3com Inc

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

A10 Networks

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ACCESS

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actelis Networks

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Actiontec

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ADATA

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ADTRAN

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

aep NETWORKS

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aerohive

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AhnLab Inc

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AirWatch

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Akamai Technologies, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alcatel-Lucent Enterprise

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Allied Telesis

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Alpine Linux

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Amazon

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Android Open Source Project

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ANTlabs

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Appgate Network Security

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Apple

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arch Linux

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Arista Networks, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ARRIS

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aruba Networks

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Aspera Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AsusTek Computer Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Atheros Communications Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AT&T

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Avaya, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

AVM GmbH

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Barracuda Networks

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belden

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Belkin, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Bell Canada Enterprises

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlackBerry

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BlueCat Networks, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blue Coat Systems

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Blunk Microsystems

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

BoringSSL

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Broadcom

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Brocade Communication Systems

Notified:  January 31, 2019 Updated: April 18, 2019

Status

  Not Affected

Vendor Statement

No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by these vulnerabilities.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.broadcom.com/support/fibre-channel-networking/security-advisori es/brocade-security-advisory-2019-783

Buffalo Inc

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cambium Networks

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CA Technologies

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ceragon Networks Inc

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Certicom

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Check Point Software Technologies

Notified:  January 31, 2019 Updated: April 01, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cirpack

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cisco

Notified:  January 31, 2019 Updated: April 17, 2019

Statement Date:   February 13, 2019

Status

  Affected

Vendor Statement

We are not aware of any situation where a currently valid session token is written to log files. The storage of the session cookie within process memory of the client and in cases of clientless sessions the web browser while the sessions are active are not considered to be an unwarranted exposure. These values are required to maintain the operation of the session per design of the feature should session re-establishment be required due to network interruption. We have documented the concerns and the engineering teams will incorporate this feedback into discussions for future design improvements of the Cisco AnyConnect VPN solution. It should also be noted that all session material stored by both the Client and Clientless solutions are destroyed once the sessions is deliberately terminated by the client.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk10249

CMX Systems

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Comcast

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Command Software Systems

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Contiki OS

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CoreOS

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cradlepoint

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Cricket Wireless

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CZ.NIC

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell EMC

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Dell SecureWorks

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DesktopBSD

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Deutsche Telekom

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Devicescape

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Digi International

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

D-Link Systems, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

dnsmasq

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

DragonFly BSD Project

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eCosCentric

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eero

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

EfficientIP SAS

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ENEA

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ericsson

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

eSoft, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Espressif Systems

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

European Registry for Internet Domains

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Express Logic

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Extreme Networks

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F5 Networks, Inc.

Notified:  January 31, 2019 Updated: April 11, 2019

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

F5 has been aware of the insecure memory storage since 2013 and has not yet been patched. More information can be found here https://support.f5.com/csp/article/K14969. They have been aware of the insecure log storage since 2017 and fixed it in version 12.1.3 and 13.1.0 and onwards. More information can be found here https://support.f5.com/csp/article/K45432295

Fastly

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Force10 Networks

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fortinet, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Foundry Brocade

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeBSD Project

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

FreeS/Wan

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

F-Secure Corporation

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fujitsu

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Geexbox

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GFI Software, Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Global Technology Associates, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU adns

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

GNU glibc

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Google

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Grandstream

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HardenedBSD

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hewlett Packard Enterprise

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Hitachi

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Honeywell

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HP Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

HTC

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Huawei Technologies

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM Corporation (zseries)

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

IBM, INC.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Illumos

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Infoblox

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

InfoExpress, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Inmarsat

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intel

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Internet Systems Consortium - DHCP

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Interniche Technologies, inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

INTEROP

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Intoto

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

JH Software

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Joyent

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Juniper Networks

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

KAME Project

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LANCOM Systems GmbH

Notified:  April 11, 2019 Updated: April 12, 2019

Statement Date:   April 12, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

LANCOM products are not affected by this vulnerability because session cookies are not used.

Vendor References

https://www.lancom-systems.com/service-support/instant-help/general-securit y-information/#c166517

Lancope

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lantronix

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lenovo

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LG Electronics

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LibreSSL

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Linksys

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

LITE-ON Technology Corporation

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Lynx Software Technologies

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

m0n0wall

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marconi, Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Marvell Semiconductors

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

McAfee

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MediaTek

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Medtronic

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Men & Mice

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MetaSwitch

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microchip Technology

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Micro Focus

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Microsoft Vulnerability Research

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

MikroTik

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Miredo

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Mitel Networks, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Motorola, Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Muonics, Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NAS4Free

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NEC Corporation

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBSD

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NetBurner

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Netgear, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NETSCOUT

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmp

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

netsnmpj

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nexenta

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NIKSUN

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nixu

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

NLnet Labs

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nokia

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Nominum

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Novell, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OleumTech

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OmniTI

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenBSD IPSec

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenConnect

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenDNS

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenIndiana

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

OpenSSL

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openswan Linux IPsec software

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Openwall GNU/*/Linux

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oracle Corporation

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Oryx Embedded

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Paessler

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Palo Alto Networks

Notified:  January 31, 2019 Updated: April 11, 2019

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

CVE-2019-1573 Update to GlobalProtect Agent 4.1.1 and later for Windows,and GlobalProtect Agent 4.1.11 and later for macOS.

Vendor References

https://securityadvisories.paloaltonetworks.com/Home/Detail/146

Peplink

Notified:  January 31, 2019 Updated: April 24, 2019

Status

  Not Affected

Vendor Statement

Peplink/Pepwave products are not affected by this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

pfSense

Notified:  January 31, 2019 Updated: April 01, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Philips Electronics

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PHPIDS

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

PowerDNS

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Proxim, Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Pulse Secure

Notified:  January 31, 2019 Updated: April 17, 2019

Statement Date:   April 13, 2019

Status

  Affected

Vendor Statement

SA44114 - 2019-04:Out-of-Cycle Advisory:Pulse Desktop Client and Network Connect improper handling of session cookies(CVE-2016-8201) Affected Products: Pulse Desktop Client Pulse Desktop Client 9.0R1 - 9.0R2 Pulse Desktop Client 5.3R1 - 5.3R6 Pulse Connect Secure(for Network Connect customers) Pulse Connect Secure 9.0R1 - 9.0R2 Pulse Connect Secure 8.3R1 - 8.3R6 Pulse Connect Secure 8.1R1 - 8.1R13 CVE-2016-8201 has been applied to this vulnerability. This issue is resolved in the following releases: Pulse Desktop Client Pulse Secure Desktop 9.0R3 and above Pulse Secure Desktop 5.3R7 and above Note:For Pulse Desktop Client customer,this is a client-side fix only and does not require a server-side upgrade. Network Connect Pulse Connect Secure 9.0R3 and above Pulse Connect Secure 8.3R7 and above Pulse Connect Secure 8.1R14 and above https://nvd.nist.gov/vuln/detail/CVE-2016-8201

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114/

QLogic

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QNX Software Systems Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quadros Systems

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quagga

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

QUALCOMM Incorporated

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Quantenna Communications

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Riverbed Technologies

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Rocket RTOS

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Roku

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ruckus Wireless

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SafeNet

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Mobile

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Samsung Semiconductor Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Secure64 Software Corporation

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SEIKO EPSON Corp. / Epson America Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sierra Wireless

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SMC Networks, Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SmoothWall

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Snort

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SonicWall

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sonos

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sony Corporation

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sophos, Inc.

Notified:  January 31, 2019 Updated: April 17, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Sourcefire

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SSH Communications Security

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Stonesoft

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

strongSwan

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Symantec

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Synology

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TCPWave

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TDS Telecom

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Technicolor

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TippingPoint Technologies Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tizen

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Toshiba Commerce Solutions

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TP-LINK

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

TrueOS

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Turbolinux

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubiquiti Networks

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unicoi

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Unisys

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vertical Networks, Inc.

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

VMware

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Watchguard Technologies, Inc.

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Wind River

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

WizNET Technology

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

wolfSSL

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xiaomi

Notified:  April 11, 2019 Updated: April 11, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Xilinx

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zebra Technologies

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zephyr Project

Notified:  January 31, 2019 Updated: January 31, 2019

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Zscaler

Updated:  April 18, 2019

Statement Date:   April 18, 2019

Status

  Not Affected

Vendor Statement

Last week,CERT released Vulnerability Note VU#192371 to highlight that authentication and/or session cookies that are stored insecurely in memory and/or log files can be potentially used in a replay attack. The use of hardware fingerprinting,client certificates,and SAML assertions in Zscaler App make it impractical to replay authentication session cookies obtained from memory and use these on another system. In addition,no personal or confidential information is stored in the Zscaler App logs. Zscaler App is not vulnerable to the replay attack as described under Vulnerability Note VU#192371. Validated on Zscaler App v1.5 and earlier versions About Zscaler App The Zscaler App automatically forwards user traffic to the Zscaler cloud and ensures that security and access policies are enforced,regardless of device,location or application. The app automatically determines if a user is looking to access the open internet,a SaaS app or an internal app running in public,private or the datacenter and routes traffic through the appropriate Zscaler security service. The client supports both Zscaler Internet Access(ZIA)as well as Zscaler Private Access(ZPA)by default,allowing teams to combine best in class internet security with zero trust access to internal apps.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://trust.zscaler.com/posts/3401

Zyxel

Notified:  January 31, 2019 Updated: April 24, 2019

Status

  Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

View all 238 vendors View less vendors