Skip to content

Commit

Permalink
Bill Situ <[email protected]>
Browse files Browse the repository at this point in the history 
Oracle Critical Patch Update - January 2020

This update contains updated third party CVEs

 On branch cna/Oracle/CPU2020Jan3rdPartyCVEs
 Changes to be committed:
	modified:   2014/3xxx/CVE-2014-3004.json
	modified:   2014/3xxx/CVE-2014-3596.json
	modified:   2015/9xxx/CVE-2015-9251.json
	modified:   2016/0xxx/CVE-2016-0701.json
	modified:   2016/1000xxx/CVE-2016-1000031.json
	modified:   2016/1xxx/CVE-2016-1181.json
	modified:   2016/1xxx/CVE-2016-1182.json
	modified:   2016/2xxx/CVE-2016-2183.json
	modified:   2016/4xxx/CVE-2016-4000.json
	modified:   2016/5xxx/CVE-2016-5019.json
	modified:   2016/6xxx/CVE-2016-6306.json
	modified:   2016/6xxx/CVE-2016-6814.json
	modified:   2016/8xxx/CVE-2016-8610.json
	modified:   2017/1000xxx/CVE-2017-1000376.json
	modified:   2017/12xxx/CVE-2017-12626.json
	modified:   2017/14xxx/CVE-2017-14735.json
	modified:   2017/15xxx/CVE-2017-15708.json
	modified:   2017/15xxx/CVE-2017-15906.json
	modified:   2017/5xxx/CVE-2017-5645.json
	modified:   2018/0xxx/CVE-2018-0734.json
	modified:   2018/0xxx/CVE-2018-0735.json
	modified:   2018/1000xxx/CVE-2018-1000030.json
	modified:   2018/11xxx/CVE-2018-11039.json
	modified:   2018/11xxx/CVE-2018-11040.json
	modified:   2018/11xxx/CVE-2018-11054.json
	modified:   2018/11xxx/CVE-2018-11055.json
	modified:   2018/11xxx/CVE-2018-11056.json
	modified:   2018/11xxx/CVE-2018-11057.json
	modified:   2018/11xxx/CVE-2018-11058.json
	modified:   2018/11xxx/CVE-2018-11307.json
	modified:   2018/11xxx/CVE-2018-11759.json
	modified:   2018/11xxx/CVE-2018-11784.json
	modified:   2018/14xxx/CVE-2018-14718.json
	modified:   2018/15xxx/CVE-2018-15473.json
	modified:   2018/15xxx/CVE-2018-15756.json
	modified:   2018/15xxx/CVE-2018-15769.json
	modified:   2018/16xxx/CVE-2018-16395.json
	modified:   2018/17xxx/CVE-2018-17189.json
	modified:   2018/19xxx/CVE-2018-19362.json
	modified:   2018/1xxx/CVE-2018-1060.json
	modified:   2018/1xxx/CVE-2018-1257.json
	modified:   2018/1xxx/CVE-2018-1258.json
	modified:   2018/20xxx/CVE-2018-20684.json
	modified:   2018/5xxx/CVE-2018-5407.json
	modified:   2018/6xxx/CVE-2018-6829.json
	modified:   2018/8xxx/CVE-2018-8032.json
	modified:   2018/8xxx/CVE-2018-8039.json
	modified:   2019/0xxx/CVE-2019-0199.json
	modified:   2019/0xxx/CVE-2019-0215.json
	modified:   2019/0xxx/CVE-2019-0221.json
	modified:   2019/0xxx/CVE-2019-0227.json
	modified:   2019/0xxx/CVE-2019-0232.json
	modified:   2019/10xxx/CVE-2019-10072.json
	modified:   2019/10xxx/CVE-2019-10086.json
	modified:   2019/10xxx/CVE-2019-10088.json
	modified:   2019/10xxx/CVE-2019-10092.json
	modified:   2019/10xxx/CVE-2019-10093.json
	modified:   2019/10xxx/CVE-2019-10094.json
	modified:   2019/10xxx/CVE-2019-10098.json
	modified:   2019/10xxx/CVE-2019-10246.json
	modified:   2019/10xxx/CVE-2019-10247.json
	modified:   2019/11xxx/CVE-2019-11358.json
	modified:   2019/11xxx/CVE-2019-11477.json
	modified:   2019/11xxx/CVE-2019-11478.json
	modified:   2019/11xxx/CVE-2019-11479.json
	modified:   2019/12xxx/CVE-2019-12086.json
	modified:   2019/12xxx/CVE-2019-12384.json
	modified:   2019/12xxx/CVE-2019-12406.json
	modified:   2019/12xxx/CVE-2019-12415.json
	modified:   2019/12xxx/CVE-2019-12419.json
	modified:   2019/12xxx/CVE-2019-12814.json
	modified:   2019/13xxx/CVE-2019-13117.json
	modified:   2019/13xxx/CVE-2019-13118.json
	modified:   2019/14xxx/CVE-2019-14379.json
	modified:   2019/14xxx/CVE-2019-14439.json
	modified:   2019/14xxx/CVE-2019-14540.json
	modified:   2019/15xxx/CVE-2019-15845.json
	modified:   2019/16xxx/CVE-2019-16168.json
	modified:   2019/16xxx/CVE-2019-16201.json
	modified:   2019/16xxx/CVE-2019-16254.json
	modified:   2019/16xxx/CVE-2019-16255.json
	modified:   2019/16xxx/CVE-2019-16335.json
	modified:   2019/16xxx/CVE-2019-16775.json
	modified:   2019/16xxx/CVE-2019-16776.json
	modified:   2019/16xxx/CVE-2019-16777.json
	modified:   2019/16xxx/CVE-2019-16942.json
	modified:   2019/16xxx/CVE-2019-16943.json
	modified:   2019/17xxx/CVE-2019-17091.json
	modified:   2019/17xxx/CVE-2019-17267.json
	modified:   2019/17xxx/CVE-2019-17359.json
	modified:   2019/17xxx/CVE-2019-17531.json
	modified:   2019/1xxx/CVE-2019-1547.json
	modified:   2019/1xxx/CVE-2019-1549.json
	modified:   2019/1xxx/CVE-2019-1552.json
	modified:   2019/1xxx/CVE-2019-1559.json
	modified:   2019/1xxx/CVE-2019-1563.json
	modified:   2019/2xxx/CVE-2019-2904.json
	modified:   2019/3xxx/CVE-2019-3862.json
	modified:   2019/5xxx/CVE-2019-5481.json
	modified:   2019/5xxx/CVE-2019-5482.json
	modified:   2019/5xxx/CVE-2019-5718.json
	modified:   2019/8xxx/CVE-2019-8457.json
	modified:   2019/9xxx/CVE-2019-9208.json
	modified:   2019/9xxx/CVE-2019-9636.json
	modified:   2019/9xxx/CVE-2019-9936.json
	modified:   2019/9xxx/CVE-2019-9937.json
  • Loading branch information
@bsitu
bsitu committed Jan 14, 2020
1 parent ee0f461 commit cfaacf2
Show file tree
Hide file tree
Showing 106 changed files with 8,752 additions and 8,328 deletions.
96 changes: 50 additions & 46 deletions 2014/3xxx/CVE-2014-3004.json
View file
Original file line number Diff line number Diff line change
@@ -1,86 +1,90 @@

{
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2014-3004",
"STATE": "PUBLIC"
"CVE_data_meta":{
"ASSIGNER":"[email protected]",
"ID":"CVE-2014-3004",
"STATE":"PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects":{
"vendor":{
"vendor_data":[
{
"product": {
"product_data": [
"product":{
"product_data":[
{
"product_name": "n/a",
"version": {
"version_data": [
"product_name":"n/a",
"version":{
"version_data":[
{
"version_value": "n/a"
"version_value":"n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
"vendor_name":"n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
{
"lang": "eng",
"value": "The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document."
"lang":"eng",
"value":"The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype":{
"problemtype_data":[
{
"description": [
"description":[
{
"lang": "eng",
"value": "n/a"
"lang":"eng",
"value":"n/a"
}
]
}
]
},
"references": {
"reference_data": [
"references":{
"reference_data":[
{
"name": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html"
"name":"http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html",
"refsource":"MISC",
"url":"http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html"
},
{
"name": "openSUSE-SU-2014:0822",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html"
"name":"openSUSE-SU-2014:0822",
"refsource":"SUSE",
"url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00043.html"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811",
"refsource": "MISC",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811"
"name":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811",
"refsource":"MISC",
"url":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvm56811"
},
{
"name": "20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/142"
"name":"20140527 CVE-2014-3004 - Castor Library Default Config could lead to XML External Entity (XXE) Attacks",
"refsource":"FULLDISC",
"url":"http://seclists.org/fulldisclosure/2014/May/142"
},
{
"name": "59427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59427"
"name":"59427",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/59427"
},
{
"name": "67676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67676"
"name":"67676",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/67676"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
Expand Down
152 changes: 78 additions & 74 deletions 2014/3xxx/CVE-2014-3596.json
View file
Original file line number Diff line number Diff line change
@@ -1,131 +1,135 @@

{
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2014-3596",
"STATE": "PUBLIC"
"CVE_data_meta":{
"ASSIGNER":"[email protected]",
"ID":"CVE-2014-3596",
"STATE":"PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects":{
"vendor":{
"vendor_data":[
{
"product": {
"product_data": [
"product":{
"product_data":[
{
"product_name": "n/a",
"version": {
"version_data": [
"product_name":"n/a",
"version":{
"version_data":[
{
"version_value": "n/a"
"version_value":"n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
"vendor_name":"n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784."
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
{
"lang":"eng",
"value":"The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype":{
"problemtype_data":[
{
"description": [
"description":[
{
"lang": "eng",
"value": "n/a"
"lang":"eng",
"value":"n/a"
}
]
}
]
},
"references": {
"reference_data": [
"references":{
"reference_data":[
{
"name": "[oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/20/2"
"name":"[oss-security] 20140820 CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack",
"refsource":"MLIST",
"url":"http://www.openwall.com/lists/oss-security/2014/08/20/2"
},
{
"name": "https://issues.apache.org/jira/browse/AXIS-2905",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/AXIS-2905"
"name":"https://issues.apache.org/jira/browse/AXIS-2905",
"refsource":"MISC",
"url":"https://issues.apache.org/jira/browse/AXIS-2905"
},
{
"name": "apache-axis-cve20143596-spoofing(95377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95377"
"name":"apache-axis-cve20143596-spoofing(95377)",
"refsource":"XF",
"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/95377"
},
{
"name": "1030745",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030745"
"name":"1030745",
"refsource":"SECTRACK",
"url":"http://www.securitytracker.com/id/1030745"
},
{
"name": "61222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61222"
"name":"61222",
"refsource":"SECUNIA",
"url":"http://secunia.com/advisories/61222"
},
{
"name": "RHSA-2014:1193",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1193.html"
"name":"RHSA-2014:1193",
"refsource":"REDHAT",
"url":"http://rhn.redhat.com/errata/RHSA-2014-1193.html"
},
{
"name": "69295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69295"
"name":"69295",
"refsource":"BID",
"url":"http://www.securityfocus.com/bid/69295"
},
{
"name": "http://linux.oracle.com/errata/ELSA-2014-1193.html",
"refsource": "CONFIRM",
"url": "http://linux.oracle.com/errata/ELSA-2014-1193.html"
"name":"http://linux.oracle.com/errata/ELSA-2014-1193.html",
"refsource":"CONFIRM",
"url":"http://linux.oracle.com/errata/ELSA-2014-1193.html"
},
{
"refsource": "MLIST",
"name": "[axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url": "https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E"
"refsource":"MLIST",
"name":"[axis-java-dev] 20190503 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url":"https://lists.apache.org/thread.html/44d4e88a5fa8ae60deb752029afe9054da87c5f859caf296fcf585e5@%3Cjava-dev.axis.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url": "https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E"
"refsource":"MLIST",
"name":"[axis-java-dev] 20190503 [jira] [Comment Edited] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url":"https://lists.apache.org/thread.html/de2af12dcaba653d02b03235327ca4aa930401813a3cced8e151d29c@%3Cjava-dev.axis.apache.org%3E"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1497",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html"
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1497",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1526",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html"
"refsource":"SUSE",
"name":"openSUSE-SU-2019:1526",
"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html"
},
{
"refsource": "MLIST",
"name": "[axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url": "https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E"
"refsource":"MLIST",
"name":"[axis-java-dev] 20190907 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url":"https://lists.apache.org/thread.html/8aa25c99eeb0693fc229ec87d1423b5ed5d58558618706d8aba1d832@%3Cjava-dev.axis.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url": "https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E"
"refsource":"MLIST",
"name":"[axis-java-dev] 20190909 [jira] [Resolved] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url":"https://lists.apache.org/thread.html/a308887782e05da7cf692e4851ae2bd429a038570cbf594e6631cc8d@%3Cjava-dev.axis.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url": "https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E"
"refsource":"MLIST",
"name":"[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596",
"url":"https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E"
},
{
"url":"https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
Expand Down
Loading

0 comments on commit cfaacf2

Please sign in to comment.