Vulnerability CVE-2019-16789

Vulnerability Name:

CVE-2019-16789 (CCN-173566)

Assigned:

2019-12-24

Published:

2019-12-24

Updated:

2022-05-13

Summary:

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation.

CVSS v3 Severity:

8.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): High Availibility (A): None

5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-444

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2019-16789

Source: REDHAT
Type: UNKNOWN
RHSA-2020:0720

Source: MISC
Type: Release Notes, Vendor Advisory
https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes

Source: XF
Type: UNKNOWN
waitress-cve201916789-request-splitting(173566)

Source: CONFIRM
Type: Broken Link, Third Party Advisory
https://github.com/github/advisory-review/pull/14604

Source: CCN
Type: waitress GIT Repository
Merge pull request from GHSA-m5ff-3wj3-8ph4

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-bdcc8ffc24

Source: FEDORA
Type: UNKNOWN
FEDORA-2020-65a7744e38

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: UNKNOWN
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-16789

Vulnerable Configuration:

Configuration 1:

cpe:/a:agendaless:waitress:*:*:*:*:*:*:*:* (Version <= 1.4.0)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201916789	V	CVE-2019-16789	2023-06-22
oval:org.opensuse.security:def:7789	P	python3-waitress-1.4.3-150000.3.6.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51981	P	Security update for mozilla-nss (Important)	2023-01-20
oval:org.opensuse.security:def:51571	P	Security update for tiff (Important)	2022-11-28
oval:org.opensuse.security:def:51950	P	Security update for kubevirt stack (Important)	2022-11-14
oval:org.opensuse.security:def:4657	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) (Important)	2022-07-21
oval:org.opensuse.security:def:3168	P	libevent-2_0-5-2.0.21-6.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3410	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3808	P	transfig-3.2.5e-2.3.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3160	P	libcairo-gobject2-1.15.2-25.3.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3357	P	rsyslog-8.24.0-3.28.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3411	P	yast2-3.2.50-4.7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3813	P	unzip-6.00-33.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3121	P	krb5-appl-clients-1.0.3-1.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3408	P	xorg-x11-server-1.19.6-8.18 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3396	P	w3m-0.5.3.git20161120-161.3.4 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3839	P	zypper-1.13.51-21.26.4 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3838	P	zsh-5.0.5-6.7.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3154	P	libapr1-1.5.1-4.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3170	P	libexif12-0.6.21-8.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3346	P	python-pywbem-0.7.0-4.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3115	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3186	P	libicu-doc-52.1-8.7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3387	P	u-boot-rpi3-2019.01-3.7 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3414	P	yubikey-manager-0.6.0-1.27 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3820	P	wpa_supplicant-2.6-15.10.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3825	P	xfsprogs-4.15.0-1.12 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3130	P	libSDL-1_2-0-1.2.15-15.11.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3338	P	python-PyYAML-3.12-26.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95116	P	libct4-1.1.36-150400.12.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94816	P	python3-waitress-1.4.3-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:295	P	python3-waitress-1.4.3-3.3.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:4624	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) (Important)	2022-06-06
oval:org.opensuse.security:def:4608	P	Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP5) (Important)	2022-05-21
oval:org.opensuse.security:def:5245	P	Security update for poppler (Moderate)	2022-05-18
oval:org.opensuse.security:def:4597	P	Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) (Important)	2022-05-09
oval:org.opensuse.security:def:4592	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:4585	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:4581	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP5) (Important)	2022-04-23
oval:org.opensuse.security:def:4580	P	Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP5) (Important)	2022-04-23
oval:org.opensuse.security:def:5223	P	Security update for libxml2 (Important)	2022-04-22
oval:org.opensuse.security:def:94438	P	(Important)	2022-04-22
oval:org.opensuse.security:def:4575	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP5) (Important)	2022-04-15
oval:org.opensuse.security:def:4576	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2022-04-15
oval:org.opensuse.security:def:4569	P	Security update for the Linux Kernel (Live Patch 24 for SLE 12 SP5) (Important)	2022-04-13
oval:org.opensuse.security:def:101829	P	Security update for protobuf (Moderate)	2022-03-30
oval:org.opensuse.security:def:4706	P	Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP5) (Important)	2022-03-29
oval:org.opensuse.security:def:4705	P	Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP5) (Important)	2022-03-29
oval:org.opensuse.security:def:4691	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5) (Important)	2022-03-01
oval:org.opensuse.security:def:4678	P	Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP5) (Critical)	2022-02-16
oval:org.opensuse.security:def:5364	P	Security update for ghostscript (Moderate)	2022-01-14
oval:org.opensuse.security:def:52037	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:70574	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:4543	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP5) (Important)	2021-12-14
oval:org.opensuse.security:def:68312	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP2) (Important)	2021-12-14
oval:org.opensuse.security:def:51715	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:64811	P	Security update for wireshark (Moderate)	2021-12-06
oval:org.opensuse.security:def:73756	P	Security update for clamav (Moderate)	2021-12-06
oval:org.opensuse.security:def:4523	P	Security update for aaa_base (Moderate)	2021-12-03
oval:org.opensuse.security:def:74679	P	Security update for go1.16 (Moderate)	2021-12-01
oval:org.opensuse.security:def:51702	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:67326	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:70316	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:1224	P	Security update for postgresql12 (Important)	2021-11-22
oval:org.opensuse.security:def:67316	P	Security update for samba (Important)	2021-11-15
oval:org.opensuse.security:def:51688	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:64613	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:66973	P	Security update for the Linux Kernel (Important)	2021-11-09
oval:org.opensuse.security:def:60393	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:73896	P	Security update for curl (Moderate)	2021-10-06
oval:org.opensuse.security:def:96618	P	libXt-devel-1.1.5-2.24 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:49451	P	Security update for php74-pear (Important)	2021-09-09
oval:org.opensuse.security:def:1777	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:64567	P	Security update for gstreamer-plugins-good (Moderate)	2021-09-02
oval:org.opensuse.security:def:67231	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:63516	P	python2-waitress-1.4.3-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2415	P	openconnect-7.08-6.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2427	P	python2-waitress-1.4.3-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:4726	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:72054	P	python3-waitress-1.4.3-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101071	P	python3-waitress-1.4.3-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1921	P	go1.16-1.16.3-1.11.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1927	P	jcl-over-slf4j-1.7.30-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101151	P	fwupd-1.5.8-1.13 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1910	P	crash-7.2.9-21.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72706	P	FastCGI-2.4.0-2.23 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1914	P	cvs-1.12.12-2.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1926	P	jackson-databind-2.10.5.1-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71765	P	apparmor-abstractions-2.13.6-1.31 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1923	P	graphviz-perl-2.40.1-6.6.8 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62313	P	python3-waitress-1.4.3-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1911	P	cross-nvptx-gcc7-7.5.0+r278197-4.25.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:69250	P	Security update for php7 (Important)	2021-08-06
oval:org.opensuse.security:def:69067	P	Security update for qemu (Important)	2021-07-27
oval:org.opensuse.security:def:4462	P	Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP5) (Important)	2021-07-27
oval:org.opensuse.security:def:51613	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:4446	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:4562	P	Security update for jdom2 (Important)	2021-07-12
oval:org.opensuse.security:def:51606	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:4434	P	Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP5) (Important)	2021-06-18
oval:org.opensuse.security:def:59497	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:70421	P	Security update for squid (Important)	2021-06-11
oval:org.opensuse.security:def:59492	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:48847	P	lhasa-0.2.0-5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:72590	P	perl-DNS-LDNS-1.7.0-2.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48755	P	python-devel-2.7.9-20.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:60277	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:59745	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:48888	P	typelib-1_0-EvinceDocument-3_0-3.20.1-5.66 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:51579	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:64704	P	Security update for python-py (Moderate)	2021-06-04
oval:org.opensuse.security:def:64703	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:73638	P	Security update for dhcp (Important)	2021-06-02
oval:org.opensuse.security:def:64501	P	Security update for lz4 (Important)	2021-05-19
oval:org.opensuse.security:def:4723	P	Security update for the Linux Kernel (Important)	2021-05-14
oval:org.opensuse.security:def:60235	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:51537	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:60489	P	Security update for tomcat (Important)	2021-03-30
oval:org.opensuse.security:def:65630	P	Security update for velocity (Important)	2021-03-16
oval:org.opensuse.security:def:67065	P	Security update for clamav-database (Important)	2021-03-15
oval:org.opensuse.security:def:51159	P	Security update for the Linux Kernel (Important)	2021-02-11
oval:org.opensuse.security:def:59793	P	Security update for openvswitch (Important)	2021-02-03
oval:org.opensuse.security:def:51640	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:49439	P	Security update for php72 (Moderate)	2021-01-14
oval:org.opensuse.security:def:64460	P	Security update for libzypp, zypper (Moderate)	2021-01-13
oval:org.opensuse.security:def:4052	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:67413	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:4718	P	Security update for the Linux Kernel (Important)	2020-12-11
oval:org.opensuse.security:def:51085	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:51083	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:3895	P	gcc48-4.8.5-31.20.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3943	P	libXpm-devel-3.5.11-5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4065	P	libtiff-devel-4.0.9-44.30.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3850	P	ant-1.9.4-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72420	P	libsrtp2-1-2.2.0-1.34 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72304	P	libtiff5-32bit-4.0.9-5.27.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3921	P	icecream-1.0.1-5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3970	P	libdjvulibre-devel-3.5.25.3-5.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3936	P	libXdmcp-devel-1.1.1-12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63565	P	NetworkManager-lang-1.10.6-5.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3939	P	libXfont-devel-1.5.1-11.3.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:48981	P	doxygen-1.8.6-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3933	P	libSDL-devel-1.2.15-15.11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3963	P	libcares-devel-1.9.1-9.4.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3912	P	gstreamer-devel-1.8.3-9.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3865	P	cairo-devel-1.15.2-25.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3966	P	libcolord-devel-1.3.3-12.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:48995	P	gwenhywfar-lang-4.9.0beta-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71652	P	libxkbcommon-devel-0.8.2-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3959	P	libatalk12-3.1.0-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3938	P	libXfixes-devel-5.0.1-7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4792	P	Security update for dovecot23 (Important)	2020-12-02
oval:org.opensuse.security:def:4869	P	Security update for rmt-server (Moderate)	2020-12-02
oval:org.opensuse.security:def:5389	P	Security update for python-waitress (Moderate)	2020-12-02
oval:org.opensuse.security:def:4713	P	Security update for salt (Moderate)	2020-12-02
oval:org.opensuse.security:def:5535	P	Security update for python-waitress (Moderate)	2020-12-02
oval:org.opensuse.security:def:4852	P	Security update for apache2-mod_auth_openidc (Important)	2020-12-02
oval:org.opensuse.security:def:2569	P	Security update for python-waitress (Moderate)	2020-12-02
oval:org.opensuse.security:def:4858	P	Security update for mariadb (Moderate)	2020-12-02
oval:org.opensuse.security:def:4845	P	Security update for nginx (Important)	2020-12-02
oval:org.opensuse.security:def:5507	P	Security update for shim (Moderate)	2020-12-02
oval:org.opensuse.security:def:4815	P	Security update for openwsman (Important)	2020-12-02
oval:org.opensuse.security:def:2565	P	Security update for salt (Critical)	2020-12-02
oval:org.opensuse.security:def:63791	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:50586	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:60571	P	xf86-video-intel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50915	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:53638	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:51005	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:50416	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:52087	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:49569	P	libpango-1_0-0-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50798	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:59312	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:59978	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:49293	P	perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60609	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:59928	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:49132	P	less on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51511	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:49600	P	spice-vdagent on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50093	P	qemu-audio-oss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51846	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:52219	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:53055	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:64358	P	liboath-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52964	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:51428	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:74104	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:59066	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:60750	P	Security update for xorg-x11-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:73981	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:68412	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:51303	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:64252	P	flac-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49504	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74553	P	Security update for apt-cacher-ng (Important)	2020-12-01
oval:org.opensuse.security:def:60913	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:65720	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:64238	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50819	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:60834	P	Security update for libzypp (Moderate)	2020-12-01
oval:org.opensuse.security:def:64978	P	Security update for mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:52253	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:50895	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:50811	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50948	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:59089	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:60872	P	Security update for python-Twisted (Moderate)	2020-12-01
oval:org.opensuse.security:def:70682	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:50348	P	Security update for pam (Important)	2020-12-01
oval:org.opensuse.security:def:50842	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:50316	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52362	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:53565	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:49209	P	libosinfo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52109	P	Security update for libvpx (Important)	2020-12-01
oval:org.opensuse.security:def:49522	P	gstreamer-plugins-bad on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52991	P	Security update for libvpx (Important)	2020-12-01
oval:org.opensuse.security:def:51454	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:59311	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:52143	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:75158	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:51432	P	Security update for build (Moderate)	2020-12-01
oval:org.opensuse.security:def:50746	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:75025	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:66006	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:51327	P	Security update for libjpeg-turbo (Important)	2020-12-01
oval:org.opensuse.security:def:52497	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:50920	P	Security update for rubygem-bundler (Moderate)	2020-12-01
oval:org.opensuse.security:def:60653	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:51053	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:52191	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:59334	P	Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:64118	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:50676	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:70769	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:64009	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:50575	P	Security update for libvpx (Important)	2020-12-01
oval:org.opensuse.security:def:52176	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:60726	P	Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm (Important)	2020-12-01
oval:org.opensuse.security:def:50791	P	Security update for postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:60698	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:53710	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:60046	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49353	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52248	P	Security update for apache-commons-httpclient (Important)	2020-12-01
oval:org.opensuse.security:def:49672	P	libjbig2-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53495	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:50852	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:50191	P	imobiledevice-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49420	P	libSDL2-2_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59067	P	Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:64913	P	Security update for ncurses (Moderate)	2020-12-01
oval:org.opensuse.security:def:52283	P	Security update for rubygem-rack (Moderate)	2020-12-01
oval:org.opensuse.security:def:69353	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:59678	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:50986	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:68964	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:51353	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:64971	P	Security update for libcroco (Low)	2020-12-01
oval:org.opensuse.security:def:65916	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53028	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:51407	P	Security update for subversion (Moderate)	2020-12-01
oval:org.opensuse.security:def:52435	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:59245	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:50912	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:65083	P	Security update for wicked (Important)	2020-12-01
oval:org.opensuse.security:def:74017	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:51057	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Moderate)	2020-12-01
oval:org.opensuse.security:def:70659	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:60992	P	Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm (Important)	2020-12-01
oval:org.opensuse.security:def:50816	P	Security update for wicked (Important)	2020-12-01
oval:org.opensuse.security:def:60535	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49355	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60963	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:60648	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:65065	P	Security update for python-waitress (Moderate)	2020-12-01
oval:org.opensuse.security:def:110303	P	Security update for python-waitress (Moderate)	2020-11-14
oval:org.opensuse.security:def:110853	P	Security update for python-waitress (Moderate)	2020-11-14
oval:org.opensuse.security:def:104741	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:109213	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:117332	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:75447	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:105245	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:90390	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:118298	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:75725	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:107817	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:98051	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:91086	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:104045	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:102547	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:95834	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:108495	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:98555	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:91590	P	Security update for python-waitress (Moderate)	2020-11-10
oval:org.opensuse.security:def:83992	P	Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm (Important)	2020-07-14
oval:org.opensuse.security:def:84445	P	Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm (Important)	2020-07-14
oval:com.ubuntu.disco:def:2019167890000000	V	CVE-2019-16789 on Ubuntu 19.04 (disco) - medium.	2019-12-26
oval:com.ubuntu.bionic:def:2019167890000000	V	CVE-2019-16789 on Ubuntu 18.04 LTS (bionic) - low.	2019-12-26
oval:com.ubuntu.xenial:def:2019167890000000	V	CVE-2019-16789 on Ubuntu 16.04 LTS (xenial) - low.	2019-12-26

BACK