Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by Adobe Inc.
JVNDB-2019-000009
Vulnerability from jvndb - Published: 2019-02-18 15:16 - Updated:2019-10-01 10:15
Severity
Summary
Installer of Adobe Creative Cloud Desktop Application may insecurely load Dynamic Link Libraries
Details
Installer of Creative Cloud Desktop Application provided by Adobe contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Tomohisa Hasegawa of Canon Marketing Japan Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000009.html",
"dc:date": "2019-10-01T10:15+09:00",
"dcterms:issued": "2019-02-18T15:16+09:00",
"dcterms:modified": "2019-10-01T10:15+09:00",
"description": "Installer of Creative Cloud Desktop Application provided by Adobe contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nTomohisa Hasegawa of Canon Marketing Japan Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000009.html",
"sec:cpe": {
"#text": "cpe:/a:adobe:creative_cloud",
"@product": "Creative Cloud",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000009",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN50810870/index.html",
"@id": "JVN#50810870",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7093",
"@id": "CVE-2019-7093",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-7093",
"@id": "CVE-2019-7093",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Adobe Creative Cloud Desktop Application may insecurely load Dynamic Link Libraries"
}
JVNDB-2015-005234
Vulnerability from jvndb - Published: 2015-12-17 15:19 - Updated:2015-12-17 15:19
Severity
Summary
Adobe Flash Player issue where iframe contents may be overwritten
Details
Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten.
Tokuji Akamine reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-005234.html",
"dc:date": "2015-12-17T15:19+09:00",
"dcterms:issued": "2015-12-17T15:19+09:00",
"dcterms:modified": "2015-12-17T15:19+09:00",
"description": "Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten.\r\n\r\nTokuji Akamine reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-005234.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:adobe_air",
"@product": "Adobe AIR",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:adobe_air_sdk",
"@product": "Adobe AIR SDK",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:adobe_air_sdk_and_compiler",
"@product": "Adobe AIR SDK \u0026 Compiler",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:flash_player",
"@product": "Adobe Flash Player",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:google:chrome",
"@product": "Google Chrome",
"@vendor": "Google",
"@version": "2.2"
},
{
"#text": "cpe:/a:microsoft:edge",
"@product": "Microsoft Edge",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:microsoft:internet_explorer",
"@product": "Microsoft Internet Explorer",
"@vendor": "Microsoft Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2015-005234",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN22533124/index.html",
"@id": "JVN#22533124",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7628",
"@id": "CVE-2015-7628",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7628",
"@id": "CVE-2015-7628",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20151014-adobeflashplayer.html",
"@id": "Security Alert for Vulnerability in Adobe Flash Player (APSB15-25)(CVE-2015-7628 and others) ",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.jpcert.or.jp/english/at/2015/at150036.html",
"@id": "JPCERT-AT-2015-0036",
"@source": "JPCERT-WR"
},
{
"#text": "https://www.npa.go.jp/cyberpolice/topics/?seq=17024",
"@id": "For Adobe Flash Player security fix (2015/10/14)",
"@source": "AT-POLICE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Adobe Flash Player issue where iframe contents may be overwritten"
}
JVNDB-2014-000105
Vulnerability from jvndb - Published: 2014-09-12 14:00 - Updated:2014-09-29 11:42Summary
Help Page in multiple Adobe products vulnerable to cross-site scripting
Details
The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000105.html",
"dc:date": "2014-09-29T11:42+09:00",
"dcterms:issued": "2014-09-12T14:00+09:00",
"dcterms:modified": "2014-09-29T11:42+09:00",
"description": "The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability.\r\n\r\nYuji Tounai of bogus.jp reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000105.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:acrobat",
"@product": "Adobe Acrobat",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000105",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84376800/index.html",
"@id": "JVN#84376800",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5315",
"@id": "CVE-2014-5315",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5315",
"@id": "CVE-2014-5315",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Help Page in multiple Adobe products vulnerable to cross-site scripting"
}
JVNDB-2013-000051
Vulnerability from jvndb - Published: 2013-05-31 15:44 - Updated:2013-05-31 15:44Summary
Adobe Reader X vulnerable to sandbox bypass
Details
Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed.
Yuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000051.html",
"dc:date": "2013-05-31T15:44+09:00",
"dcterms:issued": "2013-05-31T15:44+09:00",
"dcterms:modified": "2013-05-31T15:44+09:00",
"description": "Adobe Reader X contains a vulnerability which may allow the sandbox to be bypassed.\r\n\r\nYuji Ukai of Fourteenforty Research Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000051.html",
"sec:cpe": {
"#text": "cpe:/a:adobe:acrobat_reader",
"@product": "Adobe Reader",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000051",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN24560784/index.html",
"@id": "JVN#24560784",
"@source": "JVN"
},
{
"#text": "http://www.fourteenforty.jp/cgi-bin/advisory/advisory.cgi?type=release\u0026id=FFRRA-20130603",
"@id": "FFRRA-20130603",
"@source": "Related document"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Adobe Reader X vulnerable to sandbox bypass"
}
JVNDB-2012-000079
Vulnerability from jvndb - Published: 2012-08-30 13:57 - Updated:2014-05-23 18:34Summary
Adobe Reader fails to properly handle signatures
Details
Adobe Reader fails to properly handle RSA signatures.
Adobe Reader contains an issue where it may fail to properly verify RSA signatures.
Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000079.html",
"dc:date": "2014-05-23T18:34+09:00",
"dcterms:issued": "2012-08-30T13:57+09:00",
"dcterms:modified": "2014-05-23T18:34+09:00",
"description": "Adobe Reader fails to properly handle RSA signatures.\r\n\r\nAdobe Reader contains an issue where it may fail to properly verify RSA signatures.\r\n\r\nMasahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000079.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:acrobat_reader",
"@product": "Adobe Reader",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"@product": "Cosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
"@product": "Cosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"@product": "Cosminexus Application Server Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"@product": "Cosminexus Developer Light Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"@product": "Cosminexus Developer Professional Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"@product": "Cosminexus Developer Standard Version 6",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
"@product": "Cosminexus Developer Version 5",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
"@product": "Cosminexus Server - Enterprise Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
"@product": "Cosminexus Server - Standard Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
"@product": "Cosminexus Server - Standard Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
"@product": "Cosminexus Server - Web Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
"@product": "Cosminexus Server - Web Edition Version 4",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_light",
"@product": "uCosminexus Developer Light",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000079",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51615542/index.html",
"@id": "JVN#51615542",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339",
"@id": "CVE-2006-4339",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4339",
"@id": "CVE-2006-4339",
"@source": "NVD"
},
{
"#text": "http://www.kb.cert.org/vuls/id/845620",
"@id": "US-CERT Vulnerability Note VU#845620",
"@source": "CERT-VN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-255",
"@title": "Credentials Management(CWE-255)"
}
],
"title": "Adobe Reader fails to properly handle signatures"
}
JVNDB-2012-000046
Vulnerability from jvndb - Published: 2012-06-11 15:05 - Updated:2012-06-13 16:39Summary
Flash Player issue in implementations of the Same Origin Policy
Details
Flash Player contains an issue in implementations of the Same Origin Policy.
SoundMixer.computeSpectrum() method, included in Flash Player, contains an issue in implementations of the Same Origin Policy.
Mitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000046.html",
"dc:date": "2012-06-13T16:39+09:00",
"dcterms:issued": "2012-06-11T15:05+09:00",
"dcterms:modified": "2012-06-13T16:39+09:00",
"description": "Flash Player contains an issue in implementations of the Same Origin Policy.\r\n\r\nSoundMixer.computeSpectrum() method, included in Flash Player, contains an issue in implementations of the Same Origin Policy.\r\n\r\nMitsuaki Shiraishi of Symantec Japan, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000046.html",
"sec:cpe": {
"#text": "cpe:/a:adobe:flash_player",
"@product": "Adobe Flash Player",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000046",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN38163638/index.html",
"@id": "JVN#38163638",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2038",
"@id": "CVE-2012-2038",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2038",
"@id": "CVE-2012-2038",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Flash Player issue in implementations of the Same Origin Policy"
}
JVNDB-2010-000054
Vulnerability from jvndb - Published: 2010-11-09 19:59 - Updated:2011-02-01 16:22Summary
Flash Player access restriction bypass vulnerability
Details
Flash Player contains an access restriction bypass vulnerability.
When Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file.
Flash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000054.html",
"dc:date": "2011-02-01T16:22+09:00",
"dcterms:issued": "2010-11-09T19:59+09:00",
"dcterms:modified": "2011-02-01T16:22+09:00",
"description": "Flash Player contains an access restriction bypass vulnerability.\r\n\r\nWhen Flash Player references a different website than the site where Flash contents are hosted, the referenced site must be allowed access by the cross-domain policy file.\r\n\r\nFlash Player contains a vulnerability where access restrictions set by the cross-domain policy file may be bypassed.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000054.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:flash_player",
"@product": "Adobe Flash Player",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_server_supplementary",
"@product": "Red Hat Enterprise Linux Server Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_workstation_supplementary",
"@product": "Red Hat Enterprise Linux Workstation Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:oracle:solaris",
"@product": "Oracle Solaris",
"@vendor": "Oracle Corporation",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000054",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48425028/index.html",
"@id": "JVN#48425028",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/cert/JVNVU331391",
"@id": "JVNVU#331391",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3636",
"@id": "CVE-2010-3636",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3636",
"@id": "CVE-2010-3636",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42183",
"@id": "SA42183",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/44691",
"@id": "44691",
"@source": "BID"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/2903",
"@id": "VUPEN/ADV-2010-2903",
"@source": "VUPEN"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/2906",
"@id": "VUPEN/ADV-2010-2906",
"@source": "VUPEN"
},
{
"#text": "http://www.vupen.com/english/advisories/2010/2918",
"@id": "VUPEN/ADV-2010-2918",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Flash Player access restriction bypass vulnerability"
}
JVNDB-2009-000054
Vulnerability from jvndb - Published: 2009-08-19 16:33 - Updated:2009-08-19 16:33Summary
ColdFusion vulnerable to cross-site scripting
Details
ColdFusion provided by Adobe contains a cross-site scripting vulnerability.
ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability.
This vulnerability is different from JVN#28356427 and JVN#48566866.
Project VEX of UBsecure, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000054.html",
"dc:date": "2009-08-19T16:33+09:00",
"dcterms:issued": "2009-08-19T16:33+09:00",
"dcterms:modified": "2009-08-19T16:33+09:00",
"description": "ColdFusion provided by Adobe contains a cross-site scripting vulnerability.\r\n\r\nColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability.\r\n\r\nThis vulnerability is different from JVN#28356427 and JVN#48566866.\r\n\r\nProject VEX of UBsecure, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000054.html",
"sec:cpe": {
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000054",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN21388501/index.html",
"@id": "JVN#21388501",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1875",
"@id": "CVE-2009-1875",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1875",
"@id": "CVE-2009-1875",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "ColdFusion vulnerable to cross-site scripting"
}
JVNDB-2005-000776
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate
Details
The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.
If you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.
This issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.
*1 JPCERT/CC coordinated this issue based on the publicly available information.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000776.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The digital certificate that was used to sign jar files in the Java Cryptography Extension (JCE) 1.2.1 expires on July 28, 2005. JCE 1.2.1 limits program behaviors after the expiration of the digital certificate. As a result, specific methods of JCE 1.2.1 will no longer work properly after the expiration, and problems may occur, such as an application using JCE does not start.\r\n\r\nIf you use JCE in Java application development, please check the version of JCE used. If you use J2SE 1.2.x or J2SE 1.3.x to develop Java applications, JCE 1.2.1 may be included as an optional package.\r\n\r\nThis issue, caused by the expiration of the digital certificate, is not a vulnerability; however, we provide this JVN article to publicize the issue to users.\r\n\r\n*1 JPCERT/CC coordinated this issue based on the publicly available information.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000776.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:jrun",
"@product": "Adobe JRun",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:apc:powerchute",
"@product": "PowerChute",
"@vendor": "Schneider Electric",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_express",
"@product": "BEA WebLogic Express",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_platform",
"@product": "BEA WebLogic Platform",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:bea:weblogic_server",
"@product": "BEA WebLogic Server",
"@vendor": "BEA Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cisco:wan_manager",
"@product": "Cisco WAN Manager (CWM)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cisco:wireless_lan_solution_engine",
"@product": "CiscoWorks Wireless LAN Solution Engine (CWWLSE)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:powerchute",
"@product": "PowerChute",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_web_contents_generator",
"@product": "Cosminexus Web Contents Generator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jce",
"@product": "IBM JCE",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jdk",
"@product": "IBM JDK",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:java_jre",
"@product": "IBM JRE",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:infoteria_asteria_r2_flow_builder",
"@product": "ASTERIA R2 Flow Builder",
"@vendor": "Infoteria Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:misc:infoteria_asteria_r2_server",
"@product": "ASTERIA R2 Server",
"@vendor": "Infoteria Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:esmpro_upsmanager",
"@product": "ESMPRO/UPSManager",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:powerchute",
"@product": "PowerChute",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:j2se",
"@product": "J2SE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jce",
"@product": "JCE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:cisco:hosting_solution_engine",
"@product": "CiscoWorks Host Solution Engine (HSE)",
"@vendor": "Cisco Systems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:fujitsu:primergy",
"@product": "PRIMERGY",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/h:hitachi:ha8000",
"@product": "HA8000 Series",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/h:mcafee:intrushield_security_management_system",
"@product": "McAfee IntruShield",
"@vendor": "McAfee",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000776",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN93926203/index.html",
"@id": "JVN#93926203",
"@source": "JVN"
},
{
"#text": "http://www.jpcert.or.jp/wr/2005/wr052701.txt",
"@id": "JPCERT-WR-2005-2701",
"@source": "JPCERT-WR"
}
],
"title": "Java Cryptography Extension 1.2.1 (JCE 1.2.1) will no longer function properly after July 28, 2005 due to the expiration of its digital certificate"
}
JVNDB-2007-000818
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-06-20 13:34Summary
Flash Player allows to send arbitrary HTTP headers
Details
Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.
Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.
This vulnerability is different from JVN#72595280.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000818.html",
"dc:date": "2008-06-20T13:34+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-06-20T13:34+09:00",
"description": "Adobe Flash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.\r\n\r\nAdobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.\r\nFlash Player contains a vulnerability that could allow a remote attacker to modify HTTP headers of client requests and conduct a HTTP request splitting attack.\r\n\r\nThis vulnerability is different from JVN#72595280.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000818.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:flash_player",
"@product": "Adobe Flash Player",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:opensolaris",
"@product": "OpenSolaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000818",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50876069/index.html",
"@id": "JVN#50876069",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA07-355A/index.html",
"@id": "TRTA07-355A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-100A/",
"@id": "TRTA08-100A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245",
"@id": "CVE-2007-6245",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6245",
"@id": "CVE-2007-6245",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-100A.html",
"@id": "SA08-100A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA07-355A.html",
"@id": "SA07-355A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-100A.html",
"@id": "TA08-100A",
"@source": "CERT-TA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA07-355A.html",
"@id": "TA07-355A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/28161",
"@id": "SA28161",
"@source": "SECUNIA"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/39134",
"@id": "39134",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1019116",
"@id": "1019116",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/4258",
"@id": "FrSIRT/ADV-2007-4258",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Flash Player allows to send arbitrary HTTP headers"
}
JVNDB-2007-000160
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
ColdFusion cross-site scripting vulnerability
Details
ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability.
According to the statements from the developer, this vulnerability does not arise when the "Enable Global Script Protection" setting is turned on.
This vulnerability is different from JVN#48566866.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000160.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability.\r\n\r\nAccording to the statements from the developer, this vulnerability does not arise when the \u0026quot;Enable Global Script Protection\u0026quot; setting is turned on. \r\n\r\nThis vulnerability is different from JVN#48566866.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000160.html",
"sec:cpe": {
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000160",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN28356427/index.html",
"@id": "JVN#28356427",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5859",
"@id": "CVE-2006-5859",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5859",
"@id": "CVE-2006-5859",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24115/",
"@id": "SA24115",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22544",
"@id": "22544",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1017644",
"@id": "1017644",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/0592",
"@id": "FrSIRT/ADV-2007-0592",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "ColdFusion cross-site scripting vulnerability"
}
JVNDB-2007-000507
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Flash Player allows to send arbitrary Referer headers
Details
Flash Player from Adobe contains a vulnerability allowing to send arbitrary Referer headers.
Flash Player from Adobe is a multimedia and application browser plugin for viewing Adobe Flash contents.
Flash Player contains a vulnerability allowing to send arbitrary Referer headers.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000507.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Flash Player from Adobe contains a vulnerability allowing to send arbitrary Referer headers.\r\n\r\nFlash Player from Adobe is a multimedia and application browser plugin for viewing Adobe Flash contents.\r\nFlash Player contains a vulnerability allowing to send arbitrary Referer headers.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000507.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:flash_player",
"@product": "Adobe Flash Player",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000507",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA07-192A/index.html",
"@id": "JVNTA07-192A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN72595280/index.html",
"@id": "JVN#72595280",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA07-192A/index.html",
"@id": "TRTA07-192A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457",
"@id": "CVE-2007-3457",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3457",
"@id": "CVE-2007-3457",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA07-192A.html",
"@id": "SA07-192A",
"@source": "CERT-SA"
},
{
"#text": "http://www.kb.cert.org/vuls/id/138457",
"@id": "VU#138457",
"@source": "CERT-VN"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA07-192A.html",
"@id": "TA07-192A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/26027/",
"@id": "SA26027",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/24779",
"@id": "24779",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2497",
"@id": "FrSIRT/ADV-2007-2497",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Flash Player allows to send arbitrary Referer headers"
}
JVNDB-2007-000159
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Adobe JRun cross-site scripting vulnerability
Details
Adobe JRun is an application server based on J2EE (Java 2 Platform Enterprise Edition). Adobe JRun contains a cross-site scripting vulnerability.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000159.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Adobe JRun is an application server based on J2EE (Java 2 Platform Enterprise Edition). Adobe JRun contains a cross-site scripting vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000159.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:adobe:jrun",
"@product": "Adobe JRun",
"@vendor": "Adobe Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000159",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN14243645/index.html",
"@id": "JVN#14243645",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5860",
"@id": "CVE-2006-5860",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5860",
"@id": "CVE-2006-5860",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24093/",
"@id": "SA24093",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22547",
"@id": "22547",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/32475",
"@id": "32475",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1017646",
"@id": "1017646",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/0594",
"@id": "FrSIRT/ADV-2007-0594",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Adobe JRun cross-site scripting vulnerability"
}
JVNDB-2007-000161
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
ColdFusion error page cross-site scripting vulnerability
Details
ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability in its error page.
This vulnerability is different from JVN#28356427.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000161.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "ColdFusion, web application development software from Adobe, contains a cross-site scripting vulnerability in its error page.\r\n\r\nThis vulnerability is different from JVN#28356427.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000161.html",
"sec:cpe": {
"#text": "cpe:/a:adobe:coldfusion",
"@product": "Adobe ColdFusion",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000161",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48566866/index.html",
"@id": "JVN#48566866",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0817",
"@id": "CVE-2007-0817",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0817",
"@id": "CVE-2007-0817",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24115/",
"@id": "SA24115",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22401",
"@id": "22401",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1017645",
"@id": "1017645",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/0593",
"@id": "FrSIRT/ADV-2007-0593",
"@source": "FRSIRT"
}
],
"title": "ColdFusion error page cross-site scripting vulnerability"
}
JVNDB-2007-000817
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2009-02-10 11:32Summary
Flash Player vulnerable in handling cross-domain policy files
Details
Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files.
Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.
According to Adobe's "About allowing cross-domain data loading", "When a Flash document attempts to access data from another domain, Flash Player automatically attempts to load a policy file from that domain. If the domain of the Flash document that is attempting to access the data is included in the policy file, the data is automatically accessible."
Flash Player contains a vulnerability that may allow a specially crafted web page to be interpreted as a cross-domain policy file because the plugin fails to properly handle cross-domain policy files.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000817.html",
"dc:date": "2009-02-10T11:32+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2009-02-10T11:32+09:00",
"description": "Adobe Flash Player contains a vulnerability caused by improper handling of cross-domain policy files.\r\n\r\nAdobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser.\r\nAccording to Adobe\u0027s \"About allowing cross-domain data loading\", \"When a Flash document attempts to access data from another domain, Flash Player automatically attempts to load a policy file from that domain. If the domain of the Flash document that is attempting to access the data is included in the policy file, the data is automatically accessible.\"\r\nFlash Player contains a vulnerability that may allow a specially crafted web page to be interpreted as a cross-domain policy file because the plugin fails to properly handle cross-domain policy files.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000817.html",
"sec:cpe": [
{
"#text": "cpe:/a:adobe:flash_player",
"@product": "Adobe Flash Player",
"@vendor": "Adobe Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:opensolaris",
"@product": "OpenSolaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_wizpy",
"@product": "wizpy",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000817",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN45675516/index.html",
"@id": "JVN#45675516",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA07-355A/index.html",
"@id": "TRTA07-355A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-100A/",
"@id": "TRTA08-100A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
"@id": "TRTA08-150A",
"@source": "JVNTR"
},
{
"#text": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243",
"@id": "CVE-2007-6243",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6243",
"@id": "CVE-2007-6243",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
"@id": "SA08-150A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
"@id": "TA08-150A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/28161",
"@id": "SA28161",
"@source": "SECUNIA"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/39129",
"@id": "39129",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1019116",
"@id": "1019116",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/4258",
"@id": "FrSIRT/ADV-2007-4258",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/2838",
"@id": "FrSIRT/ADV-2008-2838",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000817.html",
"@id": "JVNDB-2007-000817",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Flash Player vulnerable in handling cross-domain policy files"
}