VulnerableCode Vulnerability Details

System	Score	Found at
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html
ssvc	Track	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2894.json
epss	0.0058	https://api.first.org/data/v1/epss?cve=CVE-2019-2894
epss	0.0058	https://api.first.org/data/v1/epss?cve=CVE-2019-2894
epss	0.0058	https://api.first.org/data/v1/epss?cve=CVE-2019-2894
epss	0.0058	https://api.first.org/data/v1/epss?cve=CVE-2019-2894
epss	0.0058	https://api.first.org/data/v1/epss?cve=CVE-2019-2894
epss	0.0058	https://api.first.org/data/v1/epss?cve=CVE-2019-2894
epss	0.0058	https://api.first.org/data/v1/epss?cve=CVE-2019-2894
epss	0.0058	https://api.first.org/data/v1/epss?cve=CVE-2019-2894
epss	0.0058	https://api.first.org/data/v1/epss?cve=CVE-2019-2894
cvssv3	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://kc.mcafee.com/corporate/index?page=content&id=SB10315
ssvc	Track	https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html
ssvc	Track	https://minerva.crocs.fi.muni.cz/
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2019-2894
cvssv3.1	3.7	https://nvd.nist.gov/vuln/detail/CVE-2019-2894
ssvc	Track	https://seclists.org/bugtraq/2019/Oct/27
ssvc	Track	https://seclists.org/bugtraq/2019/Oct/31
ssvc	Track	https://security.netapp.com/advisory/ntap-20191017-0001/
ssvc	Track	https://usn.ubuntu.com/4223-1/
ssvc	Track	https://www.debian.org/security/2019/dsa-4546
ssvc	Track	https://www.debian.org/security/2019/dsa-4548
ssvc	Track	http://www.openwall.com/lists/oss-security/2019/10/02/2
ssvc	Track	http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

System

Score

Found at

ssvc

Track

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html

ssvc

Track

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html

ssvc

Track

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html

cvssv3

3.7

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2894.json

epss

0.0058

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

epss

0.0058

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

epss

0.0058

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

epss

0.0058

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

epss

0.0058

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

epss

0.0058

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

epss

0.0058

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

epss

0.0058

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

epss

0.0058

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

cvssv3

5.9

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

ssvc

Track

https://kc.mcafee.com/corporate/index?page=content&id=SB10315

ssvc

Track

https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html

ssvc

Track

https://minerva.crocs.fi.muni.cz/

cvssv2

4.3

https://nvd.nist.gov/vuln/detail/CVE-2019-2894

cvssv3.1

3.7

https://nvd.nist.gov/vuln/detail/CVE-2019-2894

ssvc

Track

https://seclists.org/bugtraq/2019/Oct/27

ssvc

Track

https://seclists.org/bugtraq/2019/Oct/31

ssvc

Track

https://security.netapp.com/advisory/ntap-20191017-0001/

ssvc

Track

https://usn.ubuntu.com/4223-1/

ssvc

Track

https://www.debian.org/security/2019/dsa-4546

ssvc

Track

https://www.debian.org/security/2019/dsa-4548

ssvc

Track

http://www.openwall.com/lists/oss-security/2019/10/02/2

ssvc

Track

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2894.json

https://api.first.org/data/v1/epss?cve=CVE-2019-2894

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2894

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2945

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2962

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2964

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2973

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2975

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2977

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2978

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2981

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2983

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2987

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2988

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2989

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2992

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2999

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

https://kc.mcafee.com/corporate/index?page=content&id=SB10315

https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html

https://minerva.crocs.fi.muni.cz/

https://seclists.org/bugtraq/2019/Oct/27

https://seclists.org/bugtraq/2019/Oct/31

https://security.netapp.com/advisory/ntap-20191017-0001/

https://www.debian.org/security/2019/dsa-4546

https://www.debian.org/security/2019/dsa-4548

http://www.openwall.com/lists/oss-security/2019/10/02/2

http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

1777985

https://bugzilla.redhat.com/show_bug.cgi?id=1777985

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*

cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:11.0.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:13.0.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:13.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.7.0:update231:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update231:*:*:*:*:*:*

cpe:2.3:a:oracle:jdk:1.8.0:update221:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update221:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:11.0.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:13.0.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:13.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.7.0:update231:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update231:*:*:*:*:*:*

cpe:2.3:a:oracle:jre:1.8.0:update221:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update221:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

CVE-2019-2894

https://nvd.nist.gov/vuln/detail/CVE-2019-2894

USN-4223-1

https://usn.ubuntu.com/4223-1/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00064.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00066.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00031.html

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-2894.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10315

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at https://lists.debian.org/debian-lts-announce/2019/12/msg00005.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at https://minerva.crocs.fi.muni.cz/

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-2894

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-2894

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at https://seclists.org/bugtraq/2019/Oct/27

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at https://seclists.org/bugtraq/2019/Oct/31

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at https://security.netapp.com/advisory/ntap-20191017-0001/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at https://usn.ubuntu.com/4223-1/

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at https://www.debian.org/security/2019/dsa-4546

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at https://www.debian.org/security/2019/dsa-4548

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at http://www.openwall.com/lists/oss-security/2019/10/02/2

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:15:32Z/ Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:58:15.857801+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.0.0

2026-04-01T13:58:15.857801+00:00

Debian Oval Importer

Import

https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2

38.0.0

Vulnerability ID	VCID-muvh-c3he-1bax
Aliases	CVE-2019-2894
Summary	security update
Status	Published
Exploitability	0.5
Weighted Severity	3.9
Risk	1.9
Affected and Fixed Packages	Package Details

Percentile	0.68816
EPSS Score	0.0058
Published At	April 1, 2026, 12:55 p.m.