ID SECURITYVULNS:VULN:10359
Type securityvulns
Reporter BUGTRAQ
Modified 2009-10-29T00:00:00
Description
Buffer overflow on TCP/10500 traffic parsing.
{"id": "SECURITYVULNS:VULN:10359", "bulletinFamily": "software", "title": "Hummingbird STR service / EMC Documentum eRoom / OpenText Search Server buffer overflow", "description": "Buffer overflow on TCP/10500 traffic parsing.", "published": "2009-10-29T00:00:00", "modified": "2009-10-29T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10359", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:22712"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:34", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "fdbcd6773629ba23df93d0842f22fa77"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "57103e79d0f416957da66f18fc14bba1"}, {"key": "href", "hash": "5715322e9fb039837a5513be3bafec13"}, {"key": "modified", "hash": "9241135ad5589209cfecf47d77e8289f"}, {"key": "published", "hash": "9241135ad5589209cfecf47d77e8289f"}, {"key": "references", "hash": "0719e02419cfb455e4810959ab1096f6"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "2f87368ae457efac5ba9d42ee0c5fac4"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "27e1a7a7e23801f1c7e414f84a25d08013f2639912345c0afbae02904c987bd1", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:09:34"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedSoftware": [{"name": "OpenText Search Server", "operator": "eq", "version": "6.0"}, {"name": "OpenText Search Server", "operator": "eq", "version": "6.1"}, {"name": "Documentum eRoom", "operator": "eq", "version": "7.4"}]}
{"openvas": [{"lastseen": "2018-09-01T23:36:47", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CDV3ULRXQEMV7OHCB5MSITEIVOI5EPN", "2018-0e72ef852a"], "pluginID": "1361412562310874744", "description": "Check the version of libjpeg-turbo", "edition": 5, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-06-27T00:00:00", "title": "Fedora Update for libjpeg-turbo FEDORA-2018-0e72ef852a", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:36:47", "vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11813"], "modified": "2018-07-27T00:00:00", "id": "OPENVAS:1361412562310874744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874744", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_0e72ef852a_libjpeg-turbo_fc28.nasl 10645 2018-07-27 05:27:50Z cfischer $\n#\n# Fedora Update for libjpeg-turbo FEDORA-2018-0e72ef852a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874744\");\n script_version(\"$Revision: 10645 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-27 07:27:50 +0200 (Fri, 27 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-27 06:03:19 +0200 (Wed, 27 Jun 2018)\");\n script_cve_id(\"CVE-2018-11813\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libjpeg-turbo FEDORA-2018-0e72ef852a\");\n script_tag(name:\"summary\", value:\"Check the version of libjpeg-turbo\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present \non the target host.\");\n script_tag(name:\"insight\", value:\"The libjpeg-turbo package contains a library \nof functions for manipulating JPEG images.\n\");\n script_tag(name:\"affected\", value:\"libjpeg-turbo on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-0e72ef852a\");\n script_xref(name:\"URL\" , value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CDV3ULRXQEMV7OHCB5MSITEIVOI5EPN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"libjpeg-turbo\", rpm:\"libjpeg-turbo~1.5.3~5.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:38:20", "references": ["http://www.ubuntu.com/usn/usn-3692-1/", "3692-1"], "pluginID": "1361412562310843569", "description": "Check the version of openssl", "edition": 6, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-06-27T00:00:00", "title": "Ubuntu Update for openssl USN-3692-1", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:38:20", "vector": "NONE", "value": 5.0}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-0495", "CVE-2018-0737"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310843569", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843569", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3692_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for openssl USN-3692-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843569\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-27 05:49:24 +0200 (Wed, 27 Jun 2018)\");\n script_cve_id(\"CVE-2018-0495\", \"CVE-2018-0732\", \"CVE-2018-0737\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for openssl USN-3692-1\");\n script_tag(name:\"summary\", value:\"Check the version of openssl\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"insight\", value:\"Keegan Ryan discovered that OpenSSL incorrectly\nhandled ECDSA key generation. An attacker could possibly use this issue to perform a\ncache-timing attack and recover private ECDSA keys. (CVE-2018-0495)\n\nGuido Vranken discovered that OpenSSL incorrectly handled very large prime\nvalues during a key agreement. A remote attacker could possibly use this\nissue to consume resources, leading to a denial of service. (CVE-2018-0732)\n\nAlejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis\nManuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key\ngeneration. An attacker could possibly use this issue to perform a\ncache-timing attack and recover private RSA keys. (CVE-2018-0737)\");\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3692-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3692-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1f-1ubuntu2.26\", rls:\"UBUNTU14.04 LTS\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2g-1ubuntu13.6\", rls:\"UBUNTU17.10\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2n-1ubuntu5.1\", rls:\"UBUNTU18.04 LTS\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.1\", ver:\"1.1.0g-2ubuntu4.1\", rls:\"UBUNTU18.04 LTS\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2g-1ubuntu4.13\", rls:\"UBUNTU16.04 LTS\", remove_arch:TRUE )) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:09", "references": ["http://esupport.trendmicro.com", "https://success.trendmicro.com/solution/1119961"], "pluginID": "1361412562310813615", "description": "This host is installed with Trend Micro\n OfficeScan and is prone to multiple vulnerabilities.", "edition": 6, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-06-26T00:00:00", "title": "Trend Micro OfficeScan Multiple Vulnerabilities June18", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:36:09", "vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10509", "CVE-2018-10508", "CVE-2018-10506", "CVE-2018-10507", "CVE-2018-10359", "CVE-2018-10505", "CVE-2018-10358"], "modified": "2018-08-06T00:00:00", "id": "OPENVAS:1361412562310813615", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813615", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_trend_micro_officescan_mult_vuln_june18.nasl 10778 2018-08-06 02:57:15Z ckuersteiner $\n#\n# Trend Micro OfficeScan Multiple Vulnerabilities June18\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:trend_micro:office_scan\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813615\");\n script_version(\"$Revision: 10778 $\");\n script_cve_id(\"CVE-2018-10358\", \"CVE-2018-10359\", \"CVE-2018-10505\", \"CVE-2018-10506\", \n \"CVE-2018-10507\", \"CVE-2018-10508\", \"CVE-2018-10509\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-06 04:57:15 +0200 (Mon, 06 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-26 10:57:13 +0530 (Tue, 26 Jun 2018)\");\n script_name(\"Trend Micro OfficeScan Multiple Vulnerabilities June18\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Trend Micro\n OfficeScan and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of the detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to, \n\n - The lack of proper validation of the length of user-supplied data prior to\n using that length to initialize a pool-based buffer within the processing of\n IOCTL 0x2200B4, IOCTL 0x2200B4, IOCTL 0x220008 in the TMWFP driver.\n\n - An out-of-bounds read error within processing of IOCTL 0x220004 by the tmwfp\n driver.\n\n - A vulnerability that render the OfficeScan Unauthorized Change Prevention\n inoperable on vulnerable installations.\n\n - A URL vulnerability to elevate account permissions on vulnerable installations.\n\n - An OfficeScan Browser Refresh vulnerability.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to disclose sensitive information, escalate privileges and to bypass other\n security restrictions on vulnerable installations of Trend Micro OfficeScan.\n\n Impact Level: System/Application.\");\n\n script_tag(name:\"affected\", value:\"Trend Micro OfficeScan versions XG SP1\n prior to XG SP1 CP 5147, XG (GM Version) prior to XG CP 1876 (Pre-SP1), 11.0\n SP1 prior to 11.0 SP1 CP 6540.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to OfficeScan XG SP1 CP 5147 or\n XG CP 1876 (Pre-SP1) or 110.0 SP1 CP 6540 or later.\n For updates refer to Reference links.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://success.trendmicro.com/solution/1119961\");\n script_xref(name:\"URL\", value:\"http://esupport.trendmicro.com\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_dependencies(\"gb_trend_micro_office_scan_detect.nasl\");\n script_mandatory_keys(\"Trend/Micro/Officescan/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE );\ntrendVer = infos['version'];\npath = infos['location'];\n\nif(trendVer =~ \"^(11|12)\\.\")\n{\n ## http://docs.trendmicro.com/all/ent/officescan/v11.0/en-us/osce_11.0_sp1_server_readme.htm#7 - 11.0 SP1 = 11.0.2995\n ## http://files.trendmicro.com/products/officescan/11.0_SP1/osce_11_sp1_patch1_win_en_criticalpatch_6540.html - 110.0 SP1 CP 6540 = 11.0.6540\n if(version_in_range(version:trendVer, test_version:\"11.0.2995\", test_version2:\"11.0.6539\" )){\n fix = \"110.0 SP1 CP 6540\";\n }\n ## http://files.trendmicro.com/products/officescan/XG/SP1/osce_xg_sp1_win_en_criticalpatch_b4406.html - XG SP1 = 12.0.4345\n ## http://files.trendmicro.com/products/officescan/XG/SP1/osce_xg_sp1_win_en_criticalpatch_5147.html - XG SP1 CP 5147 = 12.0.5147\n else if(version_in_range(version:trendVer, test_version:\"12.0.4345\", test_version2:\"12.0.5146\" )){\n fix = \"XG SP1 CP 5147\";\n }\n ## http://files.trendmicro.com/products/officescan/XG/patch1/osce_xg_win_en_criticalpatch_1876.html - XG CP 1876 (Pre-SP1) = 12.0.1876\n ## http://docs.trendmicro.com/all/ent/officescan/v12.0/en-us/osce_12.0_server_readme.htm#7 XG (GM Version) = 12.0.1315\n else if(version_in_range(version:trendVer, test_version:\"12.0.1315\", test_version2:\"12.0.1875\" )){\n fix = \"XG CP 1876 (Pre-SP1)\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:trendVer, fixed_version:fix, install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:21", "references": ["http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00044.html", "2018:1806_1"], "pluginID": "1361412562310851799", "description": "Check the version of phpMyAdmin", "edition": 6, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-06-24T00:00:00", "title": "SuSE Update for phpMyAdmin openSUSE-SU-2018:1806-1 (phpMyAdmin)", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:36:21", "vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12613", "CVE-2018-12581"], "modified": "2018-08-24T00:00:00", "id": "OPENVAS:1361412562310851799", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851799", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_1806_1.nasl 11109 2018-08-24 14:47:20Z mmartin $\n#\n# SuSE Update for phpMyAdmin openSUSE-SU-2018:1806-1 (phpMyAdmin)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851799\");\n script_version(\"$Revision: 11109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-24 16:47:20 +0200 (Fri, 24 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-24 05:45:58 +0200 (Sun, 24 Jun 2018)\");\n script_cve_id(\"CVE-2018-12581\", \"CVE-2018-12613\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for phpMyAdmin openSUSE-SU-2018:1806-1 (phpMyAdmin)\");\n script_tag(name:\"summary\", value:\"Check the version of phpMyAdmin\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present \non the target host.\");\n script_tag(name:\"insight\", value:\"\n This update for phpMyAdmin fixes multiple issues.\n\n Security issues fixed:\n\n * CVE-2018-12613: File inclusion and remote code execution attack\n (boo#1098751)\n * CVE-2018-12581: XSS in Designer feature (boo#1098752)\n\n This update to version 4.8.2 also contains number of upstream bug fixes\n and improvements.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended \n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-669=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-669=1\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on openSUSE Leap 42.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1806_1\");\n script_xref(name:\"URL\" , value:\"http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00044.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.8.2~15.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:36", "references": ["http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00042.html", "2018:1800_1"], "pluginID": "1361412562310851797", "description": "Check the version of mariadb", "edition": 4, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-06-23T00:00:00", "title": "SuSE Update for mariadb openSUSE-SU-2018:1800-1 (mariadb)", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:36:36", "vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-2817", "CVE-2018-2755", "CVE-2018-2819", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2766", "CVE-2018-2787", "CVE-2018-2767", "CVE-2018-2761", "CVE-2018-2782", "CVE-2018-2781", "CVE-2018-2813"], "modified": "2018-07-27T00:00:00", "id": "OPENVAS:1361412562310851797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851797", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_1800_1.nasl 10664 2018-07-27 13:57:41Z cfischer $\n#\n# SuSE Update for mariadb openSUSE-SU-2018:1800-1 (mariadb)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851797\");\n script_version(\"$Revision: 10664 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-27 15:57:41 +0200 (Fri, 27 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-23 05:57:46 +0200 (Sat, 23 Jun 2018)\");\n script_cve_id(\"CVE-2018-2755\", \"CVE-2018-2761\", \"CVE-2018-2766\", \"CVE-2018-2767\", \n \"CVE-2018-2771\", \"CVE-2018-2781\", \"CVE-2018-2782\", \"CVE-2018-2784\", \n \"CVE-2018-2787\", \"CVE-2018-2813\", \"CVE-2018-2817\", \"CVE-2018-2819\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for mariadb openSUSE-SU-2018:1800-1 (mariadb)\");\n script_tag(name:\"summary\", value:\"Check the version of mariadb\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present \non the target host.\");\n script_tag(name:\"insight\", value:\"\n This update for MariaDB to version 10.0.35 fixes multiple issues:\n\n Security issues fixed:\n\n * CVE-2018-2782: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n * CVE-2018-2784: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n * CVE-2018-2787: Unspecified vulnerability in InnoDB allowing writes\n (bsc#1090518)\n * CVE-2018-2766: Unspecified DoS vulnerability InnoDB (bsc#1090518)\n * CVE-2018-2755: Unspecified vulnerability in Replication allowing server\n compromise (bsc#1090518)\n * CVE-2018-2819: Unspecified DoS vulnerability in InnoDB (bsc#1090518)\n * CVE-2018-2817: Unspecified DoS vulnerability in DDL (bsc#1090518)\n * CVE-2018-2761: Unspecified DoS vulnerability in Client programs\n (bsc#1090518)\n * CVE-2018-2781: Unspecified DoS vulnerability in Server/Optimizer\n (bsc#1090518)\n * CVE-2018-2771: Unspecified DoS vulnerability in the Server/Locking\n component (bsc#1090518)\n * CVE-2018-2813: Unspecified vulnerability in The DDL component allowing\n unauthorized reads (bsc#1090518)\n * CVE-2018-2767: The embedded server library now supports SSL when\n connecting to remote servers (bsc#1088681)\n\n The following changes are included:\n\n * XtraDB updated to 5.6.39-83.1\n * TokuDB updated to 5.6.39-83.1\n * InnoDB updated to 5.6.40\n * Fix for Crash in MVCC read after IMPORT TABLESPACE\n * Fix for innodb_read_only trying to modify files if transactions were\n recovered in COMMITTED state\n * Fix for DROP TABLE hang on InnoDB table with FULLTEXT index\n * Fix for Crash in INFORMATION_SCHEMA.INNODB_SYS_TABLES whenaccessing\n corrupted record\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended \n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-668=1\");\n script_tag(name:\"affected\", value:\"mariadb on openSUSE Leap 42.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1800_1\");\n script_xref(name:\"URL\" , value:\"http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00042.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient-devel\", rpm:\"libmysqlclient-devel~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18\", rpm:\"libmysqlclient18~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo\", rpm:\"libmysqlclient18-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18\", rpm:\"libmysqlclient_r18~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqld-devel\", rpm:\"libmysqld-devel~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqld18\", rpm:\"libmysqld18~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqld18-debuginfo\", rpm:\"libmysqld18-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb\", rpm:\"mariadb~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench\", rpm:\"mariadb-bench~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-bench-debuginfo\", rpm:\"mariadb-bench-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client\", rpm:\"mariadb-client~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-client-debuginfo\", rpm:\"mariadb-client-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debuginfo\", rpm:\"mariadb-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-debugsource\", rpm:\"mariadb-debugsource~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-errormessages\", rpm:\"mariadb-errormessages~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test\", rpm:\"mariadb-test~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-test-debuginfo\", rpm:\"mariadb-test-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools\", rpm:\"mariadb-tools~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mariadb-tools-debuginfo\", rpm:\"mariadb-tools-debuginfo~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-32bit\", rpm:\"libmysqlclient18-32bit~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient18-debuginfo-32bit\", rpm:\"libmysqlclient18-debuginfo-32bit~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libmysqlclient_r18-32bit\", rpm:\"libmysqlclient_r18-32bit~10.0.35~35.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:36:34", "references": ["http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00043.html", "2018:1802_1"], "pluginID": "1361412562310851796", "description": "Check the version of redis", "edition": 5, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-06-23T00:00:00", "title": "SuSE Update for redis openSUSE-SU-2018:1802-1 (redis)", "type": "openvas", "enchantments": {"score": {"modified": "2018-09-01T23:36:34", "vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-11218", "CVE-2018-11219"], "modified": "2018-08-18T00:00:00", "id": "OPENVAS:1361412562310851796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_1802_1.nasl 11044 2018-08-18 15:12:40Z cfischer $\n#\n# SuSE Update for redis openSUSE-SU-2018:1802-1 (redis)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851796\");\n script_version(\"$Revision: 11044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-18 17:12:40 +0200 (Sat, 18 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-23 05:57:35 +0200 (Sat, 23 Jun 2018)\");\n script_cve_id(\"CVE-2018-11218\", \"CVE-2018-11219\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for redis openSUSE-SU-2018:1802-1 (redis)\");\n script_tag(name:\"summary\", value:\"Check the version of redis\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present \non the target host.\");\n script_tag(name:\"insight\", value:\"\n This update for redis to 4.0.10 fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack\n (bsc#1097430).\n - CVE-2018-11219: Prevent integer overflow in Lua scripting (bsc#1097768).\n\n For Leap 42.3 and openSUSE SLE 12 backports this is a jump from 4.0.6. For\n additional details please see\n\n - 'https://raw.githubusercontent.com/antirez/redis/4.0.9/00-RELEASENOTES'\n - 'https://raw.githubusercontent.com/antirez/redis/4.0.8/00-RELEASENOTES'\n - 'https://raw.githubusercontent.com/antirez/redis/4.0.7/00-RELEASENOTES'\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended \n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-667=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-667=1\");\n script_tag(name:\"affected\", value:\"redis on openSUSE Leap 42.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:1802_1\");\n script_xref(name:\"URL\" , value:\"http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00043.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"redis\", rpm:\"redis~4.0.10~17.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"redis-debuginfo\", rpm:\"redis-debuginfo~4.0.10~17.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"redis-debugsource\", rpm:\"redis-debugsource~4.0.10~17.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2018-07-30T13:51:56", "references": ["https://www.zerodayinitiative.com/advisories/ZDI-18-564/", "https://success.trendmicro.com/solution/1119961"], "description": "A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.", "edition": 2, "reporter": "NVD", "published": "2018-06-08T10:29:00", "title": "CVE-2018-10359", "type": "cve", "enchantments": {"score": {"modified": "2018-07-30T13:51:56", "vector": "NONE", "value": 7.2}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-10359"], "scanner": [], "modified": "2018-07-27T10:48:16", "cpe": ["cpe:/a:trendmicro:officescan:xg:sp1", "cpe:/a:trendmicro:officescan:11.0:sp1", "cpe:/a:trendmicro:officescan:xg"], "id": "CVE-2018-10359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10359", "cvss": {"score": 5.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-10-24T10:50:10", "references": ["http://www.securitytracker.com/id/1039595", "http://www.securityfocus.com/bid/101317", "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"], "description": "Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hyperion BI+ accessible data as well as unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).", "edition": 3, "reporter": "NVD", "published": "2017-10-19T13:29:04", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "title": "CVE-2017-10359", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-10359"], "scanner": [], "modified": "2017-10-23T07:11:55", "cpe": ["cpe:/a:oracle:hyperion_bi%2b:11.1.2.4"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10359", "id": "CVE-2017-10359", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "oracle": [{"lastseen": "2018-08-31T04:13:51", "references": [], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 252 new security fixes across the product families listed below. Please note that a MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2017 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2310031.1>).\n\nPlease note that on September 22, 2017, Oracle released [Security Alert for CVE-2017-9805](<http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html>). Customers of affected Oracle product(s) are strongly advised to apply the fixes that were announced in this Security Alert as well as those contained in this Critical Patch update\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available [here](<http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>).\n", "edition": 3, "reporter": "Oracle", "published": "2017-10-17T00:00:00", "title": "Oracle Critical Patch Update - October 2017", "type": "oracle", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Oracle WebLogic Server", "version": "12.2.1.2.0", "operator": "le"}, {"name": "Oracle Retail Convenience and Fuel POS Software", "version": "2.1.132", "operator": "le"}, {"name": "Oracle Communications User Data Repository", "version": "10.x", "operator": "le"}, {"name": "Oracle BI Publisher", "version": "11.1.1.9.0", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.7.7", "operator": "le"}, {"name": "Oracle Hospitality Hotel Mobile", "version": "1.1", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.4", "operator": "le"}, {"name": "Oracle WebCenter Content", "version": "12.2.1.1.0", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.6", "operator": "le"}, {"name": "Oracle FLEXCUBE Universal Banking", "version": "12.3.0", "operator": "le"}, {"name": "Oracle Mobile Field Service", "version": "12.2.3", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "12.1.3.0.0", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "3.3.4.3247", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "11.1.1.8.0", "operator": "le"}, {"name": "Oracle Directory Server Enterprise Edition", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle SOA Suite", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.3", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Hospitality Guest Access", "version": "4.2.0", "operator": "le"}, {"name": "RDBMS Security", "version": "11.2.0.4", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.5.0", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "6u161", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Healthcare Master Person Index", "version": "4.x", "operator": "le"}, {"name": "Oracle Business Process Management Suite", "version": "12.2.1.2.0", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.6.0", "operator": "le"}, {"name": "Siebel Core - Server Framework", "version": "17.0", "operator": "le"}, {"name": "Oracle CRM Technical Foundation", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Security Service", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.2.7", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.5", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.8.0", "operator": "le"}, {"name": "Oracle Hospitality Simphony", "version": "2.9", "operator": "le"}, {"name": "Oracle Integrated Lights Out Manager (ILOM)", "version": "3.2.6", "operator": "le"}, {"name": "Oracle Hospitality Cruise Fleet Management", "version": "9.0.2.0", "operator": "le"}, {"name": "Siebel UI Framework", "version": "16.0", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "15.0.1", "operator": "le"}, {"name": "Oracle Global Order Promising", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Business Process Management Suite", "version": "12.2.1.1.0", "operator": "le"}, {"name": "Java VM", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.4", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.2.1.1.0", "operator": "le"}, {"name": "Oracle Advanced Outbound Telephony", "version": "12.2.6", "operator": "le"}, {"name": "Oracle iSupport", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Retail Point-of-Service", "version": "13.3", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "14.1", "operator": "le"}, {"name": "Siebel Apps - Field Service", "version": "17.0", "operator": "le"}, {"name": "Oracle Global Order Promising", "version": "12.2.3", "operator": "le"}, {"name": "JD Edwards EnterpriseOne Tools", "version": "9.2", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Hospitality Cruise AffairWhere", "version": "2.2.5.0", "operator": "le"}, {"name": "Oracle CRM Technical Foundation", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Hospitality Guest Access", "version": "4.2.1", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "12.2.1.2.0", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Communications Order and Service Management", "version": "7.2.4.x.x", "operator": "le"}, {"name": "Oracle BI Publisher", "version": "12.2.1.1.0", "operator": "le"}, {"name": "Oracle Enterprise Manager Ops Center", "version": "12.3.2", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "6u161", "operator": "le"}, {"name": "MySQL Server", "version": "5.7.11", "operator": "le"}, {"name": "Oracle JDeveloper", "version": "12.2.1.2.0", "operator": "le"}, {"name": "Oracle Global Order Promising", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Integrator", "version": "2.4", "operator": "le"}, {"name": "Oracle RDBMS", "version": "12.1.0.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.55", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Identity Manager", "version": "11.1.2.3.0", "operator": "le"}, {"name": "Oracle Hospitality Simphony", "version": "2.8", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Communications EAGLE LNP Application Processor", "version": "10.x", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "10.3.6.0.0", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.4", "operator": "le"}, {"name": "Oracle FLEXCUBE Universal Banking", "version": "12.1.0", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "13.2.9", "operator": "le"}, {"name": "Oracle CRM Technical Foundation", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.6", "operator": "le"}, {"name": "Oracle Hospitality Cruise AffairWhere", "version": "2.2.6.0", "operator": "le"}, {"name": "Primavera Unifier", "version": "16.x", "operator": "le"}, {"name": "XML Database", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Virtual Directory", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.1.3", "operator": "le"}, {"name": "JD Edwards World Security", "version": "9.4", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.37", "operator": "le"}, {"name": "Oracle Communications Services Gatekeeper", "version": "6.0", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Hospitality Cruise AffairWhere", "version": "2.2.7.0", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.2.1.2.0", "operator": "le"}, {"name": "Oracle Communications Order and Service Management", "version": "7.3.0.x.x", "operator": "le"}, {"name": "Oracle WebCenter Content", "version": "12.2.1.2.0", "operator": "le"}, {"name": "Java SE", "version": "6u161", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "14.0", "operator": "le"}, {"name": "Oracle Communications WebRTC Session Controller", "version": "7.2", "operator": "le"}, {"name": "Oracle FLEXCUBE Universal Banking", "version": "11.3", "operator": "le"}, {"name": "Siebel Core - Server Framework", "version": "16.0", "operator": "le"}, {"name": "Oracle CRM Technical Foundation", "version": "12.2.4", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.2.1.1.0", "operator": "le"}, {"name": "Oracle Secure Global Desktop (SGD)", "version": "5.3", "operator": "le"}, {"name": "Oracle iSupport", "version": "12.2.7", "operator": "le"}, {"name": "Oracle FLEXCUBE Universal Banking", "version": "11.4.0", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.2.3", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.56", "operator": "le"}, {"name": "Tekelec HLR Router", "version": "4.x", "operator": "le"}, {"name": "Oracle Retail Markdown Optimization", "version": "14.0", "operator": "le"}, {"name": "Oracle Hospitality Suite8", "version": "8.10.2", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "8u144", "operator": "le"}, {"name": "Oracle iSupport", "version": "12.1.2", "operator": "le"}, {"name": "Oracle iStore", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.2.7", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.3", "operator": "le"}, {"name": "MySQL Server", "version": "5.7.19", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.5", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.7", "operator": "le"}, {"name": "Oracle FLEXCUBE Universal Banking", "version": "12.2.0", "operator": "le"}, {"name": "Oracle BI Publisher", "version": "12.2.1.2.0", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.7", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.1.3.0.0", "operator": "le"}, {"name": "Oracle Universal Work Queue", "version": "12.2.4", "operator": "le"}, {"name": "Oracle RDBMS", "version": "12.2.0.1", "operator": "le"}, {"name": "Java SE, JRockit", "version": "7u151", "operator": "le"}, {"name": "Oracle Communications Order and Service Management", "version": "7.3.1.x.x", "operator": "le"}, {"name": "Oracle Mobile Field Service", "version": "12.1.2", "operator": "le"}, {"name": "Solaris Cluster", "version": "4.3", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.36", "operator": "le"}, {"name": "Oracle Business Process Management Suite", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle Mobile Field Service", "version": "12.1.1", "operator": "le"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "le"}, {"name": "Oracle Retail Clearance Optimization Engine", "version": "13.4", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "7u151", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Integrator", "version": "3.0", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "7u151", "operator": "le"}, {"name": "Oracle API Gateway", "version": "11.1.2.4.0", "operator": "le"}, {"name": "Oracle Managed File Transfer", "version": "12.2.1.1.0", "operator": "le"}, {"name": "Oracle Mobile Field Service", "version": "12.2.7", "operator": "le"}, {"name": "Oracle CRM Technical Foundation", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Managed File Transfer", "version": "12.2.1.2.0", "operator": "le"}, {"name": "SPARC M7, T7, S7 based Servers", "version": "9.7.6.b", "operator": "le"}, {"name": "Java VM", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.2.7", "operator": "le"}, {"name": "Oracle VM VirtualBox", "version": "5.1.30", "operator": "le"}, {"name": "Oracle Hospitality OPERA 5 Property Services", "version": "5.4.2.x", "operator": "le"}, {"name": "Oracle Hospitality Simphony", "version": "2.7", "operator": "le"}, {"name": "Oracle Mobile Field Service", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Access Manager", "version": "11.1.2.3.0", "operator": "le"}, {"name": "Oracle Universal Work Queue", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Hospitality Cruise Materials Management", "version": "7.30.564.0", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.3", "operator": "le"}, {"name": "WLM (Apache Tomcat)", "version": "12.2.0.1", "operator": "le"}, {"name": "Oracle Global Order Promising", "version": "12.1.3", "operator": "le"}, {"name": "MySQL Server", "version": "5.7.18", "operator": "le"}, {"name": "Oracle WebCenter Sites", "version": "12.2.1.2.0", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "15.0.1", "operator": "le"}, {"name": "Oracle Enterprise Manager Ops Center", "version": "12.2.2", "operator": "le"}, {"name": "Oracle Interaction Center Intelligence", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Integrator", "version": "3.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded, JRockit", "version": "9", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.1.3", "operator": "le"}, {"name": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers", "version": "2340", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.8.1", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "14.0.4", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Retail Point-of-Service", "version": "14.1", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.4", "operator": "le"}, {"name": "Java SE, JRockit", "version": "9", "operator": "le"}, {"name": "MySQL Server", "version": "5.6.35", "operator": "le"}, {"name": "Oracle Interaction Center Intelligence", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.2.0", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Hyperion Financial Reporting", "version": "11.1.2", "operator": "le"}, {"name": "MICROS Retail XBRi Loss Prevention", "version": "10.0.1", "operator": "le"}, {"name": "Oracle iSupport", "version": "12.1.1", "operator": "le"}, {"name": "Oracle iSupport", "version": "12.2.4", "operator": "le"}, {"name": "XML Database", "version": "11.2.0.4", "operator": "le"}, {"name": "Oracle Universal Work Queue", "version": "12.1.2", "operator": "le"}, {"name": "Siebel CRM Desktop", "version": "16.0", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.5", "operator": "le"}, {"name": "MySQL Server", "version": "5.5.57", "operator": "le"}, {"name": "Siebel CRM Desktop", "version": "17.0", "operator": "le"}, {"name": "Primavera Unifier", "version": "9.14", "operator": "le"}, {"name": "Oracle Advanced Outbound Telephony", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.4", "operator": "le"}, {"name": "Java SE, JRockit", "version": "6u161", "operator": "le"}, {"name": "Oracle Advanced Outbound Telephony", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Engineering Data Management", "version": "6.1.3.0", "operator": "le"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.1.3", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Universal Work Queue", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.2.4", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM eProcurement", "version": "9.1.00", "operator": "le"}, {"name": "Oracle BI Publisher", "version": "11.1.1.7.0", "operator": "le"}, {"name": "JD Edwards World Security", "version": "9.3", "operator": "le"}, {"name": "Java Advanced Management Console", "version": "2.7", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Universal Work Queue", "version": "12.1.3", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "11.1.1.9.0", "operator": "le"}, {"name": "PeopleSoft Enterprise PT PeopleTools", "version": "8.56", "operator": "le"}, {"name": "Oracle Communications Policy Management", "version": "11.5", "operator": "le"}, {"name": "Oracle Communications Services Gatekeeper", "version": "5.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.3", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "6.5.11", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Retail Point-of-Service", "version": "14.0", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "12.2.1.1.0", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Retail Point-of-Service", "version": "13.2", "operator": "le"}, {"name": "Oracle Server X7-2/2L, X7-8", "version": "1.0", "operator": "le"}, {"name": "Oracle FLEXCUBE Universal Banking", "version": "12.0.1", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.7", "operator": "le"}, {"name": "Oracle FLEXCUBE Universal Banking", "version": "12.4.0", "operator": "le"}, {"name": "Oracle CRM Technical Foundation", "version": "12.2.3", "operator": "le"}, {"name": "Oracle iSupport", "version": "12.2.5", "operator": "le"}, {"name": "Oracle RDBMS", "version": "11.2.0.4", "operator": "le"}, {"name": "Primavera Unifier", "version": "15.x", "operator": "le"}, {"name": "Oracle Universal Work Queue", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Universal Work Queue", "version": "12.1.1", "operator": "le"}, {"name": "RDBMS Security", "version": "12.1.0.2", "operator": "le"}, {"name": "Oracle Communications WebRTC Session Controller", "version": "7.1", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "8u144", "operator": "le"}, {"name": "Oracle Interaction Center Intelligence", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Communications WebRTC Session Controller", "version": "7.0", "operator": "le"}, {"name": "Oracle Hospitality Reporting and Analytics", "version": "8.5.1", "operator": "le"}, {"name": "Oracle Mobile Field Service", "version": "12.2.6", "operator": "le"}, {"name": "Java SE, Java SE Embedded", "version": "9", "operator": "le"}, {"name": "SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers", "version": "1123", "operator": "le"}, {"name": "Sun ZFS Storage Appliance Kit (AK)", "version": "2013", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Agile PLM", "version": "9.3.5", "operator": "le"}, {"name": "Java SE", "version": "8u144", "operator": "le"}, {"name": "PeopleSoft Enterprise PT PeopleTools", "version": "8.55", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.4.1", "operator": "le"}, {"name": "Primavera Unifier", "version": "9.13", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.2.3", "operator": "le"}, {"name": "Oracle Global Order Promising", "version": "12.1.2", "operator": "le"}, {"name": "Oracle iSupport", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Endeca Information Discovery Integrator", "version": "3.2", "operator": "le"}, {"name": "Oracle Business Process Management Suite", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle Applications Technology Stack", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Managed File Transfer", "version": "12.1.3.0.0", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Global Order Promising", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Communications Order and Service Management", "version": "7.3.5.x.x", "operator": "le"}, {"name": "Oracle Common Applications", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Advanced Outbound Telephony", "version": "12.2.5", "operator": "le"}, {"name": "Spatial (Apache Groovy)", "version": "12.2.0.1", "operator": "le"}, {"name": "Oracle Retail Markdown Optimization", "version": "13.4", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.9.0", "operator": "le"}, {"name": "RDBMS Security", "version": "12.2.0.1", "operator": "le"}, {"name": "Oracle Virtual Directory", "version": "11.1.1.7.0", "operator": "le"}, {"name": "PeopleSoft Enterprise HCM", "version": "9.2", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "7.1.6", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "16.0.1", "operator": "le"}, {"name": "Oracle Communications Unified Session Manager", "version": "7.x", "operator": "le"}, {"name": "PeopleSoft Enterprise PT PeopleTools", "version": "8.54", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.1.2", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.0.1", "operator": "le"}, {"name": "Oracle iSupport", "version": "12.1.3", "operator": "le"}, {"name": "Java SE", "version": "9", "operator": "le"}, {"name": "Oracle iStore", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Security Service", "version": "12.1.3.0.0", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.1", "operator": "le"}, {"name": "Oracle Hyperion BI+", "version": "11.1.2.4", "operator": "le"}, {"name": "Oracle Mobile Field Service", "version": "12.2.5", "operator": "le"}, {"name": "Oracle Communications Diameter Signaling Router (DSR)", "version": "7.x", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1.1.7.0", "operator": "le"}, {"name": "Oracle FLEXCUBE Universal Banking", "version": "12.0.2", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "6.0.11", "operator": "le"}, {"name": "Oracle iStore", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.0", "operator": "le"}, {"name": "Java VM", "version": "12.2.0.1", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.4.2", "operator": "le"}, {"name": "Siebel UI Framework", "version": "17.0", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.2", "operator": "le"}, {"name": "Solaris Cluster", "version": "3.3", "operator": "le"}, {"name": "Primavera Unifier", "version": "10.x", "operator": "le"}, {"name": "Management Pack for Oracle GoldenGate", "version": "11.2.1.0.12", "operator": "le"}, {"name": "Oracle iPlanet Web Server", "version": "7.0", "operator": "le"}, {"name": "Oracle Global Order Promising", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Retail Store Inventory Management", "version": "14.1.3", "operator": "le"}, {"name": "Oracle Global Order Promising", "version": "12.2.4", "operator": "le"}, {"name": "Java SE", "version": "7u151", "operator": "le"}, {"name": "Oracle Communications Policy Management", "version": "12.x", "operator": "le"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.2", "operator": "le"}, {"name": "Oracle Mobile Field Service", "version": "12.2.4", "operator": "le"}, {"name": "PeopleSoft Enterprise SCM eProcurement", "version": "9.2.00", "operator": "le"}, {"name": "Oracle FLEXCUBE Universal Banking", "version": "12.0.3", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.7", "operator": "le"}, {"name": "JD Edwards World Security", "version": "9.1", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.2.6", "operator": "le"}, {"name": "Oracle Retail Xstore Point of Service", "version": "7.0.6", "operator": "le"}, {"name": "Oracle iStore", "version": "12.2.6", "operator": "le"}, {"name": "MySQL Connectors", "version": "6.9.9", "operator": "le"}, {"name": "Java SE, JRockit", "version": "8u144", "operator": "le"}, {"name": "Oracle Communications Billing and Revenue Management", "version": "7.5", "operator": "le"}, {"name": "Oracle Communications Messaging Server", "version": "8.x", "operator": "le"}, {"name": "Oracle Applications DBA", "version": "12.1.3", "operator": "le"}, {"name": "Siebel Apps - Field Service", "version": "16.0", "operator": "le"}, {"name": "Oracle Engineering Data Management", "version": "6.2.2.0", "operator": "le"}, {"name": "Oracle Knowledge Management", "version": "12.1.2", "operator": "le"}, {"name": "PeopleSoft Enterprise PRTL Interaction Hub", "version": "9.1.00", "operator": "le"}, {"name": "Oracle Hospitality Simphony", "version": "2.6", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "3.4.2.4181", "operator": "le"}, {"name": "Oracle Business Process Management Suite", "version": "12.1.3.0.0", "operator": "le"}, {"name": "Oracle Identity Manager Connector", "version": "9.1.1.5.0", "operator": "le"}, {"name": "Oracle HTTP Server", "version": "12.1.3.0.0", "operator": "le"}, {"name": "Oracle Hospitality Suite8", "version": "8.10.1", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.1.2", "operator": "le"}, {"name": "Oracle Web Applications Desktop Integrator", "version": "12.1.1", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.1.3", "operator": "le"}, {"name": "Oracle Outside In Technology", "version": "8.5.3.0", "operator": "le"}, {"name": "Oracle Advanced Outbound Telephony", "version": "12.2.3", "operator": "le"}, {"name": "MySQL Enterprise Monitor", "version": "3.2.8.2223", "operator": "le"}, {"name": "Oracle Trade Management", "version": "12.2.3", "operator": "le"}, {"name": "Oracle WebCenter Content", "version": "11.1.1.9.0", "operator": "le"}, {"name": "Oracle Application Object Library", "version": "12.2.4", "operator": "le"}, {"name": "Oracle Common Applications Calendar", "version": "12.2.6", "operator": "le"}, {"name": "Oracle GlassFish Server", "version": "3.1.2", "operator": "le"}, {"name": "Oracle Retail Back Office", "version": "13.4", "operator": "le"}, {"name": "Oracle WebLogic Server", "version": "12.2.1.3.0", "operator": "le"}, {"name": "Oracle Universal Work Queue", "version": "12.2.7", "operator": "le"}, {"name": "Oracle Hospitality Reporting and Analytics", "version": "9.0.0", "operator": "le"}, {"name": "Oracle Hospitality Cruise Shipboard Property Management System", "version": "8.0.2.0", "operator": "le"}, {"name": "Oracle Retail Point-of-Service", "version": "13.4", "operator": "le"}, {"name": "Oracle Transportation Management", "version": "6.3.2", "operator": "le"}, {"name": "JD Edwards World Security", "version": "9.2", "operator": "le"}], "cvelist": ["CVE-2017-10324", "CVE-2017-10167", "CVE-2017-10014", "CVE-2017-10417", "CVE-2017-10037", "CVE-2015-5351", "CVE-2015-5254", "CVE-2017-10270", "CVE-2017-10387", "CVE-2017-10360", "CVE-2015-1792", "CVE-2017-10321", "CVE-2017-10060", "CVE-2015-0235", "CVE-2015-1793", "CVE-2017-10404", "CVE-2017-10311", "CVE-2017-10421", "CVE-2017-10353", "CVE-2017-10260", "CVE-2017-10203", "CVE-2016-9840", "CVE-2017-10419", "CVE-2017-10424", "CVE-2017-10399", "CVE-2017-10293", "CVE-2015-3197", "CVE-2017-10299", "CVE-2017-10158", "CVE-2017-10379", "CVE-2017-10414", "CVE-2017-10054", "CVE-2017-10357", "CVE-2017-10197", "CVE-2017-10361", "CVE-2017-10356", "CVE-2016-5019", "CVE-2017-10322", "CVE-2017-10323", "CVE-2017-10066", "CVE-2014-3572", "CVE-2017-5709", "CVE-2016-6306", "CVE-2017-5462", "CVE-2014-3613", "CVE-2017-7502", "CVE-2015-7181", "CVE-2015-0206", "CVE-2017-10369", "CVE-2015-1789", "CVE-2016-2183", "CVE-2017-10349", "CVE-2017-10284", "CVE-2017-10294", "CVE-2017-10325", "CVE-2017-10416", "CVE-2015-0286", "CVE-2017-10341", "CVE-2017-10420", "CVE-2017-10418", "CVE-2017-10367", "CVE-2016-2178", "CVE-2017-10164", "CVE-2013-1903", "CVE-2017-10400", "CVE-2017-3167", "CVE-2017-10281", "CVE-2015-3195", "CVE-2017-10351", "CVE-2017-10359", "CVE-2017-10381", "CVE-2017-10406", "CVE-2017-10348", "CVE-2017-10372", "CVE-2014-8714", "CVE-2017-10034", "CVE-2017-10328", "CVE-2016-0714", "CVE-2016-3092", "CVE-2014-3571", "CVE-2017-10397", "CVE-2017-10388", "CVE-2017-10330", "CVE-2017-10407", "CVE-2014-0076", "CVE-2017-10033", "CVE-2017-10342", "CVE-2017-10415", "CVE-2017-10408", "CVE-2016-6302", "CVE-2017-10344", "CVE-2017-10354", "CVE-2017-10338", "CVE-2017-10296", "CVE-2017-10292", "CVE-2017-10402", "CVE-2014-3587", "CVE-2017-10306", "CVE-2017-10365", "CVE-2017-10337", "CVE-2017-10426", "CVE-2016-8745", "CVE-2016-2177", "CVE-2017-10380", "CVE-2015-0288", "CVE-2017-10332", "CVE-2017-10378", "CVE-2014-0224", "CVE-2017-10026", "CVE-2017-10276", "CVE-2016-0635", "CVE-2017-10409", "CVE-2017-10166", "CVE-2017-10427", "CVE-2017-10422", "CVE-2015-3194", "CVE-2017-10355", "CVE-2017-10163", "CVE-2016-6515", "CVE-2017-10326", "CVE-2015-0285", "CVE-2016-2107", "CVE-2017-10153", "CVE-2016-7055", "CVE-2017-10382", "CVE-2015-7501", "CVE-2017-10364", "CVE-2017-10319", "CVE-2015-3253", "CVE-2017-3731", "CVE-2016-6307", "CVE-2016-0701", "CVE-2017-10398", "CVE-2017-10051", "CVE-2017-10308", "CVE-2017-10320", "CVE-2017-10287", "CVE-2017-10412", "CVE-2017-10334", "CVE-2016-9842", "CVE-2016-2834", "CVE-2017-10283", "CVE-2015-0899", "CVE-2017-10152", "CVE-2017-10264", "CVE-2016-1182", "CVE-2014-0065", "CVE-2016-0763", "CVE-2015-0207", "CVE-2017-10155", "CVE-2017-10271", "CVE-2017-10286", "CVE-2017-10304", "CVE-2016-6308", "CVE-2016-6816", "CVE-2016-7433", "CVE-2014-4342", "CVE-2017-5662", "CVE-2014-8275", "CVE-2016-2180", "CVE-2017-10411", "CVE-2017-10313", "CVE-2017-10194", "CVE-2015-7182", "CVE-2015-0208", "CVE-2015-2808", "CVE-2017-10347", "CVE-2014-3570", "CVE-2017-10227", "CVE-2015-7575", "CVE-2017-10370", "CVE-2017-10261", "CVE-2017-10425", "CVE-2017-5706", "CVE-2015-3196", "CVE-2017-10428", "CVE-2014-3470", "CVE-2017-10362", "CVE-2017-10309", "CVE-2016-2181", "CVE-2017-10391", "CVE-2016-6304", "CVE-2015-3193", "CVE-2017-10263", "CVE-2014-3538", "CVE-2017-10403", "CVE-2014-0114", "CVE-2017-10159", "CVE-2017-10410", "CVE-2017-3732", "CVE-2017-10383", "CVE-2017-10339", "CVE-2017-10340", "CVE-2014-0050", "CVE-2017-10327", "CVE-2017-10396", "CVE-2017-10300", "CVE-2014-3707", "CVE-2014-0064", "CVE-2017-10343", "CVE-2015-0293", "CVE-2017-10165", "CVE-2017-10316", "CVE-2017-3445", "CVE-2017-10373", "CVE-2016-1979", "CVE-2017-10363", "CVE-2017-10352", "CVE-2016-2381", "CVE-2014-8713", "CVE-2017-10279", "CVE-2015-7183", "CVE-2013-0255", "CVE-2017-10314", "CVE-2017-9805", "CVE-2015-1788", "CVE-2017-10055", "CVE-2014-0195", "CVE-2014-0198", "CVE-2017-10161", "CVE-2016-7052", "CVE-2015-0209", "CVE-2014-0063", "CVE-2016-1950", "CVE-2017-10333", "CVE-2015-0204", "CVE-2016-0706", "CVE-2013-0248", "CVE-2017-3733", "CVE-2017-5664", "CVE-2017-10312", "CVE-2017-10366", "CVE-2014-0060", "CVE-2017-10318", "CVE-2016-7429", "CVE-2016-1181", "CVE-2017-10268", "CVE-2017-10285", "CVE-2017-3446", "CVE-2017-10392", "CVE-2017-10413", "CVE-2016-9843", "CVE-2013-2566", "CVE-2016-8735", "CVE-2015-1790", "CVE-2017-10394", "CVE-2017-9788", "CVE-2017-10350", "CVE-2016-6305", "CVE-2016-6303", "CVE-2017-10275", "CVE-2017-10274", "CVE-2017-10190", "CVE-2013-1902", "CVE-2017-10315", "CVE-2015-0291", "CVE-2017-10317", "CVE-2017-10389", "CVE-2017-10385", "CVE-2017-10154", "CVE-2017-10395", "CVE-2017-3588", "CVE-2014-4345", "CVE-2017-10162", "CVE-2003-1418", "CVE-2016-2182", "CVE-2017-10358", "CVE-2017-10310", "CVE-2017-10077", "CVE-2017-10346", "CVE-2014-0062", "CVE-2017-10401", "CVE-2015-0287", "CVE-2017-7668", "CVE-2017-3444", "CVE-2017-10295", "CVE-2017-10393", "CVE-2017-10423", "CVE-2017-10280", "CVE-2017-5461", "CVE-2016-10165", "CVE-2014-0066", "CVE-2015-0289", "CVE-2016-9841", "CVE-2015-7940", "CVE-2017-3169", "CVE-2017-10065", "CVE-2016-5285", "CVE-2017-10368", "CVE-2015-0292", "CVE-2017-10375", "CVE-2017-10384", "CVE-2014-0107", "CVE-2017-10050", "CVE-2016-3506", "CVE-2017-10345", "CVE-2017-10303", "CVE-2017-10302", "CVE-2017-10259", "CVE-2017-10265", "CVE-2015-0290", "CVE-2017-3730", "CVE-2015-0205", "CVE-2017-10329", "CVE-2016-2179", "CVE-2017-10405", "CVE-2017-10277", "CVE-2016-6814", "CVE-2013-1900", "CVE-2015-1787", "CVE-2015-4852", "CVE-2014-0061", "CVE-2014-3569", "CVE-2017-10386", "CVE-2015-1791", "CVE-2017-10336", "CVE-2017-10335", "CVE-2016-7431", "CVE-2017-7679", "CVE-2014-0221", "CVE-2017-10331", "CVE-2017-10099"], "modified": "2018-02-15T00:00:00", "id": "ORACLE:CPUOCT2017-3236626", "href": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "apport security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Apport", "version": "2.18", "operator": "eq"}], "cvelist": ["CVE-2015-1338"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "description": "PHAR extension DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "PHP security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PHP", "version": "5.6", "operator": "eq"}], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32652"], "description": "Crash on audiofiles processing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "audiofile memory corruption", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "libaudiofile", "version": "0.3", "operator": "eq"}], "cvelist": ["CVE-2015-7747"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32657", "https://vulners.com/securityvulns/securityvulns:doc:32654", "https://vulners.com/securityvulns/securityvulns:doc:32655", "https://vulners.com/securityvulns/securityvulns:doc:32656", "https://vulners.com/securityvulns/securityvulns:doc:32658", "https://vulners.com/securityvulns/securityvulns:doc:32659", "https://vulners.com/securityvulns/securityvulns:doc:32653"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "reporter": "ORACLE", "published": "2015-11-02T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PeopleSoft Enterprise HCM Talent Acquistion Managment", "version": "9.2", "operator": "eq"}, {"name": "Endeca Server", "version": "7.6", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "eq"}, {"name": "Oracle Traffic Director", "version": "11.1", "operator": "eq"}, {"name": "Java SE", "version": "8", "operator": "eq"}, {"name": "Oracle Communications LSMS", "version": "13.1", "operator": "eq"}, {"name": "Oracle Communications Messaging Server", "version": "8.0", "operator": "eq"}, {"name": "Oracle Enterprise Data Quality", "version": "12.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.2", "operator": "eq"}, {"name": "Hyperion Installation Technology", "version": "11.1", "operator": "eq"}, {"name": "Oracle", "version": "12.1", "operator": "eq"}, {"name": "Java SE Embedded", "version": "8", "operator": "eq"}, {"name": "Outside In Technology", "version": "8.5", "operator": "eq"}, {"name": "Exalogic Infrastructure", "version": "2.0", "operator": "eq"}, {"name": "Oracle", "version": "11.2", "operator": "eq"}, {"name": "Oracle Retail Returns Management", "version": "14.0", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "12.2", "operator": "eq"}, {"name": "Solaris", "version": "11.2", "operator": "eq"}, {"name": "MySQL Enterprise Monitor", "version": "3.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "eq"}, {"name": "Oracle Agile PLM", "version": "9.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise HCM", "version": "9.2", "operator": "eq"}, {"name": "Oracle WebCenter Content", "version": "10.1", "operator": "eq"}, {"name": "Oracle Configurator", "version": "12.2", "operator": "eq"}, {"name": "Oracle Communications Performance Intelligence Center Software", "version": "10.1", "operator": "eq"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "7.1", "operator": "eq"}, {"name": "Oracle Identity Manager", "version": "11.1", "operator": "eq"}, {"name": "Enterprise Manager Base Platform", "version": "12.1", "operator": "eq"}, {"name": "FS1-2 Flash Storage System", "version": "6.3", "operator": "eq"}, {"name": "Integrated Lights Out Manager", "version": "3.2", "operator": "eq"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1", "operator": "eq"}, {"name": "OSS Support Tools", "version": "8.8", "operator": "eq"}, {"name": "Oracle Retail Back Office", "version": "14.0", "operator": "eq"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.2", "operator": "eq"}, {"name": "Oracle Communications Tekelec HLR Router", "version": "4.0", "operator": "eq"}, {"name": "VirtualBox", "version": "5.0", "operator": "eq"}, {"name": "MySQL Server", "version": "5.6", "operator": "eq"}, {"name": "PeopleSoft Enterprise FIN Expenses", "version": "9.2", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.1", "operator": "eq"}, {"name": "Oracle Mobile Security Suite", "version": "3.0", "operator": "eq"}, {"name": "Oracle Communications User Data Repository", "version": "10.2", "operator": "eq"}, {"name": "Oracle Communications Convergence", "version": "3.0", "operator": "eq"}, {"name": "Oracle Access Manager", "version": "11.1", "operator": "eq"}, {"name": "JDeveloper", "version": "12.1", "operator": "eq"}, {"name": "Oracle Mobile Server", "version": "12.1", "operator": "eq"}, {"name": "Oracle Utilities Work and Asset Management", "version": "1.9", "operator": "eq"}, {"name": "Oracle Communications Policy Management", "version": "12.1", "operator": "eq"}, {"name": "Oracle WebCenter Sites", "version": "11.1", "operator": "eq"}, {"name": "JavaFX", "version": "2.2", "operator": "eq"}, {"name": "Fusion Middleware", "version": "12.1", "operator": "eq"}, {"name": "Siebel Applications", "version": "2015", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "12.1", "operator": "eq"}, {"name": "Oracle Retail Central Office", "version": "14.0", "operator": "eq"}, {"name": "Enterprise Manager Ops Center", "version": "12.2", "operator": "eq"}, {"name": "JRockit", "version": "28.3", "operator": "eq"}, {"name": "Oracle Fusion Applications", "version": "11.1", "operator": "eq"}, {"name": "Oracle Retail Open Commerce Platform", "version": "3.0", "operator": "eq"}], "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32650"], "description": "DoS, code execution.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-01T00:00:00", "title": "unzip security vulneravilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "unzip", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2015-7696", "CVE-2015-7697"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14752", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14752", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32649"], "description": "Multiple memory corruptions.", "edition": 1, "reporter": "UBUNTU", "published": "2015-11-01T00:00:00", "title": "ntp multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ntp", "version": "4.2", "operator": "eq"}], "cvelist": ["CVE-2015-7703", "CVE-2015-7855", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7701", "CVE-2015-7692", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7691", "CVE-2015-5196", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-5195", "CVE-2015-7850", "CVE-2015-7853"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14751", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14751", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31964", "https://vulners.com/securityvulns/securityvulns:doc:31976", "https://vulners.com/securityvulns/securityvulns:doc:30267"], "description": "Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-01T00:00:00", "title": "cURL security vulnerabilitiies", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:54", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "cURL", "version": "7.35", "operator": "eq"}, {"name": "libcurl", "version": "7.41", "operator": "eq"}], "cvelist": ["CVE-2015-3236", "CVE-2015-3153", "CVE-2015-3144", "CVE-2015-3237", "CVE-2014-0015", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:13544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13544", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32633", "https://vulners.com/securityvulns/securityvulns:doc:32617", "https://vulners.com/securityvulns/securityvulns:doc:32634", "https://vulners.com/securityvulns/securityvulns:doc:32646", "https://vulners.com/securityvulns/securityvulns:doc:32605", "https://vulners.com/securityvulns/securityvulns:doc:32635", "https://vulners.com/securityvulns/securityvulns:doc:32613", "https://vulners.com/securityvulns/securityvulns:doc:32645", "https://vulners.com/securityvulns/securityvulns:doc:32599", "https://vulners.com/securityvulns/securityvulns:doc:32608", "https://vulners.com/securityvulns/securityvulns:doc:32604", "https://vulners.com/securityvulns/securityvulns:doc:32603", "https://vulners.com/securityvulns/securityvulns:doc:32624", "https://vulners.com/securityvulns/securityvulns:doc:32636", "https://vulners.com/securityvulns/securityvulns:doc:32619", "https://vulners.com/securityvulns/securityvulns:doc:32609", "https://vulners.com/securityvulns/securityvulns:doc:32611", "https://vulners.com/securityvulns/securityvulns:doc:32625", "https://vulners.com/securityvulns/securityvulns:doc:32626", "https://vulners.com/securityvulns/securityvulns:doc:32627", "https://vulners.com/securityvulns/securityvulns:doc:32620", "https://vulners.com/securityvulns/securityvulns:doc:32612", "https://vulners.com/securityvulns/securityvulns:doc:32640", "https://vulners.com/securityvulns/securityvulns:doc:32601", "https://vulners.com/securityvulns/securityvulns:doc:32614", "https://vulners.com/securityvulns/securityvulns:doc:32618", "https://vulners.com/securityvulns/securityvulns:doc:32638", "https://vulners.com/securityvulns/securityvulns:doc:32632", "https://vulners.com/securityvulns/securityvulns:doc:32622", "https://vulners.com/securityvulns/securityvulns:doc:32602", "https://vulners.com/securityvulns/securityvulns:doc:32648", "https://vulners.com/securityvulns/securityvulns:doc:32644", "https://vulners.com/securityvulns/securityvulns:doc:32616", "https://vulners.com/securityvulns/securityvulns:doc:32606", "https://vulners.com/securityvulns/securityvulns:doc:32623", "https://vulners.com/securityvulns/securityvulns:doc:32631", "https://vulners.com/securityvulns/securityvulns:doc:32637", "https://vulners.com/securityvulns/securityvulns:doc:32628", "https://vulners.com/securityvulns/securityvulns:doc:32630", "https://vulners.com/securityvulns/securityvulns:doc:32615", "https://vulners.com/securityvulns/securityvulns:doc:32639", "https://vulners.com/securityvulns/securityvulns:doc:32629", "https://vulners.com/securityvulns/securityvulns:doc:32621", "https://vulners.com/securityvulns/securityvulns:doc:32607", "https://vulners.com/securityvulns/securityvulns:doc:32600", "https://vulners.com/securityvulns/securityvulns:doc:32642", "https://vulners.com/securityvulns/securityvulns:doc:32647", "https://vulners.com/securityvulns/securityvulns:doc:32641", "https://vulners.com/securityvulns/securityvulns:doc:32643", "https://vulners.com/securityvulns/securityvulns:doc:32610"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2015-10-26T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Easy2Map", "version": "1.2", "operator": "eq"}, {"name": "SourceBans", "version": "1.4", "operator": "eq"}, {"name": "twig", "version": "1.20", "operator": "eq"}, {"name": "Bugzilla", "version": "5.0", "operator": "eq"}, {"name": "ZendFramework", "version": "1.12", "operator": "eq"}, {"name": "Pie Register", "version": "2.0", "operator": "eq"}, {"name": "Support Ticket System", "version": "1.2", "operator": "eq"}, {"name": "Payment Form for PayPal Pro", "version": "1.0", "operator": "eq"}, {"name": "Magento", "version": "1.9", "operator": "eq"}, {"name": "LinuxOptic CMS", "version": "2009", "operator": "eq"}, {"name": "TestLink", "version": "1.9", "operator": "eq"}, {"name": "drupal", "version": "7.39", "operator": "eq"}, {"name": "YouTube Embed", "version": "3.3", "operator": "eq"}, {"name": "NodeBB", "version": "0.8", "operator": "eq"}, {"name": "K2 Platforms", "version": "4.6", "operator": "eq"}, {"name": "Qlikview", "version": "11.20", "operator": "eq"}, {"name": "Font", "version": "7.5", "operator": "eq"}, {"name": "Lime Survey", "version": "2.06", "operator": "eq"}, {"name": "X2Engine", "version": "4.2", "operator": "eq"}, {"name": "JSPMySQL", "version": "1.0", "operator": "eq"}, {"name": "Cerb", "version": "7.0", "operator": "eq"}, {"name": "James Server", "version": "2.3", "operator": "eq"}, {"name": "ResAds", "version": "1.0", "operator": "eq"}, {"name": "Bamboo", "version": "5.9", "operator": "eq"}, {"name": "BMC Remedy AR", "version": "9.0", "operator": "eq"}, {"name": "iTop", "version": "2.1", "operator": "eq"}, {"name": "Revive Adserver", "version": "3.2", "operator": "eq"}, {"name": "ServiceDesk Plus", "version": "9", "operator": "eq"}, {"name": "DataTables", "version": "1.10", "operator": "eq"}, {"name": "Jenkins", "version": "1.626", "operator": "eq"}, {"name": "JIRA", "version": "6.4", "operator": "eq"}, {"name": "Secure MFT", "version": "2015", "operator": "eq"}, {"name": "Openfire", "version": "3.10", "operator": "eq"}, {"name": "DWBooster Appointment Booking Calendar", "version": "1.1", "operator": "eq"}], "cvelist": ["CVE-2015-7377", "CVE-2015-6000", "CVE-2015-5075", "CVE-2015-7390", "CVE-2015-6544", "CVE-2015-7668", "CVE-2015-5715", "CVE-2015-7373", "CVE-2015-6659", "CVE-2015-5956", "CVE-2015-3623", "CVE-2015-6660", "CVE-2015-7682", "CVE-2015-5723", "CVE-2015-7368", "CVE-2015-7319", "CVE-2015-7299", "CVE-2015-7669", "CVE-2015-5071", "CVE-2015-7371", "CVE-2015-7320", "CVE-2015-6497", "CVE-2015-4499", "CVE-2015-7683", "CVE-2015-7367", "CVE-2014-8778", "CVE-2015-7670", "CVE-2015-7391", "CVE-2015-7372", "CVE-2015-7366", "CVE-2015-7364", "CVE-2015-7667", "CVE-2015-5072", "CVE-2015-6545", "CVE-2015-7370", "CVE-2015-7666", "CVE-2015-6658", "CVE-2015-6576", "CVE-2015-5076", "CVE-2015-6584", "CVE-2015-5074", "CVE-2015-5603", "CVE-2015-7365", "CVE-2015-6661", "CVE-2015-7369", "CVE-2015-5714", "CVE-2015-6665"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14750", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32510", "https://vulners.com/securityvulns/securityvulns:doc:32597"], "description": "Authentication bypass, information disclosure.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-26T00:00:00", "title": "HP ArcSight Logger security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ArcSight Logger", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2015-2136", "CVE-2015-6029"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14693", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14693", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32598"], "description": "No description provided", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-26T00:00:00", "title": "HP Asset Manager information disclosure", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Asset Manager", "version": "9.50", "operator": "eq"}], "cvelist": ["CVE-2015-5448"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14749", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14749", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
