-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Weston Steimel <[email protected]>
- Loading branch information
1 parent
27be10c
commit 2da191c
Showing
3 changed files
with
153 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "mitre", | ||
| "cveId": "CVE-2007-2728", | ||
| "description": "The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.", | ||
| "reason": "Added affected version ranges", | ||
| "references": [ | ||
| "http://blog.php-security.org/archives/80-Watching-the-PHP-CVS.html", | ||
| "http://osvdb.org/36086", | ||
| "http://secunia.com/advisories/25306", | ||
| "http://secunia.com/advisories/26102", | ||
| "http://secunia.com/advisories/26895", | ||
| "http://www.mandriva.com/security/advisories?name=MDKSA-2007:187", | ||
| "http://www.novell.com/linux/security/advisories/2007_15_sr.html", | ||
| "http://www.ubuntu.com/usn/usn-485-1", | ||
| "http://www.vupen.com/english/advisories/2007/1839" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "php", | ||
| "vendor": "php", | ||
| "versions": [ | ||
| { | ||
| "lessThan": "5.2.0", | ||
| "status": "affected", | ||
| "version": "5", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://security-tracker.debian.org/tracker/CVE-2007-2728" | ||
| } | ||
| ] | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "mitre", | ||
| "cveId": "CVE-2007-3205", | ||
| "description": "The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.", | ||
| "disputed": true, | ||
| "reason": "This record is disputed", | ||
| "references": [ | ||
| "http://osvdb.org/39834", | ||
| "http://securityreason.com/securityalert/2800", | ||
| "http://www.acid-root.new.fr/advisories/14070612.txt", | ||
| "http://www.securityfocus.com/archive/1/471178/100/0/threaded", | ||
| "http://www.securityfocus.com/archive/1/471204/100/0/threaded", | ||
| "http://www.securityfocus.com/archive/1/471275/100/0/threaded", | ||
| "https://exchange.xforce.ibmcloud.com/vulnerabilities/34836" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:hardened-php_project:hardened-php:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "hardened php", | ||
| "vendor": "hardened php", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "*", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:hardened-php_project:subhosin:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "subhosin", | ||
| "vendor": "hardened php", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "*", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "php", | ||
| "vendor": "php", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "*", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| { | ||
| "additionalMetadata": { | ||
| "cna": "mitre", | ||
| "cveId": "CVE-2007-4596", | ||
| "description": "The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.", | ||
| "disputed": true, | ||
| "reason": "This record is disputed", | ||
| "references": [ | ||
| "https://www.exploit-db.com/exploits/4314" | ||
| ] | ||
| }, | ||
| "adp": { | ||
| "affected": [ | ||
| { | ||
| "cpes": [ | ||
| "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" | ||
| ], | ||
| "product": "php", | ||
| "vendor": "php", | ||
| "versions": [ | ||
| { | ||
| "lessThanOrEqual": "*", | ||
| "status": "affected", | ||
| "version": "0", | ||
| "versionType": "custom" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "providerMetadata": { | ||
| "orgId": "00000000-0000-4000-8000-000000000000", | ||
| "shortName": "anchoreadp" | ||
| } | ||
| } | ||
| } |