872 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ear ...)
	NOT-FOR-US: Adobe
CVE-2018-4871 (An Out-of-bounds Read issue was discovered in Adobe Flash Player befor ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2018-4870
	RESERVED
CVE-2018-4869
	RESERVED
CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0. ...)
	- exiv2 <not-affected> (Vulnerable code introduced in 0.26)
	NOTE: https://github.com/Exiv2/exiv2/issues/202
CVE-2018-4867
	RESERVED
CVE-2018-4866
	RESERVED
CVE-2018-4865
	RESERVED
CVE-2018-4864
	RESERVED
CVE-2018-4863 (Sophos Endpoint Protection 10.7 allows local users to bypass an intend ...)
	NOT-FOR-US: Sophos
CVE-2018-4862 (In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authent ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-4861 (A vulnerability has been identified in SCALANCE M875 (All versions). A ...)
	NOT-FOR-US: SCALANCE
CVE-2018-4860 (A vulnerability has been identified in SCALANCE M875 (All versions). A ...)
	NOT-FOR-US: SCALANCE
CVE-2018-4859 (A vulnerability has been identified in SCALANCE M875 (All versions). A ...)
	NOT-FOR-US: SCALANCE
CVE-2018-4858 (A vulnerability has been identified in IEC 61850 system configurator ( ...)
	NOT-FOR-US: IEC
CVE-2018-4857
	REJECTED
CVE-2018-4856 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4855 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4854 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4853 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4852 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4851 (A vulnerability has been identified in SICLOCK TC100 (All versions) an ...)
	NOT-FOR-US: SICLOCK TC100
CVE-2018-4850 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU ha ...)
	NOT-FOR-US: SIMATIC
CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for Andro ...)
	NOT-FOR-US: Siveillance VMS Video
CVE-2018-4848 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
	NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS A ...)
	NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
CVE-2018-4846 (A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPo ...)
	NOT-FOR-US: RAPIDLab
CVE-2018-4845 (A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPo ...)
	NOT-FOR-US: RAPIDLab
CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for Android ...)
	NOT-FOR-US: SIMATIC
CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All  ...)
	NOT-FOR-US: SIMATIC
CVE-2018-4842 (A vulnerability has been identified in SCALANCE X-200IRT switch family ...)
	NOT-FOR-US: Siemens SCALANCE X switches
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions &lt; ...)
	NOT-FOR-US: TIM
CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
	NOT-FOR-US: Siemens
CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions & ...)
	NOT-FOR-US: Siemens
CVE-2018-4838 (A vulnerability has been identified in EN100 Ethernet module IEC 61850 ...)
	NOT-FOR-US: Siemens
CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic &lt; V ...)
	NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic &lt; V ...)
	NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic &lt; V ...)
	NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers P ...)
	NOT-FOR-US: Desigo
CVE-2018-4833 (A vulnerability has been identified in RFID 181EIP (All versions), RUG ...)
	NOT-FOR-US: Siemens
CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...)
	NOT-FOR-US: Siemens
CVE-2018-4831
	RESERVED
CVE-2018-4830
	RESERVED
CVE-2018-4829
	RESERVED
CVE-2018-4828
	RESERVED
CVE-2018-4827
	RESERVED
CVE-2018-4826
	RESERVED
CVE-2018-4825
	RESERVED
CVE-2018-4824
	RESERVED
CVE-2018-4823
	RESERVED
CVE-2018-4822
	RESERVED
CVE-2018-4821
	RESERVED
CVE-2018-4820
	RESERVED
CVE-2018-4819
	RESERVED
CVE-2018-4818
	RESERVED
CVE-2018-4817
	RESERVED
CVE-2018-4816
	RESERVED
CVE-2018-4815
	RESERVED
CVE-2018-4814
	RESERVED
CVE-2018-4813
	RESERVED
CVE-2018-4812
	RESERVED
CVE-2018-4811
	RESERVED
CVE-2018-4810
	RESERVED
CVE-2018-4809
	RESERVED
CVE-2018-4808
	RESERVED
CVE-2018-4807
	RESERVED
CVE-2018-4806
	RESERVED
CVE-2018-4805
	RESERVED
CVE-2018-4804
	RESERVED
CVE-2018-4803
	RESERVED
CVE-2018-4802
	RESERVED
CVE-2018-4801
	RESERVED
CVE-2018-4800
	RESERVED
CVE-2018-4799
	RESERVED
CVE-2018-4798
	RESERVED
CVE-2018-4797
	RESERVED
CVE-2018-4796
	RESERVED
CVE-2018-4795
	RESERVED
CVE-2018-4794
	RESERVED
CVE-2018-4793
	RESERVED
CVE-2018-4792
	RESERVED
CVE-2018-4791
	RESERVED
CVE-2018-4790
	RESERVED
CVE-2018-4789
	RESERVED
CVE-2018-4788
	RESERVED
CVE-2018-4787
	RESERVED
CVE-2018-4786
	RESERVED
CVE-2018-4785
	RESERVED
CVE-2018-4784
	RESERVED
CVE-2018-4783
	RESERVED
CVE-2018-4782
	RESERVED
CVE-2018-4781
	RESERVED
CVE-2018-4780
	RESERVED
CVE-2018-4779
	RESERVED
CVE-2018-4778
	RESERVED
CVE-2018-4777
	RESERVED
CVE-2018-4776
	RESERVED
CVE-2018-4775
	RESERVED
CVE-2018-4774
	RESERVED
CVE-2018-4773
	RESERVED
CVE-2018-4772
	RESERVED
CVE-2018-4771
	RESERVED
CVE-2018-4770
	RESERVED
CVE-2018-4769
	RESERVED
CVE-2018-4768
	RESERVED
CVE-2018-4767
	RESERVED
CVE-2018-4766
	RESERVED
CVE-2018-4765
	RESERVED
CVE-2018-4764
	RESERVED
CVE-2018-4763
	RESERVED
CVE-2018-4762
	RESERVED
CVE-2018-4761
	RESERVED
CVE-2018-4760
	RESERVED
CVE-2018-4759
	RESERVED
CVE-2018-4758
	RESERVED
CVE-2018-4757
	RESERVED
CVE-2018-4756
	RESERVED
CVE-2018-4755
	RESERVED
CVE-2018-4754
	RESERVED
CVE-2018-4753
	RESERVED
CVE-2018-4752
	RESERVED
CVE-2018-4751
	RESERVED
CVE-2018-4750
	RESERVED
CVE-2018-4749
	RESERVED
CVE-2018-4748
	RESERVED
CVE-2018-4747
	RESERVED
CVE-2018-4746
	RESERVED
CVE-2018-4745
	RESERVED
CVE-2018-4744
	RESERVED
CVE-2018-4743
	RESERVED
CVE-2018-4742
	RESERVED
CVE-2018-4741
	RESERVED
CVE-2018-4740
	RESERVED
CVE-2018-4739
	RESERVED
CVE-2018-4738
	RESERVED
CVE-2018-4737
	RESERVED
CVE-2018-4736
	RESERVED
CVE-2018-4735
	RESERVED
CVE-2018-4734
	RESERVED
CVE-2018-4733
	RESERVED
CVE-2018-4732
	RESERVED
CVE-2018-4731
	RESERVED
CVE-2018-4730
	RESERVED
CVE-2018-4729
	RESERVED
CVE-2018-4728
	RESERVED
CVE-2018-4727
	RESERVED
CVE-2018-4726
	RESERVED
CVE-2018-4725
	RESERVED
CVE-2018-4724
	RESERVED
CVE-2018-4723
	RESERVED
CVE-2018-4722
	RESERVED
CVE-2018-4721
	RESERVED
CVE-2018-4720
	RESERVED
CVE-2018-4719
	RESERVED
CVE-2018-4718
	RESERVED
CVE-2018-4717
	RESERVED
CVE-2018-4716
	RESERVED
CVE-2018-4715
	RESERVED
CVE-2018-4714
	RESERVED
CVE-2018-4713
	RESERVED
CVE-2018-4712
	RESERVED
CVE-2018-4711
	RESERVED
CVE-2018-4710
	RESERVED
CVE-2018-4709
	RESERVED
CVE-2018-4708
	RESERVED
CVE-2018-4707
	RESERVED
CVE-2018-4706
	RESERVED
CVE-2018-4705
	RESERVED
CVE-2018-4704
	RESERVED
CVE-2018-4703
	RESERVED
CVE-2018-4702
	RESERVED
CVE-2018-4701
	RESERVED
CVE-2018-4700
	REJECTED
CVE-2018-4699
	RESERVED
CVE-2018-4698
	RESERVED
CVE-2018-4697
	RESERVED
CVE-2018-4696
	RESERVED
CVE-2018-4695
	RESERVED
CVE-2018-4694
	RESERVED
CVE-2018-4693
	RESERVED
CVE-2018-4692
	RESERVED
CVE-2018-4691
	RESERVED
CVE-2018-4690
	RESERVED
CVE-2018-4689
	RESERVED
CVE-2018-4688
	RESERVED
CVE-2018-4687
	RESERVED
CVE-2018-4686
	RESERVED
CVE-2018-4685
	RESERVED
CVE-2018-4684
	RESERVED
CVE-2018-4683
	RESERVED
CVE-2018-4682
	RESERVED
CVE-2018-4681
	RESERVED
CVE-2018-4680
	RESERVED
CVE-2018-4679
	RESERVED
CVE-2018-4678
	RESERVED
CVE-2018-4677
	RESERVED
CVE-2018-4676
	RESERVED
CVE-2018-4675
	RESERVED
CVE-2018-4674
	RESERVED
CVE-2018-4673
	RESERVED
CVE-2018-4672
	RESERVED
CVE-2018-4671
	RESERVED
CVE-2018-4670
	RESERVED
CVE-2018-4669
	RESERVED
CVE-2018-4668
	RESERVED
CVE-2018-4667
	RESERVED
CVE-2018-4666
	RESERVED
CVE-2018-4665
	RESERVED
CVE-2018-4664
	RESERVED
CVE-2018-4663
	RESERVED
CVE-2018-4662
	RESERVED
CVE-2018-4661
	RESERVED
CVE-2018-4660
	RESERVED
CVE-2018-4659
	RESERVED
CVE-2018-4658
	RESERVED
CVE-2018-4657
	RESERVED
CVE-2018-4656
	RESERVED
CVE-2018-4655
	RESERVED
CVE-2018-4654
	RESERVED
CVE-2018-4653
	RESERVED
CVE-2018-4652
	RESERVED
CVE-2018-4651
	RESERVED
CVE-2018-4650
	RESERVED
CVE-2018-4649
	RESERVED
CVE-2018-4648
	RESERVED
CVE-2018-4647
	RESERVED
CVE-2018-4646
	RESERVED
CVE-2018-4645
	RESERVED
CVE-2018-4644
	RESERVED
CVE-2018-4643
	RESERVED
CVE-2018-4642
	RESERVED
CVE-2018-4641
	RESERVED
CVE-2018-4640
	RESERVED
CVE-2018-4639
	RESERVED
CVE-2018-4638
	RESERVED
CVE-2018-4637
	RESERVED
CVE-2018-4636
	RESERVED
CVE-2018-4635
	RESERVED
CVE-2018-4634
	RESERVED
CVE-2018-4633
	RESERVED
CVE-2018-4632
	RESERVED
CVE-2018-4631
	RESERVED
CVE-2018-4630
	RESERVED
CVE-2018-4629
	RESERVED
CVE-2018-4628
	RESERVED
CVE-2018-4627
	RESERVED
CVE-2018-4626
	RESERVED
CVE-2018-4625
	RESERVED
CVE-2018-4624
	RESERVED
CVE-2018-4623
	RESERVED
CVE-2018-4622
	RESERVED
CVE-2018-4621
	RESERVED
CVE-2018-4620
	RESERVED
CVE-2018-4619
	RESERVED
CVE-2018-4618
	RESERVED
CVE-2018-4617
	RESERVED
CVE-2018-4616
	RESERVED
CVE-2018-4615
	RESERVED
CVE-2018-4614
	RESERVED
CVE-2018-4613
	RESERVED
CVE-2018-4612
	RESERVED
CVE-2018-4611
	RESERVED
CVE-2018-4610
	RESERVED
CVE-2018-4609
	RESERVED
CVE-2018-4608
	RESERVED
CVE-2018-4607
	RESERVED
CVE-2018-4606
	RESERVED
CVE-2018-4605
	RESERVED
CVE-2018-4604
	RESERVED
CVE-2018-4603
	RESERVED
CVE-2018-4602
	RESERVED
CVE-2018-4601
	RESERVED
CVE-2018-4600
	RESERVED
CVE-2018-4599
	RESERVED
CVE-2018-4598
	RESERVED
CVE-2018-4597
	RESERVED
CVE-2018-4596
	RESERVED
CVE-2018-4595
	RESERVED
CVE-2018-4594
	RESERVED
CVE-2018-4593
	RESERVED
CVE-2018-4592
	RESERVED
CVE-2018-4591
	RESERVED
CVE-2018-4590
	RESERVED
CVE-2018-4589
	RESERVED
CVE-2018-4588
	RESERVED
CVE-2018-4587
	RESERVED
CVE-2018-4586
	RESERVED
CVE-2018-4585
	RESERVED
CVE-2018-4584
	RESERVED
CVE-2018-4583
	RESERVED
CVE-2018-4582
	RESERVED
CVE-2018-4581
	RESERVED
CVE-2018-4580
	RESERVED
CVE-2018-4579
	RESERVED
CVE-2018-4578
	RESERVED
CVE-2018-4577
	RESERVED
CVE-2018-4576
	RESERVED
CVE-2018-4575
	RESERVED
CVE-2018-4574
	RESERVED
CVE-2018-4573
	RESERVED
CVE-2018-4572
	RESERVED
CVE-2018-4571
	RESERVED
CVE-2018-4570
	RESERVED
CVE-2018-4569
	RESERVED
CVE-2018-4568
	RESERVED
CVE-2018-4567
	RESERVED
CVE-2018-4566
	RESERVED
CVE-2018-4565
	RESERVED
CVE-2018-4564
	RESERVED
CVE-2018-4563
	RESERVED
CVE-2018-4562
	RESERVED
CVE-2018-4561
	RESERVED
CVE-2018-4560
	RESERVED
CVE-2018-4559
	RESERVED
CVE-2018-4558
	RESERVED
CVE-2018-4557
	RESERVED
CVE-2018-4556
	RESERVED
CVE-2018-4555
	RESERVED
CVE-2018-4554
	RESERVED
CVE-2018-4553
	RESERVED
CVE-2018-4552
	RESERVED
CVE-2018-4551
	RESERVED
CVE-2018-4550
	RESERVED
CVE-2018-4549
	RESERVED
CVE-2018-4548
	RESERVED
CVE-2018-4547
	RESERVED
CVE-2018-4546
	RESERVED
CVE-2018-4545
	RESERVED
CVE-2018-4544
	RESERVED
CVE-2018-4543
	RESERVED
CVE-2018-4542
	RESERVED
CVE-2018-4541
	RESERVED
CVE-2018-4540
	RESERVED
CVE-2018-4539
	RESERVED
CVE-2018-4538
	RESERVED
CVE-2018-4537
	RESERVED
CVE-2018-4536
	RESERVED
CVE-2018-4535
	RESERVED
CVE-2018-4534
	RESERVED
CVE-2018-4533
	RESERVED
CVE-2018-4532
	RESERVED
CVE-2018-4531
	RESERVED
CVE-2018-4530
	RESERVED
CVE-2018-4529
	RESERVED
CVE-2018-4528
	RESERVED
CVE-2018-4527
	RESERVED
CVE-2018-4526
	RESERVED
CVE-2018-4525
	RESERVED
CVE-2018-4524
	RESERVED
CVE-2018-4523
	RESERVED
CVE-2018-4522
	RESERVED
CVE-2018-4521
	RESERVED
CVE-2018-4520
	RESERVED
CVE-2018-4519
	RESERVED
CVE-2018-4518
	RESERVED
CVE-2018-4517
	RESERVED
CVE-2018-4516
	RESERVED
CVE-2018-4515
	RESERVED
CVE-2018-4514
	RESERVED
CVE-2018-4513
	RESERVED
CVE-2018-4512
	RESERVED
CVE-2018-4511
	RESERVED
CVE-2018-4510
	RESERVED
CVE-2018-4509
	RESERVED
CVE-2018-4508
	RESERVED
CVE-2018-4507
	RESERVED
CVE-2018-4506
	RESERVED
CVE-2018-4505
	RESERVED
CVE-2018-4504
	RESERVED
CVE-2018-4503
	RESERVED
CVE-2018-4502
	RESERVED
CVE-2018-4501
	RESERVED
CVE-2018-4500
	RESERVED
CVE-2018-4499
	RESERVED
CVE-2018-4498
	RESERVED
CVE-2018-4497
	RESERVED
CVE-2018-4496
	RESERVED
CVE-2018-4495
	RESERVED
CVE-2018-4494
	RESERVED
CVE-2018-4493
	RESERVED
CVE-2018-4492
	RESERVED
CVE-2018-4491
	RESERVED
CVE-2018-4490
	RESERVED
CVE-2018-4489
	RESERVED
CVE-2018-4488
	RESERVED
CVE-2018-4487
	RESERVED
CVE-2018-4486
	RESERVED
CVE-2018-4485
	RESERVED
CVE-2018-4484
	RESERVED
CVE-2018-4483
	RESERVED
CVE-2018-4482
	RESERVED
CVE-2018-4481
	RESERVED
CVE-2018-4480
	RESERVED
CVE-2018-4479
	RESERVED
CVE-2018-4478
	RESERVED
CVE-2018-4477
	RESERVED
CVE-2018-4476
	RESERVED
CVE-2018-4475
	RESERVED
CVE-2018-4474 (A memory consumption issue was addressed with improved memory handling ...)
	NOT-FOR-US: Apple
CVE-2018-4473
	RESERVED
CVE-2018-4472
	RESERVED
CVE-2018-4471
	RESERVED
CVE-2018-4470 (A privacy issue in the handling of Open Directory records was addresse ...)
	NOT-FOR-US: Apple
CVE-2018-4469
	RESERVED
CVE-2018-4468 (This issue was addressed by removing additional entitlements. This iss ...)
	NOT-FOR-US: Apple
CVE-2018-4467 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2018-4466
	RESERVED
CVE-2018-4465 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4464 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4463 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4462 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4461 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4460 (A denial of service issue was addressed by removing the vulnerable cod ...)
	NOT-FOR-US: Apple
CVE-2018-4459
	RESERVED
CVE-2018-4458
	RESERVED
CVE-2018-4457
	RESERVED
CVE-2018-4456 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4455
	RESERVED
CVE-2018-4454
	RESERVED
CVE-2018-4453
	RESERVED
CVE-2018-4452 (A memory consumption issue was addressed with improved memory handling ...)
	NOT-FOR-US: Apple
CVE-2018-4451 (This issue is fixed in macOS Mojave 10.14. A memory corruption issue w ...)
	NOT-FOR-US: Apple
CVE-2018-4450 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4449 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4448 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2018-4447 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2018-4446 (This issue was addressed with improved entitlements. This issue affect ...)
	NOT-FOR-US: Apple
CVE-2018-4445 ("Clear History and Website Data" did not clear the history. The issue  ...)
	NOT-FOR-US: Apple
CVE-2018-4444 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4443 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4442 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4441 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4440 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4439 (A logic issue was addressed with improved validation. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4438 (A logic issue existed resulting in memory corruption. This was address ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4437 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.5-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0009.html
	NOTE: Not covered by security support
CVE-2018-4436 (A certificate validation issue existed in configuration profiles. This ...)
	NOT-FOR-US: Apple
CVE-2018-4435 (A logic issue was addressed with improved restrictions. This issue aff ...)
	NOT-FOR-US: Apple
CVE-2018-4434 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4433 (A configuration issue was addressed with additional restrictions. This ...)
	NOT-FOR-US: Apple
CVE-2018-4432
	RESERVED
CVE-2018-4431 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2018-4430 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4429 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
	NOT-FOR-US: Apple
CVE-2018-4428 (A lock screen issue allowed access to the share function on a locked d ...)
	NOT-FOR-US: Apple
CVE-2018-4427 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4426 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4425 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4424 (A buffer overflow was addressed with improved size validation. This is ...)
	NOT-FOR-US: Apple
CVE-2018-4423 (A logic issue was addressed with improved validation. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4422 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4421 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2018-4420 (A memory corruption issue was addressed by removing the vulnerable cod ...)
	NOT-FOR-US: Apple
CVE-2018-4419 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4418 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4417 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4416 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4415 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4414 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4413 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2018-4412 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4411 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4410 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4409 (A resource exhaustion issue was addressed with improved input validati ...)
	NOT-FOR-US: Apple
CVE-2018-4408 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4407 (A memory corruption issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2018-4406 (A denial of service issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2018-4405
	RESERVED
CVE-2018-4404 (In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corr ...)
	NOT-FOR-US: Apple
CVE-2018-4403 (This issue was addressed by removing additional entitlements. This iss ...)
	NOT-FOR-US: Apple
CVE-2018-4402 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4401 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4400 (A validation issue was addressed with improved logic. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4399 (An access issue existed with privileged API calls. This issue was addr ...)
	NOT-FOR-US: Apple
CVE-2018-4398 (An issue existed in the method for determining prime numbers. This iss ...)
	NOT-FOR-US: Apple
CVE-2018-4397 (Analytics data was sent using HTTP rather than HTTPS. This was address ...)
	NOT-FOR-US: Apple
CVE-2018-4396 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4395 (This issue was addressed with improved checks. This issue affected ver ...)
	NOT-FOR-US: Apple
CVE-2018-4394 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4393 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4392 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4391 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4390 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4389 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4388 (A lock screen issue allowed access to the share function on a locked d ...)
	NOT-FOR-US: Apple
CVE-2018-4387 (A lock screen issue allowed access to photos via Reply With Message on ...)
	NOT-FOR-US: Apple
CVE-2018-4386 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4385 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4384 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4383 (A memory corruption issue was addressed with improved state management ...)
	NOT-FOR-US: Apple
CVE-2018-4382 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4381 (A resource exhaustion issue was addressed with improved input validati ...)
	NOT-FOR-US: Apple
CVE-2018-4380 (A lock screen issue allowed access to photos and contacts on a locked  ...)
	NOT-FOR-US: Apple
CVE-2018-4379 (A lock screen issue allowed access to the share function on a locked d ...)
	NOT-FOR-US: Apple
CVE-2018-4378 (A memory corruption issue was addressed with improved validation. This ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4377 (A cross-site scripting issue existed in Safari. This issue was address ...)
	NOT-FOR-US: Apple
CVE-2018-4376 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4375 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4374 (A logic issue was addressed with improved validation. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4373 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4372 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4371 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4370
	RESERVED
CVE-2018-4369 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4368 (A denial of service issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2018-4367 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4366 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4365 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4364
	RESERVED
CVE-2018-4363 (An input validation issue existed in the kernel. This issue was addres ...)
	NOT-FOR-US: Apple
CVE-2018-4362 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4361 (A memory consumption issue was addressed with improved memory handling ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4360 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4359 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4358 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4357 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple Xcode
CVE-2018-4356 (A permissions issue existed. This issue was addressed with improved pe ...)
	NOT-FOR-US: Apple
CVE-2018-4355 (A configuration issue was addressed with additional restrictions. This ...)
	NOT-FOR-US: Apple
CVE-2018-4354 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4353 (A configuration issue was addressed with additional restrictions. This ...)
	NOT-FOR-US: Apple
CVE-2018-4352 (A consistency issue existed in the handling of application snapshots.  ...)
	NOT-FOR-US: Apple
CVE-2018-4351 (A memory initialization issue was addressed with improved memory handl ...)
	NOT-FOR-US: Apple
CVE-2018-4350 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4349
	RESERVED
CVE-2018-4348 (A validation issue was addressed with improved logic. This issue affec ...)
	NOT-FOR-US: Apple
CVE-2018-4347 (A use after free issue was addressed with improved memory management.  ...)
	NOT-FOR-US: Apple
CVE-2018-4346 (A validation issue existed which allowed local file access. This was a ...)
	NOT-FOR-US: Apple
CVE-2018-4345 (A cross-site scripting issue existed in Safari. This issue was address ...)
	- webkit2gtk 2.22.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0008.html
	NOTE: Not covered by security support
CVE-2018-4344 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4343 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4342 (A configuration issue was addressed with additional restrictions. This ...)
	NOT-FOR-US: Apple
CVE-2018-4341 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4340 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4339 (This issue was addressed with a new entitlement. This issue is fixed i ...)
	NOT-FOR-US: Apple
CVE-2018-4338 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4337 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4336 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4335 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4334 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4333 (A validation issue was addressed with improved input sanitization. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4332 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4331 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4330 (In iOS before 11.4, a memory corruption issue exists and was addressed ...)
	NOT-FOR-US: Apple
CVE-2018-4329 (Clearing a history item may not clear visits with redirect chains. The ...)
	NOT-FOR-US: Apple
CVE-2018-4328 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4327 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4326 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4325 (A logic issue was addressed with improved restrictions. This issue aff ...)
	NOT-FOR-US: Apple
CVE-2018-4324 (A permissions issue existed in the handling of the Apple ID. This issu ...)
	NOT-FOR-US: Apple
CVE-2018-4323 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4322 (This issue was addressed with improved entitlements. This issue affect ...)
	NOT-FOR-US: Apple
CVE-2018-4321 (A validation issue existed in the entitlement verification. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4320
	RESERVED
CVE-2018-4319 (A cross-origin issue existed with "iframe" elements. This was addresse ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4318 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4317 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4316 (A memory corruption issue was addressed with improved state management ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4315 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4314 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4313 (A consistency issue existed in the handling of application snapshots.  ...)
	NOT-FOR-US: Apple
CVE-2018-4312 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4311 (The issue was addressed by removing origin information. This issue aff ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4310 (An access issue was addressed with additional sandbox restrictions. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4309 (A cross-site scripting issue existed in Safari. This issue was address ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4308 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4307 (A logic issue was addressed with improved state management. This issue ...)
	NOT-FOR-US: Apple
CVE-2018-4306 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4305 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4304 (A denial of service issue was addressed with improved validation. This ...)
	NOT-FOR-US: Apple
CVE-2018-4303 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4302
	RESERVED
CVE-2018-4301
	RESERVED
	NOT-FOR-US: Apple
CVE-2018-4300 (The session cookie generated by the CUPS web interface was easy to gue ...)
	{DLA-1936-1}
	- cups 2.2.10-1 (bug #915909)
	[stretch] - cups 2.2.1-8+deb9u3
	NOTE: https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c (2.2.10)
	NOTE: https://github.com/apple/cups/commit/b9ff93ce913ff633a3f667317e5a81fa7fe0d5d3 (2.3b6)
	NOTE: Clarification about typo for CVE id: https://github.com/apple/cups/issues/5561
CVE-2018-4299 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4298 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra,  ...)
	NOT-FOR-US: Apple
CVE-2018-4297
	RESERVED
CVE-2018-4296 (This issue is fixed in macOS Mojave 10.14. A permissions issue existed ...)
	NOT-FOR-US: Apple
CVE-2018-4295 (An input validation issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4294
	RESERVED
CVE-2018-4293 (A cookie management issue was addressed with improved checks. This iss ...)
	NOT-FOR-US: Apple
CVE-2018-4292
	RESERVED
CVE-2018-4291 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4290 (A denial of service issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4289 (An information disclosure issue was addressed by removing the vulnerab ...)
	NOT-FOR-US: Apple
CVE-2018-4288 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4287 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4286 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4285 (A type confusion issue was addressed with improved memory handling. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4284 (A type confusion issue was addressed with improved memory handling. Th ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4283 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
	NOT-FOR-US: Apple
CVE-2018-4282 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
	NOT-FOR-US: Apple
CVE-2018-4281 (In SwiftNIO before 1.8.0, a buffer overflow was addressed with improve ...)
	NOT-FOR-US: Apple
CVE-2018-4280 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4279 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple Safari
CVE-2018-4278 (In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11 ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4277 (In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari ...)
	NOT-FOR-US: Apple
CVE-2018-4276 (A null pointer dereference was addressed with improved validation. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4275 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4274 (A spoofing issue existed in the handling of URLs. This issue was addre ...)
	NOT-FOR-US: Apple
CVE-2018-4273 (Multiple memory corruption issues were addressed with improved input v ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4272 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4271 (Multiple memory corruption issues were addressed with improved input v ...)
	- webkit2gtk 2.20.2-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4270 (A memory corruption issue was addressed with improved memory handling. ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4269 (A memory corruption issue was addressed with improved input validation ...)
	NOT-FOR-US: Apple
CVE-2018-4268 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4267 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4266 (A race condition was addressed with additional validation. This issue  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4265 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4264 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4263 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4262 (In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11 ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4261 (Multiple memory corruption issues were addressed with improved memory  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4260 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4259 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4258 (In macOS High Sierra before 10.13.5, a buffer overflow was addressed w ...)
	NOT-FOR-US: Apple
CVE-2018-4257 (In macOS High Sierra before 10.13.5, a buffer overflow was addressed w ...)
	NOT-FOR-US: Apple
CVE-2018-4256 (In macOS High Sierra before 10.13.5, an out-of-bounds read was address ...)
	NOT-FOR-US: Apple
CVE-2018-4255 (In macOS High Sierra before 10.13.5, an out-of-bounds read was address ...)
	NOT-FOR-US: Apple
CVE-2018-4254 (In macOS High Sierra before 10.13.5, an input validation issue existed ...)
	NOT-FOR-US: Apple
CVE-2018-4253 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4252 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4251 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4250 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4249 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4248 (An out-of-bounds read was addressed with improved input validation. Th ...)
	NOT-FOR-US: Apple
CVE-2018-4247 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4246 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.4-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0006.html
CVE-2018-4245
	RESERVED
CVE-2018-4244 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4243 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4242 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4241 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4240 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4239 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4238 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4237 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4236 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4235 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4234 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4233 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4232 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4231
	RESERVED
CVE-2018-4230 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4229 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4228 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4227 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4226 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4225 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4224 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4223 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4222 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4221 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4220 (An issue was discovered in certain Apple products. Swift before 4.1.1  ...)
	NOT-FOR-US: Apple
CVE-2018-4219 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4218 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4217 (In macOS High Sierra before 10.13.5, a privacy issue in the handling o ...)
	NOT-FOR-US: Apple
CVE-2018-4216 (A logic issue existed in the handling of call URLs. This issue was add ...)
	NOT-FOR-US: Apple
CVE-2018-4215 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4214 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4213 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4212 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4211 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4210 (In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS befo ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4209 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4208 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4207 (In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4206 (An issue was discovered in certain Apple products. iOS before 11.3.1 i ...)
	NOT-FOR-US: Apple
CVE-2018-4205 (An issue was discovered in certain Apple products. Safari before 11.1. ...)
	NOT-FOR-US: Apple
CVE-2018-4204 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
	NOTE: Not covered by security support
CVE-2018-4203 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
	NOT-FOR-US: Apple
CVE-2018-4202 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple (iBooks component)
CVE-2018-4201 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.1-2 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4200 (An issue was discovered in certain Apple products. iOS before 11.3.1 i ...)
	- webkit2gtk 2.20.2-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
	NOTE: Not covered by security support
CVE-2018-4199 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4198 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Apple (UIKit component)
CVE-2018-4197 (A use after free issue was addressed with improved memory management.  ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4196 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple (Accessibility Framework component)
CVE-2018-4195 (An inconsistent user interface issue was addressed with improved state ...)
	NOT-FOR-US: Apple
CVE-2018-4194 (In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3. ...)
	NOT-FOR-US: Apple
CVE-2018-4193 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple (Windows Server component)
CVE-2018-4192 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.1-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4191 (A memory corruption issue was addressed with improved validation. This ...)
	- webkit2gtk 2.22.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0007.html
	NOTE: Not covered by security support
CVE-2018-4190 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	- webkit2gtk 2.20.3-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: https://webkitgtk.org/security/WSA-2018-0005.html
CVE-2018-4189 (In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Updat ...)
	NOT-FOR-US: Apple
CVE-2018-4188 (An issue was discovered in certain Apple products. iOS before 11.4 is  ...)
	NOT-FOR-US: Safari
CVE-2018-4187 (An issue was discovered in certain Apple products. iOS before 11.3.1 i ...)
	NOT-FOR-US: Apple (LinkPresentation component)
CVE-2018-4186 (In Safari before 11.1, an information leakage issue existed in the han ...)
	NOT-FOR-US: Apple
CVE-2018-4185 (In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS be ...)
	NOT-FOR-US: Apple
CVE-2018-4184 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple (Speech component)
CVE-2018-4183 (In macOS High Sierra before 10.13.5, an access issue was addressed wit ...)
	- cups <not-affected> (MacOS X specific issue)
	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4182 (In macOS High Sierra before 10.13.5, an access issue was addressed wit ...)
	- cups <not-affected> (MacOS X specific issue)
	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4181 (In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is ...)
	{DSA-4243-1 DLA-1426-1}
	- cups 2.2.8-2
	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4180 (In macOS High Sierra before 10.13.5, an issue existed in CUPS. This is ...)
	{DSA-4243-1 DLA-1426-1}
	- cups 2.2.8-2
	NOTE: Fixed by: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc
CVE-2018-4179 (In macOS High Sierra before 10.13.4, there was an issue with the handl ...)
	NOT-FOR-US: Apple
CVE-2018-4178 (A permissions issue existed in which execute permission was incorrectl ...)
	NOT-FOR-US: Apple
CVE-2018-4177
	RESERVED
CVE-2018-4176 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4175 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4174 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4173 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4172 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4171 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4170 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4169 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra,  ...)
	NOT-FOR-US: Apple
CVE-2018-4168 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4167 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4166 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4165 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4164 (An issue was discovered in certain Apple products. Xcode before 9.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4163 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4162 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4161 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4160 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4159 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4158 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4157 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4156 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4155 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4154 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4153 (An injection issue was addressed with improved validation. This issue  ...)
	NOT-FOR-US: Apple
CVE-2018-4152 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4151 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4150 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4149 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4148 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4147 (In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before  ...)
	NOT-FOR-US: Apple
CVE-2018-4146 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4145 (Multiple memory corruption issues were addressed with improved memory  ...)
	NOT-FOR-US: Apple
CVE-2018-4144 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4143 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4142 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4141 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4140 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4139 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4138 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: NVIDIA graphics driver for MacOS
CVE-2018-4137 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4136 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4135 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4134 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4133 (An issue was discovered in certain Apple products. Safari before 11.1  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4132 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Intel graphics driver for MacOS
CVE-2018-4131 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4130 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4129 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4128 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4127 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4126 (A memory corruption issue was addressed with improved memory handling. ...)
	NOT-FOR-US: Apple
CVE-2018-4125 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4124 (An issue was discovered in certain Apple products. iOS before 11.2.6 i ...)
	NOT-FOR-US: Apple
CVE-2018-4123 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4122 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4121 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
	NOTE: Not covered by security support
CVE-2018-4120 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4119 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4118 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4117 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	{DSA-4256-1}
	- chromium-browser 68.0.3440.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4116 (An issue was discovered in certain Apple products. Safari before 11.1  ...)
	NOT-FOR-US: Apple
CVE-2018-4115 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4114 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4113 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4112 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4111 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4110 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4109 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4108 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4107 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4106 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4105 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4104 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	NOT-FOR-US: Apple
CVE-2018-4103
	RESERVED
CVE-2018-4102 (An issue was discovered in certain Apple products. Safari before 11.1  ...)
	NOT-FOR-US: Apple
CVE-2018-4101 (An issue was discovered in certain Apple products. iOS before 11.3 is  ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4100 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4099
	RESERVED
CVE-2018-4098 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4097 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4096 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2018-4095 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple bluetoothd
	NOTE: https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/
CVE-2018-4094 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4093 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4092 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4091 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4090 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4089 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2018-4088 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2018-4087 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple bluetoothd
	NOTE: https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/
CVE-2018-4086 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4085 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4084 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4083 (An issue was discovered in certain Apple products. macOS before 10.13. ...)
	NOT-FOR-US: Apple
CVE-2018-4082 (An issue was discovered in certain Apple products. iOS before 11.2.5 i ...)
	NOT-FOR-US: Apple
CVE-2018-4081
	RESERVED
CVE-2018-4080
	REJECTED
CVE-2018-4079
	REJECTED
CVE-2018-4078
	REJECTED
CVE-2018-4077
	REJECTED
CVE-2018-4076
	REJECTED
CVE-2018-4075
	REJECTED
CVE-2018-4074
	REJECTED
CVE-2018-4073 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4072 (An exploitable Permission Assignment vulnerability exists in the ACEMa ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4071 (An exploitable Information Disclosure vulnerability exists in the ACEM ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4070 (An exploitable Information Disclosure vulnerability exists in the ACEM ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4069 (An information disclosure vulnerability exists in the ACEManager authe ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4068 (An exploitable information disclosure vulnerability exists in the ACEM ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4067 (An exploitable information disclosure vulnerability exists in the ACEM ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4066 (An exploitable cross-site request forgery vulnerability exists in the  ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4065 (An exploitable cross-site scripting vulnerability exists in the ACEMan ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4064 (An exploitable unverified password change vulnerability exists in the  ...)
	NOT-FOR-US: Sierra Wireless AirLink ES250 firmware
CVE-2018-4063 (An exploitable remote code execution vulnerability exists in the uploa ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4062 (A hard-coded credentials vulnerability exists in the snmpd function of ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4061 (An exploitable command injection vulnerability exists in the ACEManage ...)
	NOT-FOR-US: Sierra Wireless AirLink ES450 firmware
CVE-2018-4060
	REJECTED
CVE-2018-4059 (An exploitable unsafe default configuration vulnerability exists in th ...)
	{DSA-4373-1 DLA-1671-1}
	- coturn 4.5.1.0-1
CVE-2018-4058 (An exploitable unsafe default configuration vulnerability exists in th ...)
	{DSA-4373-1 DLA-1671-1}
	- coturn 4.5.1.0-1
CVE-2018-4057
	REJECTED
CVE-2018-4056 (An exploitable SQL injection vulnerability exists in the administrator ...)
	{DSA-4373-1 DLA-1671-1}
	- coturn 4.5.1.0-1
CVE-2018-4055 (A local privilege escalation vulnerability exists in the install helpe ...)
	NOT-FOR-US: Renderman
CVE-2018-4054 (A local privilege escalation vulnerability exists in the install helpe ...)
	NOT-FOR-US: Renderman
CVE-2018-4053 (An exploitable local denial-of-service vulnerability exists in the pri ...)
	NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4052 (An exploitable local information leak vulnerability exists in the priv ...)
	NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4051 (An exploitable local privilege escalation vulnerability exists in the  ...)
	NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4050 (An exploitable local privilege escalation vulnerability exists in the  ...)
	NOT-FOR-US: GOG Galaxy's Games for MacOS
CVE-2018-4049 (An exploitable local privilege elevation vulnerability exists in the f ...)
	NOT-FOR-US: GOG Galaxy's Games for Windows
CVE-2018-4048 (An exploitable local privilege elevation vulnerability exists in the f ...)
	NOT-FOR-US: GOG Galaxy
CVE-2018-4047 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4046 (An exploitable denial-of-service vulnerability exists in the helper se ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4045 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4044 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4043 (An exploitable privilege escalation vulnerability exists in the Clean  ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4042 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4041 (An exploitable privilege escalation vulnerability exists in the helper ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4040 (An exploitable uninitialized pointer vulnerability exists in the rich  ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-4039 (An exploitable out-of-bounds write vulnerability exists in the PNG imp ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-4038 (An exploitable arbitrary write vulnerability exists in the open docume ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-4037 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4036 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4035 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4034 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4033 (The CleanMyMac X software contains an exploitable privilege escalation ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4032 (An exploitable privilege escalation vulnerability exists in the way th ...)
	NOT-FOR-US: Clean My Mac X
CVE-2018-4031 (An exploitable vulnerability exists in the safe browsing function of t ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4030 (An exploitable vulnerability exists the safe browsing function of the  ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4029 (An exploitable code execution vulnerability exists in the HTTP request ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4028 (An exploitable firmware update vulnerability exists in the NT9665X Chi ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4027 (An exploitable denial-of-service vulnerability exists in the XML_Uploa ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4026 (An exploitable denial-of-service vulnerability exists in the XML_GetSc ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4025 (An exploitable denial-of-service vulnerability exists in the XML_GetRa ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4024 (An exploitable denial-of-service vulnerability exists in the thumbnail ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4023 (An exploitable code execution vulnerability exists in the XML_UploadFi ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4022 (A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v2 ...)
	- mkvtoolnix 28.2.0-1
	[stretch] - mkvtoolnix <not-affected> (Vulnerable code introduced later)
	[jessie] - mkvtoolnix <not-affected> (vulnerable code is not present)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0694
	NOTE: https://gitlab.com/mbunkus/mkvtoolnix/commit/43021d16c7bcd3f9f70214827755a5163782b633
CVE-2018-4021 (An exploitable command injection vulnerability exists in the way Netga ...)
	NOT-FOR-US: pfSense
CVE-2018-4020 (An exploitable command injection vulnerability exists in the way Netga ...)
	NOT-FOR-US: pfSense
CVE-2018-4019 (An exploitable command injection vulnerability exists in the way Netga ...)
	NOT-FOR-US: pfSense
CVE-2018-4018 (An exploitable firmware update vulnerability exists in the NT9665X Chi ...)
	NOT-FOR-US: NT9665X Chipset firmwareNT9665X Chipset firmware on Anker Roav A1 Dashcam
CVE-2018-4017 (An exploitable vulnerability exists in the Wi-Fi Access Point feature  ...)
	NOT-FOR-US: Roav A1 Dashcam
CVE-2018-4016 (An exploitable code execution vulnerability exists in the URL-parsing  ...)
	NOT-FOR-US: Roav A1 Dashcam
CVE-2018-4015 (An exploitable vulnerability exists in the HTTP client functionality o ...)
	NOT-FOR-US: Webroot BrightCloud SDK
CVE-2018-4014 (An exploitable code execution vulnerability exists in Wi-Fi Command 99 ...)
	NOT-FOR-US: Roav A1 Dashcam
CVE-2018-4013 (An exploitable code execution vulnerability exists in the HTTP packet- ...)
	{DSA-4343-1 DLA-1582-1}
	- liblivemedia 2018.10.17-1
	NOTE: http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
CVE-2018-4012 (An exploitable buffer overflow vulnerability exists in the HTTP header ...)
	NOT-FOR-US: Webroot BrightCloud SDK
CVE-2018-4011 (An exploitable integer underflow vulnerability exists in the mdnscap b ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4010 (An exploitable code execution vulnerability exists in the connect func ...)
	NOT-FOR-US: ProtonVPN client
CVE-2018-4009 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4008 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4007 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4006 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4005 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4004 (An exploitable privilege escalation vulnerability exists in the Shimo  ...)
	NOT-FOR-US: Shimo VPN
CVE-2018-4003 (An exploitable heap overflow vulnerability exists in the mdnscap binar ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4002 (An exploitable denial-of-service vulnerability exists in the mdnscap b ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-4001 (An exploitable uninitialized pointer vulnerability exists in the Offic ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-4000 (An exploitable double-free vulnerability exists in the Office Open XML ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3999 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3998 (An exploitable heap-based buffer overflow vulnerability exists in the  ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3997 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3996 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3995 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3994 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3993 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3992 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's PDF Reader
CVE-2018-3991 (An exploitable heap overflow vulnerability exists in the WkbProgramLow ...)
	NOT-FOR-US: WibuKey
CVE-2018-3990 (An exploitable pool corruption vulnerability exists in the 0x8200E804  ...)
	NOT-FOR-US: WibuKey
CVE-2018-3989 (An exploitable kernel memory disclosure vulnerability exists in the 0x ...)
	NOT-FOR-US: WibuKey
CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private information whe ...)
	NOT-FOR-US: Signal Messenger
CVE-2018-3987 (An exploitable information disclosure vulnerability exists in the 'Sec ...)
	NOT-FOR-US: Rakuten Viber on Android
CVE-2018-3986 (An exploitable information disclosure vulnerability exists in the "Sec ...)
	NOT-FOR-US: Telegram Android
CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap binary  ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-3984 (An exploitable uninitialized length vulnerability exists within the Wo ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3983 (An exploitable uninitialized pointer vulnerability exists in the Word  ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3982 (An exploitable arbitrary write vulnerability exists in the Word docume ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3981 (An exploitable out-of-bounds write exists in the TIFF-parsing function ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3980 (An exploitable out-of-bounds write exists in the TIFF-parsing function ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the Nouveau ...)
	- xserver-xorg-video-nouveau <unfixed> (low)
	[bullseye] - xserver-xorg-video-nouveau <ignored> (Minor issue)
	[buster] - xserver-xorg-video-nouveau <ignored> (Minor issue)
	[stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue)
	[jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647
CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word Do ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3977 (An exploitable code execution vulnerability exists in the XCF image re ...)
	{DLA-1865-1 DLA-1861-1}
	- libsdl2-image 2.0.3+dfsg1-3 (bug #912617)
	[stretch] - libsdl2-image 2.0.1+dfsg-2+deb9u2
	- sdl-image1.2 1.2.12-10 (bug #912618)
	[stretch] - sdl-image1.2 1.2.12-5+deb9u2
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0645
	NOTE: https://hg.libsdl.org/SDL_image/rev/170d7d32e4a8
	NOTE: follow-up fix (TALOS-2019-0842): https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10
	NOTE: which got a separate CVE assigned as CVE-2019-5058.
CVE-2018-3976 (An exploitable out-of-bounds write exists in the CALS Raster file form ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3975 (An exploitable uninitialized variable vulnerability exists in the RTF- ...)
	NOT-FOR-US: Atlantis Word Processor
CVE-2018-3974 (An exploitable local privilege elevation vulnerability exists in the f ...)
	NOT-FOR-US: GOG Galaxy's
CVE-2018-3973 (An exploitable out of bounds write exists in the CAL parsing functiona ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3972 (An exploitable code execution vulnerability exists in the Levin deseri ...)
	NOT-FOR-US: Epee library
CVE-2018-3971 (An exploitable arbitrary write vulnerability exists in the 0x2222CC IO ...)
	NOT-FOR-US: Sophos
CVE-2018-3970 (An exploitable memory disclosure vulnerability exists in the 0x222000  ...)
	NOT-FOR-US: Sophos
CVE-2018-3969 (An exploitable vulnerability exists in the verified boot protection of ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-3968 (An exploitable vulnerability exists in the verified boot protection of ...)
	- u-boot 2014.07+dfsg1-1
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633
CVE-2018-3967 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3966 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3965 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3964 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3963 (An exploitable command injection vulnerability exists in the DHCP daem ...)
	NOT-FOR-US: CUJO Smart Firewall
CVE-2018-3962 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3961 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3960 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3959 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3958 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3957 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3956 (An exploitable out-of-bounds read vulnerability exists in the handling ...)
	NOT-FOR-US: Foxit
CVE-2018-3955 (An exploitable operating system command injection exists in the Linksy ...)
	NOT-FOR-US: Linksys
CVE-2018-3954 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
	NOT-FOR-US: Linksys
CVE-2018-3953 (Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware ...)
	NOT-FOR-US: Linksys
CVE-2018-3952 (An exploitable code execution vulnerability exists in the connect func ...)
	NOT-FOR-US: NordVPN
CVE-2018-3951 (An exploitable remote code execution vulnerability exists in the HTTP  ...)
	NOT-FOR-US: TP-Link
CVE-2018-3950 (An exploitable remote code execution vulnerability exists in the ping  ...)
	NOT-FOR-US: TP-Link
CVE-2018-3949 (An exploitable information disclosure vulnerability exists in the HTTP ...)
	NOT-FOR-US: TP-Link
CVE-2018-3948 (An exploitable denial-of-service vulnerability exists in the URI-parsi ...)
	NOT-FOR-US: TP-Link
CVE-2018-3947 (An exploitable information disclosure vulnerability exists in the phon ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3946 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3945 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3944 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3943 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3942 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3941 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3940 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit Software's Foxit PDF Reader
CVE-2018-3939 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit
CVE-2018-3938 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Sony
CVE-2018-3937 (An exploitable command injection vulnerability exists in the measureme ...)
	NOT-FOR-US: Sony
CVE-2018-3936 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
	NOT-FOR-US: Antenna House Office Server Document Converter
CVE-2018-3935 (An exploitable code execution vulnerability exists in the UDP network  ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3934 (An exploitable code execution vulnerability exists in the firmware upd ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3933 (An exploitable out-of-bounds write exists in the Microsoft Word docume ...)
	NOT-FOR-US: Microsoft
CVE-2018-3932 (An exploitable stack-based buffer overflow exists in the Microsoft Wor ...)
	NOT-FOR-US: Microsoft
CVE-2018-3931 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-3930 (In Antenna House Office Server Document Converter version V6.1 Pro MR2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-3929 (An exploitable heap corruption exists in the PowerPoint document conve ...)
	NOT-FOR-US: Microsoft
CVE-2018-3928 (An exploitable code execution vulnerability exists in the firmware upd ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3927 (An exploitable information disclosure vulnerability exists in the cras ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3926 (An exploitable integer underflow vulnerability exists in the ZigBee fi ...)
	NOT-FOR-US: Samsung
CVE-2018-3925 (An exploitable buffer overflow vulnerability exists in the remote vide ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3924 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3923 (A memory corruption vulnerability exists in the PCX-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3922 (A memory corruption vulnerability exists in the ANI-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3921 (A memory corruption vulnerability exists in the PSD-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3920 (An exploitable code execution vulnerability exists in the firmware upd ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3919 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3918 (An exploitable vulnerability exists in the remote servers of Samsung S ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3917 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0 ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3916 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3915 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3914 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3913 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3912 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0 ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3911 (An exploitable HTTP header injection vulnerability exists in the remot ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3910 (An exploitable code execution vulnerability exists in the cloud OTA se ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3909 (An exploitable vulnerability exists in the REST parser of video-core's ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3908 (An exploitable vulnerability exists in the REST parser of video-core's ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250-Firmware
CVE-2018-3907 (An exploitable vulnerability exists in the REST parser of video-core's ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3906 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung
CVE-2018-3905 (An exploitable buffer overflow vulnerability exists in the camera "cre ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3904 (An exploitable buffer overflow vulnerability exists in the camera 'upd ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3903 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0 ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3902 (An exploitable buffer overflow vulnerability exists in the camera "rep ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3901
	RESERVED
CVE-2018-3900 (An exploitable code execution vulnerability exists in the QR code scan ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3899 (An exploitable code execution vulnerability exists in the QR code scan ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3898 (An exploitable code execution vulnerability exists in the QR code scan ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3897 (An exploitable buffer overflow vulnerabilities exist in the /cameras/X ...)
	NOT-FOR-US: Samsung
CVE-2018-3896 (An exploitable buffer overflow vulnerabilities exist in the /cameras/X ...)
	NOT-FOR-US: Samsung
CVE-2018-3895 (An exploitable buffer overflow vulnerability exists in the /cameras/XX ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 Firmware
CVE-2018-3894 (An exploitable buffer overflow vulnerability exists in the /cameras/XX ...)
	NOT-FOR-US: Samsung
CVE-2018-3893 (An exploitable buffer overflow vulnerability exists in the /cameras/XX ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3892 (An exploitable firmware downgrade vulnerability exists in the time syn ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3891 (An exploitable firmware downgrade vulnerability exists in the firmware ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3890 (An exploitable code execution vulnerability exists in the firmware upd ...)
	NOT-FOR-US: Yi Home Camera
CVE-2018-3889 (A specially crafted PCX image processed via the application can lead t ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3888 (A memory corruption vulnerability exists in the PCX-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3887 (A memory corruption vulnerability exists in the PCX-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3886 (A memory corruption vulnerability exists in the PCX-parsing functional ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3885 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: ERPNext
CVE-2018-3884 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: ERPNext
CVE-2018-3883 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: ERPNext
CVE-2018-3882 (An exploitable SQL injection vulnerability exists in the authenticated ...)
	NOT-FOR-US: ERPNext
CVE-2018-3881 (An exploitable unauthenticated XML external injection vulnerability wa ...)
	NOT-FOR-US: FocalScope
CVE-2018-3880 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3879 (An exploitable JSON injection vulnerability exists in the credentials  ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3878 (Multiple exploitable buffer overflow vulnerabilities exist in the cred ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3877 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3876 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3875 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3874 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3873 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung
CVE-2018-3872 (An exploitable buffer overflow vulnerability exists in the credentials ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3871 (An exploitable out-of-bounds write exists in the PCX parsing functiona ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3870 (An exploitable out-of-bounds write exists in the PCX parsing functiona ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3869
	REJECTED
CVE-2018-3868 (A specially crafted TIFF image processed via the application can lead  ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3867 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3866 (An exploitable buffer overflow vulnerability exists in the samsungWifi ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3865 (An exploitable buffer overflow vulnerability exists in the Samsung Wif ...)
	NOT-FOR-US: Samsung
CVE-2018-3864 (An exploitable buffer overflow vulnerability exists in the Samsung Wif ...)
	NOT-FOR-US: Samsung
CVE-2018-3863 (On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0 ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3862 (A specially crafted TIFF image processed via the application can lead  ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3861 (A specially crafted TIFF image processed via the application can lead  ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3860 (An exploitable out-of-bounds write exists in the TIFF parsing function ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3859 (An exploitable out-of-bounds write exists in the TIFF parsing function ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3858 (An exploitable heap overflow exists in the TIFF parsing functionality  ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3857 (An exploitable heap overflow exists in the TIFF parsing functionality  ...)
	NOT-FOR-US: Canvas Draw
CVE-2018-3856 (An exploitable vulnerability exists in the smart cameras RTSP configur ...)
	NOT-FOR-US: Samsung SmartThings Hub STH-ETH-250 devices
CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Li ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3854 (An exploitable information disclosure vulnerability exists in the pass ...)
	NOT-FOR-US: Quicken
CVE-2018-3853 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3852 (An exploitable denial of service vulnerability exists in the Ocularis  ...)
	NOT-FOR-US: Ocularis Recorder
CVE-2018-3851 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Li ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3850 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3849 (In the ffghtb function in NASA CFITSIO 3.42, specially crafted images  ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
	NOTE: Mitigated to a crash due to hardened build flags
CVE-2018-3848 (In the ffghbn function in NASA CFITSIO 3.42, specially crafted images  ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
	NOTE: Mitigated to a crash due to hardened build flags
CVE-2018-3847 (Multiple exploitable buffer overflow vulnerabilities exist in image pa ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530
CVE-2018-3846 (In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially cra ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529
	NOTE: Mitigated to a crash due to hardened build flags
CVE-2018-3845 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Li ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3844 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Li ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3843 (An exploitable type confusion vulnerability exists in the way Foxit PD ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3842 (An exploitable use of an uninitialized pointer vulnerability exists in ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3841 (A denial-of-service vulnerability exists in the Pixar Renderman IT Dis ...)
	NOT-FOR-US: Renderman
CVE-2018-3840 (A denial-of-service vulnerability exists in the Pixar Renderman IT Dis ...)
	NOT-FOR-US: Renderman
CVE-2018-3839 (An exploitable code execution vulnerability exists in the XCF image re ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://hg.libsdl.org/SDL_image/rev/fb643e371806910f1973abfdfe7f981e8dba60f5
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521
CVE-2018-3838 (An exploitable information vulnerability exists in the XCF image rende ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520
CVE-2018-3837 (An exploitable information disclosure vulnerability exists in the PCX  ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://hg.libsdl.org/SDL_image/rev/2938fc80591abeae74b971cbdf966eff3213297e
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519
CVE-2018-7442 (An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutp ...)
	- leptonlib 1.76.0-1 (bug #898439)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <no-dsa> (Minor issue)
	[wheezy] - leptonlib <ignored> (Minor issue)
	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html
CVE-2018-7441 (Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might al ...)
	- leptonlib 1.76.0-1 (unimportant)
	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html
	NOTE: Neutralised by kernel hardening
CVE-2018-7440 (An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutp ...)
	{DLA-1302-1}
	- leptonlib 1.75.3-3 (bug #891932)
	[stretch] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836 not applied)
	[jessie] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836 not applied)
	NOTE: https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212
	NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
CVE-2018-3836 (An exploitable command injection vulnerability exists in the gplotMake ...)
	{DLA-1284-1}
	- leptonlib 1.75.3-1 (bug #889759)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516
	NOTE: https://github.com/DanBloomberg/leptonica/issues/303
	NOTE: When fixing this issue make sure the fix is complete and includes as well
	NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
	NOTE: to not open CVE-2018-7440.
CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in version 2.2 ...)
	NOT-FOR-US: Per Face Texture (PTEX)
CVE-2018-3834 (An exploitable permanent denial of service vulnerability exists in Ins ...)
	NOT-FOR-US: Insteon Hub
CVE-2018-3833 (An exploitable firmware downgrade vulnerability exists in Insteon Hub  ...)
	NOT-FOR-US: Insteon Hub
CVE-2018-3832 (An exploitable firmware update vulnerability exists in Insteon Hub run ...)
	NOT-FOR-US: Insteon Hub
CVE-2018-3831 (Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6. ...)
	- elasticsearch <removed>
CVE-2018-3830 (Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulner ...)
	- kibana <itp> (bug #700337)
CVE-2018-3829 (In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was disco ...)
	NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3828 (Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an info ...)
	NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3827 (A sensitive data disclosure flaw was found in the Elasticsearch reposi ...)
	NOT-FOR-US: Elasticsearch repository-azure
CVE-2018-3826 (In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was f ...)
	- elasticsearch <removed>
CVE-2018-3825 (In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default ma ...)
	NOT-FOR-US: Elastic Cloud Enterprise
CVE-2018-3824 (X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-si ...)
	NOT-FOR-US: Elastic X-Pack Machine Learning
CVE-2018-3823 (X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-si ...)
	NOT-FOR-US: Elastic X-Pack Machine Learning
CVE-2018-3822 (X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a u ...)
	NOT-FOR-US: Elastic X-Pack Security
CVE-2018-3821 (Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-sit ...)
	- kibana <itp> (bug #700337)
CVE-2018-3820 (Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scriptin ...)
	- kibana <itp> (bug #700337)
CVE-2018-3819 (The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security ...)
	- kibana <itp> (bug #700337)
CVE-2018-3818 (Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (X ...)
	- kibana <itp> (bug #700337)
CVE-2018-3817 (When logging warnings regarding deprecated settings, Logstash before 5 ...)
	- logstash <itp> (bug #664841)
CVE-2018-3816
	RESERVED
CVE-2018-3815 (The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) pr ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2018-3814 (Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP co ...)
	NOT-FOR-US: Craft CMS
CVE-2018-3813 (getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.16 ...)
	NOT-FOR-US: FLIR Brickstream 2300 devices
CVE-2018-3812
	RESERVED
CVE-2018-3811 (SQL Injection vulnerability in the Oturia Smart Google Code Inserter p ...)
	NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress
CVE-2018-3810 (Authentication Bypass vulnerability in the Oturia Smart Google Code In ...)
	NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress
CVE-2018-3809 (Information exposure through directory listings in serve 6.5.3 allows  ...)
	NOT-FOR-US: serve nodejs module
CVE-2018-3808
	RESERVED
CVE-2018-3807
	RESERVED
CVE-2018-3806
	RESERVED
CVE-2018-3805
	RESERVED
CVE-2018-3804
	RESERVED
CVE-2018-3803
	RESERVED
CVE-2018-3802
	RESERVED
CVE-2018-3801
	RESERVED
CVE-2018-3800
	RESERVED
CVE-2018-3799
	RESERVED
CVE-2018-3798
	RESERVED
CVE-2018-3797
	RESERVED
CVE-2018-3796
	RESERVED
CVE-2018-3795
	RESERVED
CVE-2018-3794
	RESERVED
CVE-2018-3793
	RESERVED
CVE-2018-3792
	RESERVED
CVE-2018-3791
	RESERVED
CVE-2018-3790
	RESERVED
CVE-2018-3789
	RESERVED
CVE-2018-3788
	RESERVED
CVE-2018-3787 (Path traversal in simplehttpserver &lt;v0.2.1 allows listing any file  ...)
	NOT-FOR-US: simplehttpserver node module
CVE-2018-3786 (A command injection vulnerability in egg-scripts &lt;v2.8.1 allows arb ...)
	NOT-FOR-US: egg-scripts
CVE-2018-3785 (A command injection in git-dummy-commit v1.3.0 allows os level command ...)
	NOT-FOR-US: Node.js third-party module git-dummy-commit
CVE-2018-3784 (A code injection in cryo 0.0.6 allows an attacker to arbitrarily execu ...)
	NOT-FOR-US: cryo
CVE-2018-3783 (A privilege escalation detected in flintcms versions &lt;= 1.1.9 allow ...)
	NOT-FOR-US: flintcms
CVE-2018-3782
	REJECTED
CVE-2018-3781 (A missing sanitization of search results for an autocomplete field in  ...)
	NOT-FOR-US: NextCloud Talk
CVE-2018-3780 (A missing sanitization of search results for an autocomplete field in  ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3779 (active-support ruby gem 5.2.0 could allow a remote attacker to execute ...)
	NOT-FOR-US: Trojaned gem release
CVE-2018-3778 (Improper authorization in aedes version &lt;0.35.0 will publish a LWT  ...)
	NOT-FOR-US: aedes
CVE-2018-3777 (Insufficient URI encoding in restforce before 3.0.0 allows attacker to ...)
	NOT-FOR-US: restforce
CVE-2018-3776 (Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0. ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3775 (Improper Authentication in Nextcloud Server prior to version 12.0.3 wo ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3774 (Incorrect parsing in url-parse &lt;1.4.3 returns wrong hostname which  ...)
	- node-url-parse 1.2.0-2 (bug #906058)
	[stretch] - node-url-parse 1.0.5-2+deb9u1
	NOTE: https://hackerone.com/reports/384029
	NOTE: https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a
	NOTE: https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
CVE-2018-3773 (There is a stored Cross-Site Scripting vulnerability in Open Graph met ...)
	NOT-FOR-US: metascrape nodejs module
CVE-2018-3772 (Concatenating unsanitized user input in the `whereis` npm module &lt;  ...)
	NOT-FOR-US: whereis nodejs module
CVE-2018-3771 (An XSS in statics-server &lt;= 0.0.9 can be used via injected iframe i ...)
	NOT-FOR-US: statics-server nodejs module
CVE-2018-3770 (A path traversal exists in markdown-pdf version &lt;9.0.0 that allows  ...)
	NOT-FOR-US: markdown-pdf nodejs module
CVE-2018-3769 (ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerab ...)
	- ruby-grape 1.1.0-1 (bug #903086)
	[stretch] - ruby-grape <no-dsa> (Minor issue)
	NOTE: https://github.com/ruby-grape/grape/commit/6876b71efc7b03f7ce1be3f075eaa4e7e6de19af
	NOTE: https://github.com/ruby-grape/grape/issues/1762
	NOTE: https://github.com/ruby-grape/grape/pull/1763
CVE-2018-3768
	REJECTED
CVE-2018-3767 (`memjs` versions &lt;= 1.1.0 allocates and stores buffers on typed inp ...)
	NOT-FOR-US: memjs node module
CVE-2018-3766 (Path traversal in buttle module versions &lt;= 0.2.0 allows to read an ...)
	NOT-FOR-US: buttle node module
CVE-2018-3765
	RESERVED
CVE-2018-3764 (In Nextcloud Contacts before 2.1.2, a missing sanitization of search r ...)
	NOT-FOR-US: Nextcloud Contacts
CVE-2018-3763 (In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization o ...)
	NOT-FOR-US: Nextcloud Contacts
CVE-2018-3762 (Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3761 (Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authent ...)
	- nextcloud <itp> (bug #835086)
CVE-2018-3760 (There is an information leak vulnerability in Sprockets. Versions Affe ...)
	{DSA-4242-1 DLA-1419-1}
	- ruby-sprockets 3.7.0-1.1 (bug #901913)
	NOTE: https://www.openwall.com/lists/oss-security/2018/06/19/2
	NOTE: https://github.com/rails/sprockets/commit/c09131cf5b2c479263939c8582e22b98ed616c5f (master)
	NOTE: https://github.com/rails/sprockets/commit/9c34fa05900b968d74f08ccf40917848a7be9441 (3.x)
	NOTE: https://github.com/rails/sprockets/commit/18b8a7f07a50c245e9aee7854ecdbe606bbd8bb5 (2.x)
CVE-2018-3759 (private_address_check ruby gem before 0.5.0 is vulnerable to a time-of ...)
	NOT-FOR-US: private_address_check
CVE-2018-3758 (Unrestricted file upload (RCE) in express-cart module before 1.1.7 all ...)
	NOT-FOR-US: express-cart
CVE-2018-3757 (Command injection exists in pdf-image v2.0.0 due to an unescaped strin ...)
	NOT-FOR-US: node pdf-image
CVE-2018-3756 (Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable  ...)
	NOT-FOR-US: Hyperledger Iroha
CVE-2018-3755 (XSS in sexstatic &lt;=0.6.2 causes HTML injection in directory name(s) ...)
	NOT-FOR-US: sexstatic
CVE-2018-3754 (Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0. ...)
	NOT-FOR-US: query-mysql
CVE-2018-3753 (The utilities function in all versions &lt;= 1.0.0 of the merge-object ...)
	NOT-FOR-US: merge-objects
CVE-2018-3752 (The utilities function in all versions &lt;= 1.0.0 of the merge-option ...)
	NOT-FOR-US: merge-options
CVE-2018-3751 (The utilities function in all versions &lt;= 0.3.0 of the merge-recurs ...)
	NOT-FOR-US: merge-recursive
CVE-2018-3750 (The utilities function in all versions &lt;= 0.5.0 of the deep-extend  ...)
	- node-deep-extend 0.4.1-2 (unimportant; bug #926616)
	NOTE: https://nodesecurity.io/advisories/612
	NOTE: nodejs not covered by security support
CVE-2018-3749 (The utilities function in all versions &lt; 1.0.1 of the deap node mod ...)
	NOT-FOR-US: deap
CVE-2018-3748 (There is a Stored XSS vulnerability in the glance node module versions ...)
	NOT-FOR-US: glance node module (different from src:glance)
CVE-2018-3747 (The public node module versions &lt;= 1.0.3 allows to embed HTML in fi ...)
	NOT-FOR-US: public node module versions
CVE-2018-3746 (The pdfinfojs NPM module versions &lt;= 0.3.6 has a command injection  ...)
	NOT-FOR-US: pdfinfojs nodejs module
CVE-2018-3745 (atob 2.0.3 and earlier allocates uninitialized Buffers when number is  ...)
	NOT-FOR-US: nodejs atob module
CVE-2018-3744 (The html-pages node module contains a path traversal vulnerabilities t ...)
	NOT-FOR-US: html-pages nodejs module
CVE-2018-3743 (Open redirect in hekto &lt;=0.2.3 when target domain name is used as h ...)
	NOT-FOR-US: hekto nodejs module
CVE-2018-3742
	REJECTED
CVE-2018-3741 (There is a possible XSS vulnerability in all rails-html-sanitizer gem  ...)
	- ruby-rails-html-sanitizer 1.0.4-1 (bug #893994)
	[stretch] - ruby-rails-html-sanitizer <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby to a ...)
	{DSA-4358-1}
	[experimental] - ruby-sanitize 4.6.5-1
	- ruby-sanitize 4.6.6-1 (bug #893610)
	[jessie] - ruby-sanitize <ignored> (Only occurs with libxml2 >= 2.9.2, jessie has 2.9.1)
	NOTE: https://github.com/rgrove/sanitize/issues/176
	NOTE: https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e (v4.6.3)
	NOTE: Fixes for 2.1.x: https://github.com/rgrove/sanitize/compare/v2.1.0...v2.1.1
	NOTE: Only an issue in combination with libxml2 >= 2.9.2
	NOTE: The 'fragment' method was renamed from 'clean' method in earlier version
	NOTE: in v3.0.0
CVE-2018-3739 (https-proxy-agent before 2.1.1 passes auth option to the Buffer constr ...)
	NOT-FOR-US: https-proxy-agent
CVE-2018-3738 (protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto  ...)
	NOT-FOR-US: protobufjs
CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. ...)
	- node-sshpk 1.13.1+dfsg-2 (bug #901093)
	NOTE: https://github.com/joyent/node-sshpk/issues/44
	NOTE: https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957
CVE-2018-3736
	REJECTED
CVE-2018-3735 (bracket-template suffers from reflected XSS possible when variable pas ...)
	NOT-FOR-US: bracket-template nodejs module
CVE-2018-3734 (stattic node module suffers from a Path Traversal vulnerability due to ...)
	NOT-FOR-US: stattic nodejs module
CVE-2018-3733 (crud-file-server node module before 0.9.0 suffers from a Path Traversa ...)
	NOT-FOR-US: crud-file-server nodejs module
CVE-2018-3732 (resolve-path node module before 1.4.0 suffers from a Path Traversal vu ...)
	NOT-FOR-US: resolve-path nodejs module
CVE-2018-3731 (public node module suffers from a Path Traversal vulnerability due to  ...)
	NOT-FOR-US: public nodejs module
CVE-2018-3730 (mcstatic node module suffers from a Path Traversal vulnerability due t ...)
	NOT-FOR-US: mcstatic nodejs module
CVE-2018-3729 (localhost-now node module suffers from a Path Traversal vulnerability  ...)
	NOT-FOR-US: localhost-now nodejs module
CVE-2018-3728 (hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Mo ...)
	- node-hoek 5.0.3-1 (unimportant)
	NOTE: fixed in 4.2.1
	NOTE: https://github.com/hapijs/hoek/issues/230
	NOTE: https://hackerone.com/reports/310439
	NOTE: https://snyk.io/vuln/npm:hoek:20180212
	NOTE: https://nodesecurity.io/advisories/566
	NOTE: nodejs not covered by security support
CVE-2018-3727 (626 node module suffers from a Path Traversal vulnerability due to lac ...)
	NOT-FOR-US: 626 node module
CVE-2018-3726 (crud-file-server node module before 0.8.0 suffers from a Cross-Site Sc ...)
	NOT-FOR-US: crud-file-server nodejs module
CVE-2018-3725 (hekto node module suffers from a Path Traversal vulnerability due to l ...)
	NOT-FOR-US: hekto nodejs module
CVE-2018-3724 (general-file-server node module suffers from a Path Traversal vulnerab ...)
	NOT-FOR-US: general-file-server node module
CVE-2018-3723 (defaults-deep node module before 0.2.4 suffers from a Modification of  ...)
	NOT-FOR-US: defaults-deep node module
CVE-2018-3722 (merge-deep node module before 3.0.1 suffers from a Modification of Ass ...)
	NOT-FOR-US: merge-deep node module
CVE-2018-3721 (lodash node module before 4.17.5 suffers from a Modification of Assume ...)
	- node-lodash 4.17.11+dfsg-1 (unimportant; bug #890575)
	NOTE: https://snyk.io/vuln/npm:lodash:20180130
	NOTE: https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
	NOTE: nodejs not covered by security support
CVE-2018-3720 (assign-deep node module before 0.4.7 suffers from a Modification of As ...)
	NOT-FOR-US: assign-deep node module
CVE-2018-3719 (mixin-deep node module before 1.3.1 suffers from a Modification of Ass ...)
	- node-mixin-deep 1.1.3-2 (bug #898315)
	[stretch] - node-mixin-deep 1.1.3-1+deb9u1
	NOTE: https://nodesecurity.io/advisories/578
CVE-2018-3718 (serve node module suffers from Improper Handling of URL Encoding by pe ...)
	NOT-FOR-US: serve node module
CVE-2018-3717 (connect node module before 2.14.0 suffers from a Cross-Site Scripting  ...)
	- node-connect 3.0.0-1
	NOTE: https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b
CVE-2018-3716 (simplehttpserver node module suffers from a Cross-Site Scripting vulne ...)
	NOT-FOR-US: simplehttpserver node module
CVE-2018-3715 (glance node module before 3.0.4 suffers from a Path Traversal vulnerab ...)
	NOT-FOR-US: glance node module
CVE-2018-3714 (node-srv node module suffers from a Path Traversal vulnerability due t ...)
	NOT-FOR-US: node-srv node module
CVE-2018-3713 (angular-http-server node module suffers from a Path Traversal vulnerab ...)
	NOT-FOR-US: angular-http-server node module
CVE-2018-3712 (serve node module before 6.4.9 suffers from a Path Traversal vulnerabi ...)
	NOT-FOR-US: npm serve
	NOTE: fixed in 6.4.9 upstream
	NOTE: https://github.com/zeit/serve/commit/6adad6881c61991da61ebc857857c53409544575
	NOTE: https://github.com/zeit/serve/pull/316
	NOTE: https://hackerone.com/reports/307666
	NOTE: https://nodesecurity.io/advisories/561
CVE-2018-3711 (Fastify node module before 0.38.0 is vulnerable to a denial-of-service ...)
	NOT-FOR-US: Fastify
	NOTE: fixed in 0.38.0 upstream
	NOTE: https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76
	NOTE: https://hackerone.com/reports/303632
	NOTE: https://nodesecurity.io/advisories/564
CVE-2018-3710 (Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable  ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2018-3709
	RESERVED
CVE-2018-3708
	RESERVED
CVE-2018-3707
	RESERVED
CVE-2018-3706
	RESERVED
CVE-2018-3705 (Improper directory permissions in the installer for the Intel(R) Syste ...)
	NOT-FOR-US: Intel System Defense Utility
CVE-2018-3704 (Improper directory permissions in the installer for the Intel Parallel ...)
	NOT-FOR-US: Intel Parallel Studio
CVE-2018-3703 (Improper directory permissions in the installer for the Intel(R) SSD D ...)
	NOT-FOR-US: Intel
CVE-2018-3702 (Improper permissions in the installer for the ITE Tech* Consumer Infra ...)
	NOT-FOR-US: ITE Tech* Consumer Infrared Driver for Windows 10
CVE-2018-3701 (Improper directory permissions in the installer for Intel(R) PROSet/Wi ...)
	NOT-FOR-US: Intel
CVE-2018-3700 (Code injection vulnerability in the installer for Intel(R) USB 3.0 eXt ...)
	NOT-FOR-US: Intel
CVE-2018-3699 (Cross-site scripting in the Intel RAID Web Console v3 for Windows may  ...)
	NOT-FOR-US: Intel RAID Web Console
CVE-2018-3698 (Improper file permissions in the installer for the Intel Ready Mode Te ...)
	NOT-FOR-US: Intel
CVE-2018-3697 (Improper directory permissions in the installer for the Intel Media Se ...)
	NOT-FOR-US: Intel
CVE-2018-3696 (Authentication bypass in the Intel RAID Web Console 3 for Windows befo ...)
	NOT-FOR-US: Intel RAID Web Console
CVE-2018-3695
	RESERVED
CVE-2018-3694
	RESERVED
CVE-2018-3693 (Systems with microprocessors utilizing speculative execution and branc ...)
	- linux <unfixed>
	NOTE: https://access.redhat.com/solutions/3523601
	NOTE: https://01.org/security/advisories/intel-oss-10002
	NOTE: Speculative Bounds Checks Bypass with Store (BCBS)
CVE-2018-3692
	RESERVED
CVE-2018-3691 (Some implementations in Intel Integrated Performance Primitives Crypto ...)
	NOT-FOR-US: Intel
CVE-2018-3690
	REJECTED
CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform Software Compo ...)
	NOT-FOR-US: Intel
CVE-2018-3688 (Unquoted service paths in Intel Quartus Prime Programmer and Tools in  ...)
	NOT-FOR-US: Intel
CVE-2018-3687 (Unquoted service paths in Intel Quartus II Programmer and Tools in ver ...)
	NOT-FOR-US: Intel
CVE-2018-3686 (Code injection vulnerability in INTEL-SA-00086 Detection Tool before v ...)
	NOT-FOR-US: Intel
CVE-2018-3685
	RESERVED
CVE-2018-3684 (Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 all ...)
	NOT-FOR-US: Intel
CVE-2018-3683 (Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0  ...)
	NOT-FOR-US: Intel
CVE-2018-3682 (BMC Firmware in Intel server boards, compute modules, and systems pote ...)
	NOT-FOR-US: Intel
CVE-2018-3681
	RESERVED
CVE-2018-3680
	RESERVED
CVE-2018-3679 (Escalation of privilege in Reference UI in Intel Data Center Manager S ...)
	NOT-FOR-US: Intel
CVE-2018-3678
	RESERVED
CVE-2018-3677
	RESERVED
CVE-2018-3676
	RESERVED
CVE-2018-3675
	RESERVED
CVE-2018-3674
	RESERVED
CVE-2018-3673
	RESERVED
CVE-2018-3672 (Driver module in Intel Smart Sound Technology before version 9.21.00.3 ...)
	NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3671 (Escalation of privilege in Intel Saffron admin application before 11.4 ...)
	NOT-FOR-US: Intel Saffron admin application
CVE-2018-3670 (Driver module in Intel Smart Sound Technology before version 9.21.00.3 ...)
	NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3669 (A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wi ...)
	NOT-FOR-US: Intel
CVE-2018-3668 (Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) befor ...)
	NOT-FOR-US: Intel
CVE-2018-3667 (Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets ...)
	NOT-FOR-US: Intel
CVE-2018-3666 (Driver module in Intel Smart Sound Technology before version 9.21.00.3 ...)
	NOT-FOR-US: Driver module in Intel Smart Sound Technology
CVE-2018-3665 (System software utilizing Lazy FP state restore technique on systems u ...)
	{DSA-4232-1 DLA-1422-1}
	- linux 4.6.1-1
	- xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://xenbits.xen.org/xsa/advisory-267.html
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
	NOTE: Default eagerfpu=on on all CPUs: https://git.kernel.org/linus/58122bf1d856a4ea9581d62a07c557d997d46a19
	NOTE: Hard-disable lazy FPU mode: https://git.kernel.org/linus/ca6938a1cd8a1c5e861a99b67f84ac166fc2b9e7
CVE-2018-3664
	RESERVED
CVE-2018-3663 (Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows ...)
	NOT-FOR-US: Intel Saffron MemoryBase
CVE-2018-3662 (Escalation of privilege in Intel Saffron MemoryBase before version 11. ...)
	NOT-FOR-US: Intel Saffron MemoryBase
CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities selview.exe an ...)
	NOT-FOR-US: Intel
CVE-2018-3660
	RESERVED
CVE-2018-3659 (A vulnerability in Intel PTT module in Intel CSME firmware before vers ...)
	NOT-FOR-US: Intel
CVE-2018-3658 (Multiple memory leaks in Intel AMT in Intel CSME firmware versions bef ...)
	NOT-FOR-US: Intel
CVE-2018-3657 (Multiple buffer overflows in Intel AMT in Intel CSME firmware versions ...)
	NOT-FOR-US: Intel
CVE-2018-3656
	RESERVED
CVE-2018-3655 (A vulnerability in a subsystem in Intel CSME before version 11.21.55,  ...)
	NOT-FOR-US: Intel
CVE-2018-3654
	RESERVED
CVE-2018-3653
	RESERVED
CVE-2018-3652 (Existing UEFI setting restrictions for DCI (Direct Connect Interface)  ...)
	NOT-FOR-US: Intel
CVE-2018-3651
	RESERVED
CVE-2018-3650 (Insufficient Input Validation in Bleach module in INTEL Distribution f ...)
	NOT-FOR-US: Intel
CVE-2018-3649 (DLL injection vulnerability in the installation executables (Autorun.e ...)
	NOT-FOR-US: Intel
CVE-2018-3648
	RESERVED
CVE-2018-3647
	RESERVED
CVE-2018-3646 (Systems with microprocessors utilizing speculative execution and addre ...)
	{DSA-4279-1 DSA-4274-1 DLA-1481-1}
	- linux 4.17.15-1
	[jessie] - linux <ignored> (Too invasive and risky to apply)
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	- intel-microcode 3.20180703.1
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
	NOTE: https://foreshadowattack.eu/
	NOTE: https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
	NOTE: https://xenbits.xen.org/xsa/advisory-273.html
	NOTE: Updates were already shipped with 20180703 release, but only disclosed later, see #906158
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keyboard a ...)
	NOT-FOR-US: Intel
CVE-2018-3644
	RESERVED
CVE-2018-3643 (A vulnerability in Power Management Controller firmware in systems usi ...)
	NOT-FOR-US: Intel
CVE-2018-3642
	RESERVED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard a ...)
	NOT-FOR-US: Intel
CVE-2018-3640 (Systems with microprocessors utilizing speculative execution and that  ...)
	{DSA-4273-2 DSA-4273-1 DLA-1446-1}
	- intel-microcode 3.20180703.1
	NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
	NOTE: No software mitigations planned to be implemented in src:linux
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3639 (Systems with microprocessors utilizing speculative execution and specu ...)
	{DSA-4273-2 DSA-4273-1 DSA-4210-1 DLA-1731-1 DLA-1715-1 DLA-1529-1 DLA-1446-1 DLA-1423-1}
	- intel-microcode 3.20180703.1
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	[wheezy] - linux <ignored> (Too much work to backport)
	- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u7
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	NOTE: https://xenbits.xen.org/xsa/advisory-263.html
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
	NOTE: Qemu part of the mitigations for the speculative store buffer bypass
	NOTE: vulnerabilities on x86 are needed: #908682
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=d19d1f965904a533998739698020ff4ee8a103da
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=cfeea0c021db6234c154dbc723730e81553924ff
	NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=403503b162ffc33fb64cfefdf7b880acf41772cd
CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote Keyboard a ...)
	NOT-FOR-US: Intel
CVE-2018-3637
	RESERVED
CVE-2018-3636
	RESERVED
CVE-2018-3635 (Insufficient input validation in installer in Intel Rapid Store Techno ...)
	NOT-FOR-US: Intel
CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connect Acc ...)
	NOT-FOR-US: Intel
CVE-2018-3633
	REJECTED
CVE-2018-3632 (Memory corruption in Intel Active Management Technology in Intel Conve ...)
	NOT-FOR-US: Intel
CVE-2018-3631
	RESERVED
CVE-2018-3630
	REJECTED
CVE-2018-3629 (Buffer overflow in event handler in Intel Active Management Technology ...)
	NOT-FOR-US: Intel
CVE-2018-3628 (Buffer overflow in HTTP handler in Intel Active Management Technology  ...)
	NOT-FOR-US: Intel
CVE-2018-3627 (Logic bug in Intel Converged Security Management Engine 11.x may allow ...)
	NOT-FOR-US: Intel
CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9 ...)
	NOT-FOR-US: Intel
CVE-2018-3625
	RESERVED
CVE-2018-3624 (Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM7 ...)
	NOT-FOR-US: Intel
CVE-2018-3623
	RESERVED
CVE-2018-3622
	RESERVED
CVE-2018-3621 (Insufficient input validation in the Intel Driver &amp; Support Assist ...)
	NOT-FOR-US: Intel
CVE-2018-3620 (Systems with microprocessors utilizing speculative execution and addre ...)
	{DSA-4279-1 DSA-4274-1 DLA-1529-1 DLA-1481-1}
	- linux 4.17.15-1
	- xen 4.11.1~pre.20180911.5acdd26fdc+dfsg-2
	[jessie] - xen <ignored> (Depends on fix for CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
	- intel-microcode 3.20180703.1
	NOTE: Updates were already shipped with 20180703 release, but only disclosed later, see #906158
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
	NOTE: https://foreshadowattack.eu/
	NOTE: https://git.kernel.org/linus/958f338e96f874a0d29442396d6adf9c1e17aa2d
	NOTE: https://xenbits.xen.org/xsa/advisory-273.html
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3619 (Information disclosure vulnerability in storage media in systems with  ...)
	NOT-FOR-US: Intel
CVE-2018-3618
	RESERVED
CVE-2018-3617
	REJECTED
CVE-2018-3616 (Bleichenbacher-style side channel vulnerability in TLS implementation  ...)
	NOT-FOR-US: Intel
CVE-2018-3615 (Systems with microprocessors utilizing speculative execution and Intel ...)
	- intel-microcode 3.20180703.1
	NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
	NOTE: https://foreshadowattack.eu/
	NOTE: The 3.20180703.1 release for intel-microcode was the first batch of updates which targeted
	NOTE: most server type CPUs, additional models were supported in the 3.20180807a.1 release
CVE-2018-3614
	RESERVED
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=751
	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html
CVE-2018-3613 (Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2 ...)
	NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=415
	NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=44
	NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html
CVE-2018-3612 (Intel NUC kits with insufficient input validation in system firmware,  ...)
	NOT-FOR-US: Intel
CVE-2018-3611 (Bounds check vulnerability in User Mode Driver in Intel Graphics Drive ...)
	NOT-FOR-US: Intel
CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before version 3.1.1 ...)
	NOT-FOR-US: Intel
CVE-2018-3609 (A vulnerability in the Trend Micro InterScan Messaging Security Virtua ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3608 (A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (ver ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3607 (XXXTreeNode method SQL injection remote code execution (RCE) vulnerabi ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3606 (XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL inj ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3605 (TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3604 (GetXXX method SQL injection remote code execution (RCE) vulnerabilitie ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3603 (A CGGIServlet SQL injection remote code execution (RCE) vulnerability  ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3602 (An AdHocQuery_Processor SQL injection remote code execution (RCE) vuln ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3601 (A password hash usage authentication bypass vulnerability in Trend Mic ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3600 (A external entity processing information disclosure (XXE) vulnerabilit ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3599 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3598 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3597 (In the ADSP RPC driver in Android releases from CAF using the linux ke ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3595 (Anti-rollback can be bypassed in replay scenario during app loading du ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3594 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3593 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3592 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3591 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3590 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3589 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3588 (There is improper access control of the SSC and GPU mapped regions whi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3587 (In a firmware memory dump feature in all Android releases from CAF usi ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3586 (An integer overflow to buffer overflow vulnerability exists in the ADS ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3585
	RESERVED
CVE-2018-3584 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3583 (A buffer overflow can occur while processing an extscan hotlist event  ...)
	NOT-FOR-US: Snapdragon
CVE-2018-3582 (Buffer overflow can occur due to improper input validation in multiple ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3581 (In the WLAN driver in all Android releases from CAF (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3580 (Stack-based buffer overflow can occur In the WLAN driver if the pmkid_ ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3579 (In the WLAN driver in all Android releases from CAF (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3578 (Type mismatch for ie_len can cause the WLAN driver to allocate less me ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3577 (While processing fragments, when the fragment count becomes very large ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3576 (improper validation of array index in WiFi driver function sapInterfer ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3575
	RESERVED
CVE-2018-3574 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	- linux <not-affected> (Qualcomm specific changes)
CVE-2018-3573 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3572 (While processing a DSP buffer in an audio driver's event handler, an i ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3571 (In the KGSL driver in all Android releases from CAF (Android for MSM,  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3570 (In the cpuidle driver in all Android releases(Android for MSM, Firefox ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3569 (A buffer over-read can occur during a fast initial link setup (FILS) c ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3568 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3567 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3566 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3565 (While sending a probe request indication in lim_send_sme_probe_req_ind ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3564 (In the FastRPC driver in Android releases from CAF using the linux ker ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3563 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3562 (Buffer over -read can occur while processing a FILS authentication fra ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3561 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3560 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3559
	RESERVED
CVE-2018-3558
	RESERVED
CVE-2018-3557
	RESERVED
CVE-2018-3556
	RESERVED
CVE-2018-3555
	RESERVED
CVE-2018-3554
	RESERVED
CVE-2018-3553
	RESERVED
CVE-2018-3552
	RESERVED
CVE-2018-3551
	RESERVED
CVE-2018-3550
	RESERVED
CVE-2018-3549
	RESERVED
CVE-2018-3548
	RESERVED
CVE-2018-3547
	RESERVED
CVE-2018-3546
	RESERVED
CVE-2018-3545
	RESERVED
CVE-2018-3544
	RESERVED
CVE-2018-3543
	RESERVED
CVE-2018-3542
	RESERVED
CVE-2018-3541
	RESERVED
CVE-2018-3540
	RESERVED
CVE-2018-3539
	RESERVED
CVE-2018-3538
	RESERVED
CVE-2018-3537
	RESERVED
CVE-2018-3536
	RESERVED
CVE-2018-3535
	RESERVED
CVE-2018-3534
	RESERVED
CVE-2018-3533
	RESERVED
CVE-2018-3532
	RESERVED
CVE-2018-3531
	RESERVED
CVE-2018-3530
	RESERVED
CVE-2018-3529
	RESERVED
CVE-2018-3528
	RESERVED
CVE-2018-3527
	RESERVED
CVE-2018-3526
	RESERVED
CVE-2018-3525
	RESERVED
CVE-2018-3524
	RESERVED
CVE-2018-3523
	RESERVED
CVE-2018-3522
	RESERVED
CVE-2018-3521
	RESERVED
CVE-2018-3520
	RESERVED
CVE-2018-3519
	RESERVED
CVE-2018-3518
	RESERVED
CVE-2018-3517
	RESERVED
CVE-2018-3516
	RESERVED
CVE-2018-3515
	RESERVED
CVE-2018-3514
	RESERVED
CVE-2018-3513
	RESERVED
CVE-2018-3512
	RESERVED
CVE-2018-3511
	RESERVED
CVE-2018-3510
	RESERVED
CVE-2018-3509
	RESERVED
CVE-2018-3508
	RESERVED
CVE-2018-3507
	RESERVED
CVE-2018-3506
	RESERVED
CVE-2018-3505
	RESERVED
CVE-2018-3504
	RESERVED
CVE-2018-3503
	RESERVED
CVE-2018-3502
	RESERVED
CVE-2018-3501
	RESERVED
CVE-2018-3500
	RESERVED
CVE-2018-3499
	RESERVED
CVE-2018-3498
	RESERVED
CVE-2018-3497
	RESERVED
CVE-2018-3496
	RESERVED
CVE-2018-3495
	RESERVED
CVE-2018-3494
	RESERVED
CVE-2018-3493
	RESERVED
CVE-2018-3492
	RESERVED
CVE-2018-3491
	RESERVED
CVE-2018-3490
	RESERVED
CVE-2018-3489
	RESERVED
CVE-2018-3488
	RESERVED
CVE-2018-3487
	RESERVED
CVE-2018-3486
	RESERVED
CVE-2018-3485
	RESERVED
CVE-2018-3484
	RESERVED
CVE-2018-3483
	RESERVED
CVE-2018-3482
	RESERVED
CVE-2018-3481
	RESERVED
CVE-2018-3480
	RESERVED
CVE-2018-3479
	RESERVED
CVE-2018-3478
	RESERVED
CVE-2018-3477
	RESERVED
CVE-2018-3476
	RESERVED
CVE-2018-3475
	RESERVED
CVE-2018-3474
	RESERVED
CVE-2018-3473
	RESERVED
CVE-2018-3472
	RESERVED
CVE-2018-3471
	RESERVED
CVE-2018-3470
	RESERVED
CVE-2018-3469
	RESERVED
CVE-2018-3468
	RESERVED
CVE-2018-3467
	RESERVED
CVE-2018-3466
	RESERVED
CVE-2018-3465
	RESERVED
CVE-2018-3464
	RESERVED
CVE-2018-3463
	RESERVED
CVE-2018-3462
	RESERVED
CVE-2018-3461
	RESERVED
CVE-2018-3460
	RESERVED
CVE-2018-3459
	RESERVED
CVE-2018-3458
	RESERVED
CVE-2018-3457
	RESERVED
CVE-2018-3456
	RESERVED
CVE-2018-3455
	RESERVED
CVE-2018-3454
	RESERVED
CVE-2018-3453
	RESERVED
CVE-2018-3452
	RESERVED
CVE-2018-3451
	RESERVED
CVE-2018-3450
	RESERVED
CVE-2018-3449
	RESERVED
CVE-2018-3448
	RESERVED
CVE-2018-3447
	RESERVED
CVE-2018-3446
	RESERVED
CVE-2018-3445
	RESERVED
CVE-2018-3444
	RESERVED
CVE-2018-3443
	RESERVED
CVE-2018-3442
	RESERVED
CVE-2018-3441
	RESERVED
CVE-2018-3440
	RESERVED
CVE-2018-3439
	RESERVED
CVE-2018-3438
	RESERVED
CVE-2018-3437
	RESERVED
CVE-2018-3436
	RESERVED
CVE-2018-3435
	RESERVED
CVE-2018-3434
	RESERVED
CVE-2018-3433
	RESERVED
CVE-2018-3432
	RESERVED
CVE-2018-3431
	RESERVED
CVE-2018-3430
	RESERVED
CVE-2018-3429
	RESERVED
CVE-2018-3428
	RESERVED
CVE-2018-3427
	RESERVED
CVE-2018-3426
	RESERVED
CVE-2018-3425
	RESERVED
CVE-2018-3424
	RESERVED
CVE-2018-3423
	RESERVED
CVE-2018-3422
	RESERVED
CVE-2018-3421
	RESERVED
CVE-2018-3420
	RESERVED
CVE-2018-3419
	RESERVED
CVE-2018-3418
	RESERVED
CVE-2018-3417
	RESERVED
CVE-2018-3416
	RESERVED
CVE-2018-3415
	RESERVED
CVE-2018-3414
	RESERVED
CVE-2018-3413
	RESERVED
CVE-2018-3412
	RESERVED
CVE-2018-3411
	RESERVED
CVE-2018-3410
	RESERVED
CVE-2018-3409
	RESERVED
CVE-2018-3408
	RESERVED
CVE-2018-3407
	RESERVED
CVE-2018-3406
	RESERVED
CVE-2018-3405
	RESERVED
CVE-2018-3404
	RESERVED
CVE-2018-3403
	RESERVED
CVE-2018-3402
	RESERVED
CVE-2018-3401
	RESERVED
CVE-2018-3400
	RESERVED
CVE-2018-3399
	RESERVED
CVE-2018-3398
	RESERVED
CVE-2018-3397
	RESERVED
CVE-2018-3396
	RESERVED
CVE-2018-3395
	RESERVED
CVE-2018-3394
	RESERVED
CVE-2018-3393
	RESERVED
CVE-2018-3392
	RESERVED
CVE-2018-3391
	RESERVED
CVE-2018-3390
	RESERVED
CVE-2018-3389
	RESERVED
CVE-2018-3388
	RESERVED
CVE-2018-3387
	RESERVED
CVE-2018-3386
	RESERVED
CVE-2018-3385
	RESERVED
CVE-2018-3384
	RESERVED
CVE-2018-3383
	RESERVED
CVE-2018-3382
	RESERVED
CVE-2018-3381
	RESERVED
CVE-2018-3380
	RESERVED
CVE-2018-3379
	RESERVED
CVE-2018-3378
	RESERVED
CVE-2018-3377
	RESERVED
CVE-2018-3376
	RESERVED
CVE-2018-3375
	RESERVED
CVE-2018-3374
	RESERVED
CVE-2018-3373
	RESERVED
CVE-2018-3372
	RESERVED
CVE-2018-3371
	RESERVED
CVE-2018-3370
	RESERVED
CVE-2018-3369
	RESERVED
CVE-2018-3368
	RESERVED
CVE-2018-3367
	RESERVED
CVE-2018-3366
	RESERVED
CVE-2018-3365
	RESERVED
CVE-2018-3364
	RESERVED
CVE-2018-3363
	RESERVED
CVE-2018-3362
	RESERVED
CVE-2018-3361
	RESERVED
CVE-2018-3360
	RESERVED
CVE-2018-3359
	RESERVED
CVE-2018-3358
	RESERVED
CVE-2018-3357
	RESERVED
CVE-2018-3356
	RESERVED
CVE-2018-3355
	RESERVED
CVE-2018-3354
	RESERVED
CVE-2018-3353
	RESERVED
CVE-2018-3352
	RESERVED
CVE-2018-3351
	RESERVED
CVE-2018-3350
	RESERVED
CVE-2018-3349
	RESERVED
CVE-2018-3348
	RESERVED
CVE-2018-3347
	RESERVED
CVE-2018-3346
	RESERVED
CVE-2018-3345
	RESERVED
CVE-2018-3344
	RESERVED
CVE-2018-3343
	RESERVED
CVE-2018-3342
	RESERVED
CVE-2018-3341
	RESERVED
CVE-2018-3340
	RESERVED
CVE-2018-3339
	RESERVED
CVE-2018-3338
	RESERVED
CVE-2018-3337
	RESERVED
CVE-2018-3336
	RESERVED
CVE-2018-3335
	RESERVED
CVE-2018-3334
	RESERVED
CVE-2018-3333
	RESERVED
CVE-2018-3332
	RESERVED
CVE-2018-3331
	RESERVED
CVE-2018-3330
	RESERVED
CVE-2018-3329
	RESERVED
CVE-2018-3328
	RESERVED
CVE-2018-3327
	RESERVED
CVE-2018-3326
	RESERVED
CVE-2018-3325
	RESERVED
CVE-2018-3324
	RESERVED
CVE-2018-3323
	RESERVED
CVE-2018-3322
	RESERVED
CVE-2018-3321
	RESERVED
CVE-2018-3320
	RESERVED
CVE-2018-3319
	RESERVED
CVE-2018-3318
	RESERVED
CVE-2018-3317
	RESERVED
CVE-2018-3316 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2018-3315 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2018-3314 (Vulnerability in the MICROS Relate CRM Software component of Oracle Re ...)
	NOT-FOR-US: Oracle
CVE-2018-3313
	RESERVED
CVE-2018-3312 (Vulnerability in the Oracle Retail Customer Engagement component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3311 (Vulnerability in the Oracle Retail Xstore Payment component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3310
	RESERVED
CVE-2018-3309 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.22-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3308
	RESERVED
CVE-2018-3307
	RESERVED
CVE-2018-3306
	RESERVED
CVE-2018-3305 (Vulnerability in the Oracle Application Testing Suite component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3304 (Vulnerability in the Oracle Application Testing Suite component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3303 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3302 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3301 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3300 (Vulnerability in the Oracle Retail Xstore Office product of Oracle Ret ...)
	NOT-FOR-US: Oracle
CVE-2018-3299 (Vulnerability in the Oracle Text component of Oracle Database Server.  ...)
	NOT-FOR-US: Oracle
CVE-2018-3298 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3297 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3296 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3295 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3294 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3293 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3292 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3291 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3290 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3289 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3288 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3287 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3286 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3285 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3284 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3283 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3282 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1 DLA-1566-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <removed>
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB: 10.1.37, 10.0.37
CVE-2018-3281 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-3280 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3279 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3278 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3277 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3276 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3275 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3274 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3273 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3272 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3271 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3270 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3269 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3268 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3267 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3266 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3265 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3264 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3263 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3262 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3261 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3260
	RESERVED
CVE-2018-3259 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2018-3258 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	- mysql-connector-java <not-affected> (Only affects 8.x, bug #912916)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CVE-2018-3257 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3256 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2018-3255 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3254 (Vulnerability in the Oracle WebCenter Portal component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3253 (Vulnerability in the Oracle Virtual Directory component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-3252 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3251 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.1.37, 10.0.37
CVE-2018-3250 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3249 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3247 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3246 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3245 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3244 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3243 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-3242 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2018-3241 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-3240
	RESERVED
CVE-2018-3239 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3238 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3237 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2018-3236 (Vulnerability in the Oracle User Management component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-3235 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2018-3234 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3233 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3232 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3231 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3230 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3229 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3228 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3227 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3226 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3225 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3224 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3223 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3222 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3221 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3220 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3219 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3218 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3217 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3216
	RESERVED
CVE-2018-3215 (Vulnerability in the Oracle Endeca Information Discovery Integrator co ...)
	NOT-FOR-US: Oracle
CVE-2018-3214 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
CVE-2018-3213 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3212 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3211 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	- openjdk-8 <not-affected> (Specific to Oracle Java)
CVE-2018-3210 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3209 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjfx 11+26-1
	[stretch] - openjfx <ignored> (Specific details withheld by Oracle, impossible to fix)
	NOTE: CPU marks this as only affecting 8.x, so marking first 11 upload as fixed
CVE-2018-3208 (Vulnerability in the Hyperion Data Relationship Management component o ...)
	NOT-FOR-US: Oracle
CVE-2018-3207 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3206 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3205 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3204 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
	NOT-FOR-US: Oracle
CVE-2018-3203 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3202 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3201 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3200 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3199
	RESERVED
CVE-2018-3198 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3197 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3196 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...)
	NOT-FOR-US: Oracle
CVE-2018-3195 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3194 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3193 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3192 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3191 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-3190 (Vulnerability in the Oracle E-Business Intelligence component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-3189 (Vulnerability in the Oracle Customer Interaction History component of  ...)
	NOT-FOR-US: Oracle
CVE-2018-3188 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2018-3187 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3186 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3185 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3184 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcom ...)
	NOT-FOR-US: Oracle
CVE-2018-3183 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4326-1}
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
CVE-2018-3182 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3181 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-3180 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3179 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3178 (Vulnerability in the Hyperion Common Events component of Oracle Hyperi ...)
	NOT-FOR-US: Oracle
CVE-2018-3177 (Vulnerability in the Hyperion Common Events component of Oracle Hyperi ...)
	NOT-FOR-US: Oracle
CVE-2018-3176 (Vulnerability in the Hyperion Common Events component of Oracle Hyperi ...)
	NOT-FOR-US: Oracle
CVE-2018-3175 (Vulnerability in the Hyperion Common Events component of Oracle Hyperi ...)
	NOT-FOR-US: Oracle
CVE-2018-3174 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1 DLA-1566-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <removed>
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.1.37, 10.0.37
CVE-2018-3173 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3172 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-3171 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3170 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3169 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3168 (Vulnerability in the Oracle Identity Analytics component of Oracle Fus ...)
	NOT-FOR-US: Oracle
CVE-2018-3167 (Vulnerability in the Application Management Pack for Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2018-3166 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3165 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3164 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3163 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3162 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3161 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3160 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-3159 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3158 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3157 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-11 11.0.1+13-1
CVE-2018-3156 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.1.37, 10.0.37
CVE-2018-3155 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3154 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3153 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3152 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3151 (Vulnerability in the Oracle iProcurement component of Oracle E-Busines ...)
	NOT-FOR-US: Oracle
CVE-2018-3150 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3149 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3148 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-3147 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3146 (Vulnerability in the Oracle iLearning component of Oracle iLearning (s ...)
	NOT-FOR-US: Oracle
CVE-2018-3145 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3144 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3143 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1570-1}
	- mariadb-10.1 1:10.1.37-1 (bug #912848)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6, MySQL 5.7 and MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
	NOTE: Fixed in MariaDB 10.1.37, 10.0.37
CVE-2018-3142 (Vulnerability in the Hyperion Essbase Administration Services componen ...)
	NOT-FOR-US: Oracle
CVE-2018-3141 (Vulnerability in the Hyperion Essbase Administration Services componen ...)
	NOT-FOR-US: Oracle
CVE-2018-3140 (Vulnerability in the Hyperion Essbase Administration Services componen ...)
	NOT-FOR-US: Oracle
CVE-2018-3139 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3138 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3137 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 8)
	- mysql-5.5 <not-affected> (Only affects MySQL 8)
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3136 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4326-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-2
	- openjdk-10 10.0.2+13-2
	- openjdk-11 11.0.1+13-1
CVE-2018-3135 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3134 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
	NOT-FOR-US: Oracle
CVE-2018-3133 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DLA-1566-1}
	- mysql-5.7 5.7.24-1 (bug #911221)
	- mysql-5.5 <removed>
	NOTE: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixMSQL
CVE-2018-3132 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3131 (Vulnerability in the Oracle Hospitality Gift and Loyalty component of  ...)
	NOT-FOR-US: Oracle
CVE-2018-3130 (Vulnerability in the PeopleSoft Enterprise Interaction Hub component o ...)
	NOT-FOR-US: Oracle
CVE-2018-3129 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3128 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2018-3127 (Vulnerability in the Oracle Demantra Demand Management component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3126 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...)
	NOT-FOR-US: Oracle
CVE-2018-3125 (Vulnerability in the Oracle Retail Merchandising System component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3124
	RESERVED
CVE-2018-3123 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.25-1
CVE-2018-3122 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2018-3121
	RESERVED
CVE-2018-3120 (Vulnerability in the MICROS Lucas component of Oracle Retail Applicati ...)
	NOT-FOR-US: Oracle
CVE-2018-3119
	RESERVED
CVE-2018-3118
	RESERVED
CVE-2018-3117
	RESERVED
CVE-2018-3116
	RESERVED
CVE-2018-3115 (Vulnerability in the Oracle Retail Sales Audit component of Oracle Ret ...)
	NOT-FOR-US: Oracle
CVE-2018-3114
	RESERVED
CVE-2018-3113
	RESERVED
CVE-2018-3112
	RESERVED
CVE-2018-3111 (Vulnerability in the Oracle Retail Xstore Office component of Oracle R ...)
	NOT-FOR-US: Oracle
CVE-2018-3110 (A vulnerability was discovered in the Java VM component of Oracle Data ...)
	NOT-FOR-US: Oracle
CVE-2018-3109 (Vulnerability in the Oracle Fusion Middleware MapViewer component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3108 (Vulnerability in the Oracle Fusion Middleware component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-3107
	RESERVED
CVE-2018-3106
	RESERVED
CVE-2018-3105 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middl ...)
	NOT-FOR-US: Oracle
CVE-2018-3104 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3103 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3102 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3101 (Vulnerability in the Oracle WebCenter Portal component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-3100 (Vulnerability in the Oracle Business Process Management Suite componen ...)
	NOT-FOR-US: Oracle
CVE-2018-3099 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3098 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3097 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3096 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3095 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3094 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3093 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3092 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3091 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3090 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3089 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3088 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3087 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3086 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3085 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3084 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3083
	RESERVED
CVE-2018-3082 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3081 (Vulnerability in the MySQL Client component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB: 10.2.15, 10.1.33, 10.0.35
CVE-2018-3080 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3079 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3078 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3077 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3076 (Vulnerability in the PeopleSoft Enterprise CS Financial Aid component  ...)
	NOT-FOR-US: Oracle
CVE-2018-3075 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3074 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3073 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3072 (Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Pr ...)
	NOT-FOR-US: Oracle
CVE-2018-3071 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3070 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DLA-1566-1}
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
CVE-2018-3069 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
	NOT-FOR-US: Oracle
CVE-2018-3068 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources compone ...)
	NOT-FOR-US: Oracle
CVE-2018-3067 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	NOT-FOR-US: Oracle MySQL 8
CVE-2018-3066 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1488-1}
	- mariadb-10.1 1:10.1.35-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
	NOTE: MariaDB fixed in 10.0.36, 10.1.35
CVE-2018-3065 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3064 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1488-1}
	- mariadb-10.1 1:10.1.35-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	NOTE: MariaDB: Fixed in 10.0.36, 10.1.35
CVE-2018-3063 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1488-1}
	- mariadb-10.1 1:10.1.35-1
	- mariadb-10.0 <removed>
	- mysql-5.5 <removed>
	NOTE: MariaDB: Fixed in 10.0.36, 10.1.35
CVE-2018-3062 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3061 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3060 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3059 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2018-3058 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1488-1}
	- mariadb-10.1 1:10.1.35-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
	NOTE: MariaDB fixed in 10.0.36, 10.1.35
CVE-2018-3057 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3056 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3055 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3054 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.23-1 (bug #904121)
CVE-2018-3053 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
	NOT-FOR-US: Oracle
CVE-2018-3052 (Vulnerability in the MICROS Relate CRM Software component of Oracle Re ...)
	NOT-FOR-US: Oracle
CVE-2018-3051 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3050 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3049 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3048 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3047 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3046 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3045 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3044 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3043 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3042 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3041 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3040 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3039 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3038 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3037 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-3036 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-3035 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3034 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3033 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3032 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3031 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3030 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3029 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3028 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-3027 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3026 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3025 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3024 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3023 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3022 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3021 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3020 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-3019 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3018 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2018-3017 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-3016 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3015 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-3014 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-3013 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-3012 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-3011 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-3010 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3009 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-3008 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2018-3007 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...)
	NOT-FOR-US: Oracle
CVE-2018-3006 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-3005 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-3004 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2018-3003 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
	NOT-FOR-US: Oracle
CVE-2018-3002 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
	NOT-FOR-US: Oracle
CVE-2018-3001 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-3000 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-2999 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2998 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2997 (Vulnerability in the Oracle Scripting component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2018-2996 (Vulnerability in the Oracle Applications Manager component of Oracle E ...)
	NOT-FOR-US: Oracle
CVE-2018-2995 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2018-2994 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...)
	NOT-FOR-US: Oracle
CVE-2018-2993 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2992 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2991 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-2990 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2989 (Vulnerability in the Oracle iLearning component of Oracle iLearning (s ...)
	NOT-FOR-US: Oracle
CVE-2018-2988 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...)
	NOT-FOR-US: Oracle
CVE-2018-2987 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2986 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2985 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2984 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
	NOT-FOR-US: Oracle
CVE-2018-2983
	RESERVED
CVE-2018-2982 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2981 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2980 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2979 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2978 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2977 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2976 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2975 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2974 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2973 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-8 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-10 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2972 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-10 10.0.2+13-1
CVE-2018-2971 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2970 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2969 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2968 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2967 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2966 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2965 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2964 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-10 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2963 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2962 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2961 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2960 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2959 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...)
	NOT-FOR-US: Oracle
CVE-2018-2958 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2018-2957 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-2956 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-2955 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...)
	NOT-FOR-US: Oracle
CVE-2018-2954 (Vulnerability in the Oracle Order Management component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-2953 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2952 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4268-1 DLA-1590-1}
	- openjdk-7 <removed>
	- openjdk-8 8u181-b13-1
	- openjdk-10 10.0.2+13-1
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/baac18e216fb
CVE-2018-2951 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2950 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2949 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2948 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2947 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2946 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2945 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2944 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2943 (Vulnerability in the Oracle Fusion Middleware MapViewer component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2942 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-7 <not-affected> (Windows-specific)
	- openjdk-8 <not-affected> (Windows-specific)
CVE-2018-2941 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjfx 11+26-1 (bug #905215)
	[stretch] - openjfx <ignored> (Specific details withheld by Oracle, impossible to fix)
CVE-2018-2940 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-8 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-10 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2939 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2018-2938 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-7 <not-affected> (Specific to Oracle Java, OpenJDK doesn't bundle Derby)
	- openjdk-8 <not-affected> (Specific to Oracle Java, OpenJDK doesn't bundle Derby)
CVE-2018-2937 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2936 (Vulnerability in the Oracle Communications Messaging Server component  ...)
	NOT-FOR-US: Oracle
CVE-2018-2935 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2934 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2933 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2932 (Vulnerability in the Oracle SuperCluster Specific Software component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2931
	RESERVED
CVE-2018-2930 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...)
	NOT-FOR-US: Oracle
CVE-2018-2929 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2928 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2927 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2926 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2925 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2018-2924 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2923 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2922 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2921 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2920 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2919 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2918 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2917 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2916 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2915 (Vulnerability in the Hyperion Data Relationship Management component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2914 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate  ...)
	NOT-FOR-US: Oracle
CVE-2018-2913 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate  ...)
	NOT-FOR-US: Oracle
CVE-2018-2912 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate  ...)
	NOT-FOR-US: Oracle
CVE-2018-2911 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-2910
	RESERVED
CVE-2018-2909 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2018-2908 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2907 (Vulnerability in the Hyperion Financial Reporting component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2906 (Vulnerability in the Hardware Management Pack component of Oracle Sun  ...)
	NOT-FOR-US: Oracle
CVE-2018-2905 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2904 (Vulnerability in the Oracle Communications EAGLE LNP Application Proce ...)
	NOT-FOR-US: Oracle
CVE-2018-2903 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2902 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2901 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2900 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...)
	NOT-FOR-US: Oracle
CVE-2018-2899 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2898 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2897 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral  ...)
	NOT-FOR-US: Oracle
CVE-2018-2896 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-2895 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2894 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2893 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2892 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2891 (Vulnerability in the Oracle Retail Bulk Data Integration component of  ...)
	NOT-FOR-US: Oracle
CVE-2018-2890
	RESERVED
CVE-2018-2889 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2888 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2887 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2886
	RESERVED
CVE-2018-2885
	RESERVED
CVE-2018-2884
	RESERVED
CVE-2018-2883 (Vulnerability in the Oracle Retail Xstore Office component of Oracle R ...)
	NOT-FOR-US: Oracle
CVE-2018-2882 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2881 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2880 (Vulnerability in the MICROS Retail-J component of Oracle Retail Applic ...)
	NOT-FOR-US: Oracle
CVE-2018-2879 (Vulnerability in the Oracle Access Manager component of Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2018-2878 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components compo ...)
	NOT-FOR-US: Oracle
CVE-2018-2877 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...)
	- mysql-cluster <itp> (bug #833356)
CVE-2018-2876 (Vulnerability in the Oracle Retail Integration Bus component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2875 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2018-2874 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2873 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2872 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2871 (Vulnerability in the Oracle Human Resources component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2870 (Vulnerability in the Oracle Human Resources component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2869 (Vulnerability in the Oracle Human Resources component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2868 (Vulnerability in the Oracle Human Resources component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2867 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2866 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2865 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2864 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2863 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2862 (Vulnerability in the Oracle Retail Point-of-Service component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2861 (Vulnerability in the Oracle Retail Back Office component of Oracle Ret ...)
	NOT-FOR-US: Oracle
CVE-2018-2860 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2859 (Vulnerability in the Oracle Financial Services Basel Regulatory Capita ...)
	NOT-FOR-US: Oracle
CVE-2018-2858 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2857 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2856 (Vulnerability in the Oracle Financial Services Basel Regulatory Capita ...)
	NOT-FOR-US: Oracle
CVE-2018-2855 (Vulnerability in the Oracle Financial Services Basel Regulatory Capita ...)
	NOT-FOR-US: Oracle
CVE-2018-2854 (Vulnerability in the Oracle Financial Services Basel Regulatory Capita ...)
	NOT-FOR-US: Oracle
CVE-2018-2853 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2852 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2851 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2850 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
	NOT-FOR-US: Oracle
CVE-2018-2849 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2848 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2847 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2846 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2845 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2844 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html
CVE-2018-2843 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2842 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2841 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2018-2840 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2839 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2838 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2837 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2836 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2835 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2834 (Vulnerability in the Oracle Data Visualization Desktop component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2833 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2832 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. ...)
	NOT-FOR-US: Oracle
CVE-2018-2831 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2830 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2829 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2828 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-2827 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...)
	NOT-FOR-US: Oracle
CVE-2018-2826 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-10 10.0.2+13-1
CVE-2018-2825 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-10 10.0.2+13-1
CVE-2018-2824 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2823 (Vulnerability in the Oracle Transportation Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2822 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...)
	NOT-FOR-US: Oracle
CVE-2018-2821 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2820 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2819 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4176-1 DLA-1355-1}
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2817 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2816 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2815 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2814 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2813 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2812 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2811 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-8 <not-affected> (Specific to Oracle Java, our installation procedure are obviously different)
CVE-2018-2810 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2809 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2808 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2807 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2806 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2805 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 <not-affected> (Only affects GIS Extension in Oracle MySQL 5.6)
	- mysql-5.5 <not-affected> (Only affects GIS Extension in Oracle MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2804 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2803 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2802 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2801 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2800 (Vulnerability in the Java SE, JRockit component of Oracle Java SE (sub ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2799 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
CVE-2018-2798 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2797 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2796 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
CVE-2018-2795 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2794 (Vulnerability in the Java SE, JRockit component of Oracle Java SE (sub ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2793 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2792 (Vulnerability in the Hardware Management Pack component of Oracle Sun  ...)
	NOT-FOR-US: Oracle
CVE-2018-2791 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2790 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4225-1 DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	[experimental] - openjdk-7 7u181-2.6.14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2789 (Vulnerability in the Siebel Core - Server Framework component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2788 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2787 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2786 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2785 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2784 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2783 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	- openjdk-10 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-8 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-6 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2782 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2781 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2780 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2779 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2778 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2777 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2776 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2775 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2774 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2773 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4176-1 DLA-1355-1}
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2771 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2770 (Vulnerability in the Oracle Adaptive Access Manager component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2769 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2768 (Vulnerability in the Oracle Outside In Technology component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2767 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1566-1 DLA-1407-1}
	- mariadb-10.2 <removed>
	- mariadb-10.1 1:10.1.34-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.23-1 (bug #904121)
	- mysql-5.5 <removed>
	[wheezy] - mysql-5.5 <postponed> (Wait for next upstream security/bugfix release)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/08/2
	NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE for
	NOTE: Oracle products.
	NOTE: For MariaDB: if one connects to the remote server using the embedded library
	NOTE: (libmysqld), then SSL is not enforced.
	NOTE: Fixed in MariaDB: 5.5.60, 10.0.35, 10.1.33, 10.2.15, and 10.3.7
	NOTE: https://github.com/MariaDB/server/commit/f5369faf5bbf
	NOTE: For Oracle: https://github.com/mysql/mysql-server/commit/bbc2e37fe4e
	NOTE: fixed in 5.5.61, 5.6.41, 5.7.23
	NOTE: Strictly speaking though the CVE would be only for Oracle MySQL, for practical
	NOTE: reasons still tracking as well MariaDB here.
CVE-2018-2766 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2765 (Vulnerability in the Oracle Security Service component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-2764 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2763 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2762 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2761 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2760 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2018-2759 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2758 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2757
	RESERVED
CVE-2018-2756 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2755 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4176-1 DLA-1407-1 DLA-1355-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.22-1 (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2754 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2753 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2752 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle Peo ...)
	NOT-FOR-US: Oracle
CVE-2018-2751
	RESERVED
CVE-2018-2750 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2749 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2748 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2747 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2746 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2745
	RESERVED
CVE-2018-2744
	RESERVED
CVE-2018-2743
	RESERVED
CVE-2018-2742 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2741
	RESERVED
CVE-2018-2740
	RESERVED
CVE-2018-2739 (Vulnerability in the Oracle Access Manager component of Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2018-2738 (Vulnerability in the Oracle Retail Central Office component of Oracle  ...)
	NOT-FOR-US: Oracle
CVE-2018-2737 (Vulnerability in the Oracle Retail Returns Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2736
	RESERVED
CVE-2018-2735
	RESERVED
CVE-2018-2734
	RESERVED
CVE-2018-2733 (Vulnerability in the Oracle Hyperion Planning component of Oracle Hype ...)
	NOT-FOR-US: Oracle
CVE-2018-2732 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2018-2731 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component  ...)
	NOT-FOR-US: Oracle
CVE-2018-2730 (Vulnerability in the Oracle Retail Merchandising System component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2729 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing  ...)
	NOT-FOR-US: Oracle
CVE-2018-2728 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing  ...)
	NOT-FOR-US: Oracle
CVE-2018-2727 (Vulnerability in the Oracle Financial Services Market Risk Measurement ...)
	NOT-FOR-US: Oracle
CVE-2018-2726 (Vulnerability in the Oracle Financial Services Market Risk component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2725 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...)
	NOT-FOR-US: Oracle
CVE-2018-2724 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...)
	NOT-FOR-US: Oracle
CVE-2018-2723 (Vulnerability in the Oracle Financial Services Asset Liability Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2722 (Vulnerability in the Oracle Financial Services Price Creation and Disc ...)
	NOT-FOR-US: Oracle
CVE-2018-2721 (Vulnerability in the Oracle Financial Services Price Creation and Disc ...)
	NOT-FOR-US: Oracle
CVE-2018-2720 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...)
	NOT-FOR-US: Oracle
CVE-2018-2719 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...)
	NOT-FOR-US: Oracle
CVE-2018-2718 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2717 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2716 (Vulnerability in the Oracle Financial Services Market Risk Measurement ...)
	NOT-FOR-US: Oracle
CVE-2018-2715 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...)
	NOT-FOR-US: Oracle
CVE-2018-2714 (Vulnerability in the Oracle Financial Services Market Risk component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2713 (Vulnerability in the Oracle WebCenter Portal component of Oracle Fusio ...)
	NOT-FOR-US: Oracle
CVE-2018-2712 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...)
	NOT-FOR-US: Oracle
CVE-2018-2711 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion Midd ...)
	NOT-FOR-US: Oracle
CVE-2018-2710 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2709 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2708 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-2707 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2706 (Vulnerability in the Oracle Banking Corporate Lending component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2705 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-2704 (Vulnerability in the Oracle Banking Payments component of Oracle Finan ...)
	NOT-FOR-US: Oracle
CVE-2018-2703 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2702 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...)
	NOT-FOR-US: Oracle
CVE-2018-2701 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2700 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2699 (Vulnerability in the Application Express component of Oracle Database  ...)
	NOT-FOR-US: Oracle
CVE-2018-2698 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2697 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2696 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2695 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2694 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2693 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox-guest-additions-iso 5.2.6-1
	[jessie] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2018-2692 (Vulnerability in the Oracle Financial Services Asset Liability Managem ...)
	NOT-FOR-US: Oracle
CVE-2018-2691 (Vulnerability in the Oracle User Management component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2690 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2689 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2688 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2687 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2686 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2685 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2684 (Vulnerability in the Oracle User Management component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2683 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2682 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...)
	NOT-FOR-US: Oracle
CVE-2018-2681 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2680 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
	NOT-FOR-US: Oracle
CVE-2018-2679 (Vulnerability in the Oracle Financial Services Profitability Managemen ...)
	NOT-FOR-US: Oracle Financial Services Applications
CVE-2018-2678 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2677 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2676 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2675 (Vulnerability in the Java Advanced Management Console component of Ora ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2018-2674 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2673 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2672 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2671 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2670 (Vulnerability in the Oracle Financial Services Profitability Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2667 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management component of  ...)
	NOT-FOR-US: Oracle
CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2664 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2663 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2662 (Vulnerability in the Oracle Transportation Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2661 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2018-2660 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2018-2659 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2658 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...)
	NOT-FOR-US: Oracle
CVE-2018-2657 (Vulnerability in the Java SE, JRockit component of Oracle Java SE (sub ...)
	- openjdk-9 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-8 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-7 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-6 <not-affected> (Seems to be specific to Oracle Java)
CVE-2018-2656 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...)
	NOT-FOR-US: Oracle
CVE-2018-2655 (Vulnerability in the Oracle Work in Process component of Oracle E-Busi ...)
	NOT-FOR-US: Oracle
CVE-2018-2654 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources compone ...)
	NOT-FOR-US: Oracle
CVE-2018-2653 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2652 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2651 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2650 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...)
	NOT-FOR-US: Oracle
CVE-2018-2649 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2648 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2647 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2646 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2645 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2644 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2018-2643 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2639 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2638 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2637 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2636 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2635 (Vulnerability in the Oracle Application Object Library component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2634 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2633 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2632 (Vulnerability in the Siebel Engineering - Installer and Deployment com ...)
	NOT-FOR-US: Oracle
CVE-2018-2631 (Vulnerability in the Oracle Transportation Management component of Ora ...)
	NOT-FOR-US: Oracle
CVE-2018-2630 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2629 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2628 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2627 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjdk-9 <not-affected> (Specific to installer for Windows)
	- openjdk-8 <not-affected> (Specific to installer for Windows)
CVE-2018-2626 (Vulnerability in the Oracle Financial Services Balance Sheet Planning  ...)
	NOT-FOR-US: Oracle
CVE-2018-2625 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2624 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2621 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...)
	NOT-FOR-US: Oracle
CVE-2018-2620 (Vulnerability in the Primavera Unifier component of Oracle Constructio ...)
	NOT-FOR-US: Oracle
CVE-2018-2619 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2618 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2617 (Vulnerability in the OSS Support Tools component of Oracle Support Too ...)
	NOT-FOR-US: Oracle
CVE-2018-2616 (Vulnerability in the OSS Support Tools component of Oracle Support Too ...)
	NOT-FOR-US: Oracle
CVE-2018-2615 (Vulnerability in the OSS Support Tools component of Oracle Support Too ...)
	NOT-FOR-US: Oracle
CVE-2018-2614 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2613 (Vulnerability in the Oracle Argus Safety component of Oracle Health Sc ...)
	NOT-FOR-US: Oracle
CVE-2018-2612 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DLA-1407-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2611 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...)
	NOT-FOR-US: Oracle
CVE-2018-2610 (Vulnerability in the Hyperion Data Relationship Management component o ...)
	NOT-FOR-US: Oracle
CVE-2018-2609 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2018-2608 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2607 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2606 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2605 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2604 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...)
	NOT-FOR-US: Oracle
CVE-2018-2603 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2601 (Vulnerability in the Oracle Internet Directory component of Oracle Fus ...)
	NOT-FOR-US: Oracle
CVE-2018-2600 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2599 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2598 (Vulnerability in the MySQL Workbench component of Oracle MySQL (subcom ...)
	- mysql-workbench 8.0.17+dfsg-1 (bug #904112)
	[stretch] - mysql-workbench <ignored> (Exact details undisclosed, but marginal CVSS score)
	[jessie] - mysql-workbench <postponed> (Exact details undisclosed, but marginal CVSS score)
CVE-2018-2597 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management  ...)
	NOT-FOR-US: Oracle
CVE-2018-2596 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-2595 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcom ...)
	NOT-FOR-US: Oracle
CVE-2018-2594 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcom ...)
	NOT-FOR-US: Oracle
CVE-2018-2593 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...)
	NOT-FOR-US: Oracle
CVE-2018-2592 (Vulnerability in the Oracle Financial Services Balance Sheet Planning  ...)
	NOT-FOR-US: Oracle
CVE-2018-2591 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.20-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2590 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2589 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...)
	NOT-FOR-US: Oracle
CVE-2018-2588 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2587 (Vulnerability in the Oracle Access Manager component of Oracle Fusion  ...)
	NOT-FOR-US: Oracle
CVE-2018-2586 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2585 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...)
	- mysql-connector-net <removed> (bug #887751)
	[stretch] - mysql-connector-net <no-dsa> (Minor issue)
	[jessie] - mysql-connector-net <no-dsa> (Minor issue)
	[wheezy] - mysql-connector-net <no-dsa> (Minor issue)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2584 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2583 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2582 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...)
	{DSA-4144-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
CVE-2018-2581 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...)
	- openjfx 8u161-b12-1 (bug #888530)
	[stretch] - openjfx <ignored> (Specific details withheld by Oracle, impossible to fix)
CVE-2018-2580 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...)
	NOT-FOR-US: Oracle
CVE-2018-2579 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2578 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2577 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2576 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2575 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
	NOT-FOR-US: Oracle
CVE-2018-2574 (Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM ...)
	NOT-FOR-US: Oracle
CVE-2018-2573 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2572 (Vulnerability in the Oracle Agile Product Lifecycle Management for Pro ...)
	NOT-FOR-US: Oracle
CVE-2018-2571 (Vulnerability in the Oracle Communications Unified Inventory Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2570 (Vulnerability in the Oracle Communications Unified Inventory Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2569 (Vulnerability in the Java ME SDK component of Oracle Java Micro Editio ...)
	NOT-FOR-US: Oracle
CVE-2018-2568 (Vulnerability in the Integrated Lights Out Manager (ILOM) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2567 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
	NOT-FOR-US: Oracle
CVE-2018-2566 (Vulnerability in the Integrated Lights Out Manager (ILOM) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2565 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2564 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...)
	NOT-FOR-US: Oracle
CVE-2018-2563 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...)
	{DSA-4341-1 DSA-4091-1 DLA-1407-1 DLA-1250-1}
	- mariadb-10.1 1:10.1.34-1 (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2561 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle
CVE-2018-2560 (Vulnerability in the Solaris component of Oracle Sun Systems Products  ...)
	NOT-FOR-US: Oracle
CVE-2018-2559
	RESERVED
CVE-2018-2558
	RESERVED
CVE-2018-2557
	RESERVED
CVE-2018-2556
	RESERVED
CVE-2018-2555
	RESERVED
CVE-2018-2554
	RESERVED
CVE-2018-2553
	RESERVED
CVE-2018-2552
	RESERVED
CVE-2018-2551
	RESERVED
CVE-2018-2550
	RESERVED
CVE-2018-2549
	RESERVED
CVE-2018-2548
	RESERVED
CVE-2018-2547
	RESERVED
CVE-2018-2546
	RESERVED
CVE-2018-2545
	RESERVED
CVE-2018-2544
	RESERVED
CVE-2018-2543
	RESERVED
CVE-2018-2542
	RESERVED
CVE-2018-2541
	RESERVED
CVE-2018-2540
	RESERVED
CVE-2018-2539
	RESERVED
CVE-2018-2538
	RESERVED
CVE-2018-2537
	RESERVED
CVE-2018-2536
	RESERVED
CVE-2018-2535
	RESERVED
CVE-2018-2534
	RESERVED
CVE-2018-2533
	RESERVED
CVE-2018-2532
	RESERVED
CVE-2018-2531
	RESERVED
CVE-2018-2530
	RESERVED
CVE-2018-2529
	RESERVED
CVE-2018-2528
	RESERVED
CVE-2018-2527
	RESERVED
CVE-2018-2526
	RESERVED
CVE-2018-2525
	RESERVED
CVE-2018-2524
	RESERVED
CVE-2018-2523
	RESERVED
CVE-2018-2522
	RESERVED
CVE-2018-2521
	RESERVED
CVE-2018-2520
	RESERVED
CVE-2018-2519
	RESERVED
CVE-2018-2518
	RESERVED
CVE-2018-2517
	RESERVED
CVE-2018-2516
	RESERVED
CVE-2018-2515
	REJECTED
CVE-2018-2514
	RESERVED
CVE-2018-2513
	RESERVED
CVE-2018-2512
	RESERVED
CVE-2018-2511
	RESERVED
CVE-2018-2510
	RESERVED
CVE-2018-2509
	RESERVED
CVE-2018-2508
	RESERVED
CVE-2018-2507
	RESERVED
CVE-2018-2506
	RESERVED
CVE-2018-2505 (SAP Commerce does not sufficiently validate user-controlled inputs, re ...)
	NOT-FOR-US: SAP
CVE-2018-2504 (SAP NetWeaver AS Java Web Container service does not validate against  ...)
	NOT-FOR-US: SAP
CVE-2018-2503 (By default, the SAP NetWeaver AS Java keystore service does not suffic ...)
	NOT-FOR-US: SAP
CVE-2018-2502 (TRACE method is enabled in SAP Business One Service Layer . Attacker c ...)
	NOT-FOR-US: SAP
CVE-2018-2501
	RESERVED
CVE-2018-2500 (Under certain conditions SAP Mobile Secure Android client (before vers ...)
	NOT-FOR-US: SAP
CVE-2018-2499 (A security weakness in SAP Financial Consolidation Cube Designer (BOBJ ...)
	NOT-FOR-US: SAP
CVE-2018-2498
	RESERVED
CVE-2018-2497 (The security audit log of SAP HANA, versions 1.0 and 2.0, does not log ...)
	NOT-FOR-US: SAP
CVE-2018-2496
	RESERVED
CVE-2018-2495
	RESERVED
CVE-2018-2494 (Necessary authorization checks for an authenticated user, resulting in ...)
	NOT-FOR-US: SAP
CVE-2018-2493
	RESERVED
CVE-2018-2492 (SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently ...)
	NOT-FOR-US: SAP
CVE-2018-2491 (When opening a deep link URL in SAP Fiori Client with log level set to ...)
	NOT-FOR-US: SAP
CVE-2018-2490 (The broadcast messages received by SAP Fiori Client are not protected  ...)
	NOT-FOR-US: SAP
CVE-2018-2489 (Locally, without any permission, an arbitrary android application coul ...)
	NOT-FOR-US: SAP
CVE-2018-2488 (It is possible for a malware application installed on an Android devic ...)
	NOT-FOR-US: SAP
CVE-2018-2487 (SAP Disclosure Management 10.x allows an attacker to exploit through a ...)
	NOT-FOR-US: SAP
CVE-2018-2486 (SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does  ...)
	NOT-FOR-US: SAP
CVE-2018-2485 (It is possible for a malicious application or malware to execute JavaS ...)
	NOT-FOR-US: SAP
CVE-2018-2484 (SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; ...)
	NOT-FOR-US: SAP
CVE-2018-2483 (HTTP Verb Tampering is possible in SAP BusinessObjects Business Intell ...)
	NOT-FOR-US: SAP
CVE-2018-2482 (SAP Mobile Secure Android Application, Mobile-secure.apk Android clien ...)
	NOT-FOR-US: SAP
CVE-2018-2481 (In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to ...)
	NOT-FOR-US: SAP
CVE-2018-2480
	RESERVED
CVE-2018-2479 (SAP BusinessObjects Business Intelligence Platform (BIWorkspace), vers ...)
	NOT-FOR-US: SAP
CVE-2018-2478 (An attacker can use specially crafted inputs to execute commands on th ...)
	NOT-FOR-US: SAP
CVE-2018-2477 (Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, ...)
	NOT-FOR-US: SAP
CVE-2018-2476 (Due to insufficient URL Validation in forums in SAP NetWeaver versions ...)
	NOT-FOR-US: SAP
CVE-2018-2475 (Following the Gardener architecture, the Kubernetes apiserver of a Gar ...)
	NOT-FOR-US: SAP
CVE-2018-2474 (SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) appli ...)
	NOT-FOR-US: SAP
CVE-2018-2473 (SAP BusinessObjects Business Intelligence Platform Server, versions 4. ...)
	NOT-FOR-US: SAP
CVE-2018-2472 (SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web  ...)
	NOT-FOR-US: SAP
CVE-2018-2471 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...)
	NOT-FOR-US: SAP
CVE-2018-2470 (In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30,  ...)
	NOT-FOR-US: SAP
CVE-2018-2469 (Under certain conditions SAP Adaptive Server Enterprise (ASE), version ...)
	NOT-FOR-US: SAP
CVE-2018-2468 (Under certain conditions the backup server in SAP Adaptive Server Ente ...)
	NOT-FOR-US: SAP
CVE-2018-2467 (In the Software Development Kit in SAP BusinessObjects BI Platform Ser ...)
	NOT-FOR-US: SAP
CVE-2018-2466 (In Impact and Lineage Analysis in SAP Data Services, version 4.2, the  ...)
	NOT-FOR-US: SAP
CVE-2018-2465 (SAP HANA (versions 1.0 and 2.0) Extended Application Services classic  ...)
	NOT-FOR-US: SAP
CVE-2018-2464 (SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not su ...)
	NOT-FOR-US: SAP
CVE-2018-2463 (The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6 ...)
	NOT-FOR-US: SAP
CVE-2018-2462 (In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWe ...)
	NOT-FOR-US: SAP
CVE-2018-2461 (Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 H ...)
	NOT-FOR-US: SAP
CVE-2018-2460 (SAP Business One Android application, version 1.2, does not verify the ...)
	NOT-FOR-US: SAP
CVE-2018-2459 (Users of an SAP Mobile Platform (version 3.0) Offline OData applicatio ...)
	NOT-FOR-US: SAP
CVE-2018-2458 (Under certain conditions, Crystal Report using SAP Business One, versi ...)
	NOT-FOR-US: SAP
CVE-2018-2457 (Under certain conditions SAP Adaptive Server Enterprise, version 16.0, ...)
	NOT-FOR-US: SAP
CVE-2018-2456
	RESERVED
CVE-2018-2455 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6. ...)
	NOT-FOR-US: SAP
CVE-2018-2454 (SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6. ...)
	NOT-FOR-US: SAP
CVE-2018-2453
	RESERVED
CVE-2018-2452 (The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.3 ...)
	NOT-FOR-US: SAP
CVE-2018-2451 (XS Command-Line Interface (CLI) user sessions with the SAP HANA Extend ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2450 (SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who ge ...)
	NOT-FOR-US: SAP MaxDB
CVE-2018-2449 (SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - ...)
	NOT-FOR-US: SAP SRM MDM Catalog
CVE-2018-2448 (Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02 ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence Platform
CVE-2018-2447 (SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence) ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence
CVE-2018-2446 (Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1 ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence
CVE-2018-2445 (AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence
CVE-2018-2444 (SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does ...)
	NOT-FOR-US: SAP BusinessObjects Financial Consolidation
CVE-2018-2443
	RESERVED
CVE-2018-2442 (In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4. ...)
	NOT-FOR-US: SAP BusinessObjects Business Intelligence
CVE-2018-2441 (Under certain conditions the SAP Change and Transport System (ABAP), S ...)
	NOT-FOR-US: SAP Change and Transport System
CVE-2018-2440 (Under certain circumstances SAP Dynamic Authorization Management (DAM) ...)
	NOT-FOR-US: SAP
CVE-2018-2439 (The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.5 ...)
	NOT-FOR-US: SAP
CVE-2018-2438 (The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.5 ...)
	NOT-FOR-US: SAP
CVE-2018-2437 (The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7. ...)
	NOT-FOR-US: SAP
CVE-2018-2436 (Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does no ...)
	NOT-FOR-US: SAP
CVE-2018-2435 (SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7. ...)
	NOT-FOR-US: SAP
CVE-2018-2434 (A content spoofing vulnerability in the following components allows to ...)
	NOT-FOR-US: SAP
CVE-2018-2433 (SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 N ...)
	NOT-FOR-US: SAP
CVE-2018-2432 (SAP BusinessObjects Business Intelligence (BI Launchpad and Central Ma ...)
	NOT-FOR-US: SAP
CVE-2018-2431 (SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.2 ...)
	NOT-FOR-US: SAP
CVE-2018-2430
	RESERVED
CVE-2018-2429
	RESERVED
CVE-2018-2428 (Under certain conditions SAP UI5 Handler allows an attacker to access  ...)
	NOT-FOR-US: SAP
CVE-2018-2427 (SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.2 ...)
	NOT-FOR-US: SAP
CVE-2018-2426
	RESERVED
CVE-2018-2425 (Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA bac ...)
	NOT-FOR-US: SAP
CVE-2018-2424 (SAP UI5 did not validate user input before adding it to the DOM struct ...)
	NOT-FOR-US: SAP
CVE-2018-2423 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, H ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2422 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7 ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2421 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7 ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2420 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, a ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2419 (SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1 ...)
	NOT-FOR-US: SAP Enterprise Financial Services
CVE-2018-2418 (SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attack ...)
	NOT-FOR-US: SAP MaxDB ODBC driver
CVE-2018-2417 (Under certain conditions, the SAP Identity Management 8.0 (pass of typ ...)
	NOT-FOR-US: SAP Identity Management
CVE-2018-2416 (SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XM ...)
	NOT-FOR-US: SAP Identity Management
CVE-2018-2415 (SAP NetWeaver Application Server Java Web Container and HTTP Service ( ...)
	NOT-FOR-US: SAP NetWeaver Application Server Java Web Container and HTTP Service
CVE-2018-2414
	RESERVED
CVE-2018-2413 (SAP Disclosure Management 10.1 does not perform necessary authorizatio ...)
	NOT-FOR-US: SAP
CVE-2018-2412 (SAP Disclosure Management 10.1 does not perform necessary authorizatio ...)
	NOT-FOR-US: SAP
CVE-2018-2411
	RESERVED
CVE-2018-2410 (SAP Business One, 9.2, 9.3, browser access does not sufficiently encod ...)
	NOT-FOR-US: SAP
CVE-2018-2409 (Improper session management when using SAP Cloud Platform 2.0 (Connect ...)
	NOT-FOR-US: SAP
CVE-2018-2408 (Improper Session Management in SAP Business Objects, 4.0, from 4.10, f ...)
	NOT-FOR-US: SAP
CVE-2018-2407
	RESERVED
CVE-2018-2406 (Unquoted windows search path (directory/path traversal) vulnerability  ...)
	NOT-FOR-US: Crystal Reports Server
CVE-2018-2405 (SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allo ...)
	NOT-FOR-US: SAP
CVE-2018-2404 (SAP Disclosure Management 10.1 allows an attacker to upload any file w ...)
	NOT-FOR-US: SAP
CVE-2018-2403 (Under certain conditions, SAP Disclosure Management 10.1 allows an att ...)
	NOT-FOR-US: SAP
CVE-2018-2402 (In systems using the optional capture &amp; replay functionality of SA ...)
	NOT-FOR-US: SAP
CVE-2018-2401 (SAP Business Process Automation (BPA) By Redwood does not sufficiently ...)
	NOT-FOR-US: SAP
CVE-2018-2400 (Under certain conditions SAP Business Process Automation (BPA) By Redw ...)
	NOT-FOR-US: SAP
CVE-2018-2399 (Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 t ...)
	NOT-FOR-US: SAP
CVE-2018-2398 (Under certain conditions SAP Business Client 6.5 allows an attacker to ...)
	NOT-FOR-US: SAP
CVE-2018-2397 (In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4. ...)
	NOT-FOR-US: SAP
CVE-2018-2396 (Under certain conditions a malicious user can prevent legitimate users ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2395 (Under certain conditions a malicious user may retrieve information on  ...)
	NOT-FOR-US: SAP Internet Graphic Server
CVE-2018-2394 (Under certain conditions an unauthenticated malicious user can prevent ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2393 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20 ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2392 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20 ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2391 (Under certain conditions a malicious user can prevent legitimate users ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2390 (Under certain conditions a malicious user can prevent legitimate users ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2389 (Under certain conditions a malicious user can inject log files of SAP  ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2388 (Stored cross-site scripting vulnerability in SAP internet Graphics Ser ...)
	NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2387 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7. ...)
	NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2386 (Under certain conditions a malicious user provoking an out of bounds b ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2385 (Under certain conditions a malicious user provoking a divide by zero c ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2384 (Under certain conditions a malicious user provoking a Null Pointer der ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2383 (Reflected cross-site scripting vulnerability in SAP internet Graphics  ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2382 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7. ...)
	NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2381 (SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04 ...)
	NOT-FOR-US: SAP ERP Financials Information System
CVE-2018-2380 (SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to expl ...)
	NOT-FOR-US: SAP CRM
CVE-2018-2379 (In SAP HANA Extended Application Services, 1.0, an unauthenticated use ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2378 (In SAP HANA Extended Application Services, 1.0, unauthorized users can ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2377 (In SAP HANA Extended Application Services, 1.0, some general server st ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2376 (In SAP HANA Extended Application Services, 1.0, a controller user who  ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2375 (In SAP HANA Extended Application Services, 1.0, a controller user who  ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2374 (In SAP HANA Extended Application Services, 1.0, a controller user who  ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2373 (Under certain circumstances, a specific endpoint of the Controller's A ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2372 (A plain keystore password is written to a system log file in SAP HANA  ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2371 (The SAML 2.0 service provider of SAP Netweaver AS Java Web Application ...)
	NOT-FOR-US: SAP Netweaver AS Java Web Application
CVE-2018-2370 (Server Side Request Forgery (SSRF) vulnerability in SAP Central Manage ...)
	NOT-FOR-US: SAP Central Management Console
CVE-2018-2369 (Under certain conditions SAP HANA, 1.00, 2.00, allows an unauthenticat ...)
	NOT-FOR-US: SAP HANA
CVE-2018-2368 (SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7. ...)
	NOT-FOR-US: SAP NetWeaver System Landscape Directory
CVE-2018-2367 (ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.1 ...)
	NOT-FOR-US: SAP BASIS
CVE-2018-2366 (SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an  ...)
	NOT-FOR-US: SAP
CVE-2018-2365 (SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not ...)
	NOT-FOR-US: SAP NetWeaver Portal
CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND 1 ...)
	NOT-FOR-US: SAP
CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send  ...)
	NOT-FOR-US: SAP HANA
CVE-2018-2361 (In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Busine ...)
	NOT-FOR-US: SAP Solution Manager
CVE-2018-2360 (SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an au ...)
	NOT-FOR-US: SAP Startup Service
CVE-2018-2359
	REJECTED
CVE-2018-2358
	REJECTED
CVE-2018-2357
	REJECTED
CVE-2018-2356
	REJECTED
CVE-2018-2355
	REJECTED
CVE-2018-2354
	REJECTED
CVE-2018-2353
	REJECTED
CVE-2018-2352
	REJECTED
CVE-2018-2351
	REJECTED
CVE-2018-2350
	REJECTED
CVE-2018-2349
	REJECTED
CVE-2018-2348
	REJECTED
CVE-2018-2347
	REJECTED
CVE-2018-2346
	REJECTED
CVE-2018-2345
	REJECTED
CVE-2018-2344
	REJECTED
CVE-2018-2343
	REJECTED
CVE-2018-2342
	REJECTED
CVE-2018-2341
	REJECTED
CVE-2018-2340
	REJECTED
CVE-2018-2339
	REJECTED
CVE-2018-2338
	REJECTED
CVE-2018-2337
	REJECTED
CVE-2018-2336
	REJECTED
CVE-2018-2335
	REJECTED
CVE-2018-2334
	REJECTED
CVE-2018-2333
	REJECTED
CVE-2018-2332
	REJECTED
CVE-2018-2331
	REJECTED
CVE-2018-2330
	REJECTED
CVE-2018-2329
	REJECTED
CVE-2018-2328
	REJECTED
CVE-2018-2327
	REJECTED
CVE-2018-2326
	REJECTED
CVE-2018-2325
	REJECTED
CVE-2018-2324
	REJECTED
CVE-2018-2323
	REJECTED
CVE-2018-2322
	REJECTED
CVE-2018-2321
	REJECTED
CVE-2018-2320
	REJECTED
CVE-2018-2319
	REJECTED
CVE-2018-2318
	REJECTED
CVE-2018-2317
	REJECTED
CVE-2018-2316
	REJECTED
CVE-2018-2315
	REJECTED
CVE-2018-2314
	REJECTED
CVE-2018-2313
	REJECTED
CVE-2018-2312
	REJECTED
CVE-2018-2311
	REJECTED
CVE-2018-2310
	REJECTED
CVE-2018-2309
	REJECTED
CVE-2018-2308
	REJECTED
CVE-2018-2307
	REJECTED
CVE-2018-2306
	REJECTED
CVE-2018-2305
	REJECTED
CVE-2018-2304
	REJECTED
CVE-2018-2303
	REJECTED
CVE-2018-2302
	REJECTED
CVE-2018-2301
	REJECTED
CVE-2018-2300
	REJECTED
CVE-2018-2299
	REJECTED
CVE-2018-2298
	REJECTED
CVE-2018-2297
	REJECTED
CVE-2018-2296
	REJECTED
CVE-2018-2295
	REJECTED
CVE-2018-2294
	REJECTED
CVE-2018-2293
	REJECTED
CVE-2018-2292
	REJECTED
CVE-2018-2291
	REJECTED
CVE-2018-2290
	REJECTED
CVE-2018-2289
	REJECTED
CVE-2018-2288
	REJECTED
CVE-2018-2287
	REJECTED
CVE-2018-2286
	REJECTED
CVE-2018-2285
	REJECTED
CVE-2018-2284
	REJECTED
CVE-2018-2283
	REJECTED
CVE-2018-2282
	REJECTED
CVE-2018-2281
	REJECTED
CVE-2018-2280
	REJECTED
CVE-2018-2279
	REJECTED
CVE-2018-2278
	REJECTED
CVE-2018-2277
	REJECTED
CVE-2018-2276
	REJECTED
CVE-2018-2275
	REJECTED
CVE-2018-2274
	REJECTED
CVE-2018-2273
	REJECTED
CVE-2018-2272
	REJECTED
CVE-2018-2271
	REJECTED
CVE-2018-2270
	REJECTED
CVE-2018-2269
	REJECTED
CVE-2018-2268
	REJECTED
CVE-2018-2267
	REJECTED
CVE-2018-2266
	REJECTED
CVE-2018-2265
	REJECTED
CVE-2018-2264
	REJECTED
CVE-2018-2263
	REJECTED
CVE-2018-2262
	REJECTED
CVE-2018-2261
	REJECTED
CVE-2018-2260
	REJECTED
CVE-2018-2259
	REJECTED
CVE-2018-2258
	REJECTED
CVE-2018-2257
	REJECTED
CVE-2018-2256
	REJECTED
CVE-2018-2255
	REJECTED
CVE-2018-2254
	REJECTED
CVE-2018-2253
	REJECTED
CVE-2018-2252
	REJECTED
CVE-2018-2251
	REJECTED
CVE-2018-2250
	REJECTED
CVE-2018-2249
	REJECTED
CVE-2018-2248
	REJECTED
CVE-2018-2247
	REJECTED
CVE-2018-2246
	REJECTED
CVE-2018-2245
	REJECTED
CVE-2018-2244
	REJECTED
CVE-2018-2243
	REJECTED
CVE-2018-2242
	REJECTED
CVE-2018-2241
	REJECTED
CVE-2018-2240
	REJECTED
CVE-2018-2239
	REJECTED
CVE-2018-2238
	REJECTED
CVE-2018-2237
	REJECTED
CVE-2018-2236
	REJECTED
CVE-2018-2235
	REJECTED
CVE-2018-2234
	REJECTED
CVE-2018-2233
	REJECTED
CVE-2018-2232
	REJECTED
CVE-2018-2231
	REJECTED
CVE-2018-2230
	REJECTED
CVE-2018-2229
	REJECTED
CVE-2018-2228
	REJECTED
CVE-2018-2227
	REJECTED
CVE-2018-2226
	REJECTED
CVE-2018-2225
	REJECTED
CVE-2018-2224
	REJECTED
CVE-2018-2223
	REJECTED
CVE-2018-2222
	REJECTED
CVE-2018-2221
	REJECTED
CVE-2018-2220
	REJECTED
CVE-2018-2219
	REJECTED
CVE-2018-2218
	REJECTED
CVE-2018-2217
	REJECTED
CVE-2018-2216
	REJECTED
CVE-2018-2215
	REJECTED
CVE-2018-2214
	REJECTED
CVE-2018-2213
	REJECTED
CVE-2018-2212
	REJECTED
CVE-2018-2211
	REJECTED
CVE-2018-2210
	REJECTED
CVE-2018-2209
	REJECTED
CVE-2018-2208
	REJECTED
CVE-2018-2207
	REJECTED
CVE-2018-2206
	REJECTED
CVE-2018-2205
	REJECTED
CVE-2018-2204
	REJECTED
CVE-2018-2203
	REJECTED
CVE-2018-2202
	REJECTED
CVE-2018-2201
	REJECTED
CVE-2018-2200
	REJECTED
CVE-2018-2199
	REJECTED
CVE-2018-2198
	REJECTED
CVE-2018-2197
	REJECTED
CVE-2018-2196
	REJECTED
CVE-2018-2195
	REJECTED
CVE-2018-2194
	REJECTED
CVE-2018-2193
	REJECTED
CVE-2018-2192
	REJECTED
CVE-2018-2191
	REJECTED
CVE-2018-2190
	REJECTED
CVE-2018-2189
	REJECTED
CVE-2018-2188
	REJECTED
CVE-2018-2187
	REJECTED
CVE-2018-2186
	REJECTED
CVE-2018-2185
	REJECTED
CVE-2018-2184
	REJECTED
CVE-2018-2183
	REJECTED
CVE-2018-2182
	REJECTED
CVE-2018-2181
	REJECTED
CVE-2018-2180
	REJECTED
CVE-2018-2179
	REJECTED
CVE-2018-2178
	REJECTED
CVE-2018-2177
	REJECTED
CVE-2018-2176
	REJECTED
CVE-2018-2175
	REJECTED
CVE-2018-2174
	REJECTED
CVE-2018-2173
	REJECTED
CVE-2018-2172
	REJECTED
CVE-2018-2171
	REJECTED
CVE-2018-2170
	REJECTED
CVE-2018-2169
	REJECTED
CVE-2018-2168
	REJECTED
CVE-2018-2167
	REJECTED
CVE-2018-2166
	REJECTED
CVE-2018-2165
	REJECTED
CVE-2018-2164
	REJECTED
CVE-2018-2163
	REJECTED
CVE-2018-2162
	REJECTED
CVE-2018-2161
	REJECTED
CVE-2018-2160
	REJECTED
CVE-2018-2159
	REJECTED
CVE-2018-2158
	REJECTED
CVE-2018-2157
	REJECTED
CVE-2018-2156
	REJECTED
CVE-2018-2155
	REJECTED
CVE-2018-2154
	REJECTED
CVE-2018-2153
	REJECTED
CVE-2018-2152
	REJECTED
CVE-2018-2151
	REJECTED
CVE-2018-2150
	REJECTED
CVE-2018-2149
	REJECTED
CVE-2018-2148
	REJECTED
CVE-2018-2147
	REJECTED
CVE-2018-2146
	REJECTED
CVE-2018-2145
	REJECTED
CVE-2018-2144
	REJECTED
CVE-2018-2143
	REJECTED
CVE-2018-2142
	REJECTED
CVE-2018-2141
	REJECTED
CVE-2018-2140
	REJECTED
CVE-2018-2139
	REJECTED
CVE-2018-2138
	REJECTED
CVE-2018-2137
	REJECTED
CVE-2018-2136
	REJECTED
CVE-2018-2135
	REJECTED
CVE-2018-2134
	REJECTED
CVE-2018-2133
	REJECTED
CVE-2018-2132
	REJECTED
CVE-2018-2131
	REJECTED
CVE-2018-2130
	REJECTED
CVE-2018-2129
	REJECTED
CVE-2018-2128
	REJECTED
CVE-2018-2127
	REJECTED
CVE-2018-2126
	REJECTED
CVE-2018-2125
	REJECTED
CVE-2018-2124
	REJECTED
CVE-2018-2123
	REJECTED
CVE-2018-2122
	REJECTED
CVE-2018-2121
	REJECTED
CVE-2018-2120
	REJECTED
CVE-2018-2119
	REJECTED
CVE-2018-2118
	REJECTED
CVE-2018-2117
	REJECTED
CVE-2018-2116
	REJECTED
CVE-2018-2115
	REJECTED
CVE-2018-2114
	REJECTED
CVE-2018-2113
	REJECTED
CVE-2018-2112
	REJECTED
CVE-2018-2111
	REJECTED
CVE-2018-2110
	REJECTED
CVE-2018-2109
	REJECTED
CVE-2018-2108
	REJECTED
CVE-2018-2107
	REJECTED
CVE-2018-2106
	REJECTED
CVE-2018-2105
	REJECTED
CVE-2018-2104
	REJECTED
CVE-2018-2103
	REJECTED
CVE-2018-2102
	REJECTED
CVE-2018-2101
	REJECTED
CVE-2018-2100
	REJECTED
CVE-2018-2099
	REJECTED
CVE-2018-2098
	REJECTED
CVE-2018-2097
	REJECTED
CVE-2018-2096
	REJECTED
CVE-2018-2095
	REJECTED
CVE-2018-2094
	REJECTED
CVE-2018-2093
	REJECTED
CVE-2018-2092
	REJECTED
CVE-2018-2091
	REJECTED
CVE-2018-2090
	REJECTED
CVE-2018-2089
	REJECTED
CVE-2018-2088
	REJECTED
CVE-2018-2087
	REJECTED
CVE-2018-2086
	REJECTED
CVE-2018-2085
	REJECTED
CVE-2018-2084
	REJECTED
CVE-2018-2083
	REJECTED
CVE-2018-2082
	REJECTED
CVE-2018-2081
	REJECTED
CVE-2018-2080
	REJECTED
CVE-2018-2079
	REJECTED
CVE-2018-2078
	REJECTED
CVE-2018-2077
	REJECTED
CVE-2018-2076
	REJECTED
CVE-2018-2075
	REJECTED
CVE-2018-2074
	REJECTED
CVE-2018-2073
	REJECTED
CVE-2018-2072
	REJECTED
CVE-2018-2071
	REJECTED
CVE-2018-2070
	REJECTED
CVE-2018-2069
	REJECTED
CVE-2018-2068
	REJECTED
CVE-2018-2067
	REJECTED
CVE-2018-2066
	REJECTED
CVE-2018-2065
	REJECTED
CVE-2018-2064
	REJECTED
CVE-2018-2063
	REJECTED
CVE-2018-2062
	REJECTED
CVE-2018-2061
	REJECTED
CVE-2018-2060
	REJECTED
CVE-2018-2059
	REJECTED
CVE-2018-2058
	REJECTED
CVE-2018-2057
	REJECTED
CVE-2018-2056
	REJECTED
CVE-2018-2055
	REJECTED
CVE-2018-2054
	REJECTED
CVE-2018-2053
	REJECTED
CVE-2018-2052
	REJECTED
CVE-2018-2051
	REJECTED
CVE-2018-2050
	REJECTED
CVE-2018-2049
	REJECTED
CVE-2018-2048
	REJECTED
CVE-2018-2047
	REJECTED
CVE-2018-2046
	REJECTED
CVE-2018-2045
	REJECTED
CVE-2018-2044
	REJECTED
CVE-2018-2043
	REJECTED
CVE-2018-2042
	REJECTED
CVE-2018-2041
	REJECTED
CVE-2018-2040
	REJECTED
CVE-2018-2039
	REJECTED
CVE-2018-2038
	REJECTED
CVE-2018-2037
	REJECTED
CVE-2018-2036
	REJECTED
CVE-2018-2035
	REJECTED
CVE-2018-2034
	REJECTED
CVE-2018-2033
	REJECTED
CVE-2018-2032
	REJECTED
CVE-2018-2031
	REJECTED
CVE-2018-2030
	RESERVED
CVE-2018-2029
	RESERVED
CVE-2018-2028 (IBM Maximo Asset Management 7.6 could allow a an authenticated user to ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-2027
	RESERVED
CVE-2018-2026 (IBM Financial Transaction Manager 3.2.1 for Digital Payments could all ...)
	NOT-FOR-US: IBM
CVE-2018-2025 (IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect fo ...)
	NOT-FOR-US: IBM
CVE-2018-2024 (IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-criti ...)
	NOT-FOR-US: IBM
CVE-2018-2023
	RESERVED
CVE-2018-2022 (IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unautho ...)
	NOT-FOR-US: IBM
CVE-2018-2021 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2018-2020
	RESERVED
CVE-2018-2019 (IBM Security Identity Manager 6.0.0 Virtual Appliance is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2018-2018
	RESERVED
CVE-2018-2017
	RESERVED
CVE-2018-2016
	RESERVED
CVE-2018-2015 (IBM API Connect 2018.1 and 2018.4.1.4 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2018-2014
	RESERVED
CVE-2018-2013 (IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive inf ...)
	NOT-FOR-US: IBM
CVE-2018-2012
	RESERVED
CVE-2018-2011 (IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to o ...)
	NOT-FOR-US: IBM
CVE-2018-2010
	RESERVED
CVE-2018-2009 (IBM API Connect v2018.1 and 2018.4.1 is affected by an information dis ...)
	NOT-FOR-US: IBM
CVE-2018-2008 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensit ...)
	NOT-FOR-US: IBM
CVE-2018-2007 (IBM API Connect 2018.1 and 2018.4.1.2 uses weaker than expected crypto ...)
	NOT-FOR-US: IBM
CVE-2018-2006 (IBM Robotic Process Automation with Automation Anywhere 11 could allow ...)
	NOT-FOR-US: IBM
CVE-2018-2005 (IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive informati ...)
	NOT-FOR-US: IBM
CVE-2018-2004 (IBM Jazz Reporting Service (JRS) 6.0 through 6.0.6 is vulnerable to cr ...)
	NOT-FOR-US: IBM
CVE-2018-2003
	RESERVED
CVE-2018-2002
	RESERVED
CVE-2018-2001 (IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is v ...)
	NOT-FOR-US: IBM
CVE-2018-2000 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2018-1999 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
	NOT-FOR-US: IBM
CVE-2018-1998 (IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inj ...)
	NOT-FOR-US: IBM
CVE-2018-1997 (IBM Business Automation Workflow and Business Process Manager 18.0.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1996 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide  ...)
	NOT-FOR-US: IBM
CVE-2018-1995
	RESERVED
CVE-2018-1994 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL i ...)
	NOT-FOR-US: IBM
CVE-2018-1993 (IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1992 (The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is  ...)
	NOT-FOR-US: IBM
CVE-2018-1991 (IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive info ...)
	NOT-FOR-US: IBM
CVE-2018-1990 (IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could all ...)
	NOT-FOR-US: IBM
CVE-2018-1989
	RESERVED
CVE-2018-1988
	RESERVED
CVE-2018-1987 (IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if  ...)
	NOT-FOR-US: IBM
CVE-2018-1986
	RESERVED
CVE-2018-1985 (IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver ...)
	NOT-FOR-US: IBM
CVE-2018-1984 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1983 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1982 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1981
	RESERVED
CVE-2018-1980 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1979
	RESERVED
CVE-2018-1978 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1977 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...)
	NOT-FOR-US: IBM
CVE-2018-1976 (IBM API Connect 5.0.0.0 through 5.0.8.4 is impacted by sensitive infor ...)
	NOT-FOR-US: IBM
CVE-2018-1975 (IBM Rational DOORS Web Access 9.5.1 through 9.5.2.9, and 9.6 through 9 ...)
	NOT-FOR-US: IBM
CVE-2018-1974 (IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attac ...)
	NOT-FOR-US: IBM
CVE-2018-1973 (IBM API Connect 5.0.0.0 through 5.0.8.4 allows a user with limited 'AP ...)
	NOT-FOR-US: IBM
CVE-2018-1972
	RESERVED
CVE-2018-1971
	RESERVED
CVE-2018-1970 (IBM Security Identity Manager 7.0.1 is vulnerable to a XML External En ...)
	NOT-FOR-US: IBM
CVE-2018-1969 (IBM Security Identity Manager 6.0.0 allows the attacker to upload or t ...)
	NOT-FOR-US: IBM
CVE-2018-1968 (IBM Security Identity Manager 7.0.1 discloses sensitive information to ...)
	NOT-FOR-US: IBM
CVE-2018-1967 (IBM Security Identity Manager 6.0.0 is vulnerable to cross-site script ...)
	NOT-FOR-US: IBM
CVE-2018-1966
	RESERVED
CVE-2018-1965
	RESERVED
CVE-2018-1964
	RESERVED
CVE-2018-1963
	RESERVED
CVE-2018-1962 (IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalid ...)
	NOT-FOR-US: IBM
CVE-2018-1961 (IBM Emptoris Contract Management 10.0.0 and 10.1.3.0 could disclose se ...)
	NOT-FOR-US: IBM
CVE-2018-1960
	RESERVED
CVE-2018-1959 (IBM Security Identity Manager 7.0.1 Virtual Appliance contains hard-co ...)
	NOT-FOR-US: IBM
CVE-2018-1958
	RESERVED
CVE-2018-1957 (IBM WebSphere Application Server 9 could allow sensitive information t ...)
	NOT-FOR-US: IBM
CVE-2018-1956 (IBM Security Identity Manager 6.0.0 does not require that users should ...)
	NOT-FOR-US: IBM
CVE-2018-1955
	RESERVED
CVE-2018-1954
	RESERVED
CVE-2018-1953
	RESERVED
CVE-2018-1952 (IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1951 (IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2018-1950 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1949 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1948 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1947 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1946 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1945 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1944 (IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1  ...)
	NOT-FOR-US: IBM
CVE-2018-1943 (IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header in ...)
	NOT-FOR-US: IBM
CVE-2018-1942
	RESERVED
CVE-2018-1941 (IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini ...)
	NOT-FOR-US: IBM
CVE-2018-1940
	RESERVED
CVE-2018-1939 (IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phish ...)
	NOT-FOR-US: IBM
CVE-2018-1938 (IBM Cloud Private 3.1.1 could alllow a local user with administrator p ...)
	NOT-FOR-US: IBM
CVE-2018-1937 (IBM Cloud Private 3.1.1 could alllow a local user with administrator p ...)
	NOT-FOR-US: IBM
CVE-2018-1936 (IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stac ...)
	NOT-FOR-US: IBM
CVE-2018-1935 (IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2018-1934 (IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site re ...)
	NOT-FOR-US: IBM
CVE-2018-1933 (IBM Planning Analytics 2.0 through 2.0.6 is vulnerable to cross-site s ...)
	NOT-FOR-US: IBM
CVE-2018-1932 (IBM API Connect 5.0.0.0 through 5.0.8.4 is affected by a vulnerability ...)
	NOT-FOR-US: IBM
CVE-2018-1931
	RESERVED
CVE-2018-1930
	RESERVED
CVE-2018-1929 (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could all ...)
	NOT-FOR-US: IBM
CVE-2018-1928 (IBM StoredIQ 7.6.0 does not implement proper authorization of user rol ...)
	NOT-FOR-US: IBM
CVE-2018-1927 (IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which cou ...)
	NOT-FOR-US: IBM
CVE-2018-1926 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console  ...)
	NOT-FOR-US: IBM
CVE-2018-1925 (IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryp ...)
	NOT-FOR-US: IBM
CVE-2018-1924
	RESERVED
CVE-2018-1923 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1922 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1921 (IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2018-1920 (IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML Ex ...)
	NOT-FOR-US: IBM
CVE-2018-1919
	RESERVED
CVE-2018-1918 (IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vul ...)
	NOT-FOR-US: IBM
CVE-2018-1917 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an  ...)
	NOT-FOR-US: IBM
CVE-2018-1916 (IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1915
	RESERVED
CVE-2018-1914 (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulner ...)
	NOT-FOR-US: IBM
CVE-2018-1913 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through  ...)
	NOT-FOR-US: IBM
CVE-2018-1912 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2018-1911 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through  ...)
	NOT-FOR-US: IBM
CVE-2018-1910 (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulner ...)
	NOT-FOR-US: IBM
CVE-2018-1909
	RESERVED
CVE-2018-1908 (IBM Robotic Process Automation with Automation Anywhere 11 is vulnerab ...)
	NOT-FOR-US: IBM
CVE-2018-1907
	RESERVED
CVE-2018-1906 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an a ...)
	NOT-FOR-US: IBM
CVE-2018-1905 (IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2018-1904 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow re ...)
	NOT-FOR-US: IBM
CVE-2018-1903 (IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could all ...)
	NOT-FOR-US: IBM
CVE-2018-1902 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2018-1901 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2018-1900 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7. ...)
	NOT-FOR-US: IBM
CVE-2018-1899 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an  ...)
	NOT-FOR-US: IBM
CVE-2018-1898
	RESERVED
CVE-2018-1897 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcf ...)
	NOT-FOR-US: IBM
CVE-2018-1896 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host heade ...)
	NOT-FOR-US: IBM
CVE-2018-1895 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2018-1894
	RESERVED
CVE-2018-1893 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1892 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1891 (IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2018-1890 (IBM SDK, Java Technology Edition Version 8 on the AIX platform uses ab ...)
	NOT-FOR-US: IBM Java on AIX
CVE-2018-1889 (IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site script ...)
	NOT-FOR-US: IBM
CVE-2018-1888 (An untrusted search path vulnerability in IBM i Access for Windows ver ...)
	NOT-FOR-US: IBM
CVE-2018-1887 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1886 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1885 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 coul ...)
	NOT-FOR-US: IBM
CVE-2018-1884 (IBM Case Manager 5.2.0.0, 5.2.0.4, 5.2.1.0, 5.2.1.7, 5.3.0.0, and 5.3. ...)
	NOT-FOR-US: IBM Case Manager
CVE-2018-1883 (A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Co ...)
	NOT-FOR-US: IBM
CVE-2018-1882 (In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, ...)
	NOT-FOR-US: IBM
CVE-2018-1881
	RESERVED
CVE-2018-1880
	RESERVED
CVE-2018-1879
	RESERVED
CVE-2018-1878 (IBM Robotic Process Automation with Automation Anywhere 11 could discl ...)
	NOT-FOR-US: IBM
CVE-2018-1877 (IBM Robotic Process Automation with Automation Anywhere 11 could store ...)
	NOT-FOR-US: IBM
CVE-2018-1876 (IBM Robotic Process Automation with Automation Anywhere 11 could under ...)
	NOT-FOR-US: IBM
CVE-2018-1875 (IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 cou ...)
	NOT-FOR-US: IBM
CVE-2018-1874 (IBM API Connect 5.0.0.0 through 5.0.8.5 could display highly sensitive ...)
	NOT-FOR-US: IBM
CVE-2018-1873
	RESERVED
CVE-2018-1872 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1871 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
	NOT-FOR-US: IBM
CVE-2018-1870
	RESERVED
CVE-2018-1869
	RESERVED
CVE-2018-1868
	RESERVED
CVE-2018-1867
	RESERVED
CVE-2018-1866
	RESERVED
CVE-2018-1865
	RESERVED
CVE-2018-1864
	RESERVED
CVE-2018-1863
	RESERVED
CVE-2018-1862
	RESERVED
CVE-2018-1861
	RESERVED
CVE-2018-1860
	RESERVED
CVE-2018-1859 (IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticat ...)
	NOT-FOR-US: IBM
CVE-2018-1858 (IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site re ...)
	NOT-FOR-US: IBM
CVE-2018-1857 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
	NOT-FOR-US: IBM
CVE-2018-1856
	RESERVED
CVE-2018-1855
	RESERVED
CVE-2018-1854
	RESERVED
CVE-2018-1853 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could al ...)
	NOT-FOR-US: IBM
CVE-2018-1852
	RESERVED
CVE-2018-1851 (IBM WebSphere Application Server Liberty OpenID Connect could allow a  ...)
	NOT-FOR-US: IBM
CVE-2018-1850 (IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 cou ...)
	NOT-FOR-US: IBM
CVE-2018-1849
	RESERVED
CVE-2018-1848 (IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2018-1847 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) v2.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1846 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 t ...)
	NOT-FOR-US: IBM
CVE-2018-1845 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
	NOT-FOR-US: IBM
CVE-2018-1844 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML Ext ...)
	NOT-FOR-US: IBM
CVE-2018-1843 (The Identity and Access Management (IAM) services (IBM Cloud Private 3 ...)
	NOT-FOR-US: IBM
CVE-2018-1842 (IBM Cognos Analytics 11 Configuration tool, under certain circumstance ...)
	NOT-FOR-US: IBM
CVE-2018-1841 (IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Priv ...)
	NOT-FOR-US: IBM
CVE-2018-1840 (IBM WebSphere Application Server 8.5 and 9.0 could allow a remote atta ...)
	NOT-FOR-US: IBM
CVE-2018-1839
	RESERVED
CVE-2018-1838 (IBM WebSphere Application Server 8.5 and 9.0 in IBM Cloud could allow  ...)
	NOT-FOR-US: IBM
CVE-2018-1837
	RESERVED
CVE-2018-1836 (IBM WebSphere MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0.0, and 9.1.0.1 cons ...)
	NOT-FOR-US: IBM
CVE-2018-1835 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 5 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2018-1834 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1833 (IBM Event Streams 2018.3.0 could allow a remote attacker to submit an  ...)
	NOT-FOR-US: IBM Event Streams
CVE-2018-1832
	RESERVED
CVE-2018-1831
	RESERVED
CVE-2018-1830
	RESERVED
CVE-2018-1829 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1828 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1827 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1826 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1825 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1824 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1823 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1822 (IBM FlashSystem 900 product GUI allows a specially crafted attack to b ...)
	NOT-FOR-US: IBM
CVE-2018-1821 (IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vul ...)
	NOT-FOR-US: IBM
CVE-2018-1820 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM
CVE-2018-1819 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
	NOT-FOR-US: IBM
CVE-2018-1818 (IBM Security Guardium 10 and 10.5 contains hard-coded credentials, suc ...)
	NOT-FOR-US: IBM
CVE-2018-1817 (IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scriptin ...)
	NOT-FOR-US: IBM
CVE-2018-1816
	RESERVED
CVE-2018-1815 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1814 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1813 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1812 (IBM Robotic Process Automation with Automation Anywhere Enterprise 10  ...)
	NOT-FOR-US: IBM
CVE-2018-1811
	RESERVED
CVE-2018-1810
	RESERVED
CVE-2018-1809
	RESERVED
CVE-2018-1808 (IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server ...)
	NOT-FOR-US: IBM
CVE-2018-1807
	RESERVED
CVE-2018-1806
	RESERVED
CVE-2018-1805 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1804 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1803 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1802 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1801 (IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1800 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could ...)
	NOT-FOR-US: IBM
CVE-2018-1799 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1798 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1797 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterpri ...)
	NOT-FOR-US: IBM
CVE-2018-1796 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1795 (IBM Robotic Process Automation with Automation Anywhere Enterprise 10  ...)
	NOT-FOR-US: IBM
CVE-2018-1794 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ea ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1793 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using SAML ear ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1792 (IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9. ...)
	NOT-FOR-US: IBM
CVE-2018-1791 (IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service ...)
	NOT-FOR-US: IBM
CVE-2018-1790 (IBM Financial Transaction Manager for Digital Payments for Multi-Platf ...)
	NOT-FOR-US: IBM
CVE-2018-1789 (IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to ...)
	NOT-FOR-US: IBM
CVE-2018-1788 (IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitiv ...)
	NOT-FOR-US: IBM
CVE-2018-1787 (IBM Spectrum Protect 7.1 and 8.1 is affected by a password exposure vu ...)
	NOT-FOR-US: IBM
CVE-2018-1786 (IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly ...)
	NOT-FOR-US: IBM Spectrum Protect
CVE-2018-1785 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses wea ...)
	NOT-FOR-US: IBM
CVE-2018-1784 (IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection i ...)
	NOT-FOR-US: IBM
CVE-2018-1783 (IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1782 (IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unpr ...)
	NOT-FOR-US: IBM
CVE-2018-1781 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1780 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1779 (IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated ...)
	NOT-FOR-US: IBM
CVE-2018-1778 (IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4)  ...)
	NOT-FOR-US: IBM
CVE-2018-1777 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2018-1776
	RESERVED
CVE-2018-1775 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1774 (IBM API Connect 5.0.0.0, 5.0.8.4, 2018.1 and 2018.3.6 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2018-1773 (IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an aut ...)
	NOT-FOR-US: IBM
CVE-2018-1772 (IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2018-1771 (IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands o ...)
	NOT-FOR-US: IBM
CVE-2018-1770 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM
CVE-2018-1769
	RESERVED
CVE-2018-1768 (IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive i ...)
	NOT-FOR-US: IBM
CVE-2018-1767 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Cachemonitor i ...)
	NOT-FOR-US: IBM
CVE-2018-1766 (IBM Team Concert (RTC) 5.0 through 5.0.2 and 6.0 through 6.0.5 are vul ...)
	NOT-FOR-US: IBM
CVE-2018-1765
	RESERVED
CVE-2018-1764 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1763 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1762 (IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and  ...)
	NOT-FOR-US: IBM
CVE-2018-1761 (IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1760 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1759 (IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1758 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is ...)
	NOT-FOR-US: IBM
CVE-2018-1757 (IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 co ...)
	NOT-FOR-US: IBM
CVE-2018-1756 (IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is ...)
	NOT-FOR-US: IBM
CVE-2018-1755 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2018-1754
	RESERVED
CVE-2018-1753 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error  ...)
	NOT-FOR-US: IBM
CVE-2018-1752
	RESERVED
CVE-2018-1751 (IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker tha ...)
	NOT-FOR-US: IBM
CVE-2018-1750 (IBM Security Key Lifecycle Manager 3.0 specifies permissions for a sec ...)
	NOT-FOR-US: IBM
CVE-2018-1749 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete bla ...)
	NOT-FOR-US: IBM
CVE-2018-1748
	RESERVED
CVE-2018-1747 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerabl ...)
	NOT-FOR-US: IBM
CVE-2018-1746
	RESERVED
CVE-2018-1745 (IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthen ...)
	NOT-FOR-US: IBM
CVE-2018-1744 (IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow  ...)
	NOT-FOR-US: IBM
CVE-2018-1743 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive ...)
	NOT-FOR-US: IBM
CVE-2018-1742 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 contains hard-coded ...)
	NOT-FOR-US: IBM
CVE-2018-1741 (IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly l ...)
	NOT-FOR-US: IBM
CVE-2018-1740 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1739
	RESERVED
CVE-2018-1738 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authen ...)
	NOT-FOR-US: IBM
CVE-2018-1737
	RESERVED
CVE-2018-1736 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attac ...)
	NOT-FOR-US: IBM
CVE-2018-1735
	RESERVED
CVE-2018-1734 (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 di ...)
	NOT-FOR-US: IBM
CVE-2018-1733 (IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled ...)
	NOT-FOR-US: IBM
CVE-2018-1732 (IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information  ...)
	NOT-FOR-US: IBM
CVE-2018-1731 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through  ...)
	NOT-FOR-US: IBM
CVE-2018-1730 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Inj ...)
	NOT-FOR-US: IBM
CVE-2018-1729 (IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized us ...)
	NOT-FOR-US: IBM
CVE-2018-1728 (IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Thi ...)
	NOT-FOR-US: IBM
CVE-2018-1727 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnera ...)
	NOT-FOR-US: IBM
CVE-2018-1726
	RESERVED
CVE-2018-1725 (IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vu ...)
	NOT-FOR-US: IBM
CVE-2018-1724 (IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user ...)
	NOT-FOR-US: IBM
CVE-2018-1723 (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1722 (IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow  ...)
	NOT-FOR-US: IBM
CVE-2018-1721 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to a XML External Ent ...)
	NOT-FOR-US: IBM
CVE-2018-1720 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1, 5.2.6.3_6, 6.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1719 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...)
	NOT-FOR-US: IBM
CVE-2018-1718 (IBM Sterling B2B Integrator Standard Edition 5.2.0.1 - 5.2.6.3 is vuln ...)
	NOT-FOR-US: IBM
CVE-2018-1717
	RESERVED
CVE-2018-1716 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1715 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2018-1714
	RESERVED
CVE-2018-1713
	RESERVED
CVE-2018-1712 (IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerab ...)
	NOT-FOR-US: IBM
CVE-2018-1711 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1710 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1 ...)
	NOT-FOR-US: IBM
CVE-2018-1709
	RESERVED
CVE-2018-1708 (IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated u ...)
	NOT-FOR-US: IBM
CVE-2018-1707
	RESERVED
CVE-2018-1706 (IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. T ...)
	NOT-FOR-US: IBM
CVE-2018-1705 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Sympho ...)
	NOT-FOR-US: IBM Platform Symphony
CVE-2018-1704 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Sympho ...)
	NOT-FOR-US: IBM
CVE-2018-1703
	RESERVED
CVE-2018-1702 (IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Sympho ...)
	NOT-FOR-US: IBM
CVE-2018-1701 (IBM InfoSphere Information Server 11.7 could allow an authenciated use ...)
	NOT-FOR-US: IBM
CVE-2018-1700
	RESERVED
CVE-2018-1699 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL inj ...)
	NOT-FOR-US: IBM
CVE-2018-1698 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthent ...)
	NOT-FOR-US: IBM
CVE-2018-1697 (IBM Maximo Asset Management 7.6 could allow an authenticated user to e ...)
	NOT-FOR-US: IBM
CVE-2018-1696
	RESERVED
CVE-2018-1695 (IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations usi ...)
	NOT-FOR-US: IBM
CVE-2018-1694 (IBM Jazz applications (IBM Rational Collaborative Lifecycle Management ...)
	NOT-FOR-US: IBM
CVE-2018-1693
	RESERVED
CVE-2018-1692 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1691 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1690 (IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM Rhapsody Model Manager
CVE-2018-1689
	RESERVED
CVE-2018-1688 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...)
	NOT-FOR-US: IBM
CVE-2018-1687
	RESERVED
CVE-2018-1686 (IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2018-1685 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1684 (IBM WebSphere MQ 8.0 through 9.1 is vulnerable to a error with MQTT to ...)
	NOT-FOR-US: IBM
CVE-2018-1683 (IBM WebSphere Application Server Liberty could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2018-1682 (IBM Watson Studio Local 1.2.3 could disclose sensitive information ove ...)
	NOT-FOR-US: IBM
CVE-2018-1681
	RESERVED
CVE-2018-1680 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does  ...)
	NOT-FOR-US: IBM
CVE-2018-1679 (IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could a ...)
	NOT-FOR-US: IBM
CVE-2018-1678
	RESERVED
CVE-2018-1677 (IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and I ...)
	NOT-FOR-US: IBM
CVE-2018-1676 (IBM Planning Analytics 2.0.0 through 2.0.4 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Planning Analytics
CVE-2018-1675 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 coul ...)
	NOT-FOR-US: IBM
CVE-2018-1674 (IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1673 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1672 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 may fail to set the correc ...)
	NOT-FOR-US: IBM
CVE-2018-1671 (IBM Curam Social Program Management 7.0.3 is vulnerable to HTML inject ...)
	NOT-FOR-US: IBM
CVE-2018-1670 (IBM Financial Transaction Manager for ACH Services for Multi-Platform  ...)
	NOT-FOR-US: IBM
CVE-2018-1669 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0  ...)
	NOT-FOR-US: IBM
CVE-2018-1668 (IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1. ...)
	NOT-FOR-US: IBM
CVE-2018-1667 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2. ...)
	NOT-FOR-US: IBM
CVE-2018-1666 (IBM DataPower Gateway 2018.4.1.0, 7.6.0.0 through 7.6.0.11, 7.5.2.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1665 (IBM DataPower Gateway 7.6.0.0 through 7.6.0.10, 7.5.2.0 through 7.5.2. ...)
	NOT-FOR-US: IBM
CVE-2018-1664 (IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0  ...)
	NOT-FOR-US: IBM
CVE-2018-1663 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow  ...)
	NOT-FOR-US: IBM
CVE-2018-1662
	RESERVED
CVE-2018-1661 (IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cro ...)
	NOT-FOR-US: IBM
CVE-2018-1660 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM
CVE-2018-1659 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1658 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...)
	NOT-FOR-US: IBM
CVE-2018-1657 (IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-s ...)
	NOT-FOR-US: IBM
CVE-2018-1656 (The IBM Java Runtime Environment's Diagnostic Tooling Framework for Ja ...)
	NOT-FOR-US: IBM JDK
CVE-2018-1655 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock  ...)
	NOT-FOR-US: IBM AIX
CVE-2018-1654 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7. ...)
	NOT-FOR-US: IBM
CVE-2018-1653 (IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1652 (IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0. ...)
	NOT-FOR-US: IBM
CVE-2018-1651
	RESERVED
CVE-2018-1650 (IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could al ...)
	NOT-FOR-US: IBM
CVE-2018-1649 (IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacke ...)
	NOT-FOR-US: IBM
CVE-2018-1648 (IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic al ...)
	NOT-FOR-US: IBM
CVE-2018-1647 (IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict t ...)
	NOT-FOR-US: IBM
CVE-2018-1646
	RESERVED
CVE-2018-1645
	RESERVED
CVE-2018-1644 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...)
	NOT-FOR-US: IBM
CVE-2018-1643 (The Installation Verification Tool of IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM
CVE-2018-1642
	RESERVED
CVE-2018-1641
	RESERVED
CVE-2018-1640 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could ...)
	NOT-FOR-US: IBM
CVE-2018-1639 (The Report Builder of Jazz Reporting Service 5.0 through 5.0.2 and 6.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1638 (IBM API Connect 5.0.0.0-5.0.8.3 Developer Portal does not enforce Two  ...)
	NOT-FOR-US: IBM
CVE-2018-1637
	RESERVED
CVE-2018-1636 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server E ...)
	NOT-FOR-US: IBM
CVE-2018-1635 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server E ...)
	NOT-FOR-US: IBM
CVE-2018-1634 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1633 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1632 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1631 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1630 (IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a loca ...)
	NOT-FOR-US: IBM
CVE-2018-1629
	RESERVED
CVE-2018-1628
	RESERVED
CVE-2018-1627
	RESERVED
CVE-2018-1626 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does  ...)
	NOT-FOR-US: IBM
CVE-2018-1625 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 gener ...)
	NOT-FOR-US: IBM
CVE-2018-1624
	RESERVED
CVE-2018-1623 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allow ...)
	NOT-FOR-US: IBM
CVE-2018-1622 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vu ...)
	NOT-FOR-US: IBM
CVE-2018-1621 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2018-1620
	RESERVED
CVE-2018-1619
	RESERVED
CVE-2018-1618 (IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could ...)
	NOT-FOR-US: IBM
CVE-2018-1617
	RESERVED
CVE-2018-1616
	RESERVED
CVE-2018-1615
	RESERVED
CVE-2018-1614 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malforme ...)
	NOT-FOR-US: IBM
CVE-2018-1613
	RESERVED
CVE-2018-1612 (IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could all ...)
	NOT-FOR-US: IBM
CVE-2018-1611
	RESERVED
CVE-2018-1610 (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6 ...)
	NOT-FOR-US: IBM
CVE-2018-1609
	RESERVED
CVE-2018-1608 (IBM Rational Engineering Lifecycle Manager 6.0 through 6.0.6 uses weak ...)
	NOT-FOR-US: IBM
CVE-2018-1607 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1606 (IBM Jazz based applications (IBM Rational Collaborative Lifecycle Mana ...)
	NOT-FOR-US: IBM
CVE-2018-1605 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1604 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1603 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1602 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1601 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1600 (IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critic ...)
	NOT-FOR-US: IBM
CVE-2018-1599 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker  ...)
	NOT-FOR-US: IBM
CVE-2018-1598
	RESERVED
CVE-2018-1597
	RESERVED
CVE-2018-1596
	RESERVED
CVE-2018-1595 (IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could al ...)
	NOT-FOR-US: IBM
CVE-2018-1594
	RESERVED
CVE-2018-1593 (IBM Multi-Cloud Data Encryption (MDE) 2.1 could allow an unauthorized  ...)
	NOT-FOR-US: IBM
CVE-2018-1592
	RESERVED
CVE-2018-1591
	RESERVED
CVE-2018-1590
	RESERVED
CVE-2018-1589
	RESERVED
CVE-2018-1588 (IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1587 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Rational Rhapsody Design Manager
CVE-2018-1586
	RESERVED
CVE-2018-1585 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Rational Rhapsody Design Manager
CVE-2018-1584 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1583 (IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certa ...)
	NOT-FOR-US: IBM
CVE-2018-1582
	RESERVED
CVE-2018-1581
	RESERVED
CVE-2018-1580
	RESERVED
CVE-2018-1579
	RESERVED
CVE-2018-1578
	RESERVED
CVE-2018-1577
	RESERVED
CVE-2018-1576
	RESERVED
CVE-2018-1575
	RESERVED
CVE-2018-1574
	RESERVED
CVE-2018-1573
	RESERVED
CVE-2018-1572
	RESERVED
CVE-2018-1571 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to  ...)
	NOT-FOR-US: IBM
CVE-2018-1570
	RESERVED
CVE-2018-1569
	RESERVED
CVE-2018-1568 (IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally whic ...)
	NOT-FOR-US: IBM
CVE-2018-1567 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow re ...)
	NOT-FOR-US: IBM
CVE-2018-1566 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1565 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1564 (IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could a ...)
	NOT-FOR-US: IBM
CVE-2018-1563 (IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gatewa ...)
	NOT-FOR-US: IBM
CVE-2018-1562
	RESERVED
CVE-2018-1561
	RESERVED
CVE-2018-1560 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1559
	RESERVED
CVE-2018-1558 (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6 ...)
	NOT-FOR-US: IBM
CVE-2018-1557 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1556 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2018-1555 (IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2018-1554 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1553 (IBM WebSphere Application Server Liberty prior to 18.0.0.2 could allow ...)
	NOT-FOR-US: IBM
CVE-2018-1552 (IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0  ...)
	NOT-FOR-US: IBM
CVE-2018-1551 (IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 c ...)
	NOT-FOR-US: IBM
CVE-2018-1550 (IBM Spectrum Protect 7.1 and 8.1 could allow a local user to corrupt o ...)
	NOT-FOR-US: IBM
CVE-2018-1549 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2018-1548 (IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 ...)
	NOT-FOR-US: IBM
CVE-2018-1547 (IBM Robotic Process Automation with Automation Anywhere 10.0 could all ...)
	NOT-FOR-US: IBM
CVE-2018-1546 (IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker  ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1545 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses wea ...)
	NOT-FOR-US: IBM
CVE-2018-1544 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1543 (IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain s ...)
	NOT-FOR-US: IBM
CVE-2018-1542 (IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foun ...)
	NOT-FOR-US: IBM
CVE-2018-1541 (IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cros ...)
	NOT-FOR-US: IBM
CVE-2018-1540
	RESERVED
CVE-2018-1539 (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 th ...)
	NOT-FOR-US: IBM
CVE-2018-1538
	RESERVED
CVE-2018-1537
	RESERVED
CVE-2018-1536 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Rational Rhapsody Design Manager
CVE-2018-1535 (IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Rational Rhapsody Design Manager
CVE-2018-1534 (IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1533 (IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross- ...)
	NOT-FOR-US: IBM
CVE-2018-1532 (IBM API Connect 5.0.0.0 through 5.0.8.2 does not properly update the S ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1531
	RESERVED
CVE-2018-1530
	RESERVED
CVE-2018-1529 (IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0. ...)
	NOT-FOR-US: IBM Rational DOORS Next Generation
CVE-2018-1528 (IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authentic ...)
	NOT-FOR-US: IBM
CVE-2018-1527
	RESERVED
CVE-2018-1526
	RESERVED
CVE-2018-1525 (IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2018-1524 (IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default  ...)
	NOT-FOR-US: IBM
CVE-2018-1523 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2018-1522 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1521 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are  ...)
	NOT-FOR-US: IBM
CVE-2018-1520
	RESERVED
CVE-2018-1519
	RESERVED
CVE-2018-1518 (IBM InfoSphere Information Server 11.7 is affected by a weak password  ...)
	NOT-FOR-US: IBM
CVE-2018-1517 (A flaw in the java.math component in IBM SDK, Java Technology Edition  ...)
	NOT-FOR-US: IBM JDK
CVE-2018-1516
	RESERVED
CVE-2018-1515 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
	NOT-FOR-US: IBM
CVE-2018-1514 (IBM Robotic Process Automation with Automation Anywhere 10.0 is vulner ...)
	NOT-FOR-US: IBM
CVE-2018-1513 (IBM Sterling B2B Integrator Standard Edition 5.2.0 through 5.2.6 is vu ...)
	NOT-FOR-US: IBM
CVE-2018-1512
	RESERVED
CVE-2018-1511
	RESERVED
CVE-2018-1510
	RESERVED
CVE-2018-1509 (IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly ...)
	NOT-FOR-US: IBM
CVE-2018-1508
	RESERVED
CVE-2018-1507 (IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site  ...)
	NOT-FOR-US: IBM
CVE-2018-1506
	RESERVED
CVE-2018-1505 (IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored ...)
	NOT-FOR-US: IBM
CVE-2018-1504 (IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2018-1503 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticate ...)
	NOT-FOR-US: IBM
CVE-2018-1502 (IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5  ...)
	NOT-FOR-US: IBM
CVE-2018-1501 (IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized ...)
	NOT-FOR-US: IBM
CVE-2018-1500
	RESERVED
CVE-2018-1499
	RESERVED
CVE-2018-1498 (IBM Security Guardium EcoSystem 10.5 stores user credentials in plain  ...)
	NOT-FOR-US: IBM
CVE-2018-1497
	RESERVED
CVE-2018-1496 (IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnera ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2018-1495 (IBM FlashSystem V840 and V900 products could allow an authenticated at ...)
	NOT-FOR-US: IBM
CVE-2018-1494 (IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.2 and 6.0 through  ...)
	NOT-FOR-US: IBM
CVE-2018-1493
	RESERVED
CVE-2018-1492 (IBM Jazz Foundation products could allow a user with physical access t ...)
	NOT-FOR-US: IBM
CVE-2018-1491
	RESERVED
CVE-2018-1490
	RESERVED
CVE-2018-1489
	RESERVED
CVE-2018-1488 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...)
	NOT-FOR-US: IBM
CVE-2018-1487 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1486
	RESERVED
CVE-2018-1485 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does no ...)
	NOT-FOR-US: IBM
CVE-2018-1484 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does no ...)
	NOT-FOR-US: IBM
CVE-2018-1483 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1482
	RESERVED
CVE-2018-1481 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 stores  ...)
	NOT-FOR-US: IBM
CVE-2018-1480 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does no ...)
	NOT-FOR-US: IBM
CVE-2018-1479 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request fo ...)
	NOT-FOR-US: IBM
CVE-2018-1478 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 could a ...)
	NOT-FOR-US: IBM
CVE-2018-1477
	RESERVED
CVE-2018-1476 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 disclos ...)
	NOT-FOR-US: IBM
CVE-2018-1475 (IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout set ...)
	NOT-FOR-US: IBM
CVE-2018-1474 (IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 is vuln ...)
	NOT-FOR-US: IBM
CVE-2018-1473 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1472
	RESERVED
CVE-2018-1471
	REJECTED
CVE-2018-1470 (IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote aut ...)
	NOT-FOR-US: IBM
CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow a ...)
	NOT-FOR-US: IBM API Connect Developer Portal
CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access t ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1467 (The IBM Storwize V7000 Unified management Web interface 1.6 exposes in ...)
	NOT-FOR-US: IBM
CVE-2018-1466 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1465 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1464 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1463 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1462 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1460 (IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0 ...)
	NOT-FOR-US: IBM
CVE-2018-1459 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1458 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1457 (An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1 ...)
	NOT-FOR-US: IBM
CVE-2018-1456 (IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable  ...)
	NOT-FOR-US: IBM
CVE-2018-1455 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is v ...)
	NOT-FOR-US: IBM
CVE-2018-1454 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a r ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2018-1453 (IBM Security Identity Manager Virtual Appliance 7.0 allows an authenti ...)
	NOT-FOR-US: IBM
CVE-2018-1452 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1451 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1450 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1449 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (include ...)
	NOT-FOR-US: IBM
CVE-2018-1447 (The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect ...)
	NOT-FOR-US: IBM Spectrum Protect
CVE-2018-1446
	RESERVED
CVE-2018-1445 (IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1444 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single sign-on (SS ...)
	NOT-FOR-US: IBM
CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring Agen ...)
	NOT-FOR-US: IBM
CVE-2018-1441 (IBM Application Performance Management - Response Time Monitoring Agen ...)
	NOT-FOR-US: IBM
CVE-2018-1440 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1439 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1438 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1437 (IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary cod ...)
	NOT-FOR-US: IBM
CVE-2018-1436
	RESERVED
CVE-2018-1435 (IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remot ...)
	NOT-FOR-US: IBM
CVE-2018-1434 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and I ...)
	NOT-FOR-US: IBM
CVE-2018-1432 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnera ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2018-1431 (A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2. ...)
	NOT-FOR-US: IBM
CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site sc ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to cross ...)
	NOT-FOR-US: IBM
CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11 ...)
	NOT-FOR-US: IBM
CVE-2018-1427 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11 ...)
	NOT-FOR-US: IBM
CVE-2018-1426 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11 ...)
	NOT-FOR-US: IBM
CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker t ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1424 (IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML E ...)
	NOT-FOR-US: IBM
CVE-2018-1423 (IBM Jazz Foundation products could disclose sensitive information to a ...)
	NOT-FOR-US: IBM
CVE-2018-1422 (IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 t ...)
	NOT-FOR-US: IBM
CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7. ...)
	NOT-FOR-US: IBM WebSphere DataPower Appliances
CVE-2018-1420 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 resets access control sett ...)
	NOT-FOR-US: IBM
CVE-2018-1419 (IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for  ...)
	NOT-FOR-US: IBM
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass auth ...)
	NOT-FOR-US: IBM
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Techn ...)
	NOT-FOR-US: IBM Runtimes for Java Technology
CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-1413 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This  ...)
	NOT-FOR-US: IBM Cognos Analytics
CVE-2018-1412
	RESERVED
CVE-2018-1411 (IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) co ...)
	NOT-FOR-US: IBM Notes Diagnostics
CVE-2018-1410 (IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) co ...)
	NOT-FOR-US: IBM Notes Diagnostics
CVE-2018-1409 (IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) co ...)
	NOT-FOR-US: IBM Notes Diagnostics
CVE-2018-1408 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are  ...)
	NOT-FOR-US: IBM
CVE-2018-1407 (IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are  ...)
	NOT-FOR-US: IBM
CVE-2018-1406
	RESERVED
CVE-2018-1405 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1404 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1403 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1402
	RESERVED
CVE-2018-1401 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scr ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1400
	RESERVED
CVE-2018-1399 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5 and 5.0 i ...)
	NOT-FOR-US: IBM Daeja ViewONE Professional
CVE-2018-1398 (IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote att ...)
	NOT-FOR-US: IBM
CVE-2018-1397
	RESERVED
CVE-2018-1396 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...)
	NOT-FOR-US: IBM
CVE-2018-1395 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...)
	NOT-FOR-US: IBM
CVE-2018-1394 (Multiple IBM Rational products are vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1393 (IBM Financial Transaction Manager for ACH Services for Multi-Platform  ...)
	NOT-FOR-US: IBM
CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1390 (IBM Financial Transaction Manager for Check Services for Multi-Platfor ...)
	NOT-FOR-US: IBM
CVE-2018-1389 (IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopB ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies betwe ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2018-1387 (IBM Application Performance Management for Monitoring &amp; Diagnostic ...)
	NOT-FOR-US: IBM
CVE-2018-1386 (IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9. ...)
	NOT-FOR-US: IBM
CVE-2018-1385
	RESERVED
CVE-2018-1384 (IBM Business Process Manager 8.6 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM
CVE-2018-1383 (A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7 ...)
	NOT-FOR-US: AIX
CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This vu ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1381
	RESERVED
CVE-2018-1380 (IBM InfoSphere Master Data Management Collaboration Server 11.4, 11.5, ...)
	NOT-FOR-US: IBM
CVE-2018-1379
	RESERVED
CVE-2018-1378
	RESERVED
CVE-2018-1377 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user c ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1376 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2018-1375 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not rene ...)
	NOT-FOR-US: IBM
CVE-2018-1374 (An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7 ...)
	NOT-FOR-US: IBM
CVE-2018-1373 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inade ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1372 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not requ ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1371 (An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2018-1370 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 specifies per ...)
	NOT-FOR-US: IBM
CVE-2018-1369 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensit ...)
	NOT-FOR-US: IBM
CVE-2018-1368 (IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 coul ...)
	NOT-FOR-US: IBM Security Guardium Database Activity Monitor
CVE-2018-1367
	RESERVED
CVE-2018-1366 (IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Val ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2018-1365
	RESERVED
CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Enti ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2018-1363 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0 ...)
	NOT-FOR-US: IBM Jazz Reporting Service
CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 wit ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1360 (A cleartext transmission of sensitive information vulnerability in For ...)
	NOT-FOR-US: Fortinet
CVE-2018-1359
	RESERVED
CVE-2018-1358
	RESERVED
CVE-2018-1357
	RESERVED
CVE-2018-1356 (A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet Forti ...)
	NOT-FOR-US: Fortinet FortiSandbox
CVE-2018-1355 (An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 a ...)
	NOT-FOR-US: Fortinet
CVE-2018-1354 (An improper access control vulnerability in Fortinet FortiManager 6.0. ...)
	NOT-FOR-US: Fortinet
CVE-2018-1353 (An information disclosure vulnerability in Fortinet FortiManager 6.0.1 ...)
	NOT-FOR-US: Fortinet FortiManager
CVE-2018-1352 (A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacke ...)
	NOT-FOR-US: Fortinet
CVE-2018-1351 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6. ...)
	NOT-FOR-US: Fortinet
CVE-2018-1350 (The NetIQ Identity Manager driver log file, in versions prior to 4.7,  ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1349 (The NetIQ Identity Manager driver log file, in versions prior to 4.7,  ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1348 (NetIQ Identity Manager driver, in versions prior to 4.7, allows for an ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1347 (The administrative web interface in NetIQ iManager, versions prior to  ...)
	NOT-FOR-US: NetIQ
CVE-2018-1346 (Addresses denial of service attack to eDirectory versions prior to 9.1 ...)
	NOT-FOR-US: NetIQ
CVE-2018-1345 (NetIQ iManager, versions prior to 3.1, under some circumstances could  ...)
	NOT-FOR-US: NetIQ
CVE-2018-1344 (Addresses potential communication downgrade attack in NetIQ iManager v ...)
	NOT-FOR-US: NetIQ
CVE-2018-1343 (PAM exposure enabling unauthenticated access to remote host ...)
	NOT-FOR-US: NetIQ
CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can upload f ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-1341
	RESERVED
CVE-2018-1340 (Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage ...)
	- guacamole-client <unfixed> (bug #920796)
	[stretch] - guacamole-client <no-dsa> (Minor issue)
	[jessie] - guacamole-client <not-affected> (Vulnerable code not present)
	- guacamole <removed>
	NOTE: https://www.openwall.com/lists/oss-security/2019/01/24/2
	NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-549
	NOTE: https://github.com/apache/guacamole-client/pull/273
	NOTE: https://www.openwall.com/lists/oss-security/2019/02/02/1
CVE-2018-1339 (A carefully crafted (or fuzzed) file can trigger an infinite loop in A ...)
	- tika 1.18-1 (low; bug #900000)
	[jessie] - tika <ignored> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/25/7
CVE-2018-1338 (A carefully crafted (or fuzzed) file can trigger an infinite loop in A ...)
	- tika 1.18-1
	[jessie] - tika <not-affected> (BGP parser introduced in 1.7)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/25/6
CVE-2018-1337 (In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Fi ...)
	NOT-FOR-US: Apache LDAP API
CVE-2018-1336 (An improper handing of overflow in the UTF-8 decoder with supplementar ...)
	{DSA-4281-1 DLA-1491-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.31-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	[jessie] - tomcat7 7.0.56-3+really7.0.88-1
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1830373 (9.0.x)
	NOTE: https://svn.apache.org/r1830374 (8.5.x)
	NOTE: https://svn.apache.org/r1830375 (8.0.x)
	NOTE: https://svn.apache.org/r1830376 (7.0.x)
CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send carefully cr ...)
	- tika 1.18-1
	[jessie] - tika <not-affected> (Server functionality not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/25/8
CVE-2018-1334 (In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using  ...)
	- apache-spark <itp> (bug #802194)
CVE-2018-1333 (By specially crafting HTTP/2 requests, workers would be allocated 60 s ...)
	- apache2 2.4.34-1 (bug #904106)
	[stretch] - apache2 2.4.25-3+deb9u6
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: Affects 2.4.18-2.4.33
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: https://www.openwall.com/lists/oss-security/2018/07/18/1
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333
CVE-2018-1332 (Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version ...)
	NOT-FOR-US: Apache Storm
CVE-2018-1331 (In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 thro ...)
	NOT-FOR-US: Apache Storm
CVE-2018-1330 (When parsing a malformed JSON payload, libprocess in Apache Mesos vers ...)
	- apache-mesos <itp> (bug #760315)
CVE-2018-1329
	REJECTED
CVE-2018-1328 (Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permiss ...)
	NOT-FOR-US: Apache Zeppelin
CVE-2018-1327 (The Apache Struts REST Plugin is using XStream library which is vulner ...)
	- libstruts1.2-java <not-affected> (Specific to 2.x)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-056
CVE-2018-1326
	REJECTED
CVE-2018-1325 (In Apache wicket-jquery-ui &lt;= 6.29.0, &lt;= 7.10.1, &lt;= 8.0.0-M9. ...)
	NOT-FOR-US: Wicket jQuery UI
CVE-2018-1324 (A specially crafted ZIP archive can be used to cause an infinite loop  ...)
	- libcommons-compress-java 1.13-2 (bug #893174)
	[stretch] - libcommons-compress-java <no-dsa> (Minor issue)
	[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
	[wheezy] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=commons-compress.git;a=blobdiff;f=src/main/java/org/apache/commons/compress/archivers/zip/X0017_StrongEncryptionHeader.java;h=acc3b22346b49845e85b5ef27a5814b69e834139;hp=0feb9c98cc622cde1defa3bbd268ef82b4ae5c18;hb=2a2f1dc48e22a34ddb72321a4db211da91aa933b;hpb=dcb0486fb4cb2b6592c04d6ec2edbd3f690df5f2
	NOTE: https://issues.apache.org/jira/browse/COMPRESS-432
CVE-2018-1323 (The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1. ...)
	- libapache-mod-jk <not-affected> (Windows/IIS vhost handling specific issue)
	NOTE: http://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.43
	NOTE: Fixed by: http://svn.apache.org/r1825658
CVE-2018-1322 (An administrator with user search entitlements in Apache Syncope 1.2.x ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-1321 (An administrator with report and template entitlements in Apache Synco ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-1320 (Apache Thrift Java client library versions 0.5.0 through 0.11.0 can by ...)
	{DLA-1662-1}
	- libthrift-java 0.9.1-2.1 (bug #918736)
	[stretch] - libthrift-java 0.9.1-2.1~deb9u1
	NOTE: https://issues.apache.org/jira/browse/THRIFT-4506
	NOTE: https://github.com/apache/thrift/commit/d973409661f820d80d72c0034d06a12348c8705e
CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that cause H ...)
	NOT-FOR-US: Apache Allura
CVE-2018-1318 (Adding method ACLs in remap.config can cause a segfault when the user  ...)
	{DSA-4282-1}
	- trafficserver 7.1.4+ds-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/08/29/3
	NOTE: https://github.com/apache/trafficserver/pull/3195
	NOTE: https://github.com/apache/trafficserver/commit/e6dfda305acf85250861ecfa14a7bd6bb2fad5c3
CVE-2018-1317 (In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by de ...)
	NOT-FOR-US: Apache Zeppelin
CVE-2018-1316 (The ODE process deployment web service was sensible to deployment mess ...)
	NOT-FOR-US: Apache ODE
CVE-2018-1315 (In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run u ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1314 (In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1313 (In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network pac ...)
	- derby 10.14.2.0-1
	[jessie] - derby <no-dsa> (Minor issue)
	[stretch] - derby <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/05/1
CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authen ...)
	{DSA-4164-1 DLA-1389-1}
	- apache2 2.4.33-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/7
CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-fre ...)
	{DSA-4814-1}
	- xerces-c 3.2.3+debian-2 (bug #947431)
	[stretch] - xerces-c <postponed> (Minor issue, revisit when fixed upstream)
	[jessie] - xerces-c <postponed> (slow upstream interest, proper fix likely to break ABI compatibility)
	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt
	NOTE: https://issues.apache.org/jira/browse/XERCESC-2188
	NOTE: http://vault.centos.org/7.7.1908/updates/Source/SPackages/xerces-c-3.1.1-10.el7_7.src.rpm (fix with memory leak)
	NOTE: Mitigation by setting the XERCES_DISABLE_DTD environment variable
CVE-2018-1310 (Apache NiFi JMS Deserialization issue because of ActiveMQ client vulne ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor. Malicious ...)
	NOT-FOR-US: Apache NiFi
CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 rela ...)
	{DSA-4194-1 DLA-1360-1}
	- lucene-solr 3.6.2+dfsg-12 (bug #896604)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/08/3
	NOTE: https://issues.apache.org/jira/browse/SOLR-11971
	NOTE: master: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/02c693f3
	NOTE: branch_7x: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/739a7933
	NOTE: branch_6_6: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/dd3be31f
CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java ...)
	NOT-FOR-US: Apache juddi-client
CVE-2018-1306 (The PortletV3AnnotatedDemo Multipart Portlet war file code provided in ...)
	NOT-FOR-US: Apache Portals Pluto
CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache Tomc ...)
	{DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.28-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1823314 (8.5.x)
	NOTE: https://svn.apache.org/r1824358 (8.5.x)
	NOTE: https://svn.apache.org/r1823319 (8.0.x)
	NOTE: https://svn.apache.org/r1824359 (8.0.x)
	NOTE: https://svn.apache.org/r1823322 (7.0.x)
	NOTE: https://svn.apache.org/r1824360 (7.0.x)
CVE-2018-1304 (The URL pattern of "" (the empty string) which exactly maps to the con ...)
	{DSA-4281-1 DLA-1450-1 DLA-1400-1 DLA-1301-1}
	- tomcat9 <not-affected> (Fixed before initial upload to Debian)
	- tomcat8 8.5.28-1
	- tomcat8.0 <removed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1823307 (8.5.x)
	NOTE: https://svn.apache.org/r1823308 (8.0.x)
	NOTE: https://svn.apache.org/r1823309 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62067
CVE-2018-1303 (A specially crafted HTTP request header could have crashed the Apache  ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/3
CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apache HT ...)
	- apache2 2.4.33-1
	[stretch] - apache2 2.4.25-3+deb9u5
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/5
CVE-2018-1301 (A specially crafted request could have crashed the Apache HTTP Server  ...)
	{DSA-4164-1 DLA-1389-1}
	- apache2 2.4.33-1
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/2
CVE-2018-1300
	REJECTED
CVE-2018-1299 (In Apache Allura before 1.8.0, unauthenticated attackers may retrieve  ...)
	NOT-FOR-US: Apache Allura
CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker-J 7. ...)
	- qpid-java <itp> (bug #840131)
	NOTE: https://issues.apache.org/jira/browse/QPID-8046
	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=de509dd
	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=30ca170
	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and 3. ...)
	- jakarta-jmeter <unfixed> (low; bug #897259)
	[buster] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
	[stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
	[jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/02/11/1
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1296 (In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5 ...)
	- hadoop <itp> (bug #793644)
CVE-2018-1295 (In Apache Ignite 2.3 or earlier, the serialization mechanism does not  ...)
	NOT-FOR-US: Apache Ignite
CVE-2018-1294 (If a user of Apache Commons Email (typically an application programmer ...)
	- commons-email <not-affected> (Fixed with first upload to Debian)
	NOTE: https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4Vs9rOwCDiUdnt1QA1Yw@mail.gmail.com
	NOTE: Fixed by: https://svn.apache.org/r1777030
CVE-2018-1293
	REJECTED
CVE-2018-1292 (Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incu ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1291 (Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incub ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1290 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1289 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1288 (In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to  ...)
	- kafka <itp> (bug #786460)
CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ba ...)
	- jakarta-jmeter <unfixed> (low)
	[buster] - jakarta-jmeter <no-dsa> (Minor issue)
	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
	[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/02/11/2
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged us ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2018-1285 (Apache log4net versions before 2.0.10 do not disable XML external enti ...)
	{DLA-2211-1}
	- log4net <unfixed> (low; bug #977468)
	[buster] - log4net <no-dsa> (Minor issue)
	[stretch] - log4net <no-dsa> (Minor issue; requires application to accept arbitrary configuration files)
	NOTE: https://issues.apache.org/jira/browse/LOG4NET-575
	NOTE: https://github.com/apache/logging-log4net/commit/d0b4b0157d4af36b23c24a23739c47925c3bd8d7
CVE-2018-1284 (In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to for ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/4
CVE-2018-1282 (This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows ca ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1281 (The clustered setup of Apache MXNet allows users to specify which IP a ...)
	NOT-FOR-US: Apache MXNet
CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains  ...)
	NOT-FOR-US: Pivotal
CVE-2018-1279 (Pivotal RabbitMQ for PCF, all versions, uses a deterministically gener ...)
	- rabbitmq-server <not-affected> (Specific to RabbitMQ setup in Pivotal, see bug #924768)
	NOTE: https://pivotal.io/security/cve-2018-1279
CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.12.x  ...)
	NOT-FOR-US: Pivotal
CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctl ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1276 (Windows 2012R2 stemcells, versions prior to 1200.17, contain an inform ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1275 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
	- libspring-java <not-affected> (Partial fix for CVE-2018-1270 not applied)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1565307
CVE-2018-1274 (Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older ...)
	NOT-FOR-US: Spring Data Commons
CVE-2018-1273 (Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5,  ...)
	NOT-FOR-US: Spring Data Commons
CVE-2018-1272 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
	- libspring-java 4.3.19-1 (bug #895114)
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <not-affected> (vulnerable code not found)
	[wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java)
	NOTE: https://pivotal.io/security/cve-2018-1272
CVE-2018-1271 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
	- libspring-java <not-affected> (Issue specific when served from a file system on Windows)
	NOTE: https://pivotal.io/security/cve-2018-1271
CVE-2018-1270 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior t ...)
	- libspring-java 4.3.19-1 (bug #895114)
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <not-affected> (vulnerable code not found)
	[wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java)
	NOTE: https://pivotal.io/security/cve-2018-1270
	NOTE: when addressing this issue make sure to not only apply a partial fix but
	NOTE: make it complete, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1565307
CVE-2018-1269 (Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior t ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1268 (Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior t ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1267 (Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an im ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1266 (Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains inf ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1265 (Cloud Foundry Diego, release versions prior to 2.8.0, does not properl ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1264 (Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client  ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1263 (Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip ...)
	NOT-FOR-US: Spring-integration-zip
CVE-2018-1262 (Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a ...)
	NOT-FOR-US: Cloud Foundry Foundation UAA
CVE-2018-1261 (Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary fi ...)
	NOT-FOR-US: Spring-integration-zip
CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2 ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2018-1259 (Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2 ...)
	NOT-FOR-US: Spring Data Commons
CVE-2018-1258 (Spring Framework version 5.0.5 when used in combination with any versi ...)
	- libspring-security-2.0-java <removed>
	[jessie] - libspring-security-2.0-java <not-affected> (Affected version not in jessie)
	NOTE: https://pivotal.io/security/cve-2018-1258
CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior  ...)
	- libspring-java 4.3.19-1
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[jessie] - libspring-java <no-dsa> (hard to find upstream commits regarding this)
	NOTE: https://pivotal.io/security/cve-2018-1257
CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
	NOT-FOR-US: Spring Cloud SSO Connector
CVE-2018-1255 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0  ...)
	NOT-FOR-US: RSA
CVE-2018-1254 (RSA Authentication Manager Security Console, versions 8.3 P1 and earli ...)
	NOT-FOR-US: RSA Authentication Manager Security Console
CVE-2018-1253 (RSA Authentication Manager Operation Console, versions 8.3 P1 and earl ...)
	NOT-FOR-US: RSA Authentication Manager Operation Console
CVE-2018-1252 (RSA Web Threat Detection versions prior to 6.4, contain an SQL injecti ...)
	NOT-FOR-US: RSA Web Threat Detection
CVE-2018-1251 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contain ...)
	NOT-FOR-US: EMC Unity and UnityVSA
CVE-2018-1250 (Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contain ...)
	NOT-FOR-US: EMC Unity and UnityVSA
CVE-2018-1249 (Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use o ...)
	NOT-FOR-US: EMC
CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console and Sel ...)
	NOT-FOR-US: RSA Authentication Mamager
CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earlier,  ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2018-1246 (Dell EMC Unity and UnityVSA contains reflected cross-site scripting vu ...)
	NOT-FOR-US: EMC Unity and UnityVSA
CVE-2018-1245 (RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0  ...)
	NOT-FOR-US: RSA
CVE-2018-1244 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versi ...)
	NOT-FOR-US: EMC
CVE-2018-1243 (Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior ...)
	NOT-FOR-US: EMC
CVE-2018-1242 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
	NOT-FOR-US: Dell
CVE-2018-1241 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
	NOT-FOR-US: Dell
CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an informat ...)
	NOT-FOR-US: EMC ViPR Controller
CVE-2018-1239 (Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522 ...)
	NOT-FOR-US: EMC Unity Operating Environment
CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command injection vu ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper restriction o ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2018-1236
	REJECTED
CVE-2018-1235 (Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs ...)
	NOT-FOR-US: Dell
CVE-2018-1234 (RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is  ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2018-1233 (RSA Authentication Agent version 8.0.1 and earlier for Web for both II ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2018-1232 (RSA Authentication Agent version 8.0.1 and earlier for Web for both II ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2018-1231 (Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain cross site  ...)
	NOT-FOR-US: Pivotal
CVE-2018-1229 (Pivotal Spring Batch Admin, all versions, contains a stored XSS vulner ...)
	NOT-FOR-US: Pivotal
CVE-2018-1228
	REJECTED
CVE-2018-1227 (Pivotal Concourse after 2018-03-05 might allow remote attackers to hav ...)
	NOT-FOR-US: Pivotal
CVE-2018-1226
	REJECTED
CVE-2018-1225
	REJECTED
CVE-2018-1224
	REJECTED
CVE-2018-1223 (Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1222
	REJECTED
CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before 0.172.0, the ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnera ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2018-1218 (In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1 ...)
	NOT-FOR-US: EMC NetWorker
CVE-2018-1217 (Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, an ...)
	NOT-FOR-US: EMC Avamar Server
CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager whi ...)
	NOT-FOR-US: EMC
CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Manager  ...)
	NOT-FOR-US: EMC
CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows  ...)
	NOT-FOR-US: EMC
CVE-2018-1213 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8. ...)
	NOT-FOR-US: Dell
CVE-2018-1212 (The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versi ...)
	NOT-FOR-US: EMC
CVE-2018-1211 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path t ...)
	NOT-FOR-US: Dell EMC iDRAC7/iDRAC8
CVE-2018-1210
	REJECTED
CVE-2018-1209
	REJECTED
CVE-2018-1208
	REJECTED
CVE-2018-1207 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI inje ...)
	NOT-FOR-US: Dell EMC iDRAC7/iDRAC8
CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and D ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2018-1205 (Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some p ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8. ...)
	NOT-FOR-US: Dell
CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary  ...)
	NOT-FOR-US: Dell
CVE-2018-1202 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1201 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1200 (Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.2 ...)
	NOT-FOR-US: Pivotal
CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2. ...)
	- libspring-java 4.3.14-1 (bug #890001)
	[stretch] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade)
	[jessie] - libspring-java <no-dsa> (fix for spring-security available but not for springframework)
	- libspring-security-java <itp> (bug #582181)
	NOTE: https://pivotal.io/security/cve-2018-1199
CVE-2018-1198 (Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser passw ...)
	NOT-FOR-US: Pivotal Cloud Cache
CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running inside co ...)
	NOT-FOR-US: Windows Stemcells
CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used to eas ...)
	NOT-FOR-US: Spring Boot
CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versions p ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1194
	REJECTED
CVE-2018-1193 (Cloud Foundry routing-release, versions prior to 0.175.0, lacks saniti ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285; cf-depl ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an infor ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry products: all v ...)
	NOT-FOR-US: Pivotal
CVE-2018-1189 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1188 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1187 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1186 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1185 (An issue was discovered in EMC RecoverPoint for Virtual Machines versi ...)
	NOT-FOR-US: EMC
CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines versi ...)
	NOT-FOR-US: EMC
CVE-2018-1183 (In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4 ...)
	NOT-FOR-US: EMC
CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and Lifecycle v ...)
	NOT-FOR-US: EMC
CVE-2018-1181
	REJECTED
CVE-2018-1180 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1179 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1178 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1177 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1176 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1175 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1174 (This vulnerability allows remote attackers to disclose sensitive infor ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1173 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1172 (This vulnerability allows remote attackers to deny service on vulnerab ...)
	[experimental] - squid 4.0.21-1~exp5 (unimportant)
	- squid 4.1-1 (unimportant)
	[wheezy] - squid <not-affected> (Vunerable code introduced in 3.1)
	- squid3 <unfixed> (unimportant)
	NOTE: src:squid as source package reintroduced for 4.x in experimental
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_3.txt
	NOTE: Squid 3.5 patch: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_3.patch
	NOTE: Only affects custom builds with OpenSSL support enabled
CVE-2018-1171 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2018-1170 (This vulnerability allows adjacent attackers to inject arbitrary Contr ...)
	NOT-FOR-US: Volkswagen Customer-Link App and HTC Customer-Link Bridge
CVE-2018-1169 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Amazon Music Player
CVE-2018-1168 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: ABB MicroSCADA
CVE-2018-1167 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Spotify Music Player
CVE-2018-1166 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2018-1165 (This vulnerability allows local attackers to escalate privileges on vu ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2018-1164 (This vulnerability allows remote attackers to cause a denial-of-servic ...)
	NOT-FOR-US: ZyXEL
CVE-2018-1163 (This vulnerability allows remote attackers to bypass authentication on ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2018-1162 (This vulnerability allows remote attackers to create a denial-of-servi ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2018-1161 (This vulnerability allows remote attackers to execute arbitrary code o ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2018-1160 (Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_ ...)
	{DSA-4356-1}
	- netatalk 2.2.6-2 (bug #916930)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13711
CVE-2018-1159 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory c ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2018-1158 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack ex ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2018-1157 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory e ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2018-1156 (Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buff ...)
	NOT-FOR-US: Mikrotik RouterOS
CVE-2018-1155 (In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS ...)
	NOT-FOR-US: SecurityCenter
CVE-2018-1154 (In SecurityCenter versions prior to 5.7.0, a username enumeration issu ...)
	NOT-FOR-US: SecurityCenter
CVE-2018-1153 (Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the se ...)
	NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2018-1152 (libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerabilit ...)
	{DLA-2302-1 DLA-1638-1}
	- libjpeg-turbo 1:2.0.5-1 (low; bug #902950)
	[buster] - libjpeg-turbo 1:1.5.2-2+deb10u1
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
CVE-2018-1151 (The web server on Western Digital TV Media Player 1.03.07 and TV Live  ...)
	NOT-FOR-US: web server on Western Digital TV Media Player and TV Live Hub
CVE-2018-1150 (NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow a ...)
	NOT-FOR-US: NUUO
CVE-2018-1149 (cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers  ...)
	NOT-FOR-US: NUUO
CVE-2018-1148 (In Nessus before 7.1.0, Session Fixation exists due to insufficient se ...)
	NOT-FOR-US: Nessus
CVE-2018-1147 (In Nessus before 7.1.0, a XSS vulnerability exists due to improper inp ...)
	NOT-FOR-US: Nessus
CVE-2018-1146 (A remote unauthenticated user can enable telnet on the Belkin N750 usi ...)
	NOT-FOR-US: Belkin
CVE-2018-1145 (A remote unauthenticated user can overflow a stack buffer in the Belki ...)
	NOT-FOR-US: Belkin
CVE-2018-1144 (A remote unauthenticated user can execute commands as root in the Belk ...)
	NOT-FOR-US: Belkin
CVE-2018-1143 (A remote unauthenticated user can execute commands as root in the Belk ...)
	NOT-FOR-US: Belkin
CVE-2018-1142 (Tenable Appliance versions 4.6.1 and earlier have been found to contai ...)
	NOT-FOR-US: Tenable
CVE-2018-1141 (When installing Nessus to a directory outside of the default location, ...)
	NOT-FOR-US: Nessus
CVE-2018-1140 (A missing input sanitization flaw was found in the implementation of L ...)
	- samba 2:4.8.4+dfsg-1
	[stretch] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
	[jessie] - samba <not-affected> (Only affects Samba 4.8.0 onwards)
	NOTE: https://www.samba.org/samba/security/CVE-2018-1140.html
CVE-2018-1139 (A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the u ...)
	- samba 2:4.8.4+dfsg-1
	[stretch] - samba <not-affected> (Issue introduced in 4.7.0)
	[jessie] - samba <not-affected> (Issue introduced in 4.7.0)
	NOTE: https://www.samba.org/samba/security/CVE-2018-1139.html
CVE-2018-1138
	RESERVED
CVE-2018-1137 (An issue was discovered in Moodle 3.x. By substituting URLs in portfol ...)
	- moodle <removed>
CVE-2018-1136 (An issue was discovered in Moodle 3.x. An authenticated user is allowe ...)
	- moodle <removed>
CVE-2018-1135 (An issue was discovered in Moodle 3.x. Students who posted on forums a ...)
	- moodle <removed>
CVE-2018-1134 (An issue was discovered in Moodle 3.x. Students who submitted assignme ...)
	- moodle <removed>
CVE-2018-1133 (An issue was discovered in Moodle 3.x. A Teacher creating a Calculated ...)
	- moodle <removed>
CVE-2018-1132 (A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers c ...)
	NOT-FOR-US: OpenDaylight
CVE-2018-1131 (Infinispan permits improper deserialization of trusted data via XML an ...)
	NOT-FOR-US: infinispan
CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null pointer d ...)
	{DLA-1423-1 DLA-1422-1 DLA-1392-1}
	- linux 4.15.17-1
	[stretch] - linux 4.9.107-1
	NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
CVE-2018-1129 (A flaw was found in the way signature calculation was handled by cephx ...)
	{DSA-4339-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <not-affected> (Message signatures not implemented)
	NOTE: https://git.kernel.org/linus/cc255c76c70f7a87d97939621eae04b600d9f4a1
	- ceph 12.2.8+dfsg1-1 (bug #913472)
	[jessie] - ceph <no-dsa> (Intrusive changes)
	NOTE: http://tracker.ceph.com/issues/24837
	NOTE: https://github.com/ceph/ceph/commit/8f396cf35a3826044b089141667a196454c0a587
CVE-2018-1128 (It was found that cephx authentication protocol did not verify ceph cl ...)
	{DSA-4339-1 DLA-1715-1}
	- linux 4.19.9-1
	[stretch] - linux 4.9.144-1
	[jessie] - linux <ignored> (Protocol change is too difficult)
	NOTE: https://git.kernel.org/linus/6daca13d2e72bedaaacfc08f873114c9307d5aea
	- ceph 12.2.8+dfsg1-1 (bug #913471)
	[jessie] - ceph <no-dsa> (Intrusive changes)
	NOTE: http://tracker.ceph.com/issues/24836
	NOTE: https://github.com/ceph/ceph/commit/5ead97120e07054d80623dada90a5cc764c28468
CVE-2018-1127 (Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediatel ...)
	NOT-FOR-US: tendrl-api
CVE-2018-1126 (procps-ng before version 3.3.15 is vulnerable to an incorrect integer  ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/f1077b7a558a5545837aae068422e58f1f9b1d33
CVE-2018-1125 (procps-ng before version 3.3.15 is vulnerable to a stack buffer overfl ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584
CVE-2018-1124 (procps-ng before version 3.3.15 is vulnerable to multiple integer over ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/36c350f07c75aabf747fb833f52a234ae5781b20
CVE-2018-1123 (procps-ng before version 3.3.15 is vulnerable to a denial of service i ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/136e3724952827bbae8887a42d9d2b6f658a48ab
CVE-2018-1122 (procps-ng before version 3.3.15 is vulnerable to a local privilege esc ...)
	{DSA-4208-1 DLA-1390-1}
	- procps 2:3.3.15-1 (bug #899170)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Patch: 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch
	NOTE: https://gitlab.com/procps-ng/procps/commit/b45c4803dd176f4e3f9d3d47421ddec9bbbe66cd
CVE-2018-1121 (procps-ng, procps is vulnerable to a process hiding through race condi ...)
	- linux <unfixed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
CVE-2018-1120 (A flaw was found affecting the Linux kernel before version 4.17. By mm ...)
	{DLA-1423-1}
	- linux 4.16.12-1
	[stretch] - linux 4.9.107-1
	[jessie] - linux <ignored> (Too risky to backport)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
	NOTE: Fixed by: https://git.kernel.org/linus/7f7ccc2ccc2e70c6054685f5e3522efa81556830
CVE-2018-1119
	REJECTED
CVE-2018-1118 (Linux kernel vhost since version 4.8 does not properly initialize memo ...)
	{DLA-1423-1}
	- linux 4.17.3-1
	[stretch] - linux 4.9.110-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2018/4/27/833
	NOTE: Fixed by: https://git.kernel.org/linus/670ae9caaca467ea1bfd325cb2a5c98ba87f94ad
CVE-2018-1117 (ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a  ...)
	NOT-FOR-US: ovirt-ansible-roles
CVE-2018-1116 (A flaw was found in polkit before version 0.116. The implementation of ...)
	{DLA-1448-1}
	- policykit-1 0.105-21 (bug #903563)
	[stretch] - policykit-1 <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad53643a9c80231fc41f5582d6a8931c32c
	NOTE: https://lists.freedesktop.org/archives/polkit-devel/2018-July/000583.html
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1099031
CVE-2018-1115 (postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack  ...)
	- postgresql-10 10.4-1
	- postgresql-9.6 <removed>
	[stretch] - postgresql-9.6 9.6.9-0+deb9u1
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <not-affected> (Code not present)
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (Code not present)
	[wheezy] - postgresql-9.1 <not-affected> (Code not present)
CVE-2018-1114 (It was found that URLResource.getLastModified() in Undertow closes the ...)
	- undertow 1.4.25-1 (bug #897247)
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1338
	NOTE: https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
	NOTE: https://bugs.openjdk.java.net/browse/JDK-6956385
CVE-2018-1113 (setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Li ...)
	NOT-FOR-US: Red Hat specific CVE assignment for Red Hat / Fedora setups (nologin listed in /etc/shells violates security expectations)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1571094
CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when usi ...)
	- glusterfs <not-affected> (Fix for CVE-2018-1088 was not applied/ incomplete fix not applied)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1570891
CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earl ...)
	NOT-FOR-US: Red Hat Specific script
	NOTE: https://access.redhat.com/security/vulnerabilities/3442151
CVE-2018-1110 [Improper Input Validation]
	RESERVED
	- knot-resolver 2.3.0-1 (bug #896681)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/2
CVE-2018-1109
	RESERVED
	- node-braces <not-affected> (Vulnerable code introduced in 2.2.0)
	NOTE: https://snyk.io/vuln/npm:braces:20180219
	NOTE: Introduced by: https://github.com/micromatch/braces/commit/dcc1acab4de9a43e86ab4be4acde209ff1dca113 (2.2.0)
	NOTE: Fixed by: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451 (2.3.1)
	NOTE: Cf. analysis in https://bugs.debian.org/927716#38
CVE-2018-1108 (kernel drivers before version 4.17-rc1 are vulnerable to a weakness in ...)
	- linux 4.16.5-1
	[stretch] - linux <ignored> (Can't be fixed without many user-space changes)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
CVE-2018-1107
	RESERVED
	NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before 1.1. ...)
	{DSA-4207-1}
	- packagekit 1.1.10-1 (bug #896703)
	[jessie] - packagekit <not-affected> (Issue introduced later)
	[wheezy] - packagekit <not-affected> (Issue introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/23/3
	NOTE: Fixed by: https://github.com/hughsie/PackageKit/commit/7e8a7905ea9abbd1f384f05f36a4458682cd4697 (PACKAGEKIT_1_1_10)
	NOTE: Introduced by: https://github.com/hughsie/PackageKit/commit/f176976e24e8c17b80eff222572275517c16bdad
	NOTE: Resulting affected (upstream) versions: >= 1.0.10 up until current 1.1.9
CVE-2018-1105
	RESERVED
CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that allows us ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-1103 (Openshift Enterprise source-to-image before version 1.1.10 is vulnerab ...)
	NOT-FOR-US: source-to-image in OpenShift
CVE-2018-1102 (A flaw was found in source-to-image function as shipped with Openshift ...)
	NOT-FOR-US: source-to-image in OpenShift
CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management of sys ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...)
	{DLA-2470-1}
	- zsh 5.5-1 (bug #895225)
	[jessie] - zsh <no-dsa> (Minor issue)
	[wheezy] - zsh <no-dsa> (Minor issue)
	NOTE: https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
	NOTE: https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attack ...)
	- etcd <unfixed> (low; bug #921156)
	[buster] - etcd <no-dsa> (Minor issue)
	NOTE: https://github.com/coreos/etcd/issues/9353
	NOTE: https://github.com/etcd-io/etcd/pull/9372
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552717
CVE-2018-1098 (A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. ...)
	- etcd <unfixed> (low; bug #921156)
	[buster] - etcd <no-dsa> (Minor issue)
	NOTE: https://github.com/coreos/etcd/issues/9353
	NOTE: https://github.com/etcd-io/etcd/pull/9372
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552714
CVE-2018-1097 (A flaw was found in foreman before 1.16.1. The issue allows users with ...)
	- foreman <itp> (bug #663101)
	NOTE: https://projects.theforeman.org/issues/22546
	NOTE: https://github.com/theforeman/foreman/pull/5369
CVE-2018-1096 (An input sanitization flaw was found in the id field in the dashboard  ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/23028
	NOTE: https://github.com/theforeman/foreman/pull/5363
CVE-2018-1095 (The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux  ...)
	- linux 4.16.5-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199185
CVE-2018-1094 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel th ...)
	- linux 4.15.17-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199183
CVE-2018-1093 (The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux  ...)
	{DSA-4188-1 DLA-1422-1 DLA-1392-1}
	- linux 4.15.17-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199181
CVE-2018-1092 (The ext4_iget function in fs/ext4/inode.c in the Linux kernel through  ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199179
	NOTE: Fixed by: https://git.kernel.org/linus/8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44
CVE-2018-1091 (In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Hardware not supported; POWER9 support missing)
	[wheezy] - linux <not-affected> (Hardware not supported)
	NOTE: Fixed by: https://git.kernel.org/linus/c1fa0768a8713b135848f78fd43ffc208d8ded70
CVE-2018-1090 (In Pulp before version 2.16.2, secrets are passed into override_config ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properl ...)
	{DLA-1428-1}
	- 389-ds-base 1.3.8.2-1 (bug #898138)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/07/2
CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot schedule ...)
	- glusterfs 4.0.2-1 (bug #896128)
	[stretch] - glusterfs <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - glusterfs <not-affected> (vulnerable code not present)
	[wheezy] - glusterfs <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1558721
	NOTE: https://review.gluster.org/#/c/19899/
	NOTE: https://review.gluster.org/#/c/19898/
	NOTE: When fixing the issue it's important to not apply the incomplete fix and open
	NOTE: CVE-2018-1112 causing that auth.allow allows all clients to mount volumes.
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1570891
	NOTE: Needs: https://review.gluster.org/#/c/19899/1..2
CVE-2018-1087 (kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-r ...)
	{DSA-4196-1}
	- linux 4.15.17-1
	[wheezy] - linux <not-affected> (Issue introduced in 3.16)
	NOTE: Fixed by: https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09 (4.16-rc7)
	NOTE: https://www.openwall.com/lists/oss-security/2018/05/08/5
CVE-2018-1086 (pcs before versions 0.9.164 and 0.10 is vulnerable to a debug paramete ...)
	{DSA-4169-1}
	- pcs 0.9.164-1 (bug #895313)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/09/2
CVE-2018-1085 (openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigur ...)
	NOT-FOR-US: openshift-ansible
CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflow in  ...)
	{DSA-4174-1}
	- corosync 2.4.4-1 (bug #895653)
	[jessie] - corosync <not-affected> (Vulnerable code introduced later)
	[wheezy] - corosync <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/12/2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552830
	NOTE: Fixed by: https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
	NOTE: https://oss.clusterlabs.org/pipermail/users/2018-April/014856.html
CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in  ...)
	{DLA-2470-1 DLA-1335-1}
	- zsh 5.4.2-4 (low; bug #894043)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
CVE-2018-1082 (A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user a ...)
	- moodle <removed>
CVE-2018-1081 (A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3 ...)
	- moodle <removed>
CVE-2018-1080 (Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.j ...)
	[experimental] - dogtag-pki 10.6.0-2
	- dogtag-pki 10.6.6-1 (bug #893690)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1556657
	NOTE: https://pagure.io/freeipa/issue/7453
	NOTE: https://review.gerrithub.io/#/c/404435/
CVE-2018-1079 (pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escal ...)
	- pcs 0.9.164-1 (bug #895314)
	[stretch] - pcs <not-affected> (Vulnerable code introduced in 0.9.157)
	NOTE: https://www.openwall.com/lists/oss-security/2018/04/09/2
CVE-2018-1078 (OpenDayLight version Carbon SR3 and earlier contain a vulnerability du ...)
	NOT-FOR-US: OpenDayLight
CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing for the d ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2018-1076
	RESERVED
CVE-2018-1075 (ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered passwo ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1074 (ovirt-engine API and administration web portal before versions 4.2.2.5 ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1073 (The web console login form in ovirt-engine before version 4.2.3 return ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1072 (ovirt-engine before version ovirt 4.2.2 is vulnerable to an informatio ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer overfl ...)
	{DLA-2470-1 DLA-1335-1}
	- zsh 5.4.2-4 (low; bug #894044)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531
CVE-2018-1070 (routing before version 3.10 is vulnerable to an improper input validat ...)
	NOT-FOR-US: OpenShift (Routing configuration)
CVE-2018-1069 (Red Hat OpenShift Enterprise version 3.7 is vulnerable to access contr ...)
	NOT-FOR-US: OpenShift
CVE-2018-1068 (A flaw was found in the Linux 4.x kernel's implementation of 32-bit sy ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: https://git.kernel.org/linus/b71812168571fa55e44cdd0254471331b9c4c4c6
	NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
	NOTE: non-standard setups
CVE-2018-1067 (In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the  ...)
	- undertow 1.4.25-1 (bug #900323)
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1302
	NOTE: Issue is incomplete fix for CVE-2016-4993
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b86 (1.4.25.Final)
CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL pointer d ...)
	{DSA-4188-1 DSA-4187-1 DLA-1422-1}
	- linux 4.11.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/cabfb3680f78981d26c078a26e5c748531257ebb
CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 mishandles  ...)
	{DSA-4188-1}
	- linux 4.15.11-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
CVE-2018-1064 (libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustio ...)
	{DSA-4137-1 DLA-1315-1}
	- libvirt 4.1.0-1
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link attac ...)
	- policycoreutils 2.7-1
	[stretch] - policycoreutils <no-dsa> (Minor issue)
	[jessie] - policycoreutils <no-dsa> (Minor issue)
	[wheezy] - policycoreutils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1550122
	NOTE: Mitigation by removing any symbolic link in /tmp and /var/tmp directories
	NOTE: before relabeling the file system. Futhtermore only triggerable at
	NOTE: relabeling time.
	NOTE: https://github.com/SELinuxProject/selinux/commit/2608b4d6660af0fb8ad93f2cc144bdaab3c2afa8
CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the  ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1061 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is  ...)
	{DSA-4307-1 DSA-4306-1 DLA-1520-1 DLA-1519-1}
	- python3.7 3.7.0~b3-1 (low)
	- python3.6 3.6.5~rc1-1 (low)
	- python3.5 3.5.6-1 (low)
	- python3.4 <removed> (low)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python2.7 2.7.14-7 (low)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue32981
	NOTE: https://github.com/python/cpython/commit/0e6c8ee2358a2e23117501826c008842acb835ac (master)
	NOTE: https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 (3.7)
	NOTE: https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 (3.6)
	NOTE: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5)
	NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
	NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
CVE-2018-1060 (python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is  ...)
	{DSA-4307-1 DSA-4306-1 DLA-1520-1 DLA-1519-1}
	- python3.7 3.7.0~b3-1 (low)
	- python3.6 3.6.5~rc1-1 (low)
	- python3.5 3.5.6-1 (low)
	- python3.4 <removed> (low)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python2.7 2.7.14-7 (low)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue32981
	NOTE: https://github.com/python/cpython/commit/0e6c8ee2358a2e23117501826c008842acb835ac (master)
	NOTE: https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 (3.7)
	NOTE: https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 (3.6)
	NOTE: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5)
	NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
	NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
CVE-2018-1059 (The DPDK vhost-user interface does not check to verify that all the re ...)
	- dpdk 17.11.2-1 (bug #896688)
	[stretch] - dpdk 16.11.6-1+deb9u1
CVE-2018-1058 (A flaw was found in the way Postgresql allowed a user to modify the be ...)
	- postgresql-10 10.3-1
	- postgresql-9.6 <removed>
	[stretch] - postgresql-9.6 9.6.8-0+deb9u1
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <no-dsa> (Minor issue; documentation update for recommendations)
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
	[wheezy] - postgresql-9.1 <no-dsa> (Minor issue)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3d2aed664ee8271fd6c721ed0aa10168cda112ea
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=582edc369cdbd348d68441fc50fa26a84afd0c1a
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5770172cb0c9df9e6ce27c507b449557e5b45124
CVE-2018-1057 (On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 ...)
	{DSA-4135-1 DLA-1754-1}
	- samba 2:4.7.4+dfsg-2
	[wheezy] - samba <not-affected> (Vulnerable code introduced later in 4.0.0alpha13)
	NOTE: https://www.samba.org/samba/security/CVE-2018-1057.html
	NOTE: https://wiki.samba.org/index.php/CVE-2018-1057
CVE-2018-1056 (An out-of-bounds heap buffer read flaw was found in the way advancecom ...)
	{DLA-1702-1 DLA-1281-1}
	- advancecomp 2.1-1 (bug #889270)
	[stretch] - advancecomp <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://sourceforge.net/p/advancemame/bugs/259/
	NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
CVE-2018-1055
	REJECTED
CVE-2018-1054 (An out-of-bounds memory read flaw was found in the way 389-ds-base han ...)
	{DLA-1428-1}
	- 389-ds-base 1.3.7.10-1 (bug #892124)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1537314
	NOTE: https://pagure.io/389-ds-base/issue/49545
	NOTE: https://pagure.io/389-ds-base/c/14ce2fe0dfa67405dae0ae2e7fde13f6a1360d30?branch=master
CVE-2018-1053 (In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9 ...)
	{DLA-1271-1}
	- postgresql-10 10.2-1
	- postgresql-9.6 <removed>
	[stretch] - postgresql-9.6 9.6.7-0+deb9u1
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <no-dsa> (Minor issue)
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6ba52aeb24e62586b51e77723d87627c18a844ca
CVE-2018-1052 (Memory disclosure vulnerability in table partitioning was found in pos ...)
	- postgresql-10 10.2-1
	- postgresql-9.6 <not-affected> (code introduced in 10)
	- postgresql-9.4 <not-affected> (code introduced in 10)
	- postgresql-9.1 <not-affected> (code introduced in 10)
CVE-2018-1051 (It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1 ...)
	- resteasy <unfixed>
	[jessie] - resteasy <not-affected> (Incomplete fix for CVE-2016-9606 wasn't backported)
	- resteasy3.0 <not-affected> (Incomplete fix for CVE-2016-9606 not applied)
	NOTE: Removing deprecated YamlProvider was done in 4.0.0.Beta4
CVE-2018-1050 (All versions of Samba from 4.0.0 onwards are vulnerable to a denial of ...)
	{DSA-4135-1 DLA-1754-1 DLA-1320-1}
	- samba 2:4.7.4+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2018-1050.html
CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount and .au ...)
	{DLA-1580-1}
	- systemd 234-1
	[stretch] - systemd 232-25+deb9u10
	[wheezy] - systemd <postponed> (Minor issue, can be fixed along in next DLA)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
	NOTE: https://github.com/systemd/systemd/pull/5916
	NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
CVE-2018-1048 (It was found that the AJP connector in undertow, as shipped in Jboss E ...)
	- undertow 1.4.22-1 (bug #891928)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1534343
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1245
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability throug ...)
	- wildfly <itp> (bug #752018)
	NOTE: https://issues.jboss.org/browse/WFLY-9620
	NOTE: https://developer.jboss.org/thread/276826
	NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
CVE-2018-1046 (pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsrep ...)
	- pdns 4.1.2-1 (bug #898255)
	[stretch] - pdns 4.0.3-1+deb9u3
	[jessie] - pdns <not-affected> (Vulnerable code not present)
	[wheezy] - pdns <not-affected> (Vulnerable code not present)
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html
	NOTE: Fixed by https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8
CVE-2018-1045 (In Moodle 3.x, there is XSS via a calendar event name. ...)
	- moodle <removed>
CVE-2018-1044 (In Moodle 3.x, quiz web services allow students to see quiz results wh ...)
	- moodle <removed>
CVE-2018-1043 (In Moodle 3.x, the setting for blocked hosts list can be bypassed with ...)
	- moodle <removed>
CVE-2018-1042 (Moodle 3.x has Server Side Request Forgery in the filepicker. ...)
	- moodle <removed>
CVE-2018-1041 (A vulnerability was found in the way RemoteMessageChannel, introduced  ...)
	- libjboss-remoting-java <removed>
	[wheezy] - libjboss-remoting-java <ignored> (unimportant leaf package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1530457
CVE-2018-1040 (A denial of service vulnerability exists in the way that the Windows C ...)
	NOT-FOR-US: Microsoft
CVE-2018-1039 (A security feature bypass vulnerability exists in .Net Framework which ...)
	NOT-FOR-US: Microsoft
CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 all ...)
	NOT-FOR-US: Microsoft
CVE-2018-1037 (An information disclosure vulnerability exists when Visual Studio impr ...)
	NOT-FOR-US: Microsoft
CVE-2018-1036 (An elevation of privilege vulnerability exists when NTFS improperly ch ...)
	NOT-FOR-US: Microsoft
CVE-2018-1035 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2018-1034 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-1033
	RESERVED
CVE-2018-1032 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-1031
	RESERVED
CVE-2018-1030 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-1029 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-1028 (A remote code execution vulnerability exists when the Office graphics  ...)
	NOT-FOR-US: Microsoft
CVE-2018-1027 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-1026 (A remote code execution vulnerability exists in Microsoft Office softw ...)
	NOT-FOR-US: Microsoft
CVE-2018-1025 (An information disclosure vulnerability exists when affected Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1024
	RESERVED
CVE-2018-1023 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1022 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-1021 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-1020 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-1019 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-1018 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-1017
	RESERVED
CVE-2018-1016 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1015 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1014 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-1013 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1012 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1011 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-1010 (A remote code execution vulnerability exists when the Windows font lib ...)
	NOT-FOR-US: Microsoft
CVE-2018-1009 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-1008 (An elevation of privilege vulnerability exists in Windows Adobe Type M ...)
	NOT-FOR-US: Microsoft
CVE-2018-1007 (An information disclosure vulnerability exists when Microsoft Office i ...)
	NOT-FOR-US: Microsoft
CVE-2018-1006
	RESERVED
CVE-2018-1005 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...)
	NOT-FOR-US: Microsoft
CVE-2018-1004 (A remote code execution vulnerability exists in the way that the VBScr ...)
	NOT-FOR-US: Microsoft
CVE-2018-1003 (A buffer overflow vulnerability exists in the Microsoft JET Database E ...)
	NOT-FOR-US: Microsoft
CVE-2018-1002
	RESERVED
CVE-2018-1001 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-1000 (An information disclosure vulnerability exists in the way that the scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0999
	RESERVED
CVE-2018-0998 (An information disclosure vulnerability exists when Microsoft Edge PDF ...)
	NOT-FOR-US: Microsoft
CVE-2018-0997 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-0996 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0995 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0994 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0993 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0992
	RESERVED
CVE-2018-0991 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-0990 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0989 (An information disclosure vulnerability exists in the way that the scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0988 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0987 (An information disclosure vulnerability exists when the scripting engi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0986 (A remote code execution vulnerability exists when the Microsoft Malwar ...)
	NOT-FOR-US: Microsoft
CVE-2018-0985
	RESERVED
CVE-2018-0984
	RESERVED
CVE-2018-0983 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0982 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0981 (An information disclosure vulnerability exists in the way that the scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0980 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0979 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0978 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-0977 (The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0976 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
	NOT-FOR-US: Microsoft
CVE-2018-0975 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0974 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0973 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0972 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0971 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0970 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0969 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0968 (An information disclosure vulnerability exists in the Windows kernel t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0967 (A denial of service vulnerability exists in the way that Windows SNMP  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0966 (A security feature bypass exists when Device Guard incorrectly validat ...)
	NOT-FOR-US: Microsoft
CVE-2018-0965 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0964 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2018-0963 (An elevation of privilege vulnerability exists in the way that the Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0962
	RESERVED
CVE-2018-0961 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0960 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0959 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0958 (A security feature bypass vulnerability exists in Windows which could  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0957 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2018-0956 (A denial of service vulnerability exists in the HTTP 2.0 protocol stac ...)
	NOT-FOR-US: Microsoft
CVE-2018-0955 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0954 (A remote code execution vulnerability exists in the way the scripting  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0953 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0952 (An Elevation of Privilege vulnerability exists when Diagnostics Hub St ...)
	NOT-FOR-US: Microsoft
CVE-2018-0951 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0950 (An information disclosure vulnerability exists when Office renders Ric ...)
	NOT-FOR-US: Microsoft
CVE-2018-0949 (A security feature bypass vulnerability exists when Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2018-0948
	RESERVED
CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Ente ...)
	NOT-FOR-US: Microsoft
CVE-2018-0946 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0945 (A remote code execution vulnerability exists in the way that the scrip ...)
	NOT-FOR-US: Microsoft
CVE-2018-0944 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0943 (A remote code execution vulnerability exists in the way that the Chakr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0942 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0941 (Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Excha ...)
	NOT-FOR-US: Microsoft
CVE-2018-0940 (Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-0939 (ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow inform ...)
	NOT-FOR-US: Microsoft
CVE-2018-0938
	RESERVED
CVE-2018-0937 (ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code ex ...)
	NOT-FOR-US: Microsoft
CVE-2018-0936 (ChakraCore and Microsoft Windows 10 1709 allow remote code execution,  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0935 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0934 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0933 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0932 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0931 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0930 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2018-0929 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0928
	RESERVED
CVE-2018-0927 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0926 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0925 (ChakraCore allows remote code execution, due to how the ChakraCore scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0924 (Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Micros ...)
	NOT-FOR-US: Microsoft
CVE-2018-0923 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of pri ...)
	NOT-FOR-US: Microsoft
CVE-2018-0922 (Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 C ...)
	NOT-FOR-US: Microsoft
CVE-2018-0921 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of pri ...)
	NOT-FOR-US: Microsoft
CVE-2018-0920 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
	NOT-FOR-US: Microsoft
CVE-2018-0919 (Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 C ...)
	NOT-FOR-US: Microsoft
CVE-2018-0918
	RESERVED
CVE-2018-0917 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of pri ...)
	NOT-FOR-US: Microsoft
CVE-2018-0916 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0915 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0914 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0913 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0912 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0911 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0910 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0909 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0908 (Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevate ...)
	NOT-FOR-US: Microsoft
CVE-2018-0907 (Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 20 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0906
	RESERVED
CVE-2018-0905
	RESERVED
CVE-2018-0904 (The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0903 (Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access ...)
	NOT-FOR-US: Microsoft
CVE-2018-0902 (The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in ...)
	NOT-FOR-US: Microsoft
CVE-2018-0901 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0900 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0899 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0898 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0897 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0896 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0895 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0894 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0893 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0892 (An information disclosure vulnerability exists when Microsoft Edge imp ...)
	NOT-FOR-US: Microsoft
CVE-2018-0891 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0890 (A security feature bypass vulnerability exists when Active Directory i ...)
	NOT-FOR-US: Microsoft
CVE-2018-0889 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0888 (The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2018-0887 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0886 (The Credential Security Support Provider protocol (CredSSP) in Microso ...)
	NOT-FOR-US: Microsoft
CVE-2018-0885 (The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft W ...)
	NOT-FOR-US: Microsoft
CVE-2018-0884 (Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0883 (Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0882 (The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0881 (The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, W ...)
	NOT-FOR-US: Microsoft
CVE-2018-0880 (The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0879 (Microsoft Edge in Windows 10 1709 allows information disclosure, due t ...)
	NOT-FOR-US: Microsoft
CVE-2018-0878 (Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0877 (The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0876 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0875 (.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0874 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0873 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0872 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0871 (An information disclosure vulnerability exists when Edge improperly ma ...)
	NOT-FOR-US: Microsoft
CVE-2018-0870 (A remote code execution vulnerability exists when Internet Explorer im ...)
	NOT-FOR-US: Microsoft
CVE-2018-0869 (SharePoint Server 2016 allows an elevation of privilege vulnerability  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0868 (Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0867
	RESERVED
CVE-2018-0866 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0865
	RESERVED
CVE-2018-0864 (SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0863
	RESERVED
CVE-2018-0862 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0861 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0860 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0859 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0858 (ChakraCore allows remote code execution, due to how the ChakraCore scr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0857 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0856 (Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 al ...)
	NOT-FOR-US: Microsoft
CVE-2018-0855 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0854 (A security feature bypass vulnerability exists in Windows Scripting Ho ...)
	NOT-FOR-US: Microsoft
CVE-2018-0853 (Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0852 (Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outl ...)
	NOT-FOR-US: Microsoft
CVE-2018-0851 (Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Off ...)
	NOT-FOR-US: Microsoft
CVE-2018-0850 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0849 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0848 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0847 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0846 (The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0845 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0844 (The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0843 (The Windows kernel in Windows 10 version 1709 and Windows Server, vers ...)
	NOT-FOR-US: Microsoft
CVE-2018-0842 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0841 (Microsoft Office 2016 Click-to-Run allows a remote code execution vuln ...)
	NOT-FOR-US: Microsoft
CVE-2018-0840 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0839 (Microsoft Edge in Microsoft Windows 10 1703 allows information disclos ...)
	NOT-FOR-US: Microsoft
CVE-2018-0838 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0837 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0836 (Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 al ...)
	NOT-FOR-US: Microsoft
CVE-2018-0835 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0834 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0833 (The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in ...)
	NOT-FOR-US: Microsoft
CVE-2018-0832 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2,  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0831 (The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0830 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0829 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0828 (Windows 10 version 1607 and Windows Server 2016 allow an elevation of  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0827 (Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0826 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0825 (StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-0824 (A remote code execution vulnerability exists in "Microsoft COM for Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0823 (The Named Pipe File System in Windows 10 version 1709 and Windows Serv ...)
	NOT-FOR-US: Microsoft
CVE-2018-0822 (NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 201 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0821 (AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Se ...)
	NOT-FOR-US: Microsoft
CVE-2018-0820 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a specially c ...)
	NOT-FOR-US: Microsoft
CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow Guard ( ...)
	NOT-FOR-US: Microsoft
CVE-2018-0817 (The Windows Graphics Device Interface (GDI) in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2018-0816 (The Windows Graphics Device Interface (GDI) in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2018-0815 (The Windows Graphics Device Interface (GDI) in Microsoft Windows Serve ...)
	NOT-FOR-US: Microsoft
CVE-2018-0814 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0813 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0811 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0810 (The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0809 (The Windows kernel in Windows 10, versions 1703 and 1709, and Windows  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0808 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnera ...)
	NOT-FOR-US: Microsoft
CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0806 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0805 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0804 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0802 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0801 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obta ...)
	NOT-FOR-US: Microsoft
CVE-2018-0799 (Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Mi ...)
	NOT-FOR-US: Microsoft
CVE-2018-0798 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0797 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 201 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0796 (Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Micro ...)
	NOT-FOR-US: Microsoft
CVE-2018-0795 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 201 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0794 (Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Micros ...)
	NOT-FOR-US: Microsoft
CVE-2018-0793 (Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0792 (Microsoft Word 2016 in Microsoft Office 2016 allows a remote code exec ...)
	NOT-FOR-US: Microsoft
CVE-2018-0791 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0790 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0789 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2018-0787 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnera ...)
	NOT-FOR-US: Microsoft
CVE-2018-0786 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vuln ...)
	NOT-FOR-US: Microsoft
CVE-2018-0784 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnera ...)
	NOT-FOR-US: Microsoft
CVE-2018-0783
	RESERVED
CVE-2018-0782
	RESERVED
CVE-2018-0781 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0780 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0779
	RESERVED
CVE-2018-0778 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0777 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0776 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0775 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0774 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0773 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0772 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0771 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0770 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0769 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0768 (Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitr ...)
	NOT-FOR-US: Microsoft
CVE-2018-0767 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Win ...)
	NOT-FOR-US: Microsoft
CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0765 (A denial of service vulnerability exists when .NET and .NET Core impro ...)
	NOT-FOR-US: .dotnet CoreFX
	NOTE: https://github.com/dotnet/announcements/issues/67
	NOTE: https://github.com/dotnet/corefx/issues/29578
CVE-2018-0764 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0763 (Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows informatio ...)
	NOT-FOR-US: Microsoft
CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0761 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0760 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0759
	RESERVED
CVE-2018-0758 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0757 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0756 (The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2018-0755 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0754 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP ...)
	NOT-FOR-US: Microsoft
CVE-2018-0753 (Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0752 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0751 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0750 (The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0749 (The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Wind ...)
	NOT-FOR-US: Microsoft
CVE-2018-0748 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0747 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0746 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0745 (The Windows kernel in Windows 10 version 1703. Windows 10 version 1709 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0744 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and  ...)
	NOT-FOR-US: Microsoft
CVE-2018-0743 (Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 ver ...)
	NOT-FOR-US: Microsoft
CVE-2018-0742 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0741 (The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows S ...)
	NOT-FOR-US: Microsoft
CVE-2018-0740
	REJECTED
CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as can be fo ...)
	{DSA-4158-1 DSA-4157-1 DLA-1330-1}
	- openssl 1.1.0h-1
	- openssl1.0 1.0.2o-1
	- libtomcrypt 1.18.2-1 (low)
	[stretch] - libtomcrypt <no-dsa> (Minor issue)
	[jessie] - libtomcrypt <no-dsa> (Minor issue)
	NOTE: https://www.openssl.org/news/secadv/20180327.txt
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=9310d45087ae546e27e61ddf8f6367f29848220d
	NOTE: https://github.com/libtom/libtomcrypt/pull/373
CVE-2018-0738
	REJECTED
CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be vulnerab ...)
	{DSA-4355-1 DSA-4348-1 DLA-1449-1}
	- openssl 1.1.0h-3 (low; bug #895844)
	[wheezy] - openssl <postponed> (Can wait for next update)
	- openssl1.0 1.0.2q-1 (low; bug #895845)
	NOTE: https://www.openssl.org/news/secadv/20180416.txt
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
	NOTE: https://eprint.iacr.org/2018/367
CVE-2018-0736
	REJECTED
CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be vulnerable  ...)
	{DSA-4348-1 DLA-1586-1}
	- openssl 1.1.1a-1
	- openssl1.0 <not-affected> (Vulnerable code never present in 1.0.2 series)
	NOTE: https://www.openssl.org/news/secadv/20181029.txt
	NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=56fb454d281a023b3f950d969693553d3f3ceea1
CVE-2018-0734 (The OpenSSL DSA signature algorithm has been shown to be vulnerable to ...)
	{DSA-4355-1 DSA-4348-1}
	- openssl 1.1.1a-1
	[jessie] - openssl <postponed> (vulnerable code not present, but see note below)
	- openssl1.0 1.0.2q-1
	NOTE: https://www.openssl.org/news/secadv/20181030.txt
	NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=43e6a58d4991a451daf4891ff05a48735df871ac
	NOTE: Actually the version in Jessie is not vulnerable. Nevertheless there is a bug fix which
	NOTE: futher reduces the amount of leaked timing information. It got no CVE on its own and
	NOTE: introduced this vulnerability. In order to not forget this issue and probably get more
	NOTE: information about it later, it is marked as <postponed> instead of <not-affected>
	NOTE: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=b96bebacfe814deb99fb64a3ed2296d95c573600
CVE-2018-0733 (Because of an implementation bug the PA-RISC CRYPTO_memcmp function is ...)
	- openssl 1.1.0h-1 (unimportant)
	[stretch] - openssl 1.1.0f-3+deb9u2
	[jessie] - openssl <not-affected> (vulnerable code not present)
	[wheezy] - openssl <not-affected> (vulnerable code not present)
	- openssl1.0 <not-affected> (Only affects OpenSSL 1.1.0)
	NOTE: Issue specific to HP-UX
	NOTE: https://www.openssl.org/news/secadv/20180327.txt
CVE-2018-0732 (During key agreement in a TLS handshake using a DH(E) based ciphersuit ...)
	{DSA-4355-1 DSA-4348-1 DLA-1449-1}
	- openssl 1.1.1-1 (low)
	- openssl1.0 1.0.2q-1 (low)
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=3984ef0b72831da8b3ece4745cac4f8575b19098
	NOTE: https://www.openssl.org/news/secadv/20180612.txt
CVE-2018-0731
	REJECTED
CVE-2018-0730 (This command injection vulnerability in File Station allows attackers  ...)
	NOT-FOR-US: QNAP
CVE-2018-0729 (This command injection vulnerability in Music Station allows attackers ...)
	NOT-FOR-US: QNAP
CVE-2018-0728 (This improper access control vulnerability in Helpdesk allows attacker ...)
	NOT-FOR-US: QNAP
CVE-2018-0727
	RESERVED
CVE-2018-0726
	RESERVED
CVE-2018-0725
	RESERVED
CVE-2018-0724 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...)
	NOT-FOR-US: Q'center Virtual Appliance
CVE-2018-0723 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...)
	NOT-FOR-US: Q'center Virtual Appliance
CVE-2018-0722 (Path Traversal vulnerability in Photo Station versions: 5.7.2 and earl ...)
	NOT-FOR-US: QNAP
CVE-2018-0721 (Buffer Overflow vulnerability in NAS devices. QTS allows attackers to  ...)
	NOT-FOR-US: QNAP QTS
CVE-2018-0720
	RESERVED
CVE-2018-0719 (Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP System ...)
	NOT-FOR-US: QNAP QTS
CVE-2018-0718 (Command injection vulnerability in Music Station 5.1.2 and earlier ver ...)
	NOT-FOR-US: Music Station
CVE-2018-0717
	RESERVED
CVE-2018-0716 (Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4. ...)
	NOT-FOR-US: QNAP
CVE-2018-0715 (Cross-site scripting vulnerability in QNAP Photo Station versions 5.7. ...)
	NOT-FOR-US: QNAP Photo Station
CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and earlie ...)
	NOT-FOR-US: Helpdesk
CVE-2018-0713
	RESERVED
CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build ...)
	NOT-FOR-US: QNAP
CVE-2018-0711 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180 ...)
	NOT-FOR-US: QNAP
CVE-2018-0710 (Command injection vulnerability in SSH of QNAP Q'center Virtual Applia ...)
	NOT-FOR-US: QNAP
CVE-2018-0709 (Command injection vulnerability in date of QNAP Q'center Virtual Appli ...)
	NOT-FOR-US: QNAP
CVE-2018-0708 (Command injection vulnerability in networking of QNAP Q'center Virtual ...)
	NOT-FOR-US: QNAP
CVE-2018-0707 (Command injection vulnerability in change password of QNAP Q'center Vi ...)
	NOT-FOR-US: QNAP
CVE-2018-0706 (Exposure of Private Information in QNAP Q'center Virtual Appliance ver ...)
	NOT-FOR-US: QNAP
CVE-2018-0705 (Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allow ...)
	NOT-FOR-US: Cybozu
CVE-2018-0704 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 al ...)
	NOT-FOR-US: Cybozu
CVE-2018-0703 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 al ...)
	NOT-FOR-US: Cybozu
CVE-2018-0702 (Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 al ...)
	NOT-FOR-US: Cybozu
CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31 ...)
	NOT-FOR-US: BlueStacks App Player
CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular request prope ...)
	NOT-FOR-US: YukiWiki
CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allow ...)
	NOT-FOR-US: YukiWiki
CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows  ...)
	NOT-FOR-US: GROWI
CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 and earl ...)
	NOT-FOR-US: Metabase
CVE-2018-0696 (OpenAM (Open Source Edition) 13.0 and later does not properly manage s ...)
	NOT-FOR-US: OpenAM (different from src:openam)
CVE-2018-0695 (Cross-site scripting vulnerability in User-friendly SVN (USVN) Version ...)
	NOT-FOR-US: User-friendly SVN
CVE-2018-0694 (FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: FileZen
CVE-2018-0693 (Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows r ...)
	NOT-FOR-US: FileZen
CVE-2018-0692 (Untrusted search path vulnerability in Baidu Browser Version 43.23.100 ...)
	NOT-FOR-US: Baidu
CVE-2018-0691 (Multiple +Message Apps (Softbank +Message App for Android prior to ver ...)
	NOT-FOR-US: Softbank +Message App for Android
CVE-2018-0690 (An unvalidated software update vulnerability in Music Center for PC ve ...)
	NOT-FOR-US: Music Center for PC
CVE-2018-0689 (HTTP header injection vulnerability in SEIKO EPSON printers and scanne ...)
	NOT-FOR-US: SEIKO
CVE-2018-0688 (Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-5 ...)
	NOT-FOR-US: SEIKO
CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun  ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0685 (SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and e ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0684 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0683 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0682 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0681 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0680 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...)
	NOT-FOR-US: NEOJAPAN
CVE-2018-0679 (Cross-site scripting vulnerability in multiple FXC Inc. network device ...)
	NOT-FOR-US: FXC
CVE-2018-0678 (Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows ...)
	NOT-FOR-US: BN-SDWBP3
CVE-2018-0677 (BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with admi ...)
	NOT-FOR-US: BN-SDWBP3
CVE-2018-0676 (BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the ...)
	NOT-FOR-US: BN-SDWBP3
CVE-2018-0675 (AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script executi ...)
	NOT-FOR-US: AttacheCase
CVE-2018-0674 (AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script executi ...)
	NOT-FOR-US: AttacheCase
CVE-2018-0673 (Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allo ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions prior to V ...)
	- movabletype-opensource <removed>
CVE-2018-0671 (Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows ...)
	NOT-FOR-US: INplc-RT
CVE-2018-0670 (INplc-RT 3.08 and earlier allows remote attackers to bypass authentica ...)
	NOT-FOR-US: INplc-RT
CVE-2018-0669 (INplc-RT 3.08 and earlier allows remote attackers to bypass authentica ...)
	NOT-FOR-US: INplc-RT
CVE-2018-0668 (Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers t ...)
	NOT-FOR-US: INplc-RT
CVE-2018-0667 (Untrusted search path vulnerability in Installer of INplc SDK Express  ...)
	NOT-FOR-US: INplc
CVE-2018-0666 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ea ...)
	NOT-FOR-US: Yamaha
CVE-2018-0665 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ea ...)
	NOT-FOR-US: Yamaha
CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier allows ...)
	NOT-FOR-US: NoMachine App for Android
CVE-2018-0663 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...)
	NOT-FOR-US: I-O DATA network camera products
CVE-2018-0662 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...)
	NOT-FOR-US: I-O DATA network camera products
CVE-2018-0661 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...)
	NOT-FOR-US: I-O DATA network camera products
CVE-2018-0660 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3 ...)
	NOT-FOR-US: AttacheCase
CVE-2018-0659 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3 ...)
	NOT-FOR-US: AttacheCase
CVE-2018-0658 (Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 ...)
	NOT-FOR-US: EC-CUBE
CVE-2018-0657 (Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-P ...)
	NOT-FOR-US: EC-CUBE
CVE-2018-0656 (Untrusted search path vulnerability in The installer of Digital Paper  ...)
	NOT-FOR-US: Digital Paper App
CVE-2018-0655 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...)
	NOT-FOR-US: GROWI
CVE-2018-0654 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...)
	NOT-FOR-US: GROWI
CVE-2018-0653 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...)
	NOT-FOR-US: GROWI
CVE-2018-0652 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...)
	NOT-FOR-US: GROWI
CVE-2018-0651 (Buffer overflow in the license management function of YOKOGAWA product ...)
	NOT-FOR-US: YOKOGAWA
CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 do ...)
	NOT-FOR-US: LINE MUSIC for Android
CVE-2018-0649 (Untrusted search path vulnerability in the installers of multiple Cano ...)
	NOT-FOR-US: CANON
CVE-2018-0648 (Untrusted search path vulnerability in installer of ChatWork Desktop A ...)
	NOT-FOR-US: installer of ChatWork Desktop App for Windows
CVE-2018-0647 (Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware  ...)
	NOT-FOR-US: WL-330NUL Firmware
CVE-2018-0646 (Directory traversal vulnerability in Explzh v.7.58 and earlier allows  ...)
	NOT-FOR-US: Explzh
CVE-2018-0645 (MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via uns ...)
	NOT-FOR-US: MTAppjQuery
CVE-2018-0644 (Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage ...)
	NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-serv ...)
	NOT-FOR-US: ORCA (Online Receipt Computer Advantage)
CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 ...)
	NOT-FOR-US: FV Flowplayer Video Player
CVE-2018-0641 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker  ...)
	NOT-FOR-US: Aterm
CVE-2018-0640 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker  ...)
	NOT-FOR-US: Aterm
CVE-2018-0639 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0638 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0637 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0636 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0635 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0634 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator  ...)
	NOT-FOR-US: Aterm
CVE-2018-0633 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker w ...)
	NOT-FOR-US: Aterm
CVE-2018-0632 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker w ...)
	NOT-FOR-US: Aterm
CVE-2018-0631 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...)
	NOT-FOR-US: Aterm
CVE-2018-0630 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...)
	NOT-FOR-US: Aterm
CVE-2018-0629 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...)
	NOT-FOR-US: Aterm
CVE-2018-0628 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...)
	NOT-FOR-US: Aterm
CVE-2018-0627 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...)
	NOT-FOR-US: Aterm
CVE-2018-0626 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...)
	NOT-FOR-US: Aterm
CVE-2018-0625 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...)
	NOT-FOR-US: Aterm
CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series produc ...)
	NOT-FOR-US: Yayoi
CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series produc ...)
	NOT-FOR-US: Yayoi
CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier does not ...)
	NOT-FOR-US: DHC Online Shop App for Android
CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOF ...)
	NOT-FOR-US: LOGICOOL
CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software versions ...)
	NOT-FOR-US: LOGICOOL
CVE-2018-0619 (Untrusted search path vulnerability in the installer of Glarysoft Glar ...)
	NOT-FOR-US: Glarysoft
CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allow ...)
	{DSA-4246-1 DLA-1442-1}
	- mailman 1:2.1.27-1
	NOTE: https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
	NOTE: https://launchpad.net/mailman/+milestone/2.1.27
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1747
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1754
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1783
	NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1785
CVE-2018-0617 (Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.22 ...)
	NOT-FOR-US: ChamaNet MemoCGI
CVE-2018-0616
	RESERVED
CVE-2018-0615
	RESERVED
CVE-2018-0614 (Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CS ...)
	NOT-FOR-US: NEC
CVE-2018-0613 (NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 an ...)
	NOT-FOR-US: NEC
CVE-2018-0612 (Cross-site scripting vulnerability in 5000 trillion yen converter v1.0 ...)
	NOT-FOR-US: 5000 trillion yen converter
CVE-2018-0611 (The ANA App for iOS version 4.0.22 and earlier does not verify X.509 c ...)
	NOT-FOR-US: ANA App
CVE-2018-0610 (Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allo ...)
	NOT-FOR-US: Zenphoto
CVE-2018-0609 (Untrusted search path vulnerability in LINE for Windows versions befor ...)
	NOT-FOR-US: LINE
CVE-2018-0608 (Buffer overflow in H2O version 2.2.4 and earlier allows remote attacke ...)
	- h2o 2.2.5+dfsg1-1
	NOTE: https://github.com/h2o/h2o/issues/1775
CVE-2018-0607 (SQL injection vulnerability in the Notifications application in the Cy ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0606 (SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows ...)
	NOT-FOR-US: Pixelpost
CVE-2018-0605 (Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier all ...)
	NOT-FOR-US: Pixelpost
CVE-2018-0604 (Pixelpost v1.7.3 and earlier allows remote code execution via unspecif ...)
	NOT-FOR-US: Pixelpost
CVE-2018-0603 (Cross-site scripting vulnerability in Site Reviews versions prior to 2 ...)
	NOT-FOR-US: Site Reviews
CVE-2018-0602 (Cross-site scripting vulnerability in Email Subscribers &amp; Newslett ...)
	NOT-FOR-US: Email Subscribers & Newsletters
CVE-2018-0601 (Untrusted search path vulnerability in axpdfium v0.01 allows an attack ...)
	NOT-FOR-US: axpdfium
CVE-2018-0600 (Untrusted search path vulnerability in the installer of PlayMemories H ...)
	NOT-FOR-US: PlayMemories
CVE-2018-0599 (Untrusted search path vulnerability in the installer of Visual C++ Red ...)
	NOT-FOR-US: Visual C++
CVE-2018-0598 (Untrusted search path vulnerability in Self-extracting archive files c ...)
	NOT-FOR-US: IExpress
CVE-2018-0597 (Untrusted search path vulnerability in the installer of Visual Studio  ...)
	NOT-FOR-US: Visual Studio
CVE-2018-0596 (Untrusted search path vulnerability in the installer of Visual Studio  ...)
	NOT-FOR-US: Visual Studio
CVE-2018-0595 (Untrusted search path vulnerability in the installer of Skype for Wind ...)
	NOT-FOR-US: Skype
CVE-2018-0594 (Untrusted search path vulnerability in Skype for Windows allows an att ...)
	NOT-FOR-US: Skype
CVE-2018-0593 (Untrusted search path vulnerability in the installer of Microsoft OneD ...)
	NOT-FOR-US: OneDrive
CVE-2018-0592 (Untrusted search path vulnerability in Microsoft OneDrive allows an at ...)
	NOT-FOR-US: OneDrive
CVE-2018-0591 (The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3. ...)
	NOT-FOR-US: KINEPASS
CVE-2018-0590 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows rem ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0589 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows rem ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0588 (Directory traversal vulnerability in the AJAX function of Ultimate Mem ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0587 (Unrestricted file upload vulnerability in Ultimate Member plugin prior ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0586 (Directory traversal vulnerability in the shortcodes function of Ultima ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0585 (Cross-site scripting vulnerability in Ultimate Member plugin prior to  ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0584 (IIJ SmartKey App for Android version 2.1.0 and earlier allows remote a ...)
	NOT-FOR-US: IIJ SmartKey
CVE-2018-0583 (Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware versio ...)
	NOT-FOR-US: ASUS
CVE-2018-0582 (Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version p ...)
	NOT-FOR-US: ASUS
CVE-2018-0581 (Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version p ...)
	NOT-FOR-US: ASUS
CVE-2018-0580 (Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series  ...)
	NOT-FOR-US: CELSYS
CVE-2018-0579 (Cross-site scripting vulnerability in Open Graph for Facebook, Google+ ...)
	NOT-FOR-US: WordPress plugin wonderm00ns-simple-facebook-open-graph-tags
CVE-2018-0578 (Cross-site scripting vulnerability in PixelYourSite plugin prior to ve ...)
	NOT-FOR-US: WordPress plugin pixelyoursite
CVE-2018-0577 (Cross-site scripting vulnerability in WP Google Map Plugin prior to ve ...)
	NOT-FOR-US: WordPress plugin wp-google-map-plugin
CVE-2018-0576 (Cross-site scripting vulnerability in Events Manager plugin prior to v ...)
	NOT-FOR-US: WordPress plugin events-manager
CVE-2018-0575 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0574 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0573 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0572 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0571 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0570 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0569 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...)
	NOT-FOR-US: baserCMS
CVE-2018-0568 (Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ve ...)
	NOT-FOR-US: Joruri Gw
CVE-2018-0567 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypas ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0566 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypas ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0565 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 a ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0564 (Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0. ...)
	NOT-FOR-US: EC-CUBE
CVE-2018-0563 (Untrusted search path vulnerability in the installer of FLET'S VIRUS C ...)
	NOT-FOR-US: FLET
CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine Free v ...)
	NOT-FOR-US: Installer of SoundEngine Free
CVE-2018-0561 (Untrusted search path vulnerability in The installer of PhishWall Clie ...)
	NOT-FOR-US: Installer of PhishWall Client Internet Explorer
CVE-2018-0560 (Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attacker ...)
	NOT-FOR-US: Hatena Bookmark App for iOS
CVE-2018-0559 (Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 a ...)
	NOT-FOR-US: Cybozu Mailwise
CVE-2018-0558 (Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0  ...)
	NOT-FOR-US: Cybozu Mailwise
CVE-2018-0557 (Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to  ...)
	NOT-FOR-US: Cybozu Mailwise
CVE-2018-0556 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execut ...)
	NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0555 (Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an ...)
	NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0554 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass ...)
	NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0553 (The iRemoconWiFi App for Android version 4.1.7 and earlier does not ve ...)
	NOT-FOR-US: iRemoconWiFi App for Android
CVE-2018-0552 (Untrusted search path vulnerability in The installer of PhishWall Clie ...)
	NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition for Windows)
CVE-2018-0551 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0550 (Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0549 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 all ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0548 (Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin prior to ve ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin prior to ve ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-0545 (LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrar ...)
	NOT-FOR-US: LXR
CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier (Inst ...)
	NOT-FOR-US: WinShot
CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier (Instal ...)
	NOT-FOR-US: Jtrim installer
CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allows an  ...)
	NOT-FOR-US: WebProxy (some software released by LunarLight)
CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to caus ...)
	NOT-FOR-US: Tiny FTP Daemon
CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 allows a ...)
	NOT-FOR-US: ViX
CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary comma ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows ...)
	NOT-FOR-US: PHP 2chBBS
CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an at ...)
	NOT-FOR-US: ArsenoL
CVE-2018-0533 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0532 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0531 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to  ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0530 (SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0529 (Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0528 (Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypas ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0527 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 a ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0526 (Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an im ...)
	NOT-FOR-US: Cybozu Office
CVE-2018-0525 (Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows  ...)
	- jubatus <itp> (bug #704100)
CVE-2018-0524 (Jubatus 1.0.2 and earlier allows remote code execution via unspecified ...)
	- jubatus <itp> (bug #704100)
CVE-2018-0523 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker  ...)
	NOT-FOR-US: Buffalo
CVE-2018-0522 (Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier  ...)
	NOT-FOR-US: Buffalo
CVE-2018-0521 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker  ...)
	NOT-FOR-US: Buffalo
CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS0 ...)
	NOT-FOR-US: FS010W firmware
CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...)
	NOT-FOR-US: FS010W firmware
CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...)
	NOT-FOR-US: LINE for iOS
CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...)
	NOT-FOR-US: Anshin net security for Windows
CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address selectio ...)
	NOT-FOR-US: FLET'S v4 / v6 address selection tool
CVE-2018-0515 (Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" ve ...)
	NOT-FOR-US: FLET'S Azukeru Backup Tool
CVE-2018-0514 (MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remot ...)
	NOT-FOR-US: MP Form Mail CGI eCommerce Edition
CVE-2018-0513 (Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple ...)
	NOT-FOR-US: MTS Simple Booking
CVE-2018-0512 (Devices with IP address setting tool "MagicalFinder" provided by I-O D ...)
	NOT-FOR-US: IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC.
CVE-2018-0511 (Cross-site scripting vulnerability in WP Retina 2x prior to version 5. ...)
	NOT-FOR-US: WP Retina
CVE-2018-0510 (Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlie ...)
	NOT-FOR-US: kkcal
CVE-2018-0509 (Cross-site request forgery (CSRF) vulnerability in epg search result v ...)
	NOT-FOR-US: kkcal
CVE-2018-0508 (Cross-site scripting vulnerability in epg search result viewer (kkcald ...)
	NOT-FOR-US: kkcal
CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & ...)
	NOT-FOR-US: FLET'S VIRUS CLEAR
CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Nootka
CVE-2018-0505 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a fla ...)
	{DSA-4301-1}
	- mediawiki 1:1.31.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
	NOTE: https://phabricator.wikimedia.org/T194605
CVE-2018-0504 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an in ...)
	{DSA-4301-1}
	- mediawiki 1:1.31.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
	NOTE: https://phabricator.wikimedia.org/T187638
CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a fla ...)
	{DSA-4301-1}
	- mediawiki 1:1.31.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
	NOTE: https://phabricator.wikimedia.org/T169545
CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! scrip ...)
	{DLA-2470-1}
	- zsh 5.6-1 (bug #908000)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://www.zsh.org/mla/zsh-announce/136
	NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
CVE-2018-0501 (The mirror:// method implementation in Advanced Package Tool (APT) 1.6 ...)
	- apt 1.6.4
	[stretch] - apt <not-affected> (Vulnerable code introduced in 1.6~alpha6)
	[jessie] - apt <not-affected> (Vulnerable code introduced in 1.6~alpha6)
	NOTE: https://mirror.fail/
CVE-2018-0500 (Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including cur ...)
	- curl 7.61.0-1 (bug #903546)
	[stretch] - curl <not-affected> (Only affects 7.54.1 to 7.60.0)
	[jessie] - curl <not-affected> (Only affects 7.54.1 to 7.60.0)
	NOTE: https://curl.haxx.se/docs/adv_2018-70a2.html
CVE-2018-0499 (A cross-site scripting vulnerability in queryparser/termgenerator_inte ...)
	- xapian-core 1.4.6-1 (bug #902886)
	[stretch] - xapian-core 1.4.3-2+deb9u1
	[jessie] - xapian-core <not-affected> (vulnerable code not present)
	NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html
CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows loc ...)
	{DSA-4296-1 DLA-1518-1}
	- mbedtls 2.12.0-1 (bug #904821)
	- polarssl <removed>
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows rem ...)
	{DSA-4296-1 DLA-1518-1}
	- mbedtls 2.12.0-1 (bug #904821)
	- polarssl <removed>
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
CVE-2018-0496 (Directory traversal issues in the D-Mod extractor in DFArc and DFArc2  ...)
	{DLA-1686-1}
	- freedink-dfarc 3.14-1
	[stretch] - freedink-dfarc 3.12-1+deb9u1
	NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169
	NOTE: https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998
CVE-2018-0495 (Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache s ...)
	{DSA-4231-1 DLA-1405-1}
	- libgcrypt20 1.8.3-1
	NOTE: https://dev.gnupg.org/T4011
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
CVE-2018-0494 (GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in ...)
	{DSA-4195-1 DLA-1375-1}
	- wget 1.19.5-1 (bug #898076)
	NOTE: https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
	NOTE: https://savannah.gnu.org/bugs/?53763
	NOTE: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
	NOTE: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
CVE-2018-0493 (remctld in remctl before 3.14, when an attacker is authorized to execu ...)
	{DSA-4159-1}
	- remctl 3.14-1
	[jessie] - remctl <not-affected> (Affected code introduced in 3.12)
	[wheezy] - remctl <not-affected> (Affected code introduced in 3.12)
	NOTE: https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html
	NOTE: https://git.eyrie.org/?p=kerberos/remctl.git;a=commitdiff;h=e2b34e086f199b39f8ea36dd621684003835d172
CVE-2018-0492 (Johnathan Nightingale beep through 1.3.4, if setuid, has a race condit ...)
	{DSA-4163-1 DLA-1338-1}
	- beep 1.3-5 (bug #894667)
	NOTE: https://github.com/johnath/beep/issues/11
CVE-2018-0491 (A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10.  ...)
	- tor 0.3.2.10-1
	[stretch] - tor <not-affected> (Only affects tor 0.3.2.x series and later)
	[jessie] - tor <not-affected> (Only affects tor 0.3.2.x series and later)
	[wheezy] - tor <not-affected> (Only affects tor 0.3.2.x series and later)
	NOTE: https://trac.torproject.org/projects/tor/ticket/25117
	NOTE: https://trac.torproject.org/projects/tor/ticket/24700
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=adaf3e9b89f62d68ab631b8f672d9bff996689b9
CVE-2018-0490 (An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.1 ...)
	{DSA-4183-1}
	- tor 0.3.2.10-1
	[jessie] - tor <not-affected> (Vulnerable code introduced after tor-0.2.9.4-alpha)
	[wheezy] - tor <not-affected> (Vulnerable code introduced after tor-0.2.9.4-alpha)
	NOTE: https://trac.torproject.org/projects/tor/ticket/25074
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=65f2eec694f18a64291cc85317b9f22dacc1d8e4
CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Pr ...)
	{DSA-4126-1 DLA-1296-1}
	- xmltooling 1.6.4-1
	NOTE: https://shibboleth.net/community/advisories/secadv_20180227.txt
	NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-128
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the  ...)
	{DSA-4147-1 DSA-4138-1}
	- mbedtls 2.7.0-2 (bug #890287)
	- polarssl <removed>
	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
	NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
	NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows rem ...)
	{DSA-4147-1 DSA-4138-1}
	- mbedtls 2.7.0-2 (bug #890288)
	- polarssl <removed>
	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
	NOTE: https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Pr ...)
	{DSA-4085-1 DLA-1242-1}
	- xmltooling 1.6.3-1
	[stretch] - xmltooling 1.6.0-4+deb9u1
	NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt
	NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already
	NOTE: disallow DTD use.
	NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-127
	NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=a02314e96d6746d29c5697b504d37f2e04a6e6cd
CVE-2018-0485 (A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation I ...)
	NOT-FOR-US: Cisco
CVE-2018-0484 (A vulnerability in the access control logic of the Secure Shell (SSH)  ...)
	NOT-FOR-US: Cisco
CVE-2018-0483 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2018-0482 (A vulnerability in the web-based management interface of Cisco Prime N ...)
	NOT-FOR-US: Cisco
CVE-2018-0481 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0480 (A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Sof ...)
	NOT-FOR-US: Cisco
CVE-2018-0479
	RESERVED
CVE-2018-0478
	RESERVED
CVE-2018-0477 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0476 (A vulnerability in the Network Address Translation (NAT) Session Initi ...)
	NOT-FOR-US: Cisco
CVE-2018-0475 (A vulnerability in the implementation of the cluster feature of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0474 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0473 (A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0472 (A vulnerability in the IPsec driver code of multiple Cisco IOS XE Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0471 (A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0470 (A vulnerability in the web framework of Cisco IOS XE Software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-0469 (A vulnerability in the web user interface of Cisco IOS XE Software cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0468 (A vulnerability in the configuration of a local database installed as  ...)
	NOT-FOR-US: Cisco
CVE-2018-0467 (A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE So ...)
	NOT-FOR-US: Cisco
CVE-2018-0466 (A vulnerability in the Open Shortest Path First version 3 (OSPFv3) imp ...)
	NOT-FOR-US: Cisco
CVE-2018-0465 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2018-0464 (A vulnerability in Cisco Data Center Network Manager software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-0463 (A vulnerability in the Cisco Network Plug and Play server component of ...)
	NOT-FOR-US: Cisco
CVE-2018-0462 (A vulnerability in the user management functionality of Cisco Enterpri ...)
	NOT-FOR-US: Cisco
CVE-2018-0461 (A vulnerability in the Cisco IP Phone 8800 Series Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0460 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...)
	NOT-FOR-US: Cisco
CVE-2018-0459 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
	NOT-FOR-US: Cisco
CVE-2018-0458 (A vulnerability in the web-based management interface of Cisco Prime C ...)
	NOT-FOR-US: Cisco
CVE-2018-0457 (A vulnerability in the Cisco Webex Player for Webex Recording Format ( ...)
	NOT-FOR-US: Cisco
CVE-2018-0456 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
	NOT-FOR-US: Cisco
CVE-2018-0455 (A vulnerability in the Server Message Block Version 2 (SMBv2) and Vers ...)
	NOT-FOR-US: Cisco
CVE-2018-0454 (A vulnerability in the web-based management interface of Cisco Cloud S ...)
	NOT-FOR-US: Cisco
CVE-2018-0453 (A vulnerability in the Sourcefire tunnel control channel protocol in C ...)
	NOT-FOR-US: Cisco
CVE-2018-0452 (A vulnerability in the web-based management interface of Cisco Tetrati ...)
	NOT-FOR-US: Cisco
CVE-2018-0451 (A vulnerability in the web-based management interface of Cisco Tetrati ...)
	NOT-FOR-US: Cisco
CVE-2018-0450 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2018-0449 (A vulnerability in the Cisco Jabber Client Framework (JCF) software, i ...)
	NOT-FOR-US: Cisco
CVE-2018-0448 (A vulnerability in the identity management service of Cisco Digital Ne ...)
	NOT-FOR-US: Cisco
CVE-2018-0447 (A vulnerability in the anti-spam protection mechanisms of Cisco AsyncO ...)
	NOT-FOR-US: Cisco
CVE-2018-0446 (A vulnerability in the web-based management interface of Cisco Industr ...)
	NOT-FOR-US: Cisco
CVE-2018-0445 (A vulnerability in the web-based management interface of Cisco Package ...)
	NOT-FOR-US: Cisco
CVE-2018-0444 (A vulnerability in the web-based management interface of Cisco Package ...)
	NOT-FOR-US: Cisco
CVE-2018-0443 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
	NOT-FOR-US: Cisco
CVE-2018-0442 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
	NOT-FOR-US: Cisco
CVE-2018-0441 (A vulnerability in the 802.11r Fast Transition feature set of Cisco IO ...)
	NOT-FOR-US: Cisco
CVE-2018-0440 (A vulnerability in the web interface of Cisco Data Center Network Mana ...)
	NOT-FOR-US: Cisco
CVE-2018-0439 (A vulnerability in the web-based management interface of Cisco Meeting ...)
	NOT-FOR-US: Cisco
CVE-2018-0438 (A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC)  ...)
	NOT-FOR-US: Cisco
CVE-2018-0437 (A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC)  ...)
	NOT-FOR-US: Cisco
CVE-2018-0436 (A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allo ...)
	NOT-FOR-US: Cisco
CVE-2018-0435 (A vulnerability in the Cisco Umbrella API could allow an authenticated ...)
	NOT-FOR-US: Cisco
CVE-2018-0434 (A vulnerability in the Zero Touch Provisioning feature of the Cisco SD ...)
	NOT-FOR-US: Cisco
CVE-2018-0433 (A vulnerability in the command-line interface (CLI) in the Cisco SD-WA ...)
	NOT-FOR-US: Cisco
CVE-2018-0432 (A vulnerability in the error reporting feature of the Cisco SD-WAN Sol ...)
	NOT-FOR-US: Cisco
CVE-2018-0431 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2018-0430 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2018-0429 (Stack-based buffer overflow in the Cisco Thor decoder before commit 18 ...)
	NOT-FOR-US: Cisco
CVE-2018-0428 (A vulnerability in the account management subsystem of Cisco Web Secur ...)
	NOT-FOR-US: Cisco
CVE-2018-0427 (A vulnerability in the CronJob scheduler API of Cisco Digital Network  ...)
	NOT-FOR-US: Cisco
CVE-2018-0426 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2018-0425 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2018-0424 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2018-0423 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
	NOT-FOR-US: Cisco
CVE-2018-0422 (A vulnerability in the folder permissions of Cisco Webex Meetings clie ...)
	NOT-FOR-US: Cisco
CVE-2018-0421 (A vulnerability in TCP connection management in Cisco Prime Access Reg ...)
	NOT-FOR-US: Cisco
CVE-2018-0420 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...)
	NOT-FOR-US: Cisco
CVE-2018-0419 (A vulnerability in certain attachment detection mechanisms of Cisco Em ...)
	NOT-FOR-US: Cisco
CVE-2018-0418 (A vulnerability in the Local Packet Transport Services (LPTS) feature  ...)
	NOT-FOR-US: Cisco
CVE-2018-0417 (A vulnerability in TACACS authentication with Cisco Wireless LAN Contr ...)
	NOT-FOR-US: Cisco
CVE-2018-0416 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...)
	NOT-FOR-US: Cisco
CVE-2018-0415 (A vulnerability in the implementation of Extensible Authentication Pro ...)
	NOT-FOR-US: Cisco
CVE-2018-0414 (A vulnerability in the web-based UI of Cisco Secure Access Control Ser ...)
	NOT-FOR-US: Cisco
CVE-2018-0413 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0412 (A vulnerability in the implementation of Extensible Authentication Pro ...)
	NOT-FOR-US: Cisco
CVE-2018-0411 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0410 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...)
	NOT-FOR-US: Cisco
CVE-2018-0409 (A vulnerability in the XCP Router service of the Cisco Unified Communi ...)
	NOT-FOR-US: Cisco
CVE-2018-0408 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2018-0407 (A vulnerability in the web-based management interface of Cisco Small B ...)
	NOT-FOR-US: Cisco
CVE-2018-0406 (A vulnerability in the web-based management interface of Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2018-0405 (A vulnerability in the web framework code for Cisco RV180W Wireless-N  ...)
	NOT-FOR-US: Cisco
CVE-2018-0404 (A vulnerability in the web framework code for Cisco RV180W Wireless-N  ...)
	NOT-FOR-US: Cisco
CVE-2018-0403 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0402 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0401 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0400 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0399 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0398 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
	NOT-FOR-US: Cisco
CVE-2018-0397 (A vulnerability in Cisco AMP for Endpoints Mac Connector Software inst ...)
	NOT-FOR-US: Cisco
CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified Communicatio ...)
	NOT-FOR-US: Cisco
CVE-2018-0395 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...)
	NOT-FOR-US: Cisco
CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud Services Pla ...)
	NOT-FOR-US: Cisco
CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy Builder int ...)
	NOT-FOR-US: Cisco
CVE-2018-0392 (A vulnerability in the CLI of Cisco Policy Suite could allow an authen ...)
	NOT-FOR-US: Cisco
CVE-2018-0391 (A vulnerability in the password change function of Cisco Prime Collabo ...)
	NOT-FOR-US: Cisco
CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2018-0389 (A vulnerability in the implementation of Session Initiation Protocol ( ...)
	NOT-FOR-US: Cisco
CVE-2018-0388 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...)
	NOT-FOR-US: Cisco
CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS) could all ...)
	NOT-FOR-US: Cisco
CVE-2018-0386 (A vulnerability in Cisco Unified Communications Domain Manager Softwar ...)
	NOT-FOR-US: Cisco
CVE-2018-0385 (A vulnerability in the detection engine parsing of Security Socket Lay ...)
	NOT-FOR-US: Cisco
CVE-2018-0384 (A vulnerability in the detection engine of Cisco FireSIGHT System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0383 (A vulnerability in the detection engine of Cisco FireSIGHT System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0382 (A vulnerability in the session identification management functionality ...)
	NOT-FOR-US: Cisco
CVE-2018-0381 (A vulnerability in the Cisco Aironet Series Access Points (APs) softwa ...)
	NOT-FOR-US: Cisco
CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network Recording Pl ...)
	NOT-FOR-US: Cisco
CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network Recording Pl ...)
	NOT-FOR-US: Cisco
CVE-2018-0378 (A vulnerability in the Precision Time Protocol (PTP) feature of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi) interfac ...)
	NOT-FOR-US: Cisco
CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy Suite  ...)
	NOT-FOR-US: Cisco
CVE-2018-0375 (A vulnerability in the Cluster Manager of Cisco Policy Suite before 18 ...)
	NOT-FOR-US: Cisco
CVE-2018-0374 (A vulnerability in the Policy Builder database of Cisco Policy Suite b ...)
	NOT-FOR-US: Cisco
CVE-2018-0373 (A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys fo ...)
	NOT-FOR-US: Cisco
CVE-2018-0372 (A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series F ...)
	NOT-FOR-US: Cisco
CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting Server cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0370 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0369 (A vulnerability in the reassembly logic for fragmented IPv4 packets of ...)
	NOT-FOR-US: Cisco
CVE-2018-0368 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0367 (A vulnerability in the web-based management interface of the Cisco Reg ...)
	NOT-FOR-US: Cisco
CVE-2018-0366 (A vulnerability in the web-based management interface of Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2018-0365 (A vulnerability in the web-based management interface of Cisco Firepow ...)
	NOT-FOR-US: Cisco
CVE-2018-0364 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0363 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0362 (A vulnerability in BIOS authentication management of Cisco 5000 Series ...)
	NOT-FOR-US: Cisco
CVE-2018-0361 (ClamAV before 0.100.1 lacks a PDF object length check, resulting in an ...)
	{DLA-1461-1}
	- clamav 0.100.1+dfsg-1
	[stretch] - clamav 0.100.1+dfsg-0+deb9u1
	NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
CVE-2018-0360 (ClamAV before 0.100.1 has an HWP integer overflow with a resultant inf ...)
	{DLA-1461-1}
	- clamav 0.100.1+dfsg-1
	[stretch] - clamav 0.100.1+dfsg-0+deb9u1
	NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
CVE-2018-0359 (A vulnerability in the session identification management functionality ...)
	NOT-FOR-US: Cisco
CVE-2018-0358 (A vulnerability in the file descriptor handling of Cisco TelePresence  ...)
	NOT-FOR-US: Cisco
CVE-2018-0357 (A vulnerability in the web framework of Cisco WebEx could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2018-0356 (A vulnerability in the web framework of Cisco WebEx could allow an una ...)
	NOT-FOR-US: Cisco
CVE-2018-0355 (A vulnerability in the web UI of Cisco Unified Communications Manager  ...)
	NOT-FOR-US: Cisco
CVE-2018-0354 (A vulnerability in the web framework of Cisco Unity Connection could a ...)
	NOT-FOR-US: Cisco
CVE-2018-0353 (A vulnerability in traffic-monitoring functions in Cisco Web Security  ...)
	NOT-FOR-US: Cisco
CVE-2018-0352 (A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide  ...)
	NOT-FOR-US: Cisco
CVE-2018-0351 (A vulnerability in the command-line tcpdump utility in the Cisco SD-WA ...)
	NOT-FOR-US: Cisco (tcpdump utility in Cisco SD-WAN Solution, but CVE is Cisco specific assigned)
CVE-2018-0350 (A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN ...)
	NOT-FOR-US: Cisco
CVE-2018-0349 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...)
	NOT-FOR-US: Cisco
CVE-2018-0348 (A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0347 (A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the  ...)
	NOT-FOR-US: Cisco
CVE-2018-0346 (A vulnerability in the Zero Touch Provisioning service of the Cisco SD ...)
	NOT-FOR-US: Cisco
CVE-2018-0345 (A vulnerability in the configuration and management database of the Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0344 (A vulnerability in the vManage dashboard for the configuration and man ...)
	NOT-FOR-US: Cisco
CVE-2018-0343 (A vulnerability in the configuration and management service of the Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-0342 (A vulnerability in the configuration and monitoring service of the Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-0341 (A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and  ...)
	NOT-FOR-US: Cisco
CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified Communicatio ...)
	NOT-FOR-US: Cisco
CVE-2018-0339 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0338 (A vulnerability in the role-based access-checking mechanisms of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0337 (A vulnerability in the role-based access-checking mechanisms of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0336 (A vulnerability in the batch provisioning feature of Cisco Prime Colla ...)
	NOT-FOR-US: Cisco
CVE-2018-0335 (A vulnerability in the web portal authentication process of Cisco Prim ...)
	NOT-FOR-US: Cisco
CVE-2018-0334 (A vulnerability in the certificate management subsystem of Cisco AnyCo ...)
	NOT-FOR-US: Cisco
CVE-2018-0333 (A vulnerability in the VPN configuration management of Cisco FireSIGHT ...)
	NOT-FOR-US: Cisco
CVE-2018-0332 (A vulnerability in the Session Initiation Protocol (SIP) ingress packe ...)
	NOT-FOR-US: Cisco
CVE-2018-0331 (A vulnerability in the Cisco Discovery Protocol (formerly known as CDP ...)
	NOT-FOR-US: Cisco
CVE-2018-0330 (A vulnerability in the NX-API management application programming inter ...)
	NOT-FOR-US: Cisco
CVE-2018-0329 (A vulnerability in the default configuration of the Simple Network Man ...)
	NOT-FOR-US: Cisco
CVE-2018-0328 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0327 (A vulnerability in the web framework of Cisco Identity Services Engine ...)
	NOT-FOR-US: Cisco
CVE-2018-0326 (A vulnerability in the web UI of Cisco TelePresence Server Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0325 (A vulnerability in the Session Initiation Protocol (SIP) call-handling ...)
	NOT-FOR-US: Cisco
CVE-2018-0324 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0323 (A vulnerability in the web management interface of Cisco Enterprise NF ...)
	NOT-FOR-US: Cisco
CVE-2018-0322 (A vulnerability in the web management interface of Cisco Prime Collabo ...)
	NOT-FOR-US: Cisco
CVE-2018-0321 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could  ...)
	NOT-FOR-US: Cisco
CVE-2018-0320 (A vulnerability in the web framework code of Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2018-0319 (A vulnerability in the password recovery function of Cisco Prime Colla ...)
	NOT-FOR-US: Cisco
CVE-2018-0318 (A vulnerability in the password reset function of Cisco Prime Collabor ...)
	NOT-FOR-US: Cisco
CVE-2018-0317 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...)
	NOT-FOR-US: Cisco
CVE-2018-0316 (A vulnerability in the Session Initiation Protocol (SIP) call-handling ...)
	NOT-FOR-US: Cisco
CVE-2018-0315 (A vulnerability in the authentication, authorization, and accounting ( ...)
	NOT-FOR-US: Cisco
CVE-2018-0314 (A vulnerability in the Cisco Fabric Services (CFS) component of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0313 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-0312 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0311 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0310 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0309 (A vulnerability in the implementation of a specific CLI command and th ...)
	NOT-FOR-US: Cisco
CVE-2018-0308 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0307 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
	NOT-FOR-US: Cisco
CVE-2018-0306 (A vulnerability in the CLI parser of Cisco NX-OS Software could allow  ...)
	NOT-FOR-US: Cisco
CVE-2018-0305 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0304 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
	NOT-FOR-US: Cisco
CVE-2018-0303 (A vulnerability in the Cisco Discovery Protocol component of Cisco FXO ...)
	NOT-FOR-US: Cisco
CVE-2018-0302 (A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS ...)
	NOT-FOR-US: Cisco
CVE-2018-0301 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...)
	NOT-FOR-US: Cisco
CVE-2018-0300 (A vulnerability in the process of uploading new application images to  ...)
	NOT-FOR-US: Cisco
CVE-2018-0299 (A vulnerability in the Simple Network Management Protocol (SNMP) featu ...)
	NOT-FOR-US: Cisco
CVE-2018-0298 (A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Inter ...)
	NOT-FOR-US: Cisco
CVE-2018-0297 (A vulnerability in the detection engine of Cisco Firepower Threat Defe ...)
	NOT-FOR-US: Cisco
CVE-2018-0296 (A vulnerability in the web interface of the Cisco Adaptive Security Ap ...)
	NOT-FOR-US: Cisco
CVE-2018-0295 (A vulnerability in the Border Gateway Protocol (BGP) implementation of ...)
	NOT-FOR-US: Cisco
CVE-2018-0294 (A vulnerability in the write-erase feature of Cisco FXOS Software and  ...)
	NOT-FOR-US: Cisco
CVE-2018-0293 (A vulnerability in role-based access control (RBAC) for Cisco NX-OS So ...)
	NOT-FOR-US: Cisco
CVE-2018-0292 (A vulnerability in the Internet Group Management Protocol (IGMP) Snoop ...)
	NOT-FOR-US: Cisco
CVE-2018-0291 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
	NOT-FOR-US: Cisco
CVE-2018-0290 (A vulnerability in the TCP stack of Cisco SocialMiner could allow an u ...)
	NOT-FOR-US: Cisco
CVE-2018-0289 (A vulnerability in the logs component of Cisco Identity Services Engin ...)
	NOT-FOR-US: Cisco
CVE-2018-0288 (A vulnerability in Cisco WebEx Recording Format (WRF) Player could all ...)
	NOT-FOR-US: Cisco
CVE-2018-0287 (A vulnerability in the Cisco WebEx Network Recording Player for Advanc ...)
	NOT-FOR-US: Cisco
CVE-2018-0286 (A vulnerability in the netconf interface of Cisco IOS XR Software coul ...)
	NOT-FOR-US: Cisco
CVE-2018-0285 (A vulnerability in service logging for Cisco Prime Service Catalog cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0284 (A vulnerability in the local status page functionality of the Cisco Me ...)
	NOT-FOR-US: Cisco
CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0282 (A vulnerability in the TCP socket code of Cisco IOS and IOS XE Softwar ...)
	NOT-FOR-US: Cisco
CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0280 (A vulnerability in the Real-Time Transport Protocol (RTP) bitstream pr ...)
	NOT-FOR-US: Cisco
CVE-2018-0279 (A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Ente ...)
	NOT-FOR-US: Cisco
CVE-2018-0278 (A vulnerability in the management console of Cisco Firepower System So ...)
	NOT-FOR-US: Cisco
CVE-2018-0277 (A vulnerability in the Extensible Authentication Protocol-Transport La ...)
	NOT-FOR-US: Cisco
CVE-2018-0276 (A vulnerability in Cisco WebEx Connect IM could allow an unauthenticat ...)
	NOT-FOR-US: Cisco
CVE-2018-0275 (A vulnerability in the support tunnel feature of Cisco Identity Servic ...)
	NOT-FOR-US: Cisco
CVE-2018-0274 (A vulnerability in the CLI parser of Cisco Network Services Orchestrat ...)
	NOT-FOR-US: Cisco
CVE-2018-0273 (A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggrega ...)
	NOT-FOR-US: Cisco
CVE-2018-0272 (A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Fire ...)
	NOT-FOR-US: Cisco
CVE-2018-0271 (A vulnerability in the API gateway of the Cisco Digital Network Archit ...)
	NOT-FOR-US: Cisco
CVE-2018-0270 (A vulnerability in the web-based management interface of Cisco IoT Fie ...)
	NOT-FOR-US: Cisco
CVE-2018-0269 (A vulnerability in the web framework of the Cisco Digital Network Arch ...)
	NOT-FOR-US: Cisco
CVE-2018-0268 (A vulnerability in the container management subsystem of Cisco Digital ...)
	NOT-FOR-US: Cisco
CVE-2018-0267 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0266 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0265
	REJECTED
CVE-2018-0264 (A vulnerability in the Cisco WebEx Network Recording Player for Advanc ...)
	NOT-FOR-US: Cisco
CVE-2018-0263 (A vulnerability in Cisco Meeting Server (CMS) could allow an unauthent ...)
	NOT-FOR-US: Cisco
CVE-2018-0262 (A vulnerability in Cisco Meeting Server could allow an unauthenticated ...)
	NOT-FOR-US: Cisco
CVE-2018-0261
	RESERVED
CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0259 (A vulnerability in the web-based management interface of Cisco MATE Co ...)
	NOT-FOR-US: Cisco
CVE-2018-0258 (A vulnerability in the Cisco Prime File Upload servlet affecting multi ...)
	NOT-FOR-US: Cisco
CVE-2018-0257 (A vulnerability in Cisco IOS XE Software running on Cisco cBR Series C ...)
	NOT-FOR-US: Cisco
CVE-2018-0256 (A vulnerability in the peer-to-peer message processing functionality o ...)
	NOT-FOR-US: Cisco
CVE-2018-0255 (A vulnerability in the device manager web interface of Cisco Industria ...)
	NOT-FOR-US: Cisco
CVE-2018-0254 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0253 (A vulnerability in the ACS Report component of Cisco Secure Access Con ...)
	NOT-FOR-US: Cisco
CVE-2018-0252 (A vulnerability in the IP Version 4 (IPv4) fragment reassembly functio ...)
	NOT-FOR-US: Cisco
CVE-2018-0251 (A vulnerability in the Web Server Authentication Required screen of th ...)
	NOT-FOR-US: Cisco
CVE-2018-0250 (A vulnerability in Central Web Authentication (CWA) with FlexConnect A ...)
	NOT-FOR-US: Cisco
CVE-2018-0249 (A vulnerability when handling incoming 802.11 Association Requests for ...)
	NOT-FOR-US: Cisco
CVE-2018-0248 (A vulnerability in the administrative GUI configuration feature of Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-0247 (A vulnerability in Web Authentication (WebAuth) clients for the Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0246
	REJECTED
CVE-2018-0245 (A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless ...)
	NOT-FOR-US: Cisco
CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0243 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0242 (A vulnerability in the WebVPN web-based management interface of Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0241 (A vulnerability in the UDP broadcast forwarding function of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2018-0240 (Multiple vulnerabilities in the Application Layer Protocol Inspection  ...)
	NOT-FOR-US: Cisco
CVE-2018-0239 (A vulnerability in the egress packet processing functionality of the C ...)
	NOT-FOR-US: Cisco
CVE-2018-0238 (A vulnerability in the role-based resource checking functionality of t ...)
	NOT-FOR-US: Cisco
CVE-2018-0237 (A vulnerability in the file type detection mechanism of the Cisco Adva ...)
	NOT-FOR-US: Cisco
CVE-2018-0236
	REJECTED
CVE-2018-0235 (A vulnerability in the 802.11 frame validation functionality of the Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0234 (A vulnerability in the implementation of Point-to-Point Tunneling Prot ...)
	NOT-FOR-US: Cisco
CVE-2018-0233 (A vulnerability in the Secure Sockets Layer (SSL) packet reassembly fu ...)
	NOT-FOR-US: Cisco
CVE-2018-0232
	RESERVED
CVE-2018-0231 (A vulnerability in the Transport Layer Security (TLS) library of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0230 (A vulnerability in the internal packet-processing functionality of Cis ...)
	NOT-FOR-US: Cisco
CVE-2018-0229 (A vulnerability in the implementation of Security Assertion Markup Lan ...)
	NOT-FOR-US: Cisco
CVE-2018-0228 (A vulnerability in the ingress flow creation functionality of Cisco Ad ...)
	NOT-FOR-US: Cisco
CVE-2018-0227 (A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Netw ...)
	NOT-FOR-US: Cisco
CVE-2018-0226 (A vulnerability in the assignment and management of default user accou ...)
	NOT-FOR-US: Cisco
CVE-2018-0225 (The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4 ...)
	NOT-FOR-US: Cisco
CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0223 (A vulnerability in DesktopServlet in the web-based management interfac ...)
	NOT-FOR-US: Cisco
CVE-2018-0222 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0221 (A vulnerability in specific CLI commands for the Cisco Identity Servic ...)
	NOT-FOR-US: Cisco
CVE-2018-0220 (A vulnerability in the web-based management interface of Cisco Videosc ...)
	NOT-FOR-US: Cisco
CVE-2018-0219 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0218 (A vulnerability in the web-based user interface of the Cisco Secure Ac ...)
	NOT-FOR-US: Cisco
CVE-2018-0217 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0216 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0215 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0214 (A vulnerability in certain CLI commands of Cisco Identity Services Eng ...)
	NOT-FOR-US: Cisco
CVE-2018-0213 (A vulnerability in the credential reset functionality for Cisco Identi ...)
	NOT-FOR-US: Cisco
CVE-2018-0212 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0211 (A vulnerability in specific CLI commands for the Cisco Identity Servic ...)
	NOT-FOR-US: Cisco
CVE-2018-0210 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2018-0209 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
	NOT-FOR-US: Cisco
CVE-2018-0208 (A vulnerability in the web-based management interface of the (cloud ba ...)
	NOT-FOR-US: Cisco
CVE-2018-0207 (A vulnerability in the web-based user interface of the Cisco Secure Ac ...)
	NOT-FOR-US: Cisco
CVE-2018-0206 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0205 (A vulnerability in the User Provisioning tab in the Cisco Prime Collab ...)
	NOT-FOR-US: Cisco
CVE-2018-0204 (A vulnerability in the web portal of the Cisco Prime Collaboration Pro ...)
	NOT-FOR-US: Cisco
CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection could allo ...)
	NOT-FOR-US: Cisco
CVE-2018-0202 (clamscan in ClamAV before 0.99.4 contains a vulnerability that could a ...)
	{DLA-1307-1}
	- clamav 0.100.0~beta+dfsg-2
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11973
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11980
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/87aaa10b29476958f5bf54b6119a133069f944fc
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/700ed96af56077cb1a9bff7b91d21db112f6465d
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/0df2fedf2805e574512c486b32a0fff4ed394560
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/495fce917445063d519f14b0009cee025f817bc3
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/99eadf7a9ad351210165312362d1f32b77c6f857
CVE-2018-0201 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2018-0200 (A vulnerability in the web-based interface of Cisco Prime Service Cata ...)
	NOT-FOR-US: Cisco
CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an  ...)
	NOT-FOR-US: Cisco
CVE-2018-0198 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0197 (A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0196 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2018-0195 (A vulnerability in the Cisco IOS XE Software REST API could allow an a ...)
	NOT-FOR-US: Cisco
CVE-2018-0194 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0193 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0192
	RESERVED
CVE-2018-0191
	REJECTED
CVE-2018-0190 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0189 (A vulnerability in the Forwarding Information Base (FIB) code of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0188 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0187 (A vulnerability in the Admin portal of Cisco Identity Services Engine  ...)
	NOT-FOR-US: Cisco
CVE-2018-0186 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0185 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0184 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0183 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0182 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0181 (A vulnerability in the Redis implementation used by the Cisco Policy S ...)
	NOT-FOR-US: Cisco
CVE-2018-0180 (Multiple vulnerabilities in the Login Enhancements (Login Block) featu ...)
	NOT-FOR-US: Cisco
CVE-2018-0179 (Multiple vulnerabilities in the Login Enhancements (Login Block) featu ...)
	NOT-FOR-US: Cisco
CVE-2018-0178
	REJECTED
CVE-2018-0177 (A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IO ...)
	NOT-FOR-US: Cisco
CVE-2018-0176 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0175 (Format String vulnerability in the Link Layer Discovery Protocol (LLDP ...)
	NOT-FOR-US: Cisco
CVE-2018-0174 (A vulnerability in the DHCP option 82 encapsulation functionality of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0173 (A vulnerability in the Cisco IOS Software and Cisco IOS XE Software fu ...)
	NOT-FOR-US: Cisco
CVE-2018-0172 (A vulnerability in the DHCP option 82 encapsulation functionality of C ...)
	NOT-FOR-US: Cisco
CVE-2018-0171 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...)
	NOT-FOR-US: Cisco
CVE-2018-0170 (A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0169 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...)
	NOT-FOR-US: Cisco
CVE-2018-0168
	RESERVED
CVE-2018-0167 (Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery P ...)
	NOT-FOR-US: Cisco
CVE-2018-0166
	RESERVED
CVE-2018-0165 (A vulnerability in the Internet Group Management Protocol (IGMP) packe ...)
	NOT-FOR-US: Cisco
CVE-2018-0164 (A vulnerability in the Switch Integrated Security Features of Cisco IO ...)
	NOT-FOR-US: Cisco
CVE-2018-0163 (A vulnerability in the 802.1x multiple-authentication (multi-auth) fea ...)
	NOT-FOR-US: Cisco
CVE-2018-0162
	RESERVED
CVE-2018-0161 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
	NOT-FOR-US: Cisco
CVE-2018-0160 (A vulnerability in Simple Network Management Protocol (SNMP) subsystem ...)
	NOT-FOR-US: Cisco
CVE-2018-0159 (A vulnerability in the implementation of Internet Key Exchange Version ...)
	NOT-FOR-US: Cisco
CVE-2018-0158 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module  ...)
	NOT-FOR-US: Cisco
CVE-2018-0157 (A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Softwa ...)
	NOT-FOR-US: Cisco
CVE-2018-0156 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...)
	NOT-FOR-US: Cisco
CVE-2018-0155 (A vulnerability in the Bidirectional Forwarding Detection (BFD) offloa ...)
	NOT-FOR-US: Cisco
CVE-2018-0154 (A vulnerability in the crypto engine of the Cisco Integrated Services  ...)
	NOT-FOR-US: Cisco
CVE-2018-0153
	REJECTED
CVE-2018-0152 (A vulnerability in the web-based user interface (web UI) of Cisco IOS  ...)
	NOT-FOR-US: Cisco
CVE-2018-0151 (A vulnerability in the quality of service (QoS) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0150 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...)
	NOT-FOR-US: Cisco
CVE-2018-0149 (A vulnerability in the web-based management interface of Cisco Integra ...)
	NOT-FOR-US: Cisco
CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
	NOT-FOR-US: Cisco
CVE-2018-0147 (A vulnerability in Java deserialization used by Cisco Secure Access Co ...)
	NOT-FOR-US: Cisco
CVE-2018-0146 (A vulnerability in the Cisco Data Center Analytics Framework applicati ...)
	NOT-FOR-US: Cisco
CVE-2018-0145 (A vulnerability in the web-based management interface of the Cisco Dat ...)
	NOT-FOR-US: Cisco
CVE-2018-0144 (A vulnerability in the web-based management interface of Cisco Prime D ...)
	NOT-FOR-US: Cisco
CVE-2018-0143
	REJECTED
CVE-2018-0142
	RESERVED
CVE-2018-0141 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Softwa ...)
	NOT-FOR-US: Cisco
CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security Applian ...)
	NOT-FOR-US: Cisco
CVE-2018-0139 (A vulnerability in the Interactive Voice Response (IVR) management con ...)
	NOT-FOR-US: Cisco
CVE-2018-0138 (A vulnerability in the detection engine of Cisco Firepower System Soft ...)
	NOT-FOR-US: Cisco
CVE-2018-0137 (A vulnerability in the TCP throttling process of Cisco Prime Network c ...)
	NOT-FOR-US: Cisco
CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...)
	NOT-FOR-US: Cisco
CVE-2018-0135 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0134 (A vulnerability in the RADIUS authentication module of Cisco Policy Su ...)
	NOT-FOR-US: Cisco
CVE-2018-0133
	RESERVED
CVE-2018-0132 (A vulnerability in the forwarding information base (FIB) code of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0131 (A vulnerability in the implementation of RSA-encrypted nonces in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0130 (A vulnerability in the use of JSON web tokens by the web-based service ...)
	NOT-FOR-US: Cisco
CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2018-0128 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
	NOT-FOR-US: Cisco
CVE-2018-0127 (A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N ...)
	NOT-FOR-US: Cisco
CVE-2018-0126
	RESERVED
CVE-2018-0125 (A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wirele ...)
	NOT-FOR-US: Cisco
CVE-2018-0124 (A vulnerability in Cisco Unified Communications Domain Manager could a ...)
	NOT-FOR-US: Cisco
CVE-2018-0123 (A Path Traversal vulnerability in the diagnostic shell for Cisco IOS a ...)
	NOT-FOR-US: Cisco
CVE-2018-0122 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0121 (A vulnerability in the authentication functionality of the web-based s ...)
	NOT-FOR-US: Cisco
CVE-2018-0120 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0119 (A vulnerability in certain authentication controls in the account serv ...)
	NOT-FOR-US: Cisco
CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0117 (A vulnerability in the ingress packet processing functionality of the  ...)
	NOT-FOR-US: Cisco
CVE-2018-0116 (A vulnerability in the RADIUS authentication module of Cisco Policy Su ...)
	NOT-FOR-US: Cisco
CVE-2018-0115 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...)
	NOT-FOR-US: Cisco
CVE-2018-0114 (A vulnerability in the Cisco node-jose open source library before 0.11 ...)
	NOT-FOR-US: Cisco node-jose
CVE-2018-0113 (A vulnerability in an operations script of Cisco UCS Central could all ...)
	NOT-FOR-US: Cisco
CVE-2018-0112 (A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Mee ...)
	NOT-FOR-US: Cisco
CVE-2018-0111 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2018-0110 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2018-0109 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...)
	NOT-FOR-US: Cisco
CVE-2018-0108 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...)
	NOT-FOR-US: Cisco
CVE-2018-0107 (A vulnerability in the web framework of Cisco Prime Service Catalog co ...)
	NOT-FOR-US: Cisco
CVE-2018-0106 (A vulnerability in the ConfD server of the Cisco Elastic Services Cont ...)
	NOT-FOR-US: Cisco
CVE-2018-0105 (A vulnerability in the web framework of Cisco Unified Communications M ...)
	NOT-FOR-US: Cisco
CVE-2018-0104 (A vulnerability in Cisco WebEx Network Recording Player for Advanced R ...)
	NOT-FOR-US: Cisco
CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Playe ...)
	NOT-FOR-US: Cisco
CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could allow a ...)
	NOT-FOR-US: Cisco
CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of ...)
	NOT-FOR-US: Cisco
CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect Secure M ...)
	NOT-FOR-US: Cisco
CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800 Network T ...)
	NOT-FOR-US: Cisco
CVE-2018-0098 (A vulnerability in the web-based management interface of Cisco WAP150  ...)
	NOT-FOR-US: Cisco
CVE-2018-0097 (A vulnerability in the web interface of Cisco Prime Infrastructure cou ...)
	NOT-FOR-US: Cisco
CVE-2018-0096 (A vulnerability in the role-based access control (RBAC) functionality  ...)
	NOT-FOR-US: Cisco
CVE-2018-0095 (A vulnerability in the administrative shell of Cisco AsyncOS on Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2018-0094 (A vulnerability in IPv6 ingress packet processing for Cisco UCS Centra ...)
	NOT-FOR-US: Cisco
CVE-2018-0093 (A vulnerability in the web-based management interface of Cisco Web Sec ...)
	NOT-FOR-US: Cisco
CVE-2018-0092 (A vulnerability in the network-operator user role implementation for C ...)
	NOT-FOR-US: Cisco
CVE-2018-0091 (A vulnerability in the web-based management interface of Cisco Identit ...)
	NOT-FOR-US: Cisco
CVE-2018-0090 (A vulnerability in management interface access control list (ACL) conf ...)
	NOT-FOR-US: Cisco
CVE-2018-0089 (A vulnerability in the Policy and Charging Rules Function (PCRF) of th ...)
	NOT-FOR-US: Cisco
CVE-2018-0088 (A vulnerability in one of the diagnostic test CLI commands on Cisco In ...)
	NOT-FOR-US: Cisco
CVE-2018-0087 (A vulnerability in the FTP server of the Cisco Web Security Appliance  ...)
	NOT-FOR-US: Cisco
CVE-2018-0086 (A vulnerability in the application server of the Cisco Unified Custome ...)
	NOT-FOR-US: Cisco
CVE-2018-0085
	RESERVED
CVE-2018-0084
	RESERVED
CVE-2018-0083
	RESERVED
CVE-2018-0082
	RESERVED
CVE-2018-0081
	RESERVED
CVE-2018-0080
	RESERVED
CVE-2018-0079
	RESERVED
CVE-2018-0078
	RESERVED
CVE-2018-0077
	RESERVED
CVE-2018-0076
	RESERVED
CVE-2018-0075
	RESERVED
CVE-2018-0074
	RESERVED
CVE-2018-0073
	RESERVED
CVE-2018-0072
	RESERVED
CVE-2018-0071
	RESERVED
CVE-2018-0070
	RESERVED
CVE-2018-0069
	RESERVED
CVE-2018-0068
	RESERVED
CVE-2018-0067
	RESERVED
CVE-2018-0066
	RESERVED
CVE-2018-0065
	RESERVED
CVE-2018-0064
	RESERVED
CVE-2018-0063 (A vulnerability in the IP next-hop index database in Junos OS 17.3R3 m ...)
	NOT-FOR-US: Juniper
CVE-2018-0062 (A Denial of Service vulnerability in J-Web service may allow a remote  ...)
	NOT-FOR-US: Juniper
CVE-2018-0061 (A denial of service vulnerability in the telnetd service on Junos OS a ...)
	NOT-FOR-US: Juniper
CVE-2018-0060 (An improper input validation weakness in the device control daemon pro ...)
	NOT-FOR-US: Juniper
CVE-2018-0059 (A persistent cross-site scripting vulnerability in the graphical user  ...)
	NOT-FOR-US: Juniper
CVE-2018-0058 (Receipt of a specially crafted IPv6 exception packet may be able to tr ...)
	NOT-FOR-US: Juniper
CVE-2018-0057 (On MX Series and M120/M320 platforms configured in a Broadband Edge (B ...)
	NOT-FOR-US: Juniper
CVE-2018-0056 (If a duplicate MAC address is learned by two different interfaces on a ...)
	NOT-FOR-US: Juniper
CVE-2018-0055 (Receipt of a specially crafted DHCPv6 message destined to a Junos OS d ...)
	NOT-FOR-US: Juniper
CVE-2018-0054 (On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause f ...)
	NOT-FOR-US: Juniper
CVE-2018-0053 (An authentication bypass vulnerability in the initial boot sequence of ...)
	NOT-FOR-US: Juniper
CVE-2018-0052 (If RSH service is enabled on Junos OS and if the PAM authentication is ...)
	NOT-FOR-US: Juniper
CVE-2018-0051 (A Denial of Service vulnerability in the SIP application layer gateway ...)
	NOT-FOR-US: Juniper
CVE-2018-0050 (An error handling vulnerability in Routing Protocols Daemon (RPD) of J ...)
	NOT-FOR-US: Juniper
CVE-2018-0049 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS  ...)
	NOT-FOR-US: Juniper
CVE-2018-0048 (A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Ext ...)
	NOT-FOR-US: Juniper
CVE-2018-0047 (A persistent cross-site scripting vulnerability in the UI framework us ...)
	NOT-FOR-US: Juniper
CVE-2018-0046 (A reflected cross-site scripting vulnerability in OpenNMS included wit ...)
	NOT-FOR-US: Juniper
CVE-2018-0045 (Receipt of a specific Draft-Rosen MVPN control packet may cause the ro ...)
	NOT-FOR-US: Juniper
CVE-2018-0044 (An insecure SSHD configuration in Juniper Device Manager (JDM) and hos ...)
	NOT-FOR-US: Juniper
CVE-2018-0043 (Receipt of a specific MPLS packet may cause the routing protocol daemo ...)
	NOT-FOR-US: Juniper
CVE-2018-0042 (Juniper Networks CSO versions prior to 4.0.0 may log passwords in log  ...)
	NOT-FOR-US: Juniper Networks CSO
CVE-2018-0041 (Juniper Networks Contrail Service Orchestration releases prior to 3.3. ...)
	NOT-FOR-US: Juniper
CVE-2018-0040 (Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 ...)
	NOT-FOR-US: Juniper
CVE-2018-0039 (Juniper Networks Contrail Service Orchestration releases prior to 4.0. ...)
	NOT-FOR-US: Juniper
CVE-2018-0038 (Juniper Networks Contrail Service Orchestration releases prior to 3.3. ...)
	NOT-FOR-US: Juniper
CVE-2018-0037 (Junos OS routing protocol daemon (RPD) process may crash and restart o ...)
	NOT-FOR-US: Junos OS
CVE-2018-0036
	RESERVED
CVE-2018-0035 (QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1 ...)
	NOT-FOR-US: Junos OS
CVE-2018-0034 (A Denial of Service vulnerability exists in the Juniper Networks Junos ...)
	NOT-FOR-US: Juniper
CVE-2018-0033
	RESERVED
CVE-2018-0032 (The receipt of a crafted BGP UPDATE can lead to a routing process daem ...)
	NOT-FOR-US: Juniper
CVE-2018-0031 (Receipt of specially crafted UDP/IP packets over MPLS may be able to b ...)
	NOT-FOR-US: Juniper
CVE-2018-0030 (Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1 ...)
	NOT-FOR-US: Juniper
CVE-2018-0029 (While experiencing a broadcast storm, placing the fxp0 interface into  ...)
	NOT-FOR-US: Juniper
CVE-2018-0028
	RESERVED
CVE-2018-0027 (Receipt of a crafted or malformed RSVP PATH message may cause the rout ...)
	NOT-FOR-US: Juniper
CVE-2018-0026 (After Junos OS device reboot or upgrade, the stateless firewall filter ...)
	NOT-FOR-US: Juniper
CVE-2018-0025 (When an SRX Series device is configured to use HTTP/HTTPS pass-through ...)
	NOT-FOR-US: Juniper
CVE-2018-0024 (An Improper Privilege Management vulnerability in a shell session of J ...)
	NOT-FOR-US: Juniper
CVE-2018-0023 (JSNAPy is an open source python version of Junos Snapshot Administrato ...)
	NOT-FOR-US: JSNAPy
CVE-2018-0022 (A Junos device with VPLS routing-instances configured on one or more i ...)
	NOT-FOR-US: Juniper
CVE-2018-0021 (If all 64 digits of the connectivity association name (CKN) key or all ...)
	NOT-FOR-US: Juniper
CVE-2018-0020 (Junos OS may be impacted by the receipt of a malformed BGP UPDATE whic ...)
	NOT-FOR-US: Juniper
CVE-2018-0019 (A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may al ...)
	NOT-FOR-US: Juniper
CVE-2018-0018 (On SRX Series devices during compilation of IDP policies, an attacker  ...)
	NOT-FOR-US: Juniper
CVE-2018-0017 (A vulnerability in the Network Address Translation - Protocol Translat ...)
	NOT-FOR-US: Juniper
CVE-2018-0016 (Receipt of a specially crafted Connectionless Network Protocol (CLNP)  ...)
	NOT-FOR-US: Juniper
CVE-2018-0015 (A malicious user with unrestricted access to the AppFormix application ...)
	NOT-FOR-US: AppFormix
CVE-2018-0014 (Juniper Networks ScreenOS devices do not pad Ethernet packets with zer ...)
	NOT-FOR-US: Juniper
CVE-2018-0013 (A local file inclusion vulnerability in Juniper Networks Junos Space N ...)
	NOT-FOR-US: Juniper
CVE-2018-0012 (Junos Space is affected by a privilege escalation vulnerability that m ...)
	NOT-FOR-US: Juniper
CVE-2018-0011 (A reflected cross site scripting (XSS) vulnerability in Junos Space ma ...)
	NOT-FOR-US: Juniper
CVE-2018-0010 (A vulnerability in the Juniper Networks Junos Space Security Director  ...)
	NOT-FOR-US: Juniper
CVE-2018-0009 (On Juniper Networks SRX series devices, firewall rules configured to m ...)
	NOT-FOR-US: Juniper
CVE-2018-0008 (An unauthenticated root login may allow upon reboot when a commit scri ...)
	NOT-FOR-US: Juniper
CVE-2018-0007 (An unauthenticated network-based attacker able to send a maliciously c ...)
	NOT-FOR-US: Juniper
CVE-2018-0006 (A high rate of VLAN authentication attempts sent from an adjacent host ...)
	NOT-FOR-US: Juniper
CVE-2018-0005 (QFX and EX Series switches configured to drop traffic when the MAC mov ...)
	NOT-FOR-US: Juniper
CVE-2018-0004 (A sustained sequence of different types of normal transit traffic can  ...)
	NOT-FOR-US: Juniper
CVE-2018-0003 (A specially crafted MPLS packet received or processed by the system, o ...)
	NOT-FOR-US: Juniper
CVE-2018-0002 (On SRX Series and MX Series devices with a Service PIC with any ALG en ...)
	NOT-FOR-US: Juniper
CVE-2018-0001 (A remote, unauthenticated attacker may be able to execute code by expl ...)
	NOT-FOR-US: Juniper
CVE-2018-1000156 (GNU Patch version 2.7.6 contains an input validation vulnerability whe ...)
	{DLA-1348-1}
	- patch 2.7.6-2 (bug #894993)
	[stretch] - patch 2.7.5-1+deb9u1
	[jessie] - patch 2.7.5-1+deb8u1
	NOTE: Upstream bug: https://savannah.gnu.org/bugs/?53566
	NOTE: https://rachelbythebay.com/w/2018/04/05/bangpatch/
	NOTE: https://twitter.com/kurtseifried/status/982028968877436928
	NOTE: This CVE is specifically for GNU patch and relates to CVE-2015-1418
	NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d
	NOTE: Respective patch in FreeBSD: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc
	NOTE: Respective patch in OpenBSD: https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig
	NOTE: (Functional) regression/issue introduced with only the initial commit:
	NOTE: https://savannah.gnu.org/bugs/?53820
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1092500
	NOTE: Followup fixes needed to address https://bugs.debian.org/933140
	NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=19599883ffb6a450d2884f081f8ecf68edbed7ee
	NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727