ID SECURITYVULNS:VULN:13196
Type securityvulns
Reporter BUGTRAQ
Modified 2013-07-17T00:00:00
Description
DoS conditions
{"id": "SECURITYVULNS:VULN:13196", "bulletinFamily": "software", "title": "Trend Micro DirectPass multiple security vulnerabilities", "description": "DoS conditions", "published": "2013-07-17T00:00:00", "modified": "2013-07-17T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13196", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:29621"], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:09:52", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "52fbc9bc16a46fdc9f54aec0badc81ce"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "3c93787d25c28670d9969bc3b9a8ee8e"}, {"key": "href", "hash": "a3abfbb66ea12206cdc147fc038917f0"}, {"key": "modified", "hash": "77c6fa78b0befcc8ae60ea0c8eefa7c8"}, {"key": "published", "hash": "77c6fa78b0befcc8ae60ea0c8eefa7c8"}, {"key": "references", "hash": "2083ee71f6a261cb4dbab6c70841d09f"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "2a21527ce14b75764c80f49b54cf3c25"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "74f2c93bbf04704a3a2e3cb6a9d407aa1824feabbc8cc957e19940f892554a97", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:09:52"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedSoftware": [{"name": "DirectPass", "operator": "eq", "version": "1.5"}]}
{"cve": [{"lastseen": "2018-08-25T10:52:04", "references": ["https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap", "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"], "description": "The sell function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets.", "edition": 2, "reporter": "NVD", "published": "2018-07-04T22:29:02", "title": "CVE-2018-13196", "type": "cve", "enchantments": {"score": {"modified": "2018-08-25T10:52:04", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-13196"], "scanner": [], "modified": "2018-08-24T13:37:12", "cpe": ["cpe:/a:t-swap-token_project:t-swap-token:-"], "id": "CVE-2018-13196", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13196", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-31T11:34:41", "references": ["https://source.android.com/security/bulletin/2018-01-01", "http://www.securitytracker.com/id/1040106", "http://www.securityfocus.com/bid/102414"], "description": "In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067.", "edition": 3, "reporter": "NVD", "published": "2018-01-12T18:29:01", "title": "CVE-2017-13196", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-13196"], "scanner": [], "modified": "2018-01-30T09:32:49", "cpe": ["cpe:/o:google:android:6.0", "cpe:/o:google:android:5.1.1", "cpe:/o:google:android:8.0", "cpe:/o:google:android:7.0", "cpe:/o:google:android:8.1", "cpe:/o:google:android:7.1.2", "cpe:/o:google:android:6.0.1", "cpe:/o:google:android:7.1.1"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13196", "id": "CVE-2017-13196", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-11-13T17:02:05", "references": ["https://www.suse.com/security/cve/CVE-2017-7486/", "https://bugzilla.suse.com/1037603", "https://bugzilla.suse.com/1029547", "http://www.nessus.org/u?71cef8e4", "https://bugzilla.suse.com/1038293", "https://bugzilla.suse.com/1037624", "https://www.suse.com/security/cve/CVE-2017-7485/", "https://www.suse.com/security/cve/CVE-2017-7484/"], "pluginID": "101260", "description": "This update for postgresql93 fixes the following issues :\n\n - bsc#1029547: Fix tests with timezone 2017a\n\n - CVE-2017-7486: Restrict visibility of pg_user_mappings.umoptions, to protect passwords stored as user mapping options. (bsc#1037624)\n\n - CVE-2017-7485: Recognize PGREQUIRESSL variable again.\n (bsc#1038293)\n\n - CVE-2017-7484: Prevent exposure of statistical information via leaky operators. (bsc#1037603)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 11, "reporter": "Tenable", "published": "2017-07-06T00:00:00", "title": "SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2017:1783-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7486", "CVE-2017-7484", "CVE-2017-7485"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:postgresql94-contrib", "p-cpe:/a:novell:suse_linux:postgresql94-server", "p-cpe:/a:novell:suse_linux:libpq5", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:postgresql94-docs", "p-cpe:/a:novell:suse_linux:postgresql94", "p-cpe:/a:novell:suse_linux:libecpg6"], "id": "SUSE_SU-2017-1783-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1783-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101260);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/10 11:50:05\");\n\n script_cve_id(\"CVE-2017-7484\", \"CVE-2017-7485\", \"CVE-2017-7486\");\n\n script_name(english:\"SUSE SLES11 Security Update : postgresql94 (SUSE-SU-2017:1783-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for postgresql93 fixes the following issues :\n\n - bsc#1029547: Fix tests with timezone 2017a\n\n - CVE-2017-7486: Restrict visibility of\n pg_user_mappings.umoptions, to protect passwords stored\n as user mapping options. (bsc#1037624)\n\n - CVE-2017-7485: Recognize PGREQUIRESSL variable again.\n (bsc#1038293)\n\n - CVE-2017-7484: Prevent exposure of statistical\n information via leaky operators. (bsc#1037603)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1029547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1037603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1037624\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1038293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7484/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7485/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7486/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171783-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71cef8e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-postgresql94-13196=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-postgresql94-13196=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-postgresql94-13196=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libecpg6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpq5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql94\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql94-contrib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql94-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:postgresql94-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libpq5-32bit-9.4.12-0.22.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libpq5-32bit-9.4.12-0.22.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libecpg6-9.4.12-0.22.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libpq5-9.4.12-0.22.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"postgresql94-9.4.12-0.22.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"postgresql94-contrib-9.4.12-0.22.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"postgresql94-docs-9.4.12-0.22.3\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"postgresql94-server-9.4.12-0.22.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"postgresql94\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "apport security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Apport", "version": "2.18", "operator": "eq"}], "cvelist": ["CVE-2015-1338"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14720", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "description": "PHAR extension DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "PHP security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PHP", "version": "5.6", "operator": "eq"}], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32652"], "description": "Crash on audiofiles processing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-02T00:00:00", "title": "audiofile memory corruption", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "libaudiofile", "version": "0.3", "operator": "eq"}], "cvelist": ["CVE-2015-7747"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14754", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14754", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32657", "https://vulners.com/securityvulns/securityvulns:doc:32654", "https://vulners.com/securityvulns/securityvulns:doc:32655", "https://vulners.com/securityvulns/securityvulns:doc:32656", "https://vulners.com/securityvulns/securityvulns:doc:32658", "https://vulners.com/securityvulns/securityvulns:doc:32659", "https://vulners.com/securityvulns/securityvulns:doc:32653"], "description": "Quarterly update closes 140 vulnerabilities in different applications.", "edition": 1, "reporter": "ORACLE", "published": "2015-11-02T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PeopleSoft Enterprise HCM Talent Acquistion Managment", "version": "9.2", "operator": "eq"}, {"name": "Endeca Server", "version": "7.6", "operator": "eq"}, {"name": "Oracle Transportation Management", "version": "6.2", "operator": "eq"}, {"name": "Oracle Traffic Director", "version": "11.1", "operator": "eq"}, {"name": "Java SE", "version": "8", "operator": "eq"}, {"name": "Oracle Communications LSMS", "version": "13.1", "operator": "eq"}, {"name": "Oracle Communications Messaging Server", "version": "8.0", "operator": "eq"}, {"name": "Oracle Enterprise Data Quality", "version": "12.1", "operator": "eq"}, {"name": "PeopleSoft Enterprise FSCM", "version": "9.2", "operator": "eq"}, {"name": "Hyperion Installation Technology", "version": "11.1", "operator": "eq"}, {"name": "Oracle", "version": "12.1", "operator": "eq"}, {"name": "Java SE Embedded", "version": "8", "operator": "eq"}, {"name": "Outside In Technology", "version": "8.5", "operator": "eq"}, {"name": "Exalogic Infrastructure", "version": "2.0", "operator": "eq"}, {"name": "Oracle", "version": "11.2", "operator": "eq"}, {"name": "Oracle Retail Returns Management", "version": "14.0", "operator": "eq"}, {"name": "Oracle E-Business Suite", "version": "12.2", "operator": "eq"}, {"name": "Solaris", "version": "11.2", "operator": "eq"}, {"name": "MySQL Enterprise Monitor", "version": "3.0", "operator": "eq"}, {"name": "PeopleSoft Enterprise PeopleTools", "version": "8.54", "operator": "eq"}, {"name": "Oracle Agile PLM", "version": "9.3", "operator": "eq"}, {"name": "PeopleSoft Enterprise HCM", "version": "9.2", "operator": "eq"}, {"name": "Oracle WebCenter Content", "version": "10.1", "operator": "eq"}, {"name": "Oracle Configurator", "version": "12.2", "operator": "eq"}, {"name": "Oracle Communications Performance Intelligence Center Software", "version": "10.1", "operator": "eq"}, {"name": "Oracle Communications Diameter Signaling Router", "version": "7.1", "operator": "eq"}, {"name": "Oracle Identity Manager", "version": "11.1", "operator": "eq"}, {"name": "Enterprise Manager Base Platform", "version": "12.1", "operator": "eq"}, {"name": "FS1-2 Flash Storage System", "version": "6.3", "operator": "eq"}, {"name": "Integrated Lights Out Manager", "version": "3.2", "operator": "eq"}, {"name": "Oracle Business Intelligence Enterprise Edition", "version": "11.1", "operator": "eq"}, {"name": "OSS Support Tools", "version": "8.8", "operator": "eq"}, {"name": "Oracle Retail Back Office", "version": "14.0", "operator": "eq"}, {"name": "Oracle Agile Engineering Data Management", "version": "6.2", "operator": "eq"}, {"name": "Oracle Communications Tekelec HLR Router", "version": "4.0", "operator": "eq"}, {"name": "VirtualBox", "version": "5.0", "operator": "eq"}, {"name": "MySQL Server", "version": "5.6", "operator": "eq"}, {"name": "PeopleSoft Enterprise FIN Expenses", "version": "9.2", "operator": "eq"}, {"name": "GlassFish Server", "version": "3.1", "operator": "eq"}, {"name": "Oracle Mobile Security Suite", "version": "3.0", "operator": "eq"}, {"name": "Oracle Communications User Data Repository", "version": "10.2", "operator": "eq"}, {"name": "Oracle Communications Convergence", "version": "3.0", "operator": "eq"}, {"name": "Oracle Access Manager", "version": "11.1", "operator": "eq"}, {"name": "JDeveloper", "version": "12.1", "operator": "eq"}, {"name": "Oracle Mobile Server", "version": "12.1", "operator": "eq"}, {"name": "Oracle Utilities Work and Asset Management", "version": "1.9", "operator": "eq"}, {"name": "Oracle Communications Policy Management", "version": "12.1", "operator": "eq"}, {"name": "Oracle WebCenter Sites", "version": "11.1", "operator": "eq"}, {"name": "JavaFX", "version": "2.2", "operator": "eq"}, {"name": "Fusion Middleware", "version": "12.1", "operator": "eq"}, {"name": "Siebel Applications", "version": "2015", "operator": "eq"}, {"name": "Oracle HTTP Server", "version": "12.1", "operator": "eq"}, {"name": "Oracle Retail Central Office", "version": "14.0", "operator": "eq"}, {"name": "Enterprise Manager Ops Center", "version": "12.2", "operator": "eq"}, {"name": "JRockit", "version": "28.3", "operator": "eq"}, {"name": "Oracle Fusion Applications", "version": "11.1", "operator": "eq"}, {"name": "Oracle Retail Open Commerce Platform", "version": "3.0", "operator": "eq"}], "cvelist": ["CVE-2015-4894", "CVE-2015-4000", "CVE-2015-4851", "CVE-2015-4895", "CVE-2015-4905", "CVE-2015-4866", "CVE-2015-4832", "CVE-2015-4822", "CVE-2015-4830", "CVE-2015-4804", "CVE-2015-4816", "CVE-2015-0235", "CVE-2015-1793", "CVE-2015-4793", "CVE-2015-4863", "CVE-2015-4913", "CVE-2015-4892", "CVE-2014-0191", "CVE-2015-4796", "CVE-2015-4864", "CVE-2015-4794", "CVE-2015-4887", "CVE-2015-2642", "CVE-2015-4860", "CVE-2015-4868", "CVE-1999-0377", "CVE-2015-4820", "CVE-2015-4903", "CVE-2015-0286", "CVE-2015-4906", "CVE-2015-4843", "CVE-2015-4842", "CVE-2015-4910", "CVE-2015-4872", "CVE-2015-4846", "CVE-2014-3576", "CVE-2015-4876", "CVE-2014-3571", "CVE-2015-4883", "CVE-2014-7940", "CVE-2015-4858", "CVE-2015-4802", "CVE-2015-4882", "CVE-2015-4801", "CVE-2015-4878", "CVE-2015-4799", "CVE-2015-4811", "CVE-2015-4834", "CVE-2015-4762", "CVE-2015-4815", "CVE-2015-4812", "CVE-2015-4839", "CVE-2015-4798", "CVE-2015-4891", "CVE-2015-4734", "CVE-2015-4899", "CVE-2015-4865", "CVE-2015-4915", "CVE-2015-4871", "CVE-2015-4800", "CVE-2015-4869", "CVE-2015-4828", "CVE-2015-4803", "CVE-2015-4875", "CVE-2015-4902", "CVE-2015-4917", "CVE-2015-4909", "CVE-2015-4791", "CVE-2015-4805", "CVE-2015-4849", "CVE-2015-4879", "CVE-2015-4888", "CVE-2015-4838", "CVE-2015-4850", "CVE-2015-4806", "CVE-2015-4825", "CVE-2015-3144", "CVE-2015-4797", "CVE-2015-4792", "CVE-2015-4837", "CVE-2015-4904", "CVE-2015-4810", "CVE-2015-4827", "CVE-2014-0050", "CVE-2015-4817", "CVE-2015-4908", "CVE-2015-4912", "CVE-2015-4833", "CVE-2015-4847", "CVE-2015-4855", "CVE-2015-4848", "CVE-2015-4730", "CVE-2015-4819", "CVE-2015-4896", "CVE-2015-2633", "CVE-2015-4807", "CVE-2015-4901", "CVE-2015-4835", "CVE-2015-4873", "CVE-2015-4766", "CVE-2015-4795", "CVE-2015-4907", "CVE-2015-4859", "CVE-2015-1829", "CVE-2015-4898", "CVE-2015-4874", "CVE-2015-4836", "CVE-2015-4824", "CVE-2015-4900", "CVE-2015-4831", "CVE-2015-4861", "CVE-2015-4911", "CVE-2015-4886", "CVE-2015-2608", "CVE-2015-4809", "CVE-2015-4877", "CVE-2015-4844", "CVE-2015-4870", "CVE-2015-4881", "CVE-2015-4840", "CVE-2015-4856", "CVE-2015-4845", "CVE-2015-4914", "CVE-2015-4893", "CVE-2015-4916", "CVE-2015-4826", "CVE-2014-1569", "CVE-2015-4862", "CVE-2010-1622", "CVE-2015-4857", "CVE-2015-4890", "CVE-2015-4867", "CVE-2015-4884", "CVE-2015-4813", "CVE-2015-4841", "CVE-2015-4818", "CVE-2015-4880", "CVE-2015-1791", "CVE-2015-4823", "CVE-2015-4821"], "modified": "2015-11-02T00:00:00", "id": "SECURITYVULNS:VULN:14755", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14755", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32650"], "description": "DoS, code execution.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-01T00:00:00", "title": "unzip security vulneravilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "unzip", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2015-7696", "CVE-2015-7697"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14752", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14752", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32649"], "description": "Multiple memory corruptions.", "edition": 1, "reporter": "UBUNTU", "published": "2015-11-01T00:00:00", "title": "ntp multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ntp", "version": "4.2", "operator": "eq"}], "cvelist": ["CVE-2015-7703", "CVE-2015-7855", "CVE-2015-5219", "CVE-2015-7704", "CVE-2015-7701", "CVE-2015-7692", "CVE-2015-7702", "CVE-2015-5194", "CVE-2015-7852", "CVE-2015-7871", "CVE-2015-7691", "CVE-2015-5196", "CVE-2015-7705", "CVE-2015-5300", "CVE-2015-5195", "CVE-2015-7850", "CVE-2015-7853"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:14751", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14751", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31964", "https://vulners.com/securityvulns/securityvulns:doc:31976", "https://vulners.com/securityvulns/securityvulns:doc:30267"], "description": "Request may be sent via wrong connection if NTLM authentication is used. Information disclosure, DoS.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-11-01T00:00:00", "title": "cURL security vulnerabilitiies", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:54", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "cURL", "version": "7.35", "operator": "eq"}, {"name": "libcurl", "version": "7.41", "operator": "eq"}], "cvelist": ["CVE-2015-3236", "CVE-2015-3153", "CVE-2015-3144", "CVE-2015-3237", "CVE-2014-0015", "CVE-2015-3145", "CVE-2015-3143", "CVE-2015-3148"], "modified": "2015-11-01T00:00:00", "id": "SECURITYVULNS:VULN:13544", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13544", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:03", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32633", "https://vulners.com/securityvulns/securityvulns:doc:32617", "https://vulners.com/securityvulns/securityvulns:doc:32634", "https://vulners.com/securityvulns/securityvulns:doc:32646", "https://vulners.com/securityvulns/securityvulns:doc:32605", "https://vulners.com/securityvulns/securityvulns:doc:32635", "https://vulners.com/securityvulns/securityvulns:doc:32613", "https://vulners.com/securityvulns/securityvulns:doc:32645", "https://vulners.com/securityvulns/securityvulns:doc:32599", "https://vulners.com/securityvulns/securityvulns:doc:32608", "https://vulners.com/securityvulns/securityvulns:doc:32604", "https://vulners.com/securityvulns/securityvulns:doc:32603", "https://vulners.com/securityvulns/securityvulns:doc:32624", "https://vulners.com/securityvulns/securityvulns:doc:32636", "https://vulners.com/securityvulns/securityvulns:doc:32619", "https://vulners.com/securityvulns/securityvulns:doc:32609", "https://vulners.com/securityvulns/securityvulns:doc:32611", "https://vulners.com/securityvulns/securityvulns:doc:32625", "https://vulners.com/securityvulns/securityvulns:doc:32626", "https://vulners.com/securityvulns/securityvulns:doc:32627", "https://vulners.com/securityvulns/securityvulns:doc:32620", "https://vulners.com/securityvulns/securityvulns:doc:32612", "https://vulners.com/securityvulns/securityvulns:doc:32640", "https://vulners.com/securityvulns/securityvulns:doc:32601", "https://vulners.com/securityvulns/securityvulns:doc:32614", "https://vulners.com/securityvulns/securityvulns:doc:32618", "https://vulners.com/securityvulns/securityvulns:doc:32638", "https://vulners.com/securityvulns/securityvulns:doc:32632", "https://vulners.com/securityvulns/securityvulns:doc:32622", "https://vulners.com/securityvulns/securityvulns:doc:32602", "https://vulners.com/securityvulns/securityvulns:doc:32648", "https://vulners.com/securityvulns/securityvulns:doc:32644", "https://vulners.com/securityvulns/securityvulns:doc:32616", "https://vulners.com/securityvulns/securityvulns:doc:32606", "https://vulners.com/securityvulns/securityvulns:doc:32623", "https://vulners.com/securityvulns/securityvulns:doc:32631", "https://vulners.com/securityvulns/securityvulns:doc:32637", "https://vulners.com/securityvulns/securityvulns:doc:32628", "https://vulners.com/securityvulns/securityvulns:doc:32630", "https://vulners.com/securityvulns/securityvulns:doc:32615", "https://vulners.com/securityvulns/securityvulns:doc:32639", "https://vulners.com/securityvulns/securityvulns:doc:32629", "https://vulners.com/securityvulns/securityvulns:doc:32621", "https://vulners.com/securityvulns/securityvulns:doc:32607", "https://vulners.com/securityvulns/securityvulns:doc:32600", "https://vulners.com/securityvulns/securityvulns:doc:32642", "https://vulners.com/securityvulns/securityvulns:doc:32647", "https://vulners.com/securityvulns/securityvulns:doc:32641", "https://vulners.com/securityvulns/securityvulns:doc:32643", "https://vulners.com/securityvulns/securityvulns:doc:32610"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": " ", "published": "2015-10-26T00:00:00", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:03", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Easy2Map", "version": "1.2", "operator": "eq"}, {"name": "SourceBans", "version": "1.4", "operator": "eq"}, {"name": "twig", "version": "1.20", "operator": "eq"}, {"name": "Bugzilla", "version": "5.0", "operator": "eq"}, {"name": "ZendFramework", "version": "1.12", "operator": "eq"}, {"name": "Pie Register", "version": "2.0", "operator": "eq"}, {"name": "Support Ticket System", "version": "1.2", "operator": "eq"}, {"name": "Payment Form for PayPal Pro", "version": "1.0", "operator": "eq"}, {"name": "Magento", "version": "1.9", "operator": "eq"}, {"name": "LinuxOptic CMS", "version": "2009", "operator": "eq"}, {"name": "TestLink", "version": "1.9", "operator": "eq"}, {"name": "drupal", "version": "7.39", "operator": "eq"}, {"name": "YouTube Embed", "version": "3.3", "operator": "eq"}, {"name": "NodeBB", "version": "0.8", "operator": "eq"}, {"name": "K2 Platforms", "version": "4.6", "operator": "eq"}, {"name": "Qlikview", "version": "11.20", "operator": "eq"}, {"name": "Font", "version": "7.5", "operator": "eq"}, {"name": "Lime Survey", "version": "2.06", "operator": "eq"}, {"name": "X2Engine", "version": "4.2", "operator": "eq"}, {"name": "JSPMySQL", "version": "1.0", "operator": "eq"}, {"name": "Cerb", "version": "7.0", "operator": "eq"}, {"name": "James Server", "version": "2.3", "operator": "eq"}, {"name": "ResAds", "version": "1.0", "operator": "eq"}, {"name": "Bamboo", "version": "5.9", "operator": "eq"}, {"name": "BMC Remedy AR", "version": "9.0", "operator": "eq"}, {"name": "iTop", "version": "2.1", "operator": "eq"}, {"name": "Revive Adserver", "version": "3.2", "operator": "eq"}, {"name": "ServiceDesk Plus", "version": "9", "operator": "eq"}, {"name": "DataTables", "version": "1.10", "operator": "eq"}, {"name": "Jenkins", "version": "1.626", "operator": "eq"}, {"name": "JIRA", "version": "6.4", "operator": "eq"}, {"name": "Secure MFT", "version": "2015", "operator": "eq"}, {"name": "Openfire", "version": "3.10", "operator": "eq"}, {"name": "DWBooster Appointment Booking Calendar", "version": "1.1", "operator": "eq"}], "cvelist": ["CVE-2015-7377", "CVE-2015-6000", "CVE-2015-5075", "CVE-2015-7390", "CVE-2015-6544", "CVE-2015-7668", "CVE-2015-5715", "CVE-2015-7373", "CVE-2015-6659", "CVE-2015-5956", "CVE-2015-3623", "CVE-2015-6660", "CVE-2015-7682", "CVE-2015-5723", "CVE-2015-7368", "CVE-2015-7319", "CVE-2015-7299", "CVE-2015-7669", "CVE-2015-5071", "CVE-2015-7371", "CVE-2015-7320", "CVE-2015-6497", "CVE-2015-4499", "CVE-2015-7683", "CVE-2015-7367", "CVE-2014-8778", "CVE-2015-7670", "CVE-2015-7391", "CVE-2015-7372", "CVE-2015-7366", "CVE-2015-7364", "CVE-2015-7667", "CVE-2015-5072", "CVE-2015-6545", "CVE-2015-7370", "CVE-2015-7666", "CVE-2015-6658", "CVE-2015-6576", "CVE-2015-5076", "CVE-2015-6584", "CVE-2015-5074", "CVE-2015-5603", "CVE-2015-7365", "CVE-2015-6661", "CVE-2015-7369", "CVE-2015-5714", "CVE-2015-6665"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14750", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14750", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32510", "https://vulners.com/securityvulns/securityvulns:doc:32597"], "description": "Authentication bypass, information disclosure.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-26T00:00:00", "title": "HP ArcSight Logger security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ArcSight Logger", "version": "6.0", "operator": "eq"}], "cvelist": ["CVE-2015-2136", "CVE-2015-6029"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14693", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14693", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:02", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32598"], "description": "No description provided", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-10-26T00:00:00", "title": "HP Asset Manager information disclosure", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:02", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Asset Manager", "version": "9.50", "operator": "eq"}], "cvelist": ["CVE-2015-5448"], "modified": "2015-10-26T00:00:00", "id": "SECURITYVULNS:VULN:14749", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14749", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}
