{"enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4416"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11380"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2011-194091"]}], "modified": "2020-06-22T11:41:00", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2020-06-22T11:41:00", "rev": 2}, "vulnersScore": 6.5}, "edition": 3, "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-019/", "modified": "2011-06-22T00:00:00", "published": "2011-01-18T00:00:00", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GoldenGate Veridata. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the application parses an XML soap request used for authorization to the management site. While copying string data from a tag into a buffer, the application will terminate the copy only when the byte being copied is of the value 0x20. By crafting a large enough string without this terminator, an attacker can exploit this to execute remote code under the context of the application.", "bulletinFamily": "info", "viewCount": 2, "title": "Oracle GoldenGate Veridata Server XML SOAP Request Parsing Remote Code Execution Vulnerability", "references": ["http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"], "cvelist": ["CVE-2010-4416"], "type": "zdi", "id": "ZDI-11-019", "lastseen": "2020-06-22T11:41:00", "reporter": "Andrea Micalizzi aka rgod", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:57:31", "description": "Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party researcher that this is a buffer overflow via a crafted XML soap request and a value that does not contain the expected 0x20 terminator character.", "edition": 3, "cvss3": {}, "published": "2011-01-19T16:00:00", "title": "CVE-2010-4416", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4416"], "modified": "2017-08-17T01:33:00", "cpe": ["cpe:/a:oracle:fusion_middleware:3.0.0.4"], "id": "CVE-2010-4416", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4416", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:fusion_middleware:3.0.0.4:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2010-3598", "CVE-2010-4428", "CVE-2010-4459", "CVE-2010-4445", "CVE-2010-4416", "CVE-2010-4429", "CVE-2010-3505", "CVE-2010-4420", "CVE-2010-4458", "CVE-2010-2632", "CVE-2010-1227", "CVE-2010-4439", "CVE-2010-4444", "CVE-2010-3599", "CVE-2010-3594", "CVE-2010-4425", "CVE-2010-3589", "CVE-2010-4433", "CVE-2010-3593", "CVE-2010-4426", "CVE-2010-4453", "CVE-2010-4436", "CVE-2010-2935", "CVE-2010-3597", "CVE-2010-4427", "CVE-2010-3592", "CVE-2010-4423", "CVE-2010-3574", "CVE-2010-4441", "CVE-2010-4461", "CVE-2010-4419", "CVE-2010-4435", "CVE-2010-3600", "CVE-2010-4431", "CVE-2010-4455", "CVE-2009-4269", "CVE-2009-3555", "CVE-2010-4457", "CVE-2010-4417", "CVE-2010-3590", "CVE-2010-4442", "CVE-2010-4464", "CVE-2010-4456", "CVE-2010-4443", "CVE-2010-4414", "CVE-2010-3595", "CVE-2010-4413", "CVE-2010-4415", "CVE-2010-4418", "CVE-2010-4434", "CVE-2010-4421", "CVE-2010-2936", "CVE-2010-4430", "CVE-2010-4437", "CVE-2010-3588", "CVE-2010-3510", "CVE-2010-4424", "CVE-2010-4449", "CVE-2010-3586", "CVE-2010-3591", "CVE-2010-4446", "CVE-2010-4432", "CVE-2010-3587", "CVE-2010-4460", "CVE-2010-4438", "CVE-2010-4440"], "description": "Quarterly security update closes nearly 70 different vulnerabilities in all applications.", "edition": 1, "modified": "2011-02-26T00:00:00", "published": "2011-02-26T00:00:00", "id": "SECURITYVULNS:VULN:11380", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11380", "title": "Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2019-05-29T18:21:13", "bulletinFamily": "software", "cvelist": ["CVE-2010-3598", "CVE-2010-3562", "CVE-2010-4428", "CVE-2010-4459", "CVE-2010-4445", "CVE-2010-4416", "CVE-2010-3557", "CVE-2010-4429", "CVE-2010-3505", "CVE-2010-4420", "CVE-2010-3551", "CVE-2010-4458", "CVE-2010-3553", "CVE-2010-2632", "CVE-2010-1227", "CVE-2010-3566", "CVE-2010-4439", "CVE-2010-4444", "CVE-2010-3565", "CVE-2010-3599", "CVE-2010-3594", "CVE-2010-4425", "CVE-2010-3589", "CVE-2010-3572", "CVE-2010-4433", "CVE-2010-3593", "CVE-2010-4426", "CVE-2010-4453", "CVE-2010-4436", "CVE-2010-2935", "CVE-2010-3597", "CVE-2010-4427", "CVE-2010-3592", "CVE-2010-4423", "CVE-2010-3574", "CVE-2010-4441", "CVE-2010-4461", "CVE-2010-4419", "CVE-2010-4435", "CVE-2010-3600", "CVE-2010-3541", "CVE-2010-4431", "CVE-2010-4455", "CVE-2009-4269", "CVE-2010-3571", "CVE-2009-3555", "CVE-2010-4457", "CVE-2010-4417", "CVE-2010-3590", "CVE-2010-4442", "CVE-2010-4464", "CVE-2010-3559", "CVE-2010-1321", "CVE-2010-4456", "CVE-2010-3556", "CVE-2010-4443", "CVE-2010-4414", "CVE-2010-3561", "CVE-2010-3595", "CVE-2010-3549", "CVE-2010-4413", "CVE-2010-3554", "CVE-2010-4415", "CVE-2010-4418", "CVE-2010-4434", "CVE-2010-4421", "CVE-2010-2936", "CVE-2010-3555", "CVE-2010-4430", "CVE-2010-4437", "CVE-2010-3588", "CVE-2010-3510", "CVE-2010-4424", "CVE-2010-4449", "CVE-2010-3567", "CVE-2010-3573", "CVE-2010-3586", "CVE-2010-3591", "CVE-2010-3548", "CVE-2010-4446", "CVE-2010-4432", "CVE-2010-3568", "CVE-2010-3587", "CVE-2010-4460", "CVE-2010-4438", "CVE-2010-4440", "CVE-2010-3569"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 66 new security fixes across all product families listed below.\n", "modified": "2011-02-01T00:00:00", "published": "2011-01-18T00:00:00", "id": "ORACLE:CPUJAN2011-194091", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2011", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}