admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-23 23:00:57 +00:00
parent a9ef265d12
commit 2a1e678ad2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
99 changed files with 6660 additions and 6364 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

619
2014/0xxx/CVE-2014-0114.json
View File

@ -1,526 +1,527 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2014-0114",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0114",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1."
"lang": "eng",
"value": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114",
"refsource":"MLIST",
"url":"http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html"
"name": "[apache-ignite-developers] 20180601 [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114",
"refsource": "MLIST",
"url": "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2014-0114-Apache-Ignite-is-vulnerable-to-existing-CVE-2014-0114-td31205.html"
},
{
"name":"57477",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/57477"
"name": "57477",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57477"
},
{
"name":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html",
"refsource":"CONFIRM",
"url":"http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0008.html"
},
{
"name":"https://issues.apache.org/jira/browse/BEANUTILS-463",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/BEANUTILS-463"
"name": "https://issues.apache.org/jira/browse/BEANUTILS-463",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/BEANUTILS-463"
},
{
"name":"58710",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/58710"
"name": "58710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58710"
},
{
"name":"MDVSA-2014:095",
"refsource":"MANDRIVA",
"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:095"
"name": "MDVSA-2014:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:095"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource":"CONFIRM",
"url":"http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21675689",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
},
{
"name":"FEDORA-2014-9380",
"refsource":"FEDORA",
"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html"
"name": "FEDORA-2014-9380",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136958.html"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21674812",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
},
{
"name":"https://security.netapp.com/advisory/ntap-20140911-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20140911-0001/"
"name": "https://security.netapp.com/advisory/ntap-20140911-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20140911-0001/"
},
{
"name":"59464",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59464"
"name": "59464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59464"
},
{
"name":"59118",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59118"
"name": "59118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59118"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180629-0006/"
"name": "https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21675387",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"name":"https://access.redhat.com/solutions/869353",
"refsource":"CONFIRM",
"url":"https://access.redhat.com/solutions/869353"
"name": "https://access.redhat.com/solutions/869353",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/solutions/869353"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1091938",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"name":"http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt",
"refsource":"CONFIRM",
"url":"http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt"
"name": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt",
"refsource": "CONFIRM",
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt"
},
{
"name":"http://advisories.mageia.org/MGASA-2014-0219.html",
"refsource":"CONFIRM",
"url":"http://advisories.mageia.org/MGASA-2014-0219.html"
"name": "http://advisories.mageia.org/MGASA-2014-0219.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0219.html"
},
{
"name":"60703",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/60703"
"name": "60703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60703"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21675972",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21676375",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"name":"[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE",
"refsource":"MLIST",
"url":"http://openwall.com/lists/oss-security/2014/07/08/1"
"name": "[oss-security] 20140707 Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/07/08/1"
},
{
"name":"RHSA-2018:2669",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2669"
"name": "RHSA-2018:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2669"
},
{
"name":"GLSA-201607-09",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201607-09"
"name": "GLSA-201607-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-09"
},
{
"name":"HPSBST03160",
"refsource":"HP",
"url":"http://marc.info/?l=bugtraq&m=141451023707502&w=2"
"name": "HPSBST03160",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141451023707502&w=2"
},
{
"name":"20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource":"BUGTRAQ",
"url":"http://www.securityfocus.com/archive/1/534161/100/0/threaded"
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21675898",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21676110",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg27042296",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21676303",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"name":"59228",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59228"
"name": "59228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59228"
},
{
"name":"59246",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59246"
"name": "59246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59246"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1116665",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"name":"[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE",
"refsource":"MLIST",
"url":"http://openwall.com/lists/oss-security/2014/06/15/10"
"name": "[oss-security] 20140616 CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/06/15/10"
},
{
"name":"59245",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59245"
"name": "59245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59245"
},
{
"name":"HPSBMU03090",
"refsource":"HP",
"url":"http://marc.info/?l=bugtraq&m=140801096002766&w=2"
"name": "HPSBMU03090",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140801096002766&w=2"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21674128",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21676931",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"name":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name":"60177",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/60177"
"name": "60177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60177"
},
{
"name":"20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource":"FULLDISC",
"url":"http://seclists.org/fulldisclosure/2014/Dec/23"
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"http://www.ibm.com/support/docview.wss?uid=swg21675496",
"refsource":"CONFIRM",
"url":"http://www.ibm.com/support/docview.wss?uid=swg21675496"
"name": "http://www.ibm.com/support/docview.wss?uid=swg21675496",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"name":"DSA-2940",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2014/dsa-2940"
"name": "DSA-2940",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2940"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21675266",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
},
{
"name":"59014",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59014"
"name": "59014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59014"
},
{
"name":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21677110",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"name":"67121",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/67121"
"name": "67121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67121"
},
{
"name":"59480",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59480"
"name": "59480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59480"
},
{
"name":"HPSBGN03041",
"refsource":"HP",
"url":"http://marc.info/?l=bugtraq&m=140119284401582&w=2"
"name": "HPSBGN03041",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=140119284401582&w=2"
},
{
"name":"59479",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59479"
"name": "59479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59479"
},
{
"name":"59704",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59704"
"name": "59704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59704"
},
{
"name":"58947",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/58947"
"name": "58947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58947"
},
{
"name":"59718",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59718"
"name": "59718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59718"
},
{
"name":"59430",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59430"
"name": "59430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59430"
},
{
"name":"58851",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/58851"
"name": "58851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58851"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url":"https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url":"https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190329 [GitHub] [pulsar] massakam opened a new pull request #3938: Upgrade third party libraries with security vulnerabilities",
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3Ccommits.pulsar.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource":"MISC",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource":"MLIST",
"name":"[commons-issues] 20190521 [jira] [Created] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url":"https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3Cissues.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-issues] 20190521 [jira] [Created] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-issues] 20190522 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url":"https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3Cissues.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-issues] 20190522 [jira] [Commented] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MISC",
"name":"https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3E",
"url":"https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3E"
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-issues] 20190522 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url":"https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3Cissues.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-issues] 20190522 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MISC",
"name":"https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3E",
"url":"https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3E"
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-dev] 20190522 [beanutils2] CVE-2014-0114 Pull Request",
"url":"https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3Cdev.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-dev] 20190522 [beanutils2] CVE-2014-0114 Pull Request",
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3Cdev.commons.apache.org%3E"
},
{
"refsource":"MISC",
"name":"https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3E",
"url":"https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3E"
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MISC",
"name":"https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3E",
"url":"https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3E"
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-dev] 20190525 Re: [beanutils2] CVE-2014-0114 Pull Request",
"url":"https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3Cdev.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-dev] 20190525 Re: [beanutils2] CVE-2014-0114 Pull Request",
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3Cdev.commons.apache.org%3E"
},
{
"refsource":"MISC",
"name":"https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3E",
"url":"https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3E"
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-commits] 20190528 [commons-beanutils] branch master updated: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)",
"url":"https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3Ccommits.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-commits] 20190528 [commons-beanutils] branch master updated: BEANUTILS-520: Mitigate CVE-2014-0114 by enabling SuppressPropertiesBeanIntrospector.SUPPRESS_CLASS by default. (#7)",
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3Ccommits.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-issues] 20190528 [jira] [Closed] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url":"https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3Cissues.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-issues] 20190528 [jira] [Closed] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #74",
"url":"https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3Cnotifications.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #74",
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3Cnotifications.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-commits] 20190528 [commons-beanutils] branch master updated: [BEANUTILS-520] BeanUtils2 mitigate CVE-2014-0114.",
"url":"https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3Ccommits.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-commits] 20190528 [commons-beanutils] branch master updated: [BEANUTILS-520] BeanUtils2 mitigate CVE-2014-0114.",
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3Ccommits.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-issues] 20190528 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url":"https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3Cissues.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-issues] 20190528 [jira] [Work logged] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #75",
"url":"https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3Cnotifications.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-notifications] 20190528 Build failed in Jenkins: commons-beanutils #75",
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3Cnotifications.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-dev] 20190605 Re: [beanutils] Towards 1.10",
"url":"https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3Cdev.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-dev] 20190605 Re: [beanutils] Towards 1.10",
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3Cdev.commons.apache.org%3E"
},
{
"refsource":"MISC",
"name":"https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3E",
"url":"https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3E"
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-issues] 20190615 [jira] [Updated] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url":"https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3Cissues.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-issues] 20190615 [jira] [Updated] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-issues] 20190615 [jira] [Reopened] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url":"https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3Cissues.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-issues] 20190615 [jira] [Reopened] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[commons-issues] 20190615 [jira] [Resolved] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url":"https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3Cissues.commons.apache.org%3E"
"refsource": "MLIST",
"name": "[commons-issues] 20190615 [jira] [Resolved] (BEANUTILS-520) BeanUtils2 mitigate CVE-2014-0114",
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MISC",
"name":"https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3E",
"url":"https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3E"
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3Cissues.commons.apache.org%3E"
},
{
"refsource":"MISC",
"name":"https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E",
"url":"https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E"
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3Cissues.commons.apache.org%3E"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"refsource": "MISC",
"name": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3Cissues.commons.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
}
]
}
}

121
2015/0xxx/CVE-2015-0226.json
View File

@ -1,110 +1,111 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2015-0226",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0226",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487."
"lang": "eng",
"value": "Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2016:1376",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2016:1376"
"name": "RHSA-2016:1376",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1376"
},
{
"name":"RHSA-2015:0849",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"
"name": "RHSA-2015:0849",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name":"RHSA-2015:1176",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"
"name": "RHSA-2015:1176",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"
},
{
"name":"RHSA-2015:1177",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"
"name": "RHSA-2015:1177",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"
},
{
"name":"RHSA-2015:0848",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"
"name": "RHSA-2015:0848",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name":"RHSA-2015:0846",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"
"name": "RHSA-2015:0846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"
},
{
"name":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc",
"refsource":"CONFIRM",
"url":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc"
"name": "https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc",
"refsource": "CONFIRM",
"url": "https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc"
},
{
"name":"RHSA-2015:0847",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"
"name": "RHSA-2015:0847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"name":"72553",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/72553"
"name": "72553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72553"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

127
2015/0xxx/CVE-2015-0227.json
View File

@ -1,115 +1,116 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2015-0227",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0227",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to \"wrapping attacks.\""
"lang": "eng",
"value": "Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to \"wrapping attacks.\""
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2015:0773",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-0773.html"
"name": "RHSA-2015:0773",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0773.html"
},
{
"name":"apache-wss4j-sec-bypass(100837)",
"refsource":"XF",
"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100837"
"name": "apache-wss4j-sec-bypass(100837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100837"
},
{
"name":"RHSA-2015:0849",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"
"name": "RHSA-2015:0849",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0849.html"
},
{
"name":"RHSA-2015:1176",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"
"name": "RHSA-2015:1176",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1176.html"
},
{
"name":"RHSA-2015:1177",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"
"name": "RHSA-2015:1177",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1177.html"
},
{
"name":"RHSA-2015:0848",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"
"name": "RHSA-2015:0848",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0848.html"
},
{
"name":"RHSA-2015:0846",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"
"name": "RHSA-2015:0846",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0846.html"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"
},
{
"name":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc",
"refsource":"CONFIRM",
"url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc"
"name": "http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc",
"refsource": "CONFIRM",
"url": "http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc"
},
{
"name":"72557",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/72557"
"name": "72557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72557"
},
{
"name":"RHSA-2015:0847",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"
"name": "RHSA-2015:0847",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0847.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

163
2015/9xxx/CVE-2015-9251.json
View File

@ -1,145 +1,146 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2015-9251",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9251",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
"lang": "eng",
"value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://github.com/jquery/jquery/issues/2432",
"refsource":"MISC",
"url":"https://github.com/jquery/jquery/issues/2432"
"name": "https://github.com/jquery/jquery/issues/2432",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"refsource":"MISC",
"url":"https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
"name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
"refsource": "MISC",
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
},
{
"name":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"refsource":"MISC",
"url":"https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
"name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"name":"https://snyk.io/vuln/npm:jquery:20150627",
"refsource":"MISC",
"url":"https://snyk.io/vuln/npm:jquery:20150627"
"name": "https://snyk.io/vuln/npm:jquery:20150627",
"refsource": "MISC",
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"name":"https://github.com/jquery/jquery/pull/2588",
"refsource":"MISC",
"url":"https://github.com/jquery/jquery/pull/2588"
"name": "https://github.com/jquery/jquery/pull/2588",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"105658",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/105658"
"name": "105658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105658"
},
{
"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"refsource":"MISC",
"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
},
{
"name":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"refsource":"MISC",
"url":"https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
"name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
"refsource": "MISC",
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource":"MISC",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource":"BUGTRAQ",
"name":"20190509 dotCMS v5.1.1 Vulnerabilities",
"url":"https://seclists.org/bugtraq/2019/May/18"
"refsource": "BUGTRAQ",
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"refsource":"MISC",
"name":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"refsource":"FULLDISC",
"name":"20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url":"http://seclists.org/fulldisclosure/2019/May/11"
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/11"
},
{
"refsource":"FULLDISC",
"name":"20190510 dotCMS v5.1.1 Vulnerabilities",
"url":"http://seclists.org/fulldisclosure/2019/May/10"
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 Vulnerabilities",
"url": "http://seclists.org/fulldisclosure/2019/May/10"
},
{
"refsource":"FULLDISC",
"name":"20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url":"http://seclists.org/fulldisclosure/2019/May/13"
"refsource": "FULLDISC",
"name": "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/May/13"
},
{
"refsource":"MISC",
"name":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"url":"http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

169
2016/0xxx/CVE-2016-0701.json
View File

@ -1,150 +1,151 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2016-0701",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0701",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file."
"lang": "eng",
"value": "The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"FEDORA-2016-527018d2ff",
"refsource":"FEDORA",
"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"
"name": "FEDORA-2016-527018d2ff",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name":"1034849",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1034849"
"name": "1034849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034849"
},
{
"name":"https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2"
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c5b831f21d0d29d1e517d139d9d101763f60c9a2"
},
{
"name":"https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648"
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=878e2c5b13010329c203f309ed0c8f2113f85648"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05164821"
},
{
"name":"http://www.openssl.org/news/secadv/20160128.txt",
"refsource":"CONFIRM",
"url":"http://www.openssl.org/news/secadv/20160128.txt"
"name": "http://www.openssl.org/news/secadv/20160128.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv/20160128.txt"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390893"
},
{
"name":"GLSA-201601-05",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201601-05"
"name": "GLSA-201601-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201601-05"
},
{
"name":"http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html",
"refsource":"MISC",
"url":"http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html"
"name": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html",
"refsource": "MISC",
"url": "http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html"
},
{
"name":"82233",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/82233"
"name": "82233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/82233"
},
{
"name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us"
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03724en_us"
},
{
"name":"91787",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91787"
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name":"VU#257823",
"refsource":"CERT-VN",
"url":"https://www.kb.cert.org/vuls/id/257823"
"name": "VU#257823",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/257823"
},
{
"name":"openSUSE-SU-2016:0637",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
"name": "openSUSE-SU-2016:0637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
},
{
"name":"USN-2883-1",
"refsource":"UBUNTU",
"url":"http://www.ubuntu.com/usn/USN-2883-1"
"name": "USN-2883-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2883-1"
},
{
"name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource":"CONFIRM",
"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

145
2016/1000xxx/CVE-2016-1000031.json
View File

@ -1,130 +1,131 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2016-1000031",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1000031",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution"
"lang": "eng",
"value": "Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution"
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"93604",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/93604"
"name": "93604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93604"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190212-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://issues.apache.org/jira/browse/WW-4812",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/WW-4812"
"name": "https://issues.apache.org/jira/browse/WW-4812",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/WW-4812"
},
{
"name":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/",
"refsource":"MISC",
"url":"http://www.zerodayinitiative.com/advisories/ZDI-16-570/"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-570/"
},
{
"name":"https://www.tenable.com/security/research/tra-2016-30",
"refsource":"MISC",
"url":"https://www.tenable.com/security/research/tra-2016-30"
"name": "https://www.tenable.com/security/research/tra-2016-30",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-30"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"https://www.tenable.com/security/research/tra-2016-12",
"refsource":"MISC",
"url":"https://www.tenable.com/security/research/tra-2016-12"
"name": "https://www.tenable.com/security/research/tra-2016-12",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-12"
},
{
"name":"https://issues.apache.org/jira/browse/FILEUPLOAD-279",
"refsource":"CONFIRM",
"url":"https://issues.apache.org/jira/browse/FILEUPLOAD-279"
"name": "https://issues.apache.org/jira/browse/FILEUPLOAD-279",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/FILEUPLOAD-279"
},
{
"name":"https://www.tenable.com/security/research/tra-2016-23",
"refsource":"MISC",
"url":"https://www.tenable.com/security/research/tra-2016-23"
"name": "https://www.tenable.com/security/research/tra-2016-23",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2016-23"
},
{
"name":"[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior",
"refsource":"MLIST",
"url":"https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E"
"name": "[announce] 20181105 [SECURITY] Immediately upgrade commons-fileupload to version 1.3.3 when running Struts 2.3.36 or prior",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource":"MISC",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1399",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html"
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1399",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource":"MISC"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "MISC"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

169
2016/1xxx/CVE-2016-1181.json
View File

@ -1,150 +1,151 @@
{
"CVE_data_meta":{
"ASSIGNER":"vultures@jpcert.or.jp",
"ID":"CVE-2016-1181",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1181",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899."
"lang": "eng",
"value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"JVNDB-2016-000096",
"refsource":"JVNDB",
"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096"
"name": "JVNDB-2016-000096",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180629-0006/"
"name": "https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
"refsource":"CONFIRM",
"url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
"name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
"refsource": "CONFIRM",
"url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
},
{
"name":"91068",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91068"
"name": "91068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91068"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"1036056",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1036056"
"name": "1036056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036056"
},
{
"name":"JVN#03188560",
"refsource":"JVN",
"url":"http://jvn.jp/en/jp/JVN03188560/index.html"
"name": "JVN#03188560",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN03188560/index.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"91787",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91787"
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name":"https://security-tracker.debian.org/tracker/CVE-2016-1181",
"refsource":"CONFIRM",
"url":"https://security-tracker.debian.org/tracker/CVE-2016-1181"
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1181",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1181"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource":"MISC",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

163
2016/1xxx/CVE-2016-1182.json
View File

@ -1,145 +1,146 @@
{
"CVE_data_meta":{
"ASSIGNER":"vultures@jpcert.or.jp",
"ID":"CVE-2016-1182",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1182",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899."
"lang": "eng",
"value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"JVNDB-2016-000097",
"refsource":"JVNDB",
"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097"
"name": "JVNDB-2016-000097",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000097"
},
{
"name":"JVN#65044642",
"refsource":"JVN",
"url":"http://jvn.jp/en/jp/JVN65044642/index.html"
"name": "JVN#65044642",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65044642/index.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180629-0006/"
"name": "https://security.netapp.com/advisory/ntap-20180629-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
"refsource":"CONFIRM",
"url":"https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
"name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
"refsource": "CONFIRM",
"url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"1036056",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1036056"
"name": "1036056",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036056"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343540"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343540"
},
{
"name":"91067",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91067"
"name": "91067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91067"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"91787",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91787"
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name":"https://security-tracker.debian.org/tracker/CVE-2016-1182",
"refsource":"CONFIRM",
"url":"https://security-tracker.debian.org/tracker/CVE-2016-1182"
"name": "https://security-tracker.debian.org/tracker/CVE-2016-1182",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-1182"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource":"MISC",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

481
2016/2xxx/CVE-2016-2183.json
View File

@ -1,410 +1,411 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2016-2183",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2183",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack."
"lang": "eng",
"value": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2017:3113",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3113"
"name": "RHSA-2017:3113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3113"
},
{
"name":"RHSA-2017:0338",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html"
"name": "RHSA-2017:0338",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
},
{
"name":"https://www.tenable.com/security/tns-2016-20",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2016-20"
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name":"https://sweet32.info/",
"refsource":"MISC",
"url":"https://sweet32.info/"
"name": "https://sweet32.info/",
"refsource": "MISC",
"url": "https://sweet32.info/"
},
{
"name":"http://www.splunk.com/view/SP-CAAAPUE",
"refsource":"CONFIRM",
"url":"http://www.splunk.com/view/SP-CAAAPUE"
"name": "http://www.splunk.com/view/SP-CAAAPUE",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAPUE"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1369383",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369383"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us"
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us"
},
{
"name":"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/",
"refsource":"MISC",
"url":"https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
"name": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/",
"refsource": "MISC",
"url": "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/"
},
{
"name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name":"GLSA-201612-16",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201612-16"
"name": "GLSA-201612-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name":"https://access.redhat.com/articles/2548661",
"refsource":"CONFIRM",
"url":"https://access.redhat.com/articles/2548661"
"name": "https://access.redhat.com/articles/2548661",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/articles/2548661"
},
{
"name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"refsource":"CONFIRM",
"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"name":"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue",
"refsource":"MISC",
"url":"https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
"name": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue",
"refsource": "MISC",
"url": "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue"
},
{
"name":"http://www.splunk.com/view/SP-CAAAPSV",
"refsource":"CONFIRM",
"url":"http://www.splunk.com/view/SP-CAAAPSV"
"name": "http://www.splunk.com/view/SP-CAAAPSV",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAPSV"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415"
},
{
"name":"RHSA-2017:3240",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3240"
"name": "RHSA-2017:3240",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3240"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name":"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633",
"refsource":"MISC",
"url":"https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
"name": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633",
"refsource": "MISC",
"url": "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"refsource":"CONFIRM",
"url":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
"name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"name":"https://www.tenable.com/security/tns-2016-16",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2016-16"
"name": "https://www.tenable.com/security/tns-2016-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"name":"RHSA-2017:2709",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2709"
"name": "RHSA-2017:2709",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2709"
},
{
"name":"92630",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/92630"
"name": "92630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92630"
},
{
"name":"https://www.sigsac.org/ccs/CCS2016/accepted-papers/",
"refsource":"MISC",
"url":"https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
"name": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/",
"refsource": "MISC",
"url": "https://www.sigsac.org/ccs/CCS2016/accepted-papers/"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499"
},
{
"name":"https://www.tenable.com/security/tns-2016-21",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2016-21"
"name": "https://www.tenable.com/security/tns-2016-21",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
"refsource":"CONFIRM",
"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10171"
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10171"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21991482"
},
{
"name":"https://www.openssl.org/blog/blog/2016/08/24/sweet32/",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
"name": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/blog/blog/2016/08/24/sweet32/"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"RHSA-2017:3239",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3239"
"name": "RHSA-2017:3239",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3239"
},
{
"name":"https://access.redhat.com/security/cve/cve-2016-2183",
"refsource":"CONFIRM",
"url":"https://access.redhat.com/security/cve/cve-2016-2183"
"name": "https://access.redhat.com/security/cve/cve-2016-2183",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"name":"GLSA-201701-65",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201701-65"
"name": "GLSA-201701-65",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"name":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/",
"refsource":"MISC",
"url":"https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
"name": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name":"1036696",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1036696"
"name": "1036696",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036696"
},
{
"name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource":"MISC",
"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
},
{
"name":"https://security.netapp.com/advisory/ntap-20160915-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20160915-0001/"
"name": "https://security.netapp.com/advisory/ntap-20160915-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20160915-0001/"
},
{
"name":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us"
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us"
},
{
"name":"GLSA-201707-01",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201707-01"
"name": "GLSA-201707-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"name":"95568",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/95568"
"name": "95568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95568"
},
{
"name":"RHSA-2017:3114",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:3114"
"name": "RHSA-2017:3114",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3114"
},
{
"name":"https://bto.bluecoat.com/security-advisory/sa133",
"refsource":"CONFIRM",
"url":"https://bto.bluecoat.com/security-advisory/sa133"
"name": "https://bto.bluecoat.com/security-advisory/sa133",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa133"
},
{
"name":"https://www.tenable.com/security/tns-2017-09",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2017-09"
"name": "https://www.tenable.com/security/tns-2017-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-09"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849"
},
{
"name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116"
},
{
"name":"RHSA-2017:1216",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1216"
"name": "RHSA-2017:1216",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1216"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name":"RHSA-2017:2710",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2710"
"name": "RHSA-2017:2710",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2710"
},
{
"name":"https://security.netapp.com/advisory/ntap-20170119-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20170119-0001/"
"name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984"
},
{
"name":"[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
"refsource":"MLIST",
"url":"https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
"name": "[tls] 20091120 RC4+3DES rekeying - long-lived TLS connections",
"refsource": "MLIST",
"url": "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html"
},
{
"name":"RHSA-2018:2123",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2123"
"name": "RHSA-2018:2123",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2123"
},
{
"name":"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/",
"refsource":"MISC",
"url":"https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
"name": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/",
"refsource": "MISC",
"url": "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/"
},
{
"name":"RHSA-2017:0337",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html"
"name": "RHSA-2017:0337",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
},
{
"name":"RHSA-2017:2708",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2708"
"name": "RHSA-2017:2708",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2708"
},
{
"name":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008",
"refsource":"CONFIRM",
"url":"https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
"name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008",
"refsource": "CONFIRM",
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"name":"RHSA-2017:0336",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html"
"name": "RHSA-2017:0336",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
},
{
"name":"SUSE-SU-2016:2470",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
"name": "SUSE-SU-2016:2470",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name":"RHSA-2017:0462",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0462.html"
"name": "RHSA-2017:0462",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0462.html"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource":"CONFIRM",
"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1245",
"url":"https://access.redhat.com/errata/RHSA-2019:1245"
"refsource": "REDHAT",
"name": "RHSA-2019:1245",
"url": "https://access.redhat.com/errata/RHSA-2019:1245"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

99
2016/5xxx/CVE-2016-5007.json
View File

@ -1,103 +1,104 @@
{
"CVE_data_meta":{
"ASSIGNER":"security_alert@emc.com",
"ID":"CVE-2016-5007",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2016-5007",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Spring Security",
"version":{
"version_data":[
"product_name": "Spring Security",
"version": {
"version_data": [
{
"version_value":"3.2.x"
"version_value": "3.2.x"
},
{
"version_value":"4.0.x"
"version_value": "4.0.x"
},
{
"version_value":"4.1.0"
"version_value": "4.1.0"
}
]
}
},
{
"product_name":"Spring Framework",
"version":{
"version_data":[
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"version_value":"3.2.x"
"version_value": "3.2.x"
},
{
"version_value":"4.0.x"
"version_value": "4.0.x"
},
{
"version_value":"4.1.x"
"version_value": "4.1.x"
},
{
"version_value":"4.2.x"
"version_value": "4.2.x"
},
{
"version_value":"older unsupported versions are also affected"
"version_value": "older unsupported versions are also affected"
}
]
}
}
]
},
"vendor_name":"Pivotal"
"vendor_name": "Pivotal"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences."
"lang": "eng",
"value": "Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Security Control Bypass"
"lang": "eng",
"value": "Security Control Bypass"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"91687",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/91687"
"name": "91687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91687"
},
{
"name":"https://pivotal.io/security/cve-2016-5007",
"refsource":"CONFIRM",
"url":"https://pivotal.io/security/cve-2016-5007"
"name": "https://pivotal.io/security/cve-2016-5007",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2016-5007"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

229
2016/6xxx/CVE-2016-6306.json
View File

@ -1,200 +1,201 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2016-6306",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-6306",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c."
"lang": "eng",
"value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://www.openssl.org/news/secadv/20160922.txt",
"refsource":"CONFIRM",
"url":"https://www.openssl.org/news/secadv/20160922.txt"
"name": "https://www.openssl.org/news/secadv/20160922.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20160922.txt"
},
{
"name":"https://www.tenable.com/security/tns-2016-20",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2016-20"
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name":"RHSA-2018:2185",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2185"
"name": "RHSA-2018:2185",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2185"
},
{
"name":"RHSA-2018:2186",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2186"
"name": "RHSA-2018:2186",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2186"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"93153",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/93153"
"name": "93153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93153"
},
{
"name":"RHSA-2016:1940",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-1940.html"
"name": "RHSA-2016:1940",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
},
{
"name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name":"GLSA-201612-16",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201612-16"
"name": "GLSA-201612-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-16"
},
{
"name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"refsource":"CONFIRM",
"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us"
},
{
"name":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource":"CONFIRM",
"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
},
{
"name":"1036885",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1036885"
"name": "1036885",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036885"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"refsource":"CONFIRM",
"url":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
"name": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
},
{
"name":"https://www.tenable.com/security/tns-2016-16",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2016-16"
"name": "https://www.tenable.com/security/tns-2016-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-16"
},
{
"name":"https://www.tenable.com/security/tns-2016-21",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2016-21"
"name": "https://www.tenable.com/security/tns-2016-21",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-21"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
},
{
"name":"https://bto.bluecoat.com/security-advisory/sa132",
"refsource":"CONFIRM",
"url":"https://bto.bluecoat.com/security-advisory/sa132"
"name": "https://bto.bluecoat.com/security-advisory/sa132",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa132"
},
{
"name":"https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
"name": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name":"FreeBSD-SA-16:26",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
"name": "FreeBSD-SA-16:26",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
},
{
"name":"SUSE-SU-2016:2470",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
"name": "SUSE-SU-2016:2470",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
},
{
"name":"RHSA-2018:2187",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2018:2187"
"name": "RHSA-2018:2187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
},
{
"name":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"refsource":"CONFIRM",
"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
},
{
"name":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource":"CONFIRM",
"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

85
2016/6xxx/CVE-2016-6497.json
View File

@ -1,80 +1,81 @@
{
"CVE_data_meta":{
"ASSIGNER":"security-alert@hpe.com",
"ID":"CVE-2016-6497",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2016-6497",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods."
"lang": "eng",
"value": "main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"95929",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/95929"
"name": "95929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95929"
},
{
"name":"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf",
"refsource":"MISC",
"url":"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
"name": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf",
"refsource": "MISC",
"url": "https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf"
},
{
"name":"[directory-users] 20161029 Security vulnerability in Groovy LDAP API",
"refsource":"MLIST",
"url":"https://mail-archives.apache.org/mod_mbox/directory-users/201610.mbox/%3Cb7d7e909-a8ed-1ab4-c853-4078c1e7624a%40stefan-seelmann.de%3E"
"name": "[directory-users] 20161029 Security vulnerability in Groovy LDAP API",
"refsource": "MLIST",
"url": "https://mail-archives.apache.org/mod_mbox/directory-users/201610.mbox/%3Cb7d7e909-a8ed-1ab4-c853-4078c1e7624a%40stefan-seelmann.de%3E"
},
{
"name":"http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch"
"name": "http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

129
2016/6xxx/CVE-2016-6814.json
View File

@ -1,116 +1,117 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"DATE_PUBLIC":"2018-01-15T00:00:00",
"ID":"CVE-2016-6814",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2018-01-15T00:00:00",
"ID": "CVE-2016-6814",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability."
"lang": "eng",
"value": "When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"RHSA-2017:2596",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2596"
"name": "RHSA-2017:2596",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2596"
},
{
"name":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource":"CONFIRM",
"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name":"http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E",
"refsource":"MISC",
"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E"
"name": "http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E",
"refsource": "MISC",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201701.mbox/%3CCADRx3PMZ2hBCGDTY35zYXFGaDnjAs0tc5-upaVs6QN2sYUejyA%40mail.gmail.com%3E"
},
{
"name":"RHSA-2017:0868",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:0868"
"name": "RHSA-2017:0868",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0868"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name":"RHSA-2017:2486",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2486"
"name": "RHSA-2017:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2486"
},
{
"name":"RHSA-2017:0272",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0272.html"
"name": "RHSA-2017:0272",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0272.html"
},
{
"name":"95429",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/95429"
"name": "95429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95429"
},
{
"name":"1039600",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1039600"
"name": "1039600",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039600"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

145
2016/7xxx/CVE-2016-7103.json
View File

@ -1,130 +1,131 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2016-7103",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7103",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"RHSA-2017:0161",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0161.html"
"name": "RHSA-2017:0161",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0161.html"
},
{
"name":"https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6",
"refsource":"CONFIRM",
"url":"https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
"name": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6",
"refsource": "CONFIRM",
"url": "https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"RHSA-2016:2933",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2933.html"
"name": "RHSA-2016:2933",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2933.html"
},
{
"name":"https://github.com/jquery/api.jqueryui.com/issues/281",
"refsource":"CONFIRM",
"url":"https://github.com/jquery/api.jqueryui.com/issues/281"
"name": "https://github.com/jquery/api.jqueryui.com/issues/281",
"refsource": "CONFIRM",
"url": "https://github.com/jquery/api.jqueryui.com/issues/281"
},
{
"name":"RHSA-2016:2932",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2016-2932.html"
"name": "RHSA-2016:2932",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2932.html"
},
{
"name":"https://nodesecurity.io/advisories/127",
"refsource":"MISC",
"url":"https://nodesecurity.io/advisories/127"
"name": "https://nodesecurity.io/advisories/127",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/127"
},
{
"name":"https://www.tenable.com/security/tns-2016-19",
"refsource":"CONFIRM",
"url":"https://www.tenable.com/security/tns-2016-19"
"name": "https://www.tenable.com/security/tns-2016-19",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2016-19"
},
{
"name":"104823",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/104823"
"name": "104823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104823"
},
{
"name":"https://jqueryui.com/changelog/1.12.0/",
"refsource":"CONFIRM",
"url":"https://jqueryui.com/changelog/1.12.0/"
"name": "https://jqueryui.com/changelog/1.12.0/",
"refsource": "CONFIRM",
"url": "https://jqueryui.com/changelog/1.12.0/"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190416-0007/",
"url":"https://security.netapp.com/advisory/ntap-20190416-0007/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190416-0007/",
"url": "https://security.netapp.com/advisory/ntap-20190416-0007/"
},
{
"refsource":"MLIST",
"name":"[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url":"https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
"refsource": "MLIST",
"name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource":"MISC",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"refsource":"FEDORA",
"name":"FEDORA-2019-a96124345a",
"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/"
"refsource": "FEDORA",
"name": "FEDORA-2019-a96124345a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2I4UHPIW26FIALH7GGZ3IYUUA53VOOJ/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

201
2016/8xxx/CVE-2016-8610.json
View File

@ -1,180 +1,181 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"DATE_PUBLIC":"2016-10-24T00:00:00",
"ID":"CVE-2016-8610",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2016-10-24T00:00:00",
"ID": "CVE-2016-8610",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"OpenSSL",
"version":{
"version_data":[
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value":"All 0.9.8"
"version_value": "All 0.9.8"
},
{
"version_value":"All 1.0.1"
"version_value": "All 1.0.1"
},
{
"version_value":"1.0.2 through 1.0.2h"
"version_value": "1.0.2 through 1.0.2h"
},
{
"version_value":"1.1.0"
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name":"OpenSSL"
"vendor_name": "OpenSSL"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
"lang": "eng",
"value": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-400"
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"93841",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/93841"
"name": "93841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93841"
},
{
"name":"RHSA-2017:1659",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-1659.html"
"name": "RHSA-2017:1659",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1659.html"
},
{
"name":"RHSA-2017:1658",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1658"
"name": "RHSA-2017:1658",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1658"
},
{
"name":"https://security.netapp.com/advisory/ntap-20171130-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20171130-0001/"
"name": "https://security.netapp.com/advisory/ntap-20171130-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"name":"RHSA-2017:1801",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1801"
"name": "RHSA-2017:1801",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1801"
},
{
"name":"RHSA-2017:0286",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0286.html"
"name": "RHSA-2017:0286",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0286.html"
},
{
"name":"RHSA-2017:1413",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1413"
"name": "RHSA-2017:1413",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1413"
},
{
"name":"https://securityadvisories.paloaltonetworks.com/Home/Detail/87",
"refsource":"CONFIRM",
"url":"https://securityadvisories.paloaltonetworks.com/Home/Detail/87"
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/87"
},
{
"name":"RHSA-2017:2494",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2494"
"name": "RHSA-2017:2494",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2494"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8610"
},
{
"name":"FreeBSD-SA-16:35",
"refsource":"FREEBSD",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
"name": "FreeBSD-SA-16:35",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:35.openssl.asc"
},
{
"name":"RHSA-2017:1414",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1414"
"name": "RHSA-2017:1414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1414"
},
{
"name":"[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
"refsource":"MLIST",
"url":"http://seclists.org/oss-sec/2016/q4/224"
"name": "[oss-security] 20161024 CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401",
"refsource":"CONFIRM",
"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"name":"https://security.360.cn/cve/CVE-2016-8610/",
"refsource":"MISC",
"url":"https://security.360.cn/cve/CVE-2016-8610/"
"name": "https://security.360.cn/cve/CVE-2016-8610/",
"refsource": "MISC",
"url": "https://security.360.cn/cve/CVE-2016-8610/"
},
{
"name":"RHSA-2017:0574",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0574.html"
"name": "RHSA-2017:0574",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html"
},
{
"name":"DSA-3773",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2017/dsa-3773"
"name": "DSA-3773",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"name":"RHSA-2017:1415",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-1415.html"
"name": "RHSA-2017:1415",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1415.html"
},
{
"name":"1037084",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037084"
"name": "1037084",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037084"
},
{
"name":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us",
"refsource":"CONFIRM",
"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us"
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03897en_us"
},
{
"name":"RHSA-2017:1802",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:1802"
"name": "RHSA-2017:1802",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"name":"RHSA-2017:2493",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:2493"
"name": "RHSA-2017:2493",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2493"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

255
2016/8xxx/CVE-2016-8735.json
View File

@ -1,227 +1,228 @@
{
"CVE_data_meta":{
"ASSIGNER":"security@apache.org",
"ID":"CVE-2016-8735",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8735",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"Apache Tomcat",
"version":{
"version_data":[
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value":"before 6.0.48"
"version_value": "before 6.0.48"
},
{
"version_value":"7.x before 7.0.73"
"version_value": "7.x before 7.0.73"
},
{
"version_value":"8.x before 8.0.39"
"version_value": "8.x before 8.0.39"
},
{
"version_value":"8.5.x before 8.5.7"
"version_value": "8.5.x before 8.5.7"
},
{
"version_value":"9.x before 9.0.0.M12"
"version_value": "9.x before 9.0.0.M12"
}
]
}
}
]
},
"vendor_name":"Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types."
"lang": "eng",
"value": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Remote code execution"
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1767676",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1767676"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1767676",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1767676"
},
{
"name":"http://tomcat.apache.org/security-9.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-9.html"
"name": "http://tomcat.apache.org/security-9.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name":"1037331",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1037331"
"name": "1037331",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037331"
},
{
"name":"94463",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/94463"
"name": "94463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94463"
},
{
"name":"DSA-3738",
"refsource":"DEBIAN",
"url":"http://www.debian.org/security/2016/dsa-3738"
"name": "DSA-3738",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3738"
},
{
"name":"http://tomcat.apache.org/security-7.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-7.html"
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1767644",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1767644"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1767644",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1767644"
},
{
"name":"http://tomcat.apache.org/security-8.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-8.html"
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1767656",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1767656"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1767656",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1767656"
},
{
"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource":"CONFIRM",
"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20180607-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20180607-0001/"
"name": "https://security.netapp.com/advisory/ntap-20180607-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"name":"http://tomcat.apache.org/security-6.html",
"refsource":"CONFIRM",
"url":"http://tomcat.apache.org/security-6.html"
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name":"RHSA-2017:0457",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2017-0457.html"
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name":"RHSA-2017:0455",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:0455"
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name":"http://svn.apache.org/viewvc?view=revision&revision=1767684",
"refsource":"CONFIRM",
"url":"http://svn.apache.org/viewvc?view=revision&revision=1767684"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1767684",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1767684"
},
{
"name":"RHSA-2017:0456",
"refsource":"REDHAT",
"url":"https://access.redhat.com/errata/RHSA-2017:0456"
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name":"http://seclists.org/oss-sec/2016/q4/502",
"refsource":"CONFIRM",
"url":"http://seclists.org/oss-sec/2016/q4/502"
"name": "http://seclists.org/oss-sec/2016/q4/502",
"refsource": "CONFIRM",
"url": "http://seclists.org/oss-sec/2016/q4/502"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource":"MLIST",
"name":"[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource":"MISC",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

107
2016/9xxx/CVE-2016-9572.json
View File

@ -1,106 +1,107 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2016-9572",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-9572",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"openjpeg",
"version":{
"version_data":[
"product_name": "openjpeg",
"version": {
"version_data": [
{
"version_value":"2.1.2"
"version_value": "2.1.2"
}
]
}
}
]
},
"vendor_name":"The OpenJPEG Project"
"vendor_name": "The OpenJPEG Project"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
"lang": "eng",
"value": "A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image."
}
]
},
"impact":{
"cvss":[
"impact": {
"cvss": [
[
{
"vectorString":"5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version":"3.0"
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
[
{
"vectorString":"4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version":"2.0"
"vectorString": "4.3/AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-476"
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"GLSA-201710-26",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201710-26"
"name": "GLSA-201710-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-26"
},
{
"name":"https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"refsource":"CONFIRM",
"url":"https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
"name": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d",
"refsource": "CONFIRM",
"url": "https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d"
},
{
"name":"https://github.com/uclouvain/openjpeg/issues/863",
"refsource":"CONFIRM",
"url":"https://github.com/uclouvain/openjpeg/issues/863"
"name": "https://github.com/uclouvain/openjpeg/issues/863",
"refsource": "CONFIRM",
"url": "https://github.com/uclouvain/openjpeg/issues/863"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572"
},
{
"name":"DSA-3768",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2017/dsa-3768"
"name": "DSA-3768",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3768"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"refsource": "BID",
"name": "109233",
"url": "http://www.securityfocus.com/bid/109233"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

12
2019/11xxx/CVE-2019-11273.json
View File

@ -16,6 +16,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Pivotal",
"product": {
"product_data": [
{
@ -23,21 +24,16 @@
"version": {
"version_data": [
{
"affected": "<",
"version_name": "1.3",
"version_value": "1.3.7"
"version_value": "1.3.x prior to 1.3.7"
},
{
"affected": "<",
"version_name": "1.4",
"version_value": "1.4.1"
"version_value": "1.4.x prior to 1.4.1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
}
]
}

66
2019/12xxx/CVE-2019-12164.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1",
"url": "https://github.com/status-im/react-native-desktop/pull/475/commits/f6945f1e4b157c69e414cd94fe5cde1876aabcc1"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/status-im/react-native-desktop/pull/475",
"url": "https://github.com/status-im/react-native-desktop/pull/475"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef",
"url": "https://github.com/status-im/react-native-desktop/compare/e77167f...7477eef"
}
]
}

109
2019/2xxx/CVE-2019-2801.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2801"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2802.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2802"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2803.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2803"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2804.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2804"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_value" : "11.4",
"version_affected" : "="
},
{
"version_value" : "10",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_value": "11.4",
"version_affected": "="
},
{
"version_value": "10",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

125
2019/2xxx/CVE-2019-2805.json
View File

@ -1,68 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2805"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "5.6.44 and prior",
"version_affected" : "="
},
{
"version_value" : "5.7.26 and prior",
"version_affected" : "="
},
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.6.44 and prior",
"version_affected": "="
},
{
"version_value": "5.7.26 and prior",
"version_affected": "="
},
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2807.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2807"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_value" : "11.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_value": "11.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2808.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2808"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2809.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2809"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "iRecruitment",
"version" : {
"version_data" : [
{
"version_value" : "12.1.1 - 12.1.3",
"version_affected" : "="
},
{
"version_value" : "12.2.3 - 12.2.8",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iRecruitment",
"version": {
"version_data": [
{
"version_value": "12.1.1 - 12.1.3",
"version_affected": "="
},
{
"version_value": "12.2.3 - 12.2.8",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle iRecruitment component of Oracle E-Business Suite (subcomponent: Password Reset). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iRecruitment. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle iRecruitment component of Oracle E-Business Suite (subcomponent: Password Reset). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iRecruitment. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iRecruitment."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle iRecruitment."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2810.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2810"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2811.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2811"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2812.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2812"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2813.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2813"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GraalVM Enterprise Edition",
"version" : {
"version_data" : [
{
"version_value" : "19.0.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GraalVM Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "19.0.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: GraalVM). The supported version that is affected is 19.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: GraalVM). The supported version that is affected is 19.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2814.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2814"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2815.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2815"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2816.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2816"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_value" : "Java SE: 7u221, 8u212, 11.0.3, 12.0.1",
"version_affected" : "="
},
{
"version_value" : "Java SE Embedded: 8u211",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_value": "Java SE: 7u221, 8u212, 11.0.3, 12.0.1",
"version_affected": "="
},
{
"version_value": "Java SE Embedded: 8u211",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

133
2019/2xxx/CVE-2019-2817.json
View File

@ -1,72 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2817"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Agile PLM Framework",
"version" : {
"version_data" : [
{
"version_value" : "9.3.3",
"version_affected" : "="
},
{
"version_value" : "9.3.4",
"version_affected" : "="
},
{
"version_value" : "9.3.5",
"version_affected" : "="
},
{
"version_value" : "9.3.6",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Agile PLM Framework",
"version": {
"version_data": [
{
"version_value": "9.3.3",
"version_affected": "="
},
{
"version_value": "9.3.4",
"version_affected": "="
},
{
"version_value": "9.3.5",
"version_affected": "="
},
{
"version_value": "9.3.6",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Folders, Files & Attachments). Supported versions that are affected are 9.3.3, 9.3.4, 9.3.5 and 9.3.6. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Folders, Files & Attachments). Supported versions that are affected are 9.3.3, 9.3.4, 9.3.5 and 9.3.6. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM. CVSS 3.0 Base Score 5.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile PLM."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2818.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2818"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_value" : "Java SE: 11.0.3, 12.0.1",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_value": "Java SE: 11.0.3, 12.0.1",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

125
2019/2xxx/CVE-2019-2819.json
View File

@ -1,68 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2819"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "5.6.44 and prior",
"version_affected" : "="
},
{
"version_value" : "5.7.26 and prior",
"version_affected" : "="
},
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.6.44 and prior",
"version_affected": "="
},
{
"version_value": "5.7.26 and prior",
"version_affected": "="
},
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2820.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2820"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_value" : "11.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_value": "11.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2821.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2821"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_value" : "Java SE: 11.0.3, 12.0.1",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_value": "Java SE: 11.0.3, 12.0.1",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2822.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2822"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Cluster). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Cluster). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2823.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2823"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Financial Services Analytical Applications Infrastructure",
"version" : {
"version_data" : [
{
"version_value" : "8.0.5-8.0.8",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Financial Services Analytical Applications Infrastructure",
"version": {
"version_data": [
{
"version_value": "8.0.5-8.0.8",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 8.0.5-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 8.0.5-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

125
2019/2xxx/CVE-2019-2824.json
View File

@ -1,68 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2824"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebLogic Server",
"version" : {
"version_data" : [
{
"version_value" : "10.3.6.0.0",
"version_affected" : "="
},
{
"version_value" : "12.1.3.0.0",
"version_affected" : "="
},
{
"version_value" : "12.2.1.3.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebLogic Server",
"version": {
"version_data": [
{
"version_value": "10.3.6.0.0",
"version_affected": "="
},
{
"version_value": "12.1.3.0.0",
"version_affected": "="
},
{
"version_value": "12.2.1.3.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2825.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2825"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Applications Manager",
"version" : {
"version_data" : [
{
"version_value" : "12.1.3",
"version_affected" : "="
},
{
"version_value" : "12.2.3 - 12.2.8",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
{
"version_value": "12.1.3",
"version_affected": "="
},
{
"version_value": "12.2.3 - 12.2.8",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2826.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2826"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

125
2019/2xxx/CVE-2019-2827.json
View File

@ -1,68 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2827"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebLogic Server",
"version" : {
"version_data" : [
{
"version_value" : "10.3.6.0.0",
"version_affected" : "="
},
{
"version_value" : "12.1.3.0.0",
"version_affected" : "="
},
{
"version_value" : "12.2.1.3.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebLogic Server",
"version": {
"version_data": [
{
"version_value": "10.3.6.0.0",
"version_affected": "="
},
{
"version_value": "12.1.3.0.0",
"version_affected": "="
},
{
"version_value": "12.2.1.3.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2828.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2828"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Field Service",
"version" : {
"version_data" : [
{
"version_value" : "12.1.1 - 12.1.3",
"version_affected" : "="
},
{
"version_value" : "12.2.3 - 12.2.8",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Field Service",
"version": {
"version_data": [
{
"version_value": "12.1.1 - 12.1.3",
"version_affected": "="
},
{
"version_value": "12.2.3 - 12.2.8",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Field Service. CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Field Service. CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Field Service."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Field Service."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2829.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2829"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "iSupport",
"version" : {
"version_data" : [
{
"version_value" : "12.1.1 - 12.1.3",
"version_affected" : "="
},
{
"version_value" : "12.2.3 - 12.2.8",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iSupport",
"version": {
"version_data": [
{
"version_value": "12.1.1 - 12.1.3",
"version_affected": "="
},
{
"version_value": "12.2.3 - 12.2.8",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Service Requests). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Service Requests). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2830.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2830"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2831.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2831"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise FIN Project Costing",
"version" : {
"version_data" : [
{
"version_value" : "9.2",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise FIN Project Costing",
"version": {
"version_data": [
{
"version_value": "9.2",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise FIN Project Costing component of Oracle PeopleSoft Products (subcomponent: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Project Costing. While the vulnerability is in PeopleSoft Enterprise FIN Project Costing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Project Costing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise FIN Project Costing. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise FIN Project Costing component of Oracle PeopleSoft Products (subcomponent: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Project Costing. While the vulnerability is in PeopleSoft Enterprise FIN Project Costing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Project Costing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise FIN Project Costing. CVSS 3.0 Base Score 6.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Project Costing. While the vulnerability is in PeopleSoft Enterprise FIN Project Costing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Project Costing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise FIN Project Costing."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Project Costing. While the vulnerability is in PeopleSoft Enterprise FIN Project Costing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Project Costing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise FIN Project Costing."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2832.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2832"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_value" : "10",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_value": "10",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2833.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2833"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hospitality Simphony",
"version" : {
"version_data" : [
{
"version_value" : "18.2.1",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hospitality Simphony",
"version": {
"version_data": [
{
"version_value": "18.2.1",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows low privileged attacker having Import/Export privilege with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows low privileged attacker having Import/Export privilege with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker having Import/Export privilege with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker having Import/Export privilege with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2834.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2834"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2835.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2835"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_value" : "8.5.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2836.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2836"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hospitality Simphony",
"version" : {
"version_data" : [
{
"version_value" : "18.2.1",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hospitality Simphony",
"version": {
"version_data": [
{
"version_value": "18.2.1",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Hospitality Simphony component of Oracle Food and Beverage Applications. The supported version that is affected is 18.2.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2837.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2837"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CRM Technical Foundation",
"version" : {
"version_data" : [
{
"version_value" : "12.1.3",
"version_affected" : "="
},
{
"version_value" : "12.2.3 - 12.2.8",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CRM Technical Foundation",
"version": {
"version_data": [
{
"version_value": "12.1.3",
"version_affected": "="
},
{
"version_value": "12.2.3 - 12.2.8",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2838.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2838"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_value" : "11.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_value": "11.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2839.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2839"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Universal Banking",
"version" : {
"version_data" : [
{
"version_value" : "12.1.0-12.4.0",
"version_affected" : "="
},
{
"version_value" : "14.0.0-14.2.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_value": "12.1.0-12.4.0",
"version_affected": "="
},
{
"version_value": "14.0.0-14.2.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

125
2019/2xxx/CVE-2019-2840.json
View File

@ -1,68 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2840"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Universal Banking",
"version" : {
"version_data" : [
{
"version_value" : "12.0.1-12.0.3",
"version_affected" : "="
},
{
"version_value" : "12.1.0-12.4.0",
"version_affected" : "="
},
{
"version_value" : "14.0.0-14.2.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_value": "12.0.1-12.0.3",
"version_affected": "="
},
{
"version_value": "12.1.0-12.4.0",
"version_affected": "="
},
{
"version_value": "14.0.0-14.2.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

165
2019/2xxx/CVE-2019-2841.json
View File

@ -1,88 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2841"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Investor Servicing",
"version" : {
"version_data" : [
{
"version_value" : "12.0.1",
"version_affected" : "="
},
{
"version_value" : "12.0.3",
"version_affected" : "="
},
{
"version_value" : "12.0.4",
"version_affected" : "="
},
{
"version_value" : "12.1.0",
"version_affected" : "="
},
{
"version_value" : "12.3.0",
"version_affected" : "="
},
{
"version_value" : "12.4.0",
"version_affected" : "="
},
{
"version_value" : "14.0.0",
"version_affected" : "="
},
{
"version_value" : "14.1.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1",
"version_affected": "="
},
{
"version_value": "12.0.3",
"version_affected": "="
},
{
"version_value": "12.0.4",
"version_affected": "="
},
{
"version_value": "12.1.0",
"version_affected": "="
},
{
"version_value": "12.3.0",
"version_affected": "="
},
{
"version_value": "12.4.0",
"version_affected": "="
},
{
"version_value": "14.0.0",
"version_affected": "="
},
{
"version_value": "14.1.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2842.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2842"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_value" : "Java SE: 8u212",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_value": "Java SE: 8u212",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

165
2019/2xxx/CVE-2019-2843.json
View File

@ -1,88 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2843"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Investor Servicing",
"version" : {
"version_data" : [
{
"version_value" : "12.0.1",
"version_affected" : "="
},
{
"version_value" : "12.0.3",
"version_affected" : "="
},
{
"version_value" : "12.0.4",
"version_affected" : "="
},
{
"version_value" : "12.1.0",
"version_affected" : "="
},
{
"version_value" : "12.3.0",
"version_affected" : "="
},
{
"version_value" : "12.4.0",
"version_affected" : "="
},
{
"version_value" : "14.0.0",
"version_affected" : "="
},
{
"version_value" : "14.1.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1",
"version_affected": "="
},
{
"version_value": "12.0.3",
"version_affected": "="
},
{
"version_value": "12.0.4",
"version_affected": "="
},
{
"version_value": "12.1.0",
"version_affected": "="
},
{
"version_value": "12.3.0",
"version_affected": "="
},
{
"version_value": "12.4.0",
"version_affected": "="
},
{
"version_value": "14.0.0",
"version_affected": "="
},
{
"version_value": "14.1.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2844.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2844"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_value" : "11.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_value": "11.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

165
2019/2xxx/CVE-2019-2845.json
View File

@ -1,88 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2845"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Investor Servicing",
"version" : {
"version_data" : [
{
"version_value" : "12.0.1",
"version_affected" : "="
},
{
"version_value" : "12.0.3",
"version_affected" : "="
},
{
"version_value" : "12.0.4",
"version_affected" : "="
},
{
"version_value" : "12.1.0",
"version_affected" : "="
},
{
"version_value" : "12.3.0",
"version_affected" : "="
},
{
"version_value" : "12.4.0",
"version_affected" : "="
},
{
"version_value" : "14.0.0",
"version_affected" : "="
},
{
"version_value" : "14.1.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1",
"version_affected": "="
},
{
"version_value": "12.0.3",
"version_affected": "="
},
{
"version_value": "12.0.4",
"version_affected": "="
},
{
"version_value": "12.1.0",
"version_affected": "="
},
{
"version_value": "12.3.0",
"version_affected": "="
},
{
"version_value": "12.4.0",
"version_affected": "="
},
{
"version_value": "14.0.0",
"version_affected": "="
},
{
"version_value": "14.1.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing. CVSS 3.0 Base Score 3.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Investor Servicing."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

165
2019/2xxx/CVE-2019-2846.json
View File

@ -1,88 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2846"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Investor Servicing",
"version" : {
"version_data" : [
{
"version_value" : "12.0.1",
"version_affected" : "="
},
{
"version_value" : "12.0.3",
"version_affected" : "="
},
{
"version_value" : "12.0.4",
"version_affected" : "="
},
{
"version_value" : "12.1.0",
"version_affected" : "="
},
{
"version_value" : "12.3.0",
"version_affected" : "="
},
{
"version_value" : "12.4.0",
"version_affected" : "="
},
{
"version_value" : "14.0.0",
"version_affected" : "="
},
{
"version_value" : "14.1.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1",
"version_affected": "="
},
{
"version_value": "12.0.3",
"version_affected": "="
},
{
"version_value": "12.0.4",
"version_affected": "="
},
{
"version_value": "12.1.0",
"version_affected": "="
},
{
"version_value": "12.3.0",
"version_affected": "="
},
{
"version_value": "12.4.0",
"version_affected": "="
},
{
"version_value": "14.0.0",
"version_affected": "="
},
{
"version_value": "14.1.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

165
2019/2xxx/CVE-2019-2847.json
View File

@ -1,88 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2847"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Investor Servicing",
"version" : {
"version_data" : [
{
"version_value" : "12.0.1",
"version_affected" : "="
},
{
"version_value" : "12.0.3",
"version_affected" : "="
},
{
"version_value" : "12.0.4",
"version_affected" : "="
},
{
"version_value" : "12.1.0",
"version_affected" : "="
},
{
"version_value" : "12.3.0",
"version_affected" : "="
},
{
"version_value" : "12.4.0",
"version_affected" : "="
},
{
"version_value" : "14.0.0",
"version_affected" : "="
},
{
"version_value" : "14.1.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_value": "12.0.1",
"version_affected": "="
},
{
"version_value": "12.0.3",
"version_affected": "="
},
{
"version_value": "12.0.4",
"version_affected": "="
},
{
"version_value": "12.1.0",
"version_affected": "="
},
{
"version_value": "12.3.0",
"version_affected": "="
},
{
"version_value": "12.4.0",
"version_affected": "="
},
{
"version_value": "14.0.0",
"version_affected": "="
},
{
"version_value": "14.1.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2848.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2848"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2850.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2850"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2852.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2852"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_value" : "8.5.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2853.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2853"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_value" : "8.5.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2854.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2854"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_value" : "8.5.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2855.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2855"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_value" : "8.5.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2856.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2856"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebLogic Server",
"version" : {
"version_data" : [
{
"version_value" : "12.2.1.3.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebLogic Server",
"version": {
"version_data": [
{
"version_value": "12.2.1.3.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). Supported versions that are affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). Supported versions that are affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2857.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2857"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Siebel UI Framework",
"version" : {
"version_data" : [
{
"version_value" : "19.0 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Siebel UI Framework",
"version": {
"version_data": [
{
"version_value": "19.0 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data as well as unauthorized read access to a subset of Siebel UI Framework accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2858.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2858"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Identity Manager",
"version" : {
"version_data" : [
{
"version_value" : "11.1.2.3.0",
"version_affected" : "="
},
{
"version_value" : "12.2.1.3.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Identity Manager",
"version": {
"version_data": [
{
"version_value": "11.1.2.3.0",
"version_affected": "="
},
{
"version_value": "12.2.1.3.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Identity Manager accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2859.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2859"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2860.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2860"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "System Utilities",
"version" : {
"version_data" : [
{
"version_value" : "12.1.0.2.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Utilities",
"version": {
"version_data": [
{
"version_value": "12.1.0.2.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Clusterware component of Oracle Support Tools (subcomponent: Trace File Analyzer (TFA) Collector). The supported version that is affected is 12.1.0.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Clusterware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Clusterware accessible data as well as unauthorized read access to a subset of Oracle Clusterware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Clusterware. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Clusterware component of Oracle Support Tools (subcomponent: Trace File Analyzer (TFA) Collector). The supported version that is affected is 12.1.0.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Clusterware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Clusterware accessible data as well as unauthorized read access to a subset of Oracle Clusterware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Clusterware. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Clusterware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Clusterware accessible data as well as unauthorized read access to a subset of Oracle Clusterware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Clusterware."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Clusterware. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Clusterware accessible data as well as unauthorized read access to a subset of Oracle Clusterware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Clusterware."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2861.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2861"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hyperion Planning",
"version" : {
"version_data" : [
{
"version_value" : "11.1.2.4",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hyperion Planning",
"version": {
"version_data": [
{
"version_value": "11.1.2.4",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2862.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2862"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GraalVM Enterprise Edition",
"version" : {
"version_data" : [
{
"version_value" : "19.0.0",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GraalVM Enterprise Edition",
"version": {
"version_data": [
{
"version_value": "19.0.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: Java). The supported version that is affected is 19.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 6.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle GraalVM Enterprise Edition component of Oracle GraalVM (subcomponent: Java). The supported version that is affected is 19.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 6.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2863.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2863"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2864.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2864"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2865.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2865"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2866.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2866"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2867.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2867"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

149
2019/2xxx/CVE-2019-2868.json
View File

@ -1,80 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2868"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle Berkeley DB",
"version" : {
"version_data" : [
{
"version_value" : "12.1.6.1.23",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.26",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.29",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.36",
"version_affected" : "="
},
{
"version_value" : "12.1.6.2.23",
"version_affected" : "="
},
{
"version_value" : "12.1.6.2.32",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Berkeley DB",
"version": {
"version_data": [
{
"version_value": "12.1.6.1.23",
"version_affected": "="
},
{
"version_value": "12.1.6.1.26",
"version_affected": "="
},
{
"version_value": "12.1.6.1.29",
"version_affected": "="
},
{
"version_value": "12.1.6.1.36",
"version_affected": "="
},
{
"version_value": "12.1.6.2.23",
"version_affected": "="
},
{
"version_value": "12.1.6.2.32",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

149
2019/2xxx/CVE-2019-2869.json
View File

@ -1,80 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2869"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle Berkeley DB",
"version" : {
"version_data" : [
{
"version_value" : "12.1.6.1.23",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.26",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.29",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.36",
"version_affected" : "="
},
{
"version_value" : "12.1.6.2.23",
"version_affected" : "="
},
{
"version_value" : "12.1.6.2.32",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Berkeley DB",
"version": {
"version_data": [
{
"version_value": "12.1.6.1.23",
"version_affected": "="
},
{
"version_value": "12.1.6.1.26",
"version_affected": "="
},
{
"version_value": "12.1.6.1.29",
"version_affected": "="
},
{
"version_value": "12.1.6.1.36",
"version_affected": "="
},
{
"version_value": "12.1.6.2.23",
"version_affected": "="
},
{
"version_value": "12.1.6.2.32",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

149
2019/2xxx/CVE-2019-2870.json
View File

@ -1,80 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2870"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle Berkeley DB",
"version" : {
"version_data" : [
{
"version_value" : "12.1.6.1.23",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.26",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.29",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.36",
"version_affected" : "="
},
{
"version_value" : "12.1.6.2.23",
"version_affected" : "="
},
{
"version_value" : "12.1.6.2.32",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Berkeley DB",
"version": {
"version_data": [
{
"version_value": "12.1.6.1.23",
"version_affected": "="
},
{
"version_value": "12.1.6.1.26",
"version_affected": "="
},
{
"version_value": "12.1.6.1.29",
"version_affected": "="
},
{
"version_value": "12.1.6.1.36",
"version_affected": "="
},
{
"version_value": "12.1.6.2.23",
"version_affected": "="
},
{
"version_value": "12.1.6.2.32",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

149
2019/2xxx/CVE-2019-2871.json
View File

@ -1,80 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2871"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle Berkeley DB",
"version" : {
"version_data" : [
{
"version_value" : "12.1.6.1.23",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.26",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.29",
"version_affected" : "="
},
{
"version_value" : "12.1.6.1.36",
"version_affected" : "="
},
{
"version_value" : "12.1.6.2.23",
"version_affected" : "="
},
{
"version_value" : "12.1.6.2.32",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Berkeley DB",
"version": {
"version_data": [
{
"version_value": "12.1.6.1.23",
"version_affected": "="
},
{
"version_value": "12.1.6.1.26",
"version_affected": "="
},
{
"version_value": "12.1.6.1.29",
"version_affected": "="
},
{
"version_value": "12.1.6.1.36",
"version_affected": "="
},
{
"version_value": "12.1.6.2.23",
"version_affected": "="
},
{
"version_value": "12.1.6.2.32",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are 12.1.6.1.23, 12.1.6.1.26, 12.1.6.1.29, 12.1.6.1.36, 12.1.6.2.23 and 12.1.6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
]
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2873.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2873"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2874.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2874"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2875.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2875"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2876.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2876"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

117
2019/2xxx/CVE-2019-2877.json
View File

@ -1,64 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2877"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_value" : "5.2.32",
"version_affected" : "<"
},
{
"version_value" : "6.0.10",
"version_affected" : "<"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_value": "5.2.32",
"version_affected": "<"
},
{
"version_value": "6.0.10",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2878.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2878"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sun ZFS Storage Appliance Kit (AK) Software",
"version" : {
"version_data" : [
{
"version_value" : "8.8.3",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sun ZFS Storage Appliance Kit (AK) Software",
"version": {
"version_data": [
{
"version_value": "8.8.3",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is 8.8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is 8.8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

109
2019/2xxx/CVE-2019-2879.json
View File

@ -1,60 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2019-2879"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "8.0.16 and prior",
"version_affected" : "="
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
{
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "8.0.16 and prior",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
]
},
"problemtype": {
"problemtype_data": [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
]
},
"references": {
"reference_data": [
{
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
]
}
}

128
2019/3xxx/CVE-2019-3822.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2019-3822",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3822",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"curl",
"version":{
"version_data":[
"product_name": "curl",
"version": {
"version_data": [
{
"version_value":"7.64.0"
"version_value": "7.64.0"
}
]
}
}
]
},
"vendor_name":"The curl Project"
"vendor_name": "The curl Project"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header."
"lang": "eng",
"value": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header."
}
]
},
"impact":{
"cvss":[
"impact": {
"cvss": [
[
{
"vectorString":"7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version":"3.0"
"vectorString": "7.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-121"
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"GLSA-201903-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201903-03"
"name": "GLSA-201903-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822"
},
{
"name":"DSA-4386",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2019/dsa-4386"
"name": "DSA-4386",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name":"https://curl.haxx.se/docs/CVE-2019-3822.html",
"refsource":"MISC",
"url":"https://curl.haxx.se/docs/CVE-2019-3822.html"
"name": "https://curl.haxx.se/docs/CVE-2019-3822.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2019-3822.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190315-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name":"USN-3882-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3882-1/"
"name": "USN-3882-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"name":"106950",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106950"
"name": "106950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106950"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource":"CONFIRM",
"name":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190719-0004/",
"url": "https://security.netapp.com/advisory/ntap-20190719-0004/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

123
2019/3xxx/CVE-2019-3823.json
View File

@ -1,115 +1,116 @@
{
"CVE_data_meta":{
"ASSIGNER":"secalert@redhat.com",
"ID":"CVE-2019-3823",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3823",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"curl",
"version":{
"version_data":[
"product_name": "curl",
"version": {
"version_data": [
{
"version_value":"7.64.0"
"version_value": "7.64.0"
}
]
}
}
]
},
"vendor_name":"The curl Project"
"vendor_name": "The curl Project"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller."
"lang": "eng",
"value": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller."
}
]
},
"impact":{
"cvss":[
"impact": {
"cvss": [
[
{
"vectorString":"4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version":"3.0"
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"CWE-125"
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"GLSA-201903-03",
"refsource":"GENTOO",
"url":"https://security.gentoo.org/glsa/201903-03"
"name": "GLSA-201903-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"name":"DSA-4386",
"refsource":"DEBIAN",
"url":"https://www.debian.org/security/2019/dsa-4386"
"name": "DSA-4386",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823",
"refsource":"CONFIRM",
"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823"
},
{
"name":"https://curl.haxx.se/docs/CVE-2019-3823.html",
"refsource":"MISC",
"url":"https://curl.haxx.se/docs/CVE-2019-3823.html"
"name": "https://curl.haxx.se/docs/CVE-2019-3823.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2019-3823.html"
},
{
"name":"https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource":"CONFIRM",
"url":"https://security.netapp.com/advisory/ntap-20190315-0001/"
"name": "https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name":"USN-3882-1",
"refsource":"UBUNTU",
"url":"https://usn.ubuntu.com/3882-1/"
"name": "USN-3882-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"name":"106950",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/106950"
"name": "106950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106950"
},
{
"refsource":"MLIST",
"name":"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url":"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
"refsource": "MLIST",
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource":"MISC",
"name":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}

91
2019/5xxx/CVE-2019-5597.json
View File

@ -1,26 +1,25 @@
{
"data_type":"CVE",
"data_format":"MITRE",
"data_version":"4.0",
"CVE_data_meta":{
"ID":"CVE-2019-5597",
"ASSIGNER":"secteam@freebsd.org",
"STATE":"PUBLIC"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5597",
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name":"n/a",
"product":{
"product_data":[
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name":"FreeBSD",
"version":{
"version_data":[
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value":"FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"
"version_value": "FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"
}
]
}
@ -31,55 +30,57 @@
]
}
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Improper Check for Unusual or Exceptional Conditions"
"lang": "eng",
"value": "Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"refsource":"MISC",
"name":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc"
"refsource": "MISC",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:05.pf.asc"
},
{
"refsource":"MISC",
"name":"https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf",
"url":"https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf"
"refsource": "MISC",
"name": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf",
"url": "https://www.synacktiv.com/ressources/Synacktiv_OpenBSD_PacketFilter_CVE-2019-5597_ipv6_frag.pdf"
},
{
"refsource":"MISC",
"name":"http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html",
"url":"http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html"
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html",
"url": "http://packetstormsecurity.com/files/152933/FreeBSD-Security-Advisory-FreeBSD-SA-19-05.pf.html"
},
{
"refsource":"BID",
"name":"108395",
"url":"http://www.securityfocus.com/bid/108395"
"refsource": "BID",
"name": "108395",
"url": "http://www.securityfocus.com/bid/108395"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190611-0001/",
"url":"https://security.netapp.com/advisory/ntap-20190611-0001/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190611-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190611-0001/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
},
"description":{
"description_data":[
"description": {
"description_data": [
{
"lang":"eng",
"value":"In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter."
"lang": "eng",
"value": "In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter."
}
]
}

91
2019/5xxx/CVE-2019-5598.json
View File

@ -1,26 +1,25 @@
{
"data_type":"CVE",
"data_format":"MITRE",
"data_version":"4.0",
"CVE_data_meta":{
"ID":"CVE-2019-5598",
"ASSIGNER":"secteam@freebsd.org",
"STATE":"PUBLIC"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-5598",
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name":"n/a",
"product":{
"product_data":[
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name":"FreeBSD",
"version":{
"version_data":[
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value":"FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"
"version_value": "FreeBSD 11.2 before 11.2-RELEASE-p10 and 12.0 before 12.0-RELEASE-p4"
}
]
}
@ -31,55 +30,57 @@
]
}
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"Improper Check for Unusual or Exceptional Conditions"
"lang": "eng",
"value": "Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"refsource":"MISC",
"name":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc",
"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc"
"refsource": "MISC",
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:06.pf.asc"
},
{
"refsource":"MISC",
"name":"https://www.synacktiv.com/posts/systems/icmp-reachable.html",
"url":"https://www.synacktiv.com/posts/systems/icmp-reachable.html"
"refsource": "MISC",
"name": "https://www.synacktiv.com/posts/systems/icmp-reachable.html",
"url": "https://www.synacktiv.com/posts/systems/icmp-reachable.html"
},
{
"refsource":"MISC",
"name":"http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html",
"url":"http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html"
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html",
"url": "http://packetstormsecurity.com/files/152934/FreeBSD-Security-Advisory-FreeBSD-SA-19-06.pf.html"
},
{
"refsource":"BID",
"name":"108395",
"url":"http://www.securityfocus.com/bid/108395"
"refsource": "BID",
"name": "108395",
"url": "http://www.securityfocus.com/bid/108395"
},
{
"refsource":"CONFIRM",
"name":"https://security.netapp.com/advisory/ntap-20190611-0001/",
"url":"https://security.netapp.com/advisory/ntap-20190611-0001/"
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190611-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190611-0001/"
},
{
"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
},
"description":{
"description_data":[
"description": {
"description_data": [
{
"lang":"eng",
"value":"In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable."
"lang": "eng",
"value": "In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable."
}
]
}

211
2019/7xxx/CVE-2019-7317.json
View File

@ -1,183 +1,187 @@
{
"CVE_data_meta":{
"ASSIGNER":"cve@mitre.org",
"ID":"CVE-2019-7317",
"STATE":"PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7317",
"STATE": "PUBLIC"
},
"affects":{
"vendor":{
"vendor_data":[
"affects": {
"vendor": {
"vendor_data": [
{
"product":{
"product_data":[
"product": {
"product_data": [
{
"product_name":"n/a",
"version":{
"version_data":[
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value":"n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name":"n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang":"eng",
"value":"png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute."
"lang": "eng",
"value": "png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute."
}
]
},
"problemtype":{
"problemtype_data":[
"problemtype": {
"problemtype_data": [
{
"description":[
"description": [
{
"lang":"eng",
"value":"n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references":{
"reference_data":[
"references": {
"reference_data": [
{
"name":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803",
"refsource":"MISC",
"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"name":"https://github.com/glennrp/libpng/issues/275",
"refsource":"MISC",
"url":"https://github.com/glennrp/libpng/issues/275"
"name": "https://github.com/glennrp/libpng/issues/275",
"refsource": "MISC",
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"refsource":"BUGTRAQ",
"name":"20190417 [slackware-security] libpng (SSA:2019-107-01)",
"url":"https://seclists.org/bugtraq/2019/Apr/30"
"refsource": "BUGTRAQ",
"name": "20190417 [slackware-security] libpng (SSA:2019-107-01)",
"url": "https://seclists.org/bugtraq/2019/Apr/30"
},
{
"refsource":"MISC",
"name":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html",
"url":"http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html",
"url": "http://packetstormsecurity.com/files/152561/Slackware-Security-Advisory-libpng-Updates.html"
},
{
"refsource":"DEBIAN",
"name":"DSA-4435",
"url":"https://www.debian.org/security/2019/dsa-4435"
"refsource": "DEBIAN",
"name": "DSA-4435",
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"refsource":"BUGTRAQ",
"name":"20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"url":"https://seclists.org/bugtraq/2019/Apr/36"
"refsource": "BUGTRAQ",
"name": "20190429 [SECURITY] [DSA 4435-1] libpng1.6 security update",
"url": "https://seclists.org/bugtraq/2019/Apr/36"
},
{
"refsource":"UBUNTU",
"name":"USN-3962-1",
"url":"https://usn.ubuntu.com/3962-1/"
"refsource": "UBUNTU",
"name": "USN-3962-1",
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"refsource":"UBUNTU",
"name":"USN-3991-1",
"url":"https://usn.ubuntu.com/3991-1/"
"refsource": "UBUNTU",
"name": "USN-3991-1",
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"refsource":"BUGTRAQ",
"name":"20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"url":"https://seclists.org/bugtraq/2019/May/56"
"refsource": "BUGTRAQ",
"name": "20190522 [slackware-security] mozilla-firefox (SSA:2019-141-01)",
"url": "https://seclists.org/bugtraq/2019/May/56"
},
{
"refsource":"BUGTRAQ",
"name":"20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"url":"https://seclists.org/bugtraq/2019/May/59"
"refsource": "BUGTRAQ",
"name": "20190523 [SECURITY] [DSA 4448-1] firefox-esr security update",
"url": "https://seclists.org/bugtraq/2019/May/59"
},
{
"refsource":"DEBIAN",
"name":"DSA-4448",
"url":"https://www.debian.org/security/2019/dsa-4448"
"refsource": "DEBIAN",
"name": "DSA-4448",
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"refsource":"MLIST",
"name":"[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190523 [SECURITY] [DLA 1800-1] firefox-esr security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1265",
"url":"https://access.redhat.com/errata/RHSA-2019:1265"
"refsource": "REDHAT",
"name": "RHSA-2019:1265",
"url": "https://access.redhat.com/errata/RHSA-2019:1265"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1267",
"url":"https://access.redhat.com/errata/RHSA-2019:1267"
"refsource": "REDHAT",
"name": "RHSA-2019:1267",
"url": "https://access.redhat.com/errata/RHSA-2019:1267"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1269",
"url":"https://access.redhat.com/errata/RHSA-2019:1269"
"refsource": "REDHAT",
"name": "RHSA-2019:1269",
"url": "https://access.redhat.com/errata/RHSA-2019:1269"
},
{
"refsource":"DEBIAN",
"name":"DSA-4451",
"url":"https://www.debian.org/security/2019/dsa-4451"
"refsource": "DEBIAN",
"name": "DSA-4451",
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"refsource":"BUGTRAQ",
"name":"20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"url":"https://seclists.org/bugtraq/2019/May/67"
"refsource": "BUGTRAQ",
"name": "20190527 [SECURITY] [DSA 4451-1] thunderbird security update",
"url": "https://seclists.org/bugtraq/2019/May/67"
},
{
"refsource":"MLIST",
"name":"[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"url":"https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190527 [SECURITY] [DLA 1806-1] thunderbird security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"refsource":"UBUNTU",
"name":"USN-3997-1",
"url":"https://usn.ubuntu.com/3997-1/"
"refsource": "UBUNTU",
"name": "USN-3997-1",
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1484",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1484",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1310",
"url":"https://access.redhat.com/errata/RHSA-2019:1310"
"refsource": "REDHAT",
"name": "RHSA-2019:1310",
"url": "https://access.redhat.com/errata/RHSA-2019:1310"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1308",
"url":"https://access.redhat.com/errata/RHSA-2019:1308"
"refsource": "REDHAT",
"name": "RHSA-2019:1308",
"url": "https://access.redhat.com/errata/RHSA-2019:1308"
},
{
"refsource":"REDHAT",
"name":"RHSA-2019:1309",
"url":"https://access.redhat.com/errata/RHSA-2019:1309"
"refsource": "REDHAT",
"name": "RHSA-2019:1309",
"url": "https://access.redhat.com/errata/RHSA-2019:1309"
},
{
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1534",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1534",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1664",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"refsource": "BID",
"name": "108098",
@ -187,10 +191,7 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190719-0005/",
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
]
}
}
}