ID SECURITYVULNS:VULN:10341
Type securityvulns
Reporter BUGTRAQ
Modified 2009-10-22T00:00:00
Description
Buffer overflow on UDP/27901 packet parsing.
{"id": "SECURITYVULNS:VULN:10341", "bulletinFamily": "software", "title": "AlienArena game buffer overflow", "description": "Buffer overflow on UDP/27901 packet parsing.", "published": "2009-10-22T00:00:00", "modified": "2009-10-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10341", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:22672"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:34", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2018-08-31T11:09:34", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-10341", "CVE-2017-10341", "CVE-2019-10341"]}, {"type": "ossfuzz", "idList": ["OSSFUZZ-10341"]}, {"type": "kaspersky", "idList": ["KLA11122"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2017-3236626"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14750", "SECURITYVULNS:VULN:14752", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14749", "SECURITYVULNS:VULN:13544", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:VULN:14693", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:VULN:14751", "SECURITYVULNS:DOC:22672", "SECURITYVULNS:VULN:14754"]}], "modified": "2018-08-31T11:09:34", "rev": 2}, "vulnersScore": 5.8}, "affectedSoftware": [{"name": "Alien Arena", "operator": "eq", "version": "7.30"}], "immutableFields": []}
{"cve": [{"lastseen": "2021-01-27T14:00:04", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none.", "edition": 1, "cvss3": {}, "published": "2021-01-26T18:15:00", "title": "CVE-2018-10341", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2018-10341"], "modified": "2021-01-26T18:15:00", "cpe": [], "id": "CVE-2018-10341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10341", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2021-02-02T07:12:46", "description": "A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.", "edition": 10, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-07-11T14:15:00", "title": "CVE-2019-10341", "type": "cve", "cwe": ["CWE-862"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10341"], "modified": "2020-10-01T16:33:00", "cpe": ["cpe:/a:jenkins:docker:1.1.6"], "id": "CVE-2019-10341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10341", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:jenkins:docker:1.1.6:*:*:*:*:jenkins:*:*"]}, {"lastseen": "2021-02-02T06:36:32", "description": "Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java Advanced Management Console. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java Advanced Management Console accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "edition": 5, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 3.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-10-19T17:29:00", "title": "CVE-2017-10341", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10341"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:oracle:java_advanced_management_console:2.7"], "id": "CVE-2017-10341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10341", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:java_advanced_management_console:2.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:01", "description": "In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-13T20:29:00", "title": "CVE-2016-10341", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10341"], "modified": "2017-07-08T01:29:00", "cpe": ["cpe:/o:google:android:*"], "id": "CVE-2016-10341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10341", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"]}], "ossfuzz": [{"lastseen": "2020-04-03T13:54:39", "bulletinFamily": "software", "cvelist": [], "description": "Project:\nhttps://github.com/harfbuzz/harfbuzz.git\n\nDetailed report: https://oss-fuzz.com/testcase?key=5696686572175360\n\nProject: harfbuzz\nFuzzer: libFuzzer_harfbuzz_hb-shape-fuzzer\nFuzz target binary: hb-shape-fuzzer\nJob Type: libfuzzer_asan_harfbuzz\nPlatform Id: linux\n\nCrash Type: Heap-buffer-overflow READ 1\nCrash Address: 0x6110000003d8\nCrash State:\n BEInt<unsigned short, 2>::operator unsigned short\n OT::Offset<OT::IntType<unsigned short, 2u>, true>::is_null\n OT::OffsetTo<OT::ArrayOfM1<OT::ResourceTypeRecord, OT::IntType<unsigned short, 2\n \nSanitizer: address (ASAN)\n\nRecommended Security Severity: Medium\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_harfbuzz&range=201809130140:201809140140\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5696686572175360\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for more information.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.", "modified": "2018-10-15T15:24:01", "published": "2018-09-14T05:37:18", "id": "OSSFUZZ-10341", "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10341", "type": "ossfuzz", "title": "harfbuzz/hb-shape-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short", "cvss": {}}], "kaspersky": [{"lastseen": "2020-09-02T11:53:04", "bulletinFamily": "info", "cvelist": ["CVE-2017-10293", "CVE-2017-10357", "CVE-2017-10356", "CVE-2017-10349", "CVE-2017-10341", "CVE-2017-10281", "CVE-2017-10348", "CVE-2017-10388", "CVE-2017-10342", "CVE-2017-10380", "CVE-2017-10355", "CVE-2017-10347", "CVE-2017-10309", "CVE-2017-10285", "CVE-2017-10350", "CVE-2017-10274", "CVE-2017-10346", "CVE-2017-10295", "CVE-2017-10345", "CVE-2017-10386"], "description": "### *Detect date*:\n10/17/2017\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities to cause denial of service and bypass security restrictions.\n\n### *Affected products*:\nJava SE 6 versions earlier than 6u161 \nJava SE 7 versions earlier than 7u151 \nJava SE 8 versions earlier than 8u151 \nJava SE Embedded versions earlier than 8u151 \nJava SE version 9 \nJRockit R28.3.15\n\n### *Solution*:\nUpdate to the latest version \n[Software downloads](<http://www.oracle.com/technetwork/indexes/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle Critical Patch Update Advisory \u2013 October 2017](<http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixJAVA>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Oracle Java JRE 1.7.x](<https://threats.kaspersky.com/en/product/Oracle-Java-JRE-1.7.x/>)\n\n### *CVE-IDS*:\n[CVE-2017-10274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10274>)4.0Warning \n[CVE-2017-10281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10281>)5.0Critical \n[CVE-2017-10285](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10285>)6.8High \n[CVE-2017-10293](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10293>)5.8High \n[CVE-2017-10295](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10295>)4.3Warning \n[CVE-2017-10309](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10309>)6.8High \n[CVE-2017-10341](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10341>)4.3Warning \n[CVE-2017-10342](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10342>)5.0Critical \n[CVE-2017-10345](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10345>)2.6Warning \n[CVE-2017-10346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10346>)6.8High \n[CVE-2017-10347](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10347>)5.0Critical \n[CVE-2017-10348](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10348>)5.0Critical \n[CVE-2017-10349](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10349>)5.0Critical \n[CVE-2017-10350](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10350>)5.0Critical \n[CVE-2017-10355](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10355>)5.0Critical \n[CVE-2017-10356](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10356>)2.1Warning \n[CVE-2017-10357](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10357>)5.0Critical \n[CVE-2017-10380](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10380>)4.0Warning \n[CVE-2017-10386](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10386>)4.9Warning \n[CVE-2017-10388](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10388>)5.1High\n\n### *Microsoft official advisories*:\n\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 46, "modified": "2020-06-18T00:00:00", "published": "2017-10-17T00:00:00", "id": "KLA11122", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11122", "title": "\r KLA11122Multiple vulnerabilities in Oracle Java SE, Java SE Embedded and JRockit ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oracle": [{"lastseen": "2020-10-04T21:16:00", "bulletinFamily": "software", "cvelist": ["CVE-2003-1418", "CVE-2013-0248", "CVE-2013-0255", "CVE-2013-1900", "CVE-2013-1902", "CVE-2013-1903", "CVE-2013-2566", "CVE-2014-0050", "CVE-2014-0060", "CVE-2014-0061", "CVE-2014-0062", "CVE-2014-0063", "CVE-2014-0064", "CVE-2014-0065", "CVE-2014-0066", "CVE-2014-0076", "CVE-2014-0107", "CVE-2014-0114", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-3470", "CVE-2014-3538", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-3587", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-4342", "CVE-2014-4345", "CVE-2014-8275", "CVE-2014-8713", "CVE-2014-8714", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0235", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-0899", "CVE-2015-1787", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-2808", "CVE-2015-3193", "CVE-2015-3194", "CVE-2015-3195", "CVE-2015-3196", "CVE-2015-3197", "CVE-2015-3253", "CVE-2015-4852", "CVE-2015-5254", "CVE-2015-5351", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7183", "CVE-2015-7501", "CVE-2015-7575", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-0701", "CVE-2016-0706", "CVE-2016-0714", "CVE-2016-0763", "CVE-2016-10165", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-1950", "CVE-2016-1979", "CVE-2016-2107", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-2381", "CVE-2016-2834", "CVE-2016-3092", "CVE-2016-3506", "CVE-2016-5019", "CVE-2016-5285", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6515", "CVE-2016-6814", "CVE-2016-6816", "CVE-2016-7052", "CVE-2016-7055", "CVE-2016-7429", "CVE-2016-7431", "CVE-2016-7433", "CVE-2016-8735", "CVE-2016-8745", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-10014", "CVE-2017-10026", "CVE-2017-10033", "CVE-2017-10034", "CVE-2017-10037", "CVE-2017-10050", "CVE-2017-10051", "CVE-2017-10054", "CVE-2017-10055", "CVE-2017-10060", "CVE-2017-10065", "CVE-2017-10066", "CVE-2017-10077", "CVE-2017-10099", "CVE-2017-10152", "CVE-2017-10153", "CVE-2017-10154", "CVE-2017-10155", "CVE-2017-10158", "CVE-2017-10159", "CVE-2017-10161", "CVE-2017-10162", "CVE-2017-10163", "CVE-2017-10164", "CVE-2017-10165", "CVE-2017-10166", "CVE-2017-10167", "CVE-2017-10190", "CVE-2017-10194", "CVE-2017-10197", "CVE-2017-10203", "CVE-2017-10227", "CVE-2017-10259", "CVE-2017-10260", "CVE-2017-10261", "CVE-2017-10263", "CVE-2017-10264", "CVE-2017-10265", "CVE-2017-10268", "CVE-2017-10270", "CVE-2017-10271", "CVE-2017-10274", "CVE-2017-10275", "CVE-2017-10276", "CVE-2017-10277", "CVE-2017-10279", "CVE-2017-10280", "CVE-2017-10281", "CVE-2017-10283", "CVE-2017-10284", "CVE-2017-10285", "CVE-2017-10286", "CVE-2017-10287", "CVE-2017-10292", "CVE-2017-10293", "CVE-2017-10294", "CVE-2017-10295", "CVE-2017-10296", "CVE-2017-10299", "CVE-2017-10300", "CVE-2017-10302", "CVE-2017-10303", "CVE-2017-10304", "CVE-2017-10306", "CVE-2017-10308", "CVE-2017-10309", "CVE-2017-10310", "CVE-2017-10311", "CVE-2017-10312", "CVE-2017-10313", "CVE-2017-10314", "CVE-2017-10315", "CVE-2017-10316", "CVE-2017-10317", "CVE-2017-10318", "CVE-2017-10319", "CVE-2017-10320", "CVE-2017-10321", "CVE-2017-10322", "CVE-2017-10323", "CVE-2017-10324", "CVE-2017-10325", "CVE-2017-10326", "CVE-2017-10327", "CVE-2017-10328", "CVE-2017-10329", "CVE-2017-10330", "CVE-2017-10331", "CVE-2017-10332", "CVE-2017-10333", "CVE-2017-10334", "CVE-2017-10335", "CVE-2017-10336", "CVE-2017-10337", "CVE-2017-10338", "CVE-2017-10339", "CVE-2017-10340", "CVE-2017-10341", "CVE-2017-10342", "CVE-2017-10343", "CVE-2017-10344", "CVE-2017-10345", "CVE-2017-10346", "CVE-2017-10347", "CVE-2017-10348", "CVE-2017-10349", "CVE-2017-10350", "CVE-2017-10351", "CVE-2017-10352", "CVE-2017-10353", "CVE-2017-10354", "CVE-2017-10355", "CVE-2017-10356", "CVE-2017-10357", "CVE-2017-10358", "CVE-2017-10359", "CVE-2017-10360", "CVE-2017-10361", "CVE-2017-10362", "CVE-2017-10363", "CVE-2017-10364", "CVE-2017-10365", "CVE-2017-10366", "CVE-2017-10367", "CVE-2017-10368", "CVE-2017-10369", "CVE-2017-10370", "CVE-2017-10372", "CVE-2017-10373", "CVE-2017-10375", "CVE-2017-10378", "CVE-2017-10379", "CVE-2017-10380", "CVE-2017-10381", "CVE-2017-10382", "CVE-2017-10383", "CVE-2017-10384", "CVE-2017-10385", "CVE-2017-10386", "CVE-2017-10387", "CVE-2017-10388", "CVE-2017-10389", "CVE-2017-10391", "CVE-2017-10392", "CVE-2017-10393", "CVE-2017-10394", "CVE-2017-10395", "CVE-2017-10396", "CVE-2017-10397", "CVE-2017-10398", "CVE-2017-10399", "CVE-2017-10400", "CVE-2017-10401", "CVE-2017-10402", "CVE-2017-10403", "CVE-2017-10404", "CVE-2017-10405", "CVE-2017-10406", "CVE-2017-10407", "CVE-2017-10408", "CVE-2017-10409", "CVE-2017-10410", "CVE-2017-10411", "CVE-2017-10412", "CVE-2017-10413", "CVE-2017-10414", "CVE-2017-10415", "CVE-2017-10416", "CVE-2017-10417", "CVE-2017-10418", "CVE-2017-10419", "CVE-2017-10420", "CVE-2017-10421", "CVE-2017-10422", "CVE-2017-10423", "CVE-2017-10424", "CVE-2017-10425", "CVE-2017-10426", "CVE-2017-10427", "CVE-2017-10428", "CVE-2017-3167", "CVE-2017-3169", "CVE-2017-3444", "CVE-2017-3445", "CVE-2017-3446", "CVE-2017-3588", "CVE-2017-3730", "CVE-2017-3731", "CVE-2017-3732", "CVE-2017-3733", "CVE-2017-5461", "CVE-2017-5462", "CVE-2017-5662", "CVE-2017-5664", "CVE-2017-5706", "CVE-2017-5709", "CVE-2017-7502", "CVE-2017-7668", "CVE-2017-7679", "CVE-2017-9788", "CVE-2017-9805"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 252 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=187793594395974id=2310031.1>).\n\nPlease note that on September 22, 2017, Oracle released Security Alert for CVE-2017-9805. Customers of affected Oracle product(s) are strongly advised to apply the fixes that were announced in this Security Alert as well as those contained in this Critical Patch update\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available here.\n", "modified": "2018-02-15T00:00:00", "published": "2017-10-17T00:00:00", "id": "ORACLE:CPUOCT2017", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2017", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:21:17", "bulletinFamily": "software", "cvelist": ["CVE-2017-10324", "CVE-2017-10167", "CVE-2017-10014", "CVE-2017-10417", "CVE-2017-10037", "CVE-2015-5351", "CVE-2015-5254", "CVE-2017-10270", "CVE-2017-10387", "CVE-2017-10360", "CVE-2015-1792", "CVE-2017-10321", "CVE-2017-10060", "CVE-2015-0235", "CVE-2015-1793", "CVE-2017-10404", "CVE-2017-10311", "CVE-2017-10421", "CVE-2017-10353", "CVE-2017-10260", "CVE-2017-10203", "CVE-2016-9840", "CVE-2017-10419", "CVE-2017-10424", "CVE-2017-10399", "CVE-2017-10293", "CVE-2015-3197", "CVE-2017-10299", "CVE-2017-10158", "CVE-2017-10379", "CVE-2017-10414", "CVE-2017-10054", "CVE-2017-10357", "CVE-2017-10197", "CVE-2017-10361", "CVE-2017-10356", "CVE-2016-5019", "CVE-2017-10322", "CVE-2017-10323", "CVE-2017-10066", "CVE-2014-3572", "CVE-2017-5709", "CVE-2016-6306", "CVE-2017-5462", "CVE-2014-3613", "CVE-2017-7502", "CVE-2015-7181", "CVE-2015-0206", "CVE-2017-10369", "CVE-2015-1789", "CVE-2016-2183", "CVE-2017-10349", "CVE-2017-10284", "CVE-2017-10294", "CVE-2017-10325", "CVE-2017-10416", "CVE-2015-0286", "CVE-2017-10341", "CVE-2017-10420", "CVE-2017-10418", "CVE-2017-10367", "CVE-2016-2178", "CVE-2017-10164", "CVE-2013-1903", "CVE-2017-10400", "CVE-2017-3167", "CVE-2017-10281", "CVE-2015-3195", "CVE-2017-10351", "CVE-2017-10359", "CVE-2017-10381", "CVE-2017-10406", "CVE-2017-10348", "CVE-2017-10372", "CVE-2014-8714", "CVE-2017-10034", "CVE-2017-10328", "CVE-2016-0714", "CVE-2016-3092", "CVE-2014-3571", "CVE-2017-10397", "CVE-2017-10388", "CVE-2017-10330", "CVE-2017-10407", "CVE-2014-0076", "CVE-2017-10033", "CVE-2017-10342", "CVE-2017-10415", "CVE-2017-10408", "CVE-2016-6302", "CVE-2017-10344", "CVE-2017-10354", "CVE-2017-10338", "CVE-2017-10296", "CVE-2017-10292", "CVE-2017-10402", "CVE-2014-3587", "CVE-2017-10306", "CVE-2017-10365", "CVE-2017-10337", "CVE-2017-10426", "CVE-2016-8745", "CVE-2016-2177", "CVE-2017-10380", "CVE-2015-0288", "CVE-2017-10332", "CVE-2017-10378", "CVE-2014-0224", "CVE-2017-10026", "CVE-2017-10276", "CVE-2016-0635", "CVE-2017-10409", "CVE-2017-10166", "CVE-2017-10427", "CVE-2017-10422", "CVE-2015-3194", "CVE-2017-10355", "CVE-2017-10163", "CVE-2016-6515", "CVE-2017-10326", "CVE-2015-0285", "CVE-2016-2107", "CVE-2017-10153", "CVE-2016-7055", "CVE-2017-10382", "CVE-2015-7501", "CVE-2017-10364", "CVE-2017-10319", "CVE-2015-3253", "CVE-2017-3731", "CVE-2016-6307", "CVE-2016-0701", "CVE-2017-10398", "CVE-2017-10051", "CVE-2017-10308", "CVE-2017-10320", "CVE-2017-10287", "CVE-2017-10412", "CVE-2017-10334", "CVE-2016-9842", "CVE-2016-2834", "CVE-2017-10283", "CVE-2015-0899", "CVE-2017-10152", "CVE-2017-10264", "CVE-2016-1182", "CVE-2014-0065", "CVE-2016-0763", "CVE-2015-0207", "CVE-2017-10155", "CVE-2017-10271", "CVE-2017-10286", "CVE-2017-10304", "CVE-2016-6308", "CVE-2016-6816", "CVE-2016-7433", "CVE-2014-4342", "CVE-2017-5662", "CVE-2014-8275", "CVE-2016-2180", "CVE-2017-10411", "CVE-2017-10313", "CVE-2017-10194", "CVE-2015-7182", "CVE-2015-0208", "CVE-2015-2808", "CVE-2017-10347", "CVE-2014-3570", "CVE-2017-10227", "CVE-2015-7575", "CVE-2017-10370", "CVE-2017-10261", "CVE-2017-10425", "CVE-2017-5706", "CVE-2015-3196", "CVE-2017-10428", "CVE-2014-3470", "CVE-2017-10362", "CVE-2017-10309", "CVE-2016-2181", "CVE-2017-10391", "CVE-2016-6304", "CVE-2015-3193", "CVE-2017-10263", "CVE-2014-3538", "CVE-2017-10403", "CVE-2014-0114", "CVE-2017-10159", "CVE-2017-10410", "CVE-2017-3732", "CVE-2017-10383", "CVE-2017-10339", "CVE-2017-10340", "CVE-2014-0050", "CVE-2017-10327", "CVE-2017-10396", "CVE-2017-10300", "CVE-2014-3707", "CVE-2014-0064", "CVE-2017-10343", "CVE-2015-0293", "CVE-2017-10165", "CVE-2017-10316", "CVE-2017-3445", "CVE-2017-10373", "CVE-2016-1979", "CVE-2017-10363", "CVE-2017-10352", "CVE-2016-2381", "CVE-2014-8713", "CVE-2017-10279", "CVE-2015-7183", "CVE-2013-0255", "CVE-2017-10314", "CVE-2017-9805", "CVE-2015-1788", "CVE-2017-10055", "CVE-2014-0195", "CVE-2014-0198", "CVE-2017-10161", "CVE-2016-7052", "CVE-2015-0209", "CVE-2014-0063", "CVE-2016-1950", "CVE-2017-10333", "CVE-2015-0204", "CVE-2016-0706", "CVE-2013-0248", "CVE-2017-3733", "CVE-2017-5664", "CVE-2017-10312", "CVE-2017-10366", "CVE-2014-0060", "CVE-2017-10318", "CVE-2016-7429", "CVE-2016-1181", "CVE-2017-10268", "CVE-2017-10285", "CVE-2017-3446", "CVE-2017-10392", "CVE-2017-10413", "CVE-2016-9843", "CVE-2013-2566", "CVE-2016-8735", "CVE-2015-1790", "CVE-2017-10394", "CVE-2017-9788", "CVE-2017-10350", "CVE-2016-6305", "CVE-2016-6303", "CVE-2017-10275", "CVE-2017-10274", "CVE-2017-10190", "CVE-2013-1902", "CVE-2017-10315", "CVE-2015-0291", "CVE-2017-10317", "CVE-2017-10389", "CVE-2017-10385", "CVE-2017-10154", "CVE-2017-10395", "CVE-2017-3588", "CVE-2014-4345", "CVE-2017-10162", "CVE-2003-1418", "CVE-2016-2182", "CVE-2017-10358", "CVE-2017-10310", "CVE-2017-10077", "CVE-2017-10346", "CVE-2014-0062", "CVE-2017-10401", "CVE-2015-0287", "CVE-2017-7668", "CVE-2017-3444", "CVE-2017-10295", "CVE-2017-10393", "CVE-2017-10423", "CVE-2017-10280", "CVE-2017-5461", "CVE-2016-10165", "CVE-2014-0066", "CVE-2015-0289", "CVE-2016-9841", "CVE-2015-7940", "CVE-2017-3169", "CVE-2017-10065", "CVE-2016-5285", "CVE-2017-10368", "CVE-2015-0292", "CVE-2017-10375", "CVE-2017-10384", "CVE-2014-0107", "CVE-2017-10050", "CVE-2016-3506", "CVE-2017-10345", "CVE-2017-10303", "CVE-2017-10302", "CVE-2017-10259", "CVE-2017-10265", "CVE-2015-0290", "CVE-2017-3730", "CVE-2015-0205", "CVE-2017-10329", "CVE-2016-2179", "CVE-2017-10405", "CVE-2017-10277", "CVE-2016-6814", "CVE-2013-1900", "CVE-2015-1787", "CVE-2015-4852", "CVE-2014-0061", "CVE-2014-3569", "CVE-2017-10386", "CVE-2015-1791", "CVE-2017-10336", "CVE-2017-10335", "CVE-2016-7431", "CVE-2017-7679", "CVE-2014-0221", "CVE-2017-10331", "CVE-2017-10099"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 252 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2310031.1>).\n\nPlease note that on September 22, 2017, Oracle released [Security Alert for CVE-2017-9805](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html>). Customers of affected Oracle product(s) are strongly advised to apply the fixes that were announced in this Security Alert as well as those contained in this Critical Patch update\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "modified": "2018-02-15T00:00:00", "published": "2017-10-17T00:00:00", "id": "ORACLE:CPUOCT2017-3236626", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2017", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "android": [{"lastseen": "2020-06-22T14:42:13", "bulletinFamily": "software", "cvelist": ["CVE-2016-10341"], "description": "In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.", "edition": 1, "modified": "2019-07-26T00:00:00", "published": "2017-06-01T00:00:00", "id": "ANDROID:CVE-2016-10341", "href": "http://www.androidvulnerabilities.org/vulnerabilities/CVE-2016-10341.html", "title": "CVE-2016-10341", "type": "android", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7747"], "description": "Crash on audiofiles processing.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "title": "audiofile memory corruption", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "title": "apport security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "description": "PHAR extension DoS.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "title": "PHP security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "modified": "2015-11-02T00:00:00", "published": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2015-3236", "CVE-2015-3153", "CVE-2015-3144", "CVE-2015-3237", "CVE-2014-0015", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "description": "Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS.", "edition": 1, "modified": "2015-11-01T00:00:00", "published": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:13544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13544", "title": "cURL security vulnerabilitiies", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7696", "CVE-2015-7697"], "description": "DoS, code execution.", "edition": 1, "modified": "2015-11-01T00:00:00", "published": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14752", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14752", "title": "unzip security vulneravilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7703", "CVE-2015-7855", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7701", "CVE-2015-7692", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7691", "CVE-2015-5196", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-5195", "CVE-2015-7850", "CVE-2015-7853"], "description": "Multiple memory corruptions.", "edition": 1, "modified": "2015-11-01T00:00:00", "published": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14751", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14751", "title": "ntp multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-5448"], "description": "No description provided", "edition": 1, "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14749", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14749", "title": "HP Asset Manager information disclosure", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "bulletinFamily": "software", "cvelist": ["CVE-2015-2136", "CVE-2015-6029"], "description": "Authentication bypass, information disclosure.", "edition": 1, "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14693", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14693", "title": "HP ArcSight Logger security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:03", "bulletinFamily": "software", "cvelist": ["CVE-2015-7377", "CVE-2015-6000", "CVE-2015-5075", "CVE-2015-7390", "CVE-2015-6544", "CVE-2015-7668", "CVE-2015-5715", "CVE-2015-7373", "CVE-2015-6659", "CVE-2015-5956", "CVE-2015-3623", "CVE-2015-6660", "CVE-2015-7682", "CVE-2015-5723", "CVE-2015-7368", "CVE-2015-7319", "CVE-2015-7299", "CVE-2015-7669", "CVE-2015-5071", "CVE-2015-7371", "CVE-2015-7320", "CVE-2015-6497", "CVE-2015-4499", "CVE-2015-7683", "CVE-2015-7367", "CVE-2014-8778", "CVE-2015-7670", "CVE-2015-7391", "CVE-2015-7372", "CVE-2015-7366", "CVE-2015-7364", "CVE-2015-7667", "CVE-2015-5072", "CVE-2015-6545", "CVE-2015-7370", "CVE-2015-7666", "CVE-2015-6658", "CVE-2015-6576", "CVE-2015-5076", "CVE-2015-6584", "CVE-2015-5074", "CVE-2015-5603", "CVE-2015-7365", "CVE-2015-6661", "CVE-2015-7369", "CVE-2015-5714", "CVE-2015-6665"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2015-10-26T00:00:00", "published": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14750", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
