Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
144 vulnerabilities by yahoo
CVE-2026-57954 (GCVE-0-2026-57954)
Vulnerability from nvd – Published: 2026-06-29 17:21 – Updated: 2026-06-30 13:41 X_Open Source- CWE-862 - Missing Authorization
| URL | Tags |
|---|---|
| https://github.com/yahoo/elide/issues/3415 | issue-tracking |
| https://www.vulncheck.com/advisories/elide-permis… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T13:40:53.274225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T13:41:07.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/yahoo/elide/issues/3415"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:maven/com.yahoo.elide/elide-core",
"product": "elide",
"repo": "https://github.com/yahoo/elide",
"vendor": "yahoo",
"versions": [
{
"lessThanOrEqual": "7.1.17",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elide:elide:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.1.17",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across all rows via both JSON:API and GraphQL read paths."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T17:21:55.510Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/yahoo/elide/issues/3415"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/elide-permission-bypass-in-sort-expression-validation"
}
],
"tags": [
"x_open-source"
],
"title": "Elide 7.1.17 - Permission Bypass in Sort Expression Validation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57954",
"datePublished": "2026-06-29T17:21:55.510Z",
"dateReserved": "2026-06-26T13:59:33.048Z",
"dateUpdated": "2026-06-30T13:41:07.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34043 (GCVE-0-2026-34043)
Vulnerability from nvd – Published: 2026-03-31 01:48 – Updated: 2026-03-31 13:55| URL | Tags |
|---|---|
| https://github.com/yahoo/serialize-javascript/sec… | x_refsource_CONFIRM |
| https://github.com/yahoo/serialize-javascript/com… | x_refsource_MISC |
| https://github.com/yahoo/serialize-javascript/rel… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| yahoo | serialize-javascript |
Affected:
< 7.0.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:55:44.694969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:55:54.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "serialize-javascript",
"vendor": "yahoo",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted \"array-like\" object (an object that inherits from Array.prototype but has a very large length property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely. This issue has been patched in version 7.0.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T01:48:45.759Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-qj8w-gfj5-8c6v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-qj8w-gfj5-8c6v"
},
{
"name": "https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b"
},
{
"name": "https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.5"
}
],
"source": {
"advisory": "GHSA-qj8w-gfj5-8c6v",
"discovery": "UNKNOWN"
},
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34043",
"datePublished": "2026-03-31T01:48:45.759Z",
"dateReserved": "2026-03-25T15:29:04.745Z",
"dateUpdated": "2026-03-31T13:55:54.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-24827 (GCVE-0-2022-24827)
Vulnerability from nvd – Published: 2022-04-11 20:13 – Updated: 2025-04-23 18:41- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| URL | Tags |
|---|---|
| https://github.com/yahoo/elide/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/yahoo/elide/pull/2581 | x_refsource_MISC |
| https://github.com/yahoo/elide/releases/tag/6.1.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-8xpj-9j9g-fc9r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/pull/2581"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/releases/tag/6.1.4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:54:40.590453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:41:00.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "elide",
"vendor": "yahoo",
"versions": [
{
"status": "affected",
"version": "= 6.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the \u0027-\u0027 character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments (\u0027--\u0027) and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T20:13:29.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-8xpj-9j9g-fc9r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/elide/pull/2581"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/elide/releases/tag/6.1.4"
}
],
"source": {
"advisory": "GHSA-8xpj-9j9g-fc9r",
"discovery": "UNKNOWN"
},
"title": "SQL Injection in elide-datastore-aggregation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24827",
"STATE": "PUBLIC",
"TITLE": "SQL Injection in elide-datastore-aggregation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elide",
"version": {
"version_data": [
{
"version_value": "= 6.1.3"
}
]
}
}
]
},
"vendor_name": "yahoo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the \u0027-\u0027 character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments (\u0027--\u0027) and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/elide/security/advisories/GHSA-8xpj-9j9g-fc9r",
"refsource": "CONFIRM",
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-8xpj-9j9g-fc9r"
},
{
"name": "https://github.com/yahoo/elide/pull/2581",
"refsource": "MISC",
"url": "https://github.com/yahoo/elide/pull/2581"
},
{
"name": "https://github.com/yahoo/elide/releases/tag/6.1.4",
"refsource": "MISC",
"url": "https://github.com/yahoo/elide/releases/tag/6.1.4"
}
]
},
"source": {
"advisory": "GHSA-8xpj-9j9g-fc9r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24827",
"datePublished": "2022-04-11T20:13:40.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:41:00.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5289 (GCVE-0-2020-5289)
Vulnerability from nvd – Published: 2020-03-30 21:20 – Updated: 2024-08-04 08:22- CWE-285 - Improper Authorization
| URL | Tags |
|---|---|
| https://github.com/yahoo/elide/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/yahoo/elide/pull/1236 | x_refsource_MISC |
| https://github.com/yahoo/elide/pull/1236/commits/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-2mxr-89gf-rc4v"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/pull/1236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/pull/1236/commits/a985f0f9c448aabe70bc904337096399de4576dc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elide",
"vendor": "yahoo",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Elide before 4.5.14, it is possible for an adversary to \"guess and check\" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T21:20:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-2mxr-89gf-rc4v"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/elide/pull/1236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/elide/pull/1236/commits/a985f0f9c448aabe70bc904337096399de4576dc"
}
],
"source": {
"advisory": "GHSA-2mxr-89gf-rc4v",
"discovery": "UNKNOWN"
},
"title": "Read permissions not enforced for client provided filter expressions in Elide http client",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5289",
"STATE": "PUBLIC",
"TITLE": "Read permissions not enforced for client provided filter expressions in Elide http client"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elide",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5.14"
}
]
}
}
]
},
"vendor_name": "yahoo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Elide before 4.5.14, it is possible for an adversary to \"guess and check\" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/elide/security/advisories/GHSA-2mxr-89gf-rc4v",
"refsource": "CONFIRM",
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-2mxr-89gf-rc4v"
},
{
"name": "https://github.com/yahoo/elide/pull/1236",
"refsource": "MISC",
"url": "https://github.com/yahoo/elide/pull/1236"
},
{
"name": "https://github.com/yahoo/elide/pull/1236/commits/a985f0f9c448aabe70bc904337096399de4576dc",
"refsource": "MISC",
"url": "https://github.com/yahoo/elide/pull/1236/commits/a985f0f9c448aabe70bc904337096399de4576dc"
}
]
},
"source": {
"advisory": "GHSA-2mxr-89gf-rc4v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5289",
"datePublished": "2020-03-30T21:20:14.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6035 (GCVE-0-2019-6035)
Vulnerability from nvd – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16- Open Redirect
| URL | Tags |
|---|---|
| https://github.com/yahoo/athenz | x_refsource_MISC |
| https://github.com/yahoo/athenz/pull/700 | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN57070811/index.html | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Verison Media | Athenz |
Affected:
v1.8.24 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/athenz"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/athenz/pull/700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN57070811/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Athenz",
"vendor": "Verison Media",
"versions": [
{
"status": "affected",
"version": "v1.8.24 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/athenz"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/athenz/pull/700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN57070811/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Athenz",
"version": {
"version_data": [
{
"version_value": "v1.8.24 and earlier"
}
]
}
}
]
},
"vendor_name": "Verison Media"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/athenz",
"refsource": "MISC",
"url": "https://github.com/yahoo/athenz"
},
{
"name": "https://github.com/yahoo/athenz/pull/700",
"refsource": "MISC",
"url": "https://github.com/yahoo/athenz/pull/700"
},
{
"name": "http://jvn.jp/en/jp/JVN57070811/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN57070811/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6035",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:16:23.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16769 (GCVE-0-2019-16769)
Vulnerability from nvd – Published: 2019-12-05 18:55 – Updated: 2024-08-05 01:24- CWE-79 - Cross-site Scripting (XSS)
| URL | Tags |
|---|---|
| https://github.com/yahoo/serialize-javascript/sec… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| yahoo | serialize-javascript |
Affected:
< 2.1.1 , < 2.1.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serialize-javascript",
"vendor": "yahoo",
"versions": [
{
"lessThan": "2.1.1",
"status": "affected",
"version": "\u003c 2.1.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js\u0027s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T15:11:57.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
],
"source": {
"advisory": "GHSA-h9rv-jmmf-4pgx",
"discovery": "UNKNOWN"
},
"title": "Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16769",
"STATE": "PUBLIC",
"TITLE": "Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serialize-javascript",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u003c 2.1.1",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "yahoo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js\u0027s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx",
"refsource": "CONFIRM",
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
]
},
"source": {
"advisory": "GHSA-h9rv-jmmf-4pgx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16769",
"datePublished": "2019-12-05T18:55:15.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2253 (GCVE-0-2017-2253)
Vulnerability from nvd – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48- Untrusted search path vulnerability
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN02852421/index.html | third-party-advisoryx_refsource_JVN |
| Vendor | Product | Version | |
|---|---|---|---|
| Yahoo Japan Corporation | Installer of Yahoo! Toolbar (for Internet explorer) |
Affected:
v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#02852421",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of Yahoo! Toolbar (for Internet explorer)",
"vendor": "Yahoo Japan Corporation",
"versions": [
{
"status": "affected",
"version": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
}
]
}
],
"datePublic": "2017-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#02852421",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of Yahoo! Toolbar (for Internet explorer)",
"version": {
"version_data": [
{
"version_value": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
}
]
}
}
]
},
"vendor_name": "Yahoo Japan Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#02852421",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2253",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7216 (GCVE-0-2014-7216)
Vulnerability from nvd – Published: 2015-09-11 20:00 – Updated: 2024-08-06 12:40- n/a
| URL | Tags |
|---|---|
| https://www.rcesecurity.com/2015/09/cve-2014-7216… | x_refsource_MISC |
| https://hackerone.com/reports/10767 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/536390/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id/1033544 | vdb-entryx_refsource_SECTRACK |
| http://seclists.org/fulldisclosure/2015/Sep/24 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/133443/Yahoo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"name": "https://hackerone.com/reports/10767",
"refsource": "MISC",
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7216",
"datePublished": "2015-09-11T20:00:00.000Z",
"dateReserved": "2014-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:40:19.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5881 (GCVE-0-2014-5881)
Vulnerability from nvd – Published: 2014-09-11 16:00 – Updated: 2024-08-06 11:55- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/228385 | third-party-advisoryx_refsource_CERT-VN |
| http://jvn.jp/en/jp/JVN48270605/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-0… | third-party-advisoryx_refsource_JVNDB |
| http://www.kb.cert.org/vuls/id/582497 | third-party-advisoryx_refsource_CERT-VN |
| https://docs.google.com/spreadsheets/d/1t5GXwjw82… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:50.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#228385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/228385"
},
{
"name": "JVN#48270605",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN48270605/index.html"
},
{
"name": "JVNDB-2014-000116",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-26T20:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#228385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/228385"
},
{
"name": "JVN#48270605",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN48270605/index.html"
},
{
"name": "JVNDB-2014-000116",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#228385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228385"
},
{
"name": "JVN#48270605",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN48270605/index.html"
},
{
"name": "JVNDB-2014-000116",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-5881",
"datePublished": "2014-09-11T16:00:00.000Z",
"dateReserved": "2014-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:55:50.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6853 (GCVE-0-2013-6853)
Vulnerability from nvd – Published: 2014-01-26 01:00 – Updated: 2024-08-06 17:46- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/64971 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.com/files/124800/Y-Too… | x_refsource_MISC |
| http://www.cloudscan.me/2014/01/cve-2013-6853-sto… | x_refsource_MISC |
| http://osvdb.org/102175 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64971"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html"
},
{
"name": "102175",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102175"
},
{
"name": "yahootoolbar-clickstream-xss(90529)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64971"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html"
},
{
"name": "102175",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102175"
},
{
"name": "yahootoolbar-clickstream-xss(90529)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64971"
},
{
"name": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html"
},
{
"name": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html"
},
{
"name": "102175",
"refsource": "OSVDB",
"url": "http://osvdb.org/102175"
},
{
"name": "yahootoolbar-clickstream-xss(90529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6853",
"datePublished": "2014-01-26T01:00:00.000Z",
"dateReserved": "2013-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:46:23.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6780 (GCVE-0-2013-6780)
Vulnerability from nvd – Published: 2013-11-13 15:00 – Updated: 2024-08-06 17:46- n/a
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/130527/Cisco… | x_refsource_MISC |
| http://www.securitytracker.com/id/1029528 | vdb-entryx_refsource_SECTRACK |
| http://openwall.com/lists/oss-security/2013/11/25/1 | mailing-listx_refsource_MLIST |
| https://yuilibrary.com/support/20131111-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"name": "1029528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029528"
},
{
"name": "[oss-security] 20131125 Moodle security notifications public",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-18T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"name": "1029528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029528"
},
{
"name": "[oss-security] 20131125 Moodle security notifications public",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"name": "1029528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029528"
},
{
"name": "[oss-security] 20131125 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"name": "https://yuilibrary.com/support/20131111-vulnerability/",
"refsource": "CONFIRM",
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6780",
"datePublished": "2013-11-13T15:00:00.000Z",
"dateReserved": "2013-11-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:46:23.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4700 (GCVE-0-2013-4700)
Vulnerability from nvd – Published: 2013-08-21 16:00 – Updated: 2024-09-17 03:42- n/a
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000079 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN75084836/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000079",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000079"
},
{
"name": "JVN#75084836",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN75084836/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-21T16:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000079",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000079"
},
{
"name": "JVN#75084836",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN75084836/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000079",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000079"
},
{
"name": "JVN#75084836",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN75084836/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-4700",
"datePublished": "2013-08-21T16:00:00.000Z",
"dateReserved": "2013-06-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:42:35.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4699 (GCVE-0-2013-4699)
Vulnerability from nvd – Published: 2013-08-21 16:00 – Updated: 2024-09-16 18:23- n/a
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN68156832/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000078",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078"
},
{
"name": "JVN#68156832",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN68156832/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-21T16:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000078",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078"
},
{
"name": "JVN#68156832",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN68156832/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000078",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078"
},
{
"name": "JVN#68156832",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN68156832/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-4699",
"datePublished": "2013-08-21T16:00:00.000Z",
"dateReserved": "2013-06-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:23:43.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4942 (GCVE-0-2013-4942)
Vulnerability from nvd – Published: 2013-07-26 22:00 – Updated: 2024-09-16 17:15- n/a
| URL | Tags |
|---|---|
| https://moodle.org/mod/forum/discuss.php?d=232496 | x_refsource_CONFIRM |
| http://git.moodle.org/gw?p=moodle.git&a=search&h=… | x_refsource_CONFIRM |
| http://yuilibrary.com/support/20130515-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=232496",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"name": "http://yuilibrary.com/support/20130515-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4942",
"datePublished": "2013-07-26T22:00:00.000Z",
"dateReserved": "2013-07-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:15:23.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4941 (GCVE-0-2013-4941)
Vulnerability from nvd – Published: 2013-07-26 22:00 – Updated: 2024-09-16 18:56- n/a
| URL | Tags |
|---|---|
| https://moodle.org/mod/forum/discuss.php?d=232496 | x_refsource_CONFIRM |
| http://git.moodle.org/gw?p=moodle.git&a=search&h=… | x_refsource_CONFIRM |
| http://yuilibrary.com/support/20130515-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=232496",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"name": "http://yuilibrary.com/support/20130515-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4941",
"datePublished": "2013-07-26T22:00:00.000Z",
"dateReserved": "2013-07-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:56:17.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-57954 (GCVE-0-2026-57954)
Vulnerability from cvelistv5 – Published: 2026-06-29 17:21 – Updated: 2026-06-30 13:41 X_Open Source- CWE-862 - Missing Authorization
| URL | Tags |
|---|---|
| https://github.com/yahoo/elide/issues/3415 | issue-tracking |
| https://www.vulncheck.com/advisories/elide-permis… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57954",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T13:40:53.274225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T13:41:07.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/yahoo/elide/issues/3415"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:maven/com.yahoo.elide/elide-core",
"product": "elide",
"repo": "https://github.com/yahoo/elide",
"vendor": "yahoo",
"versions": [
{
"lessThanOrEqual": "7.1.17",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:elide:elide:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.1.17",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers to sort collections by forbidden fields. Attackers can infer hidden field values through row ordering analysis, leaking relative field ordering across all rows via both JSON:API and GraphQL read paths."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T17:21:55.510Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/yahoo/elide/issues/3415"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/elide-permission-bypass-in-sort-expression-validation"
}
],
"tags": [
"x_open-source"
],
"title": "Elide 7.1.17 - Permission Bypass in Sort Expression Validation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57954",
"datePublished": "2026-06-29T17:21:55.510Z",
"dateReserved": "2026-06-26T13:59:33.048Z",
"dateUpdated": "2026-06-30T13:41:07.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34043 (GCVE-0-2026-34043)
Vulnerability from cvelistv5 – Published: 2026-03-31 01:48 – Updated: 2026-03-31 13:55| URL | Tags |
|---|---|
| https://github.com/yahoo/serialize-javascript/sec… | x_refsource_CONFIRM |
| https://github.com/yahoo/serialize-javascript/com… | x_refsource_MISC |
| https://github.com/yahoo/serialize-javascript/rel… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| yahoo | serialize-javascript |
Affected:
< 7.0.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T13:55:44.694969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T13:55:54.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "serialize-javascript",
"vendor": "yahoo",
"versions": [
{
"status": "affected",
"version": "\u003c 7.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions. Prior to version 7.0.5, there is a Denial of Service (DoS) vulnerability caused by CPU exhaustion. When serializing a specially crafted \"array-like\" object (an object that inherits from Array.prototype but has a very large length property), the process enters an intensive loop that consumes 100% CPU and hangs indefinitely. This issue has been patched in version 7.0.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T01:48:45.759Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-qj8w-gfj5-8c6v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-qj8w-gfj5-8c6v"
},
{
"name": "https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b"
},
{
"name": "https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/serialize-javascript/releases/tag/v7.0.5"
}
],
"source": {
"advisory": "GHSA-qj8w-gfj5-8c6v",
"discovery": "UNKNOWN"
},
"title": "Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34043",
"datePublished": "2026-03-31T01:48:45.759Z",
"dateReserved": "2026-03-25T15:29:04.745Z",
"dateUpdated": "2026-03-31T13:55:54.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-24827 (GCVE-0-2022-24827)
Vulnerability from cvelistv5 – Published: 2022-04-11 20:13 – Updated: 2025-04-23 18:41- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| URL | Tags |
|---|---|
| https://github.com/yahoo/elide/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/yahoo/elide/pull/2581 | x_refsource_MISC |
| https://github.com/yahoo/elide/releases/tag/6.1.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-8xpj-9j9g-fc9r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/pull/2581"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/releases/tag/6.1.4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:54:40.590453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:41:00.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "elide",
"vendor": "yahoo",
"versions": [
{
"status": "affected",
"version": "= 6.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the \u0027-\u0027 character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments (\u0027--\u0027) and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T20:13:29.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-8xpj-9j9g-fc9r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/elide/pull/2581"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/elide/releases/tag/6.1.4"
}
],
"source": {
"advisory": "GHSA-8xpj-9j9g-fc9r",
"discovery": "UNKNOWN"
},
"title": "SQL Injection in elide-datastore-aggregation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24827",
"STATE": "PUBLIC",
"TITLE": "SQL Injection in elide-datastore-aggregation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elide",
"version": {
"version_data": [
{
"version_value": "= 6.1.3"
}
]
}
}
]
},
"vendor_name": "yahoo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the \u0027-\u0027 character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments (\u0027--\u0027) and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/elide/security/advisories/GHSA-8xpj-9j9g-fc9r",
"refsource": "CONFIRM",
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-8xpj-9j9g-fc9r"
},
{
"name": "https://github.com/yahoo/elide/pull/2581",
"refsource": "MISC",
"url": "https://github.com/yahoo/elide/pull/2581"
},
{
"name": "https://github.com/yahoo/elide/releases/tag/6.1.4",
"refsource": "MISC",
"url": "https://github.com/yahoo/elide/releases/tag/6.1.4"
}
]
},
"source": {
"advisory": "GHSA-8xpj-9j9g-fc9r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24827",
"datePublished": "2022-04-11T20:13:40.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:41:00.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5289 (GCVE-0-2020-5289)
Vulnerability from cvelistv5 – Published: 2020-03-30 21:20 – Updated: 2024-08-04 08:22- CWE-285 - Improper Authorization
| URL | Tags |
|---|---|
| https://github.com/yahoo/elide/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/yahoo/elide/pull/1236 | x_refsource_MISC |
| https://github.com/yahoo/elide/pull/1236/commits/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-2mxr-89gf-rc4v"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/pull/1236"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/elide/pull/1236/commits/a985f0f9c448aabe70bc904337096399de4576dc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "elide",
"vendor": "yahoo",
"versions": [
{
"status": "affected",
"version": "\u003c 4.5.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Elide before 4.5.14, it is possible for an adversary to \"guess and check\" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T21:20:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-2mxr-89gf-rc4v"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/elide/pull/1236"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/elide/pull/1236/commits/a985f0f9c448aabe70bc904337096399de4576dc"
}
],
"source": {
"advisory": "GHSA-2mxr-89gf-rc4v",
"discovery": "UNKNOWN"
},
"title": "Read permissions not enforced for client provided filter expressions in Elide http client",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5289",
"STATE": "PUBLIC",
"TITLE": "Read permissions not enforced for client provided filter expressions in Elide http client"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "elide",
"version": {
"version_data": [
{
"version_value": "\u003c 4.5.14"
}
]
}
}
]
},
"vendor_name": "yahoo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Elide before 4.5.14, it is possible for an adversary to \"guess and check\" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/elide/security/advisories/GHSA-2mxr-89gf-rc4v",
"refsource": "CONFIRM",
"url": "https://github.com/yahoo/elide/security/advisories/GHSA-2mxr-89gf-rc4v"
},
{
"name": "https://github.com/yahoo/elide/pull/1236",
"refsource": "MISC",
"url": "https://github.com/yahoo/elide/pull/1236"
},
{
"name": "https://github.com/yahoo/elide/pull/1236/commits/a985f0f9c448aabe70bc904337096399de4576dc",
"refsource": "MISC",
"url": "https://github.com/yahoo/elide/pull/1236/commits/a985f0f9c448aabe70bc904337096399de4576dc"
}
]
},
"source": {
"advisory": "GHSA-2mxr-89gf-rc4v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5289",
"datePublished": "2020-03-30T21:20:14.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6035 (GCVE-0-2019-6035)
Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16- Open Redirect
| URL | Tags |
|---|---|
| https://github.com/yahoo/athenz | x_refsource_MISC |
| https://github.com/yahoo/athenz/pull/700 | x_refsource_MISC |
| http://jvn.jp/en/jp/JVN57070811/index.html | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Verison Media | Athenz |
Affected:
v1.8.24 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/athenz"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/yahoo/athenz/pull/700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN57070811/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Athenz",
"vendor": "Verison Media",
"versions": [
{
"status": "affected",
"version": "v1.8.24 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:50.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/athenz"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/yahoo/athenz/pull/700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/en/jp/JVN57070811/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Athenz",
"version": {
"version_data": [
{
"version_value": "v1.8.24 and earlier"
}
]
}
}
]
},
"vendor_name": "Verison Media"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/athenz",
"refsource": "MISC",
"url": "https://github.com/yahoo/athenz"
},
{
"name": "https://github.com/yahoo/athenz/pull/700",
"refsource": "MISC",
"url": "https://github.com/yahoo/athenz/pull/700"
},
{
"name": "http://jvn.jp/en/jp/JVN57070811/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN57070811/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6035",
"datePublished": "2019-12-26T15:16:50.000Z",
"dateReserved": "2019-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:16:23.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16769 (GCVE-0-2019-16769)
Vulnerability from cvelistv5 – Published: 2019-12-05 18:55 – Updated: 2024-08-05 01:24- CWE-79 - Cross-site Scripting (XSS)
| URL | Tags |
|---|---|
| https://github.com/yahoo/serialize-javascript/sec… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| yahoo | serialize-javascript |
Affected:
< 2.1.1 , < 2.1.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "serialize-javascript",
"vendor": "yahoo",
"versions": [
{
"lessThan": "2.1.1",
"status": "affected",
"version": "\u003c 2.1.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js\u0027s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-06T15:11:57.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
],
"source": {
"advisory": "GHSA-h9rv-jmmf-4pgx",
"discovery": "UNKNOWN"
},
"title": "Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16769",
"STATE": "PUBLIC",
"TITLE": "Affected versions of serialize-javascript are vulnerable to Cross-site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "serialize-javascript",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u003c 2.1.1",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "yahoo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js\u0027s implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx",
"refsource": "CONFIRM",
"url": "https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-h9rv-jmmf-4pgx"
}
]
},
"source": {
"advisory": "GHSA-h9rv-jmmf-4pgx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16769",
"datePublished": "2019-12-05T18:55:15.000Z",
"dateReserved": "2019-09-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:47.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2253 (GCVE-0-2017-2253)
Vulnerability from cvelistv5 – Published: 2017-07-14 16:00 – Updated: 2024-08-05 13:48- Untrusted search path vulnerability
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN02852421/index.html | third-party-advisoryx_refsource_JVN |
| Vendor | Product | Version | |
|---|---|---|---|
| Yahoo Japan Corporation | Installer of Yahoo! Toolbar (for Internet explorer) |
Affected:
v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#02852421",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer of Yahoo! Toolbar (for Internet explorer)",
"vendor": "Yahoo Japan Corporation",
"versions": [
{
"status": "affected",
"version": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
}
]
}
],
"datePublic": "2017-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#02852421",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of Yahoo! Toolbar (for Internet explorer)",
"version": {
"version_data": [
{
"version_value": "v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55"
}
]
}
}
]
},
"vendor_name": "Yahoo Japan Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#02852421",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN02852421/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2253",
"datePublished": "2017-07-14T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7216 (GCVE-0-2014-7216)
Vulnerability from cvelistv5 – Published: 2015-09-11 20:00 – Updated: 2024-08-06 12:40- n/a
| URL | Tags |
|---|---|
| https://www.rcesecurity.com/2015/09/cve-2014-7216… | x_refsource_MISC |
| https://hackerone.com/reports/10767 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/536390/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securitytracker.com/id/1033544 | vdb-entryx_refsource_SECTRACK |
| http://seclists.org/fulldisclosure/2015/Sep/24 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/133443/Yahoo… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/",
"refsource": "MISC",
"url": "https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/"
},
{
"name": "https://hackerone.com/reports/10767",
"refsource": "MISC",
"url": "https://hackerone.com/reports/10767"
},
{
"name": "20150903 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536390/100/0/threaded"
},
{
"name": "1033544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033544"
},
{
"name": "20150907 [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/24"
},
{
"name": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133443/Yahoo-Messenger-11.5.0.228-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7216",
"datePublished": "2015-09-11T20:00:00.000Z",
"dateReserved": "2014-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T12:40:19.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5881 (GCVE-0-2014-5881)
Vulnerability from cvelistv5 – Published: 2014-09-11 16:00 – Updated: 2024-08-06 11:55- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/228385 | third-party-advisoryx_refsource_CERT-VN |
| http://jvn.jp/en/jp/JVN48270605/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-0… | third-party-advisoryx_refsource_JVNDB |
| http://www.kb.cert.org/vuls/id/582497 | third-party-advisoryx_refsource_CERT-VN |
| https://docs.google.com/spreadsheets/d/1t5GXwjw82… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:55:50.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#228385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/228385"
},
{
"name": "JVN#48270605",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN48270605/index.html"
},
{
"name": "JVNDB-2014-000116",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-26T20:57:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#228385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/228385"
},
{
"name": "JVN#48270605",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN48270605/index.html"
},
{
"name": "JVNDB-2014-000116",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html"
},
{
"name": "VU#582497",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-5881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#228385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/228385"
},
{
"name": "JVN#48270605",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN48270605/index.html"
},
{
"name": "JVNDB-2014-000116",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000116.html"
},
{
"name": "VU#582497",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582497"
},
{
"name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-5881",
"datePublished": "2014-09-11T16:00:00.000Z",
"dateReserved": "2014-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:55:50.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6853 (GCVE-0-2013-6853)
Vulnerability from cvelistv5 – Published: 2014-01-26 01:00 – Updated: 2024-08-06 17:46- n/a
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/64971 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.com/files/124800/Y-Too… | x_refsource_MISC |
| http://www.cloudscan.me/2014/01/cve-2013-6853-sto… | x_refsource_MISC |
| http://osvdb.org/102175 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64971",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64971"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html"
},
{
"name": "102175",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/102175"
},
{
"name": "yahootoolbar-clickstream-xss(90529)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64971",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64971"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html"
},
{
"name": "102175",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/102175"
},
{
"name": "yahootoolbar-clickstream-xss(90529)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64971"
},
{
"name": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124800/Y-Toolbar-Cross-Site-Scripting.html"
},
{
"name": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html"
},
{
"name": "102175",
"refsource": "OSVDB",
"url": "http://osvdb.org/102175"
},
{
"name": "yahootoolbar-clickstream-xss(90529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6853",
"datePublished": "2014-01-26T01:00:00.000Z",
"dateReserved": "2013-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:46:23.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6780 (GCVE-0-2013-6780)
Vulnerability from cvelistv5 – Published: 2013-11-13 15:00 – Updated: 2024-08-06 17:46- n/a
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/130527/Cisco… | x_refsource_MISC |
| http://www.securitytracker.com/id/1029528 | vdb-entryx_refsource_SECTRACK |
| http://openwall.com/lists/oss-security/2013/11/25/1 | mailing-listx_refsource_MLIST |
| https://yuilibrary.com/support/20131111-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"name": "1029528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029528"
},
{
"name": "[oss-security] 20131125 Moodle security notifications public",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-18T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"name": "1029528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029528"
},
{
"name": "[oss-security] 20131125 Moodle security notifications public",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"name": "1029528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029528"
},
{
"name": "[oss-security] 20131125 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"name": "https://yuilibrary.com/support/20131111-vulnerability/",
"refsource": "CONFIRM",
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6780",
"datePublished": "2013-11-13T15:00:00.000Z",
"dateReserved": "2013-11-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:46:23.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4699 (GCVE-0-2013-4699)
Vulnerability from cvelistv5 – Published: 2013-08-21 16:00 – Updated: 2024-09-16 18:23- n/a
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN68156832/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000078",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078"
},
{
"name": "JVN#68156832",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN68156832/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-21T16:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000078",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078"
},
{
"name": "JVN#68156832",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN68156832/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000078",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000078"
},
{
"name": "JVN#68156832",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN68156832/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-4699",
"datePublished": "2013-08-21T16:00:00.000Z",
"dateReserved": "2013-06-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:23:43.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4700 (GCVE-0-2013-4700)
Vulnerability from cvelistv5 – Published: 2013-08-21 16:00 – Updated: 2024-09-17 03:42- n/a
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000079 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN75084836/index.html | third-party-advisoryx_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2013-000079",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000079"
},
{
"name": "JVN#75084836",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN75084836/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-21T16:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2013-000079",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000079"
},
{
"name": "JVN#75084836",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN75084836/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2013-000079",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000079"
},
{
"name": "JVN#75084836",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN75084836/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2013-4700",
"datePublished": "2013-08-21T16:00:00.000Z",
"dateReserved": "2013-06-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:42:35.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201401-0279
Vulnerability from variot - Updated: 2023-12-18 12:45Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim. Yahoo! Toolbar for FireFox is prone to an unspecified HTML-injection vulnerability because it fails to sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible. Y! Toolbar (Yahoo! Toolbar) is a web browser toolbar of Yahoo! (Yahoo!) that can be used on Microsoft IE and Mozilla Firefox. It supports custom toolbars, and can check emails and browse the weather anytime, anywhere Forecasts, news, and other information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
CVE-2013-6853: Stored XSS via Code Injection in Y! Toolbar DOM for FireFox on MAC Version 3.1.0.20130813024103 and Windows Version 2.5.9.2013418100420.
Report URL: http://xss.cx/2014/01/14/mov/cve-2013-6853-stored-xss-via-local-file-inclusion-yahoo-toolbar-version-3x-javascript-injection-poc/index.html
Cheers!
- -D
-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526
wsBVAwUBUtZ/hHz+WcLIygj0AQiqowf8Cr/oHbnVurNR8LtsZGmt/X/FM4K/MHkL bBKBllEtWpYZZXg76DmM0qYrvbzXk3dYN8i04OA2FXPJEZguoEQVBqgwzfmfeEHP b+cOsgR/+MJ/1iQ0q6RcXrghYXmyjSmzxXcGF7wsVSOtLmnrSbAxx+/VJiknCRRC Y0H0Tbc1HB5kPjQu0Fax1+PCbMRspAFiMBpV0ZDvhnDNaMgkhUMVhI8489aLnwxt qHGCXMvw9eSJkzE4Du82LbYNQbgtrffj+mwWEwFMeuB1euBMklvo/QdLp7Bcn49g R5/Eyh+LbRzD5NB3BL2QTm1jW7SYCAKvtd7H/GJWoKgj+joNG/N9Lg== =mH1u -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "toolbar",
"scope": "eq",
"trust": 1.6,
"vendor": "yahoo",
"version": "3.1.0.20130813024103"
},
{
"model": "toolbar",
"scope": "eq",
"trust": 1.6,
"vendor": "yahoo",
"version": "2.5.9.2013418100420"
},
{
"model": "yahoo! toolbar",
"scope": "eq",
"trust": 0.8,
"vendor": "yahoo",
"version": "2.5.9.2013418100420 (windows)"
},
{
"model": "yahoo! toolbar",
"scope": "eq",
"trust": 0.8,
"vendor": "yahoo",
"version": "3.1.0.20130813024103 (mac)"
},
{
"model": "yahoo! toolbar",
"scope": "eq",
"trust": 0.3,
"vendor": "yahoo",
"version": "2.5.9.2013418100420"
}
],
"sources": [
{
"db": "BID",
"id": "64971"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"db": "NVD",
"id": "CVE-2013-6853"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yahoo:toolbar:3.1.0.20130813024103:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yahoo:toolbar:2.5.9.2013418100420:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6853"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoyt LLC via XSS.Cx",
"sources": [
{
"db": "BID",
"id": "64971"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-6853",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-66855",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6853",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-536",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66855",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66855"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"db": "NVD",
"id": "CVE-2013-6853"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim. Yahoo! Toolbar for FireFox is prone to an unspecified HTML-injection vulnerability because it fails to sanitize user-supplied input. \nAttacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible. Y! Toolbar (Yahoo! Toolbar) is a web browser toolbar of Yahoo! (Yahoo!) that can be used on Microsoft IE and Mozilla Firefox. It supports custom toolbars, and can check emails and browse the weather anytime, anywhere Forecasts, news, and other information. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nCVE-2013-6853: Stored XSS via Code Injection in Y! Toolbar DOM for FireFox\non MAC Version 3.1.0.20130813024103 and Windows Version\n2.5.9.2013418100420. \n\nReport URL:\nhttp://xss.cx/2014/01/14/mov/cve-2013-6853-stored-xss-via-local-file-inclusion-yahoo-toolbar-version-3x-javascript-injection-poc/index.html\n\nCheers!\n\n- -D\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUtZ/hHz+WcLIygj0AQiqowf8Cr/oHbnVurNR8LtsZGmt/X/FM4K/MHkL\nbBKBllEtWpYZZXg76DmM0qYrvbzXk3dYN8i04OA2FXPJEZguoEQVBqgwzfmfeEHP\nb+cOsgR/+MJ/1iQ0q6RcXrghYXmyjSmzxXcGF7wsVSOtLmnrSbAxx+/VJiknCRRC\nY0H0Tbc1HB5kPjQu0Fax1+PCbMRspAFiMBpV0ZDvhnDNaMgkhUMVhI8489aLnwxt\nqHGCXMvw9eSJkzE4Du82LbYNQbgtrffj+mwWEwFMeuB1euBMklvo/QdLp7Bcn49g\nR5/Eyh+LbRzD5NB3BL2QTm1jW7SYCAKvtd7H/GJWoKgj+joNG/N9Lg==\n=mH1u\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6853"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"db": "BID",
"id": "64971"
},
{
"db": "VULHUB",
"id": "VHN-66855"
},
{
"db": "PACKETSTORM",
"id": "124800"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66855",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66855"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6853",
"trust": 2.9
},
{
"db": "OSVDB",
"id": "102175",
"trust": 2.5
},
{
"db": "BID",
"id": "64971",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "124800",
"trust": 1.8
},
{
"db": "XF",
"id": "90529",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001253",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-536",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-66855",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66855"
},
{
"db": "BID",
"id": "64971"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"db": "PACKETSTORM",
"id": "124800"
},
{
"db": "NVD",
"id": "CVE-2013-6853"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
]
},
"id": "VAR-201401-0279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66855"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:45:25.482000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yahoo! Toolbar :: Add-ons for Firefox",
"trust": 0.8,
"url": "https://addons.mozilla.org/ja/firefox/addon/yahoo-toolbar/"
},
{
"title": "Yahoo!\u30c4\u30fc\u30eb\u30d0\u30fc",
"trust": 0.8,
"url": "http://toolbar.yahoo.co.jp/"
},
{
"title": "FireFox Y! Toolbar Fixes for plugin cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=163500"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66855"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"db": "NVD",
"id": "CVE-2013-6853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://osvdb.org/102175"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/64971"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/124800/y-toolbar-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "http://www.cloudscan.me/2014/01/cve-2013-6853-stored-xss-in-y-toolbar.html"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90529"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6853"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6853"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/90529"
},
{
"trust": 0.3,
"url": "https://addons.mozilla.org/en-us/firefox/addon/yahoo-toolbar/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6853"
},
{
"trust": 0.1,
"url": "http://xss.cx/2014/01/14/mov/cve-2013-6853-stored-xss-via-local-file-inclusion-yahoo-toolbar-version-3x-javascript-injection-poc/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66855"
},
{
"db": "BID",
"id": "64971"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"db": "PACKETSTORM",
"id": "124800"
},
{
"db": "NVD",
"id": "CVE-2013-6853"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-66855"
},
{
"db": "BID",
"id": "64971"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"db": "PACKETSTORM",
"id": "124800"
},
{
"db": "NVD",
"id": "CVE-2013-6853"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-66855"
},
{
"date": "2014-01-14T00:00:00",
"db": "BID",
"id": "64971"
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"date": "2014-01-16T03:32:35",
"db": "PACKETSTORM",
"id": "124800"
},
{
"date": "2014-01-26T01:55:09.267000",
"db": "NVD",
"id": "CVE-2013-6853"
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-66855"
},
{
"date": "2014-01-14T00:00:00",
"db": "BID",
"id": "64971"
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001253"
},
{
"date": "2021-09-22T14:22:20.300000",
"db": "NVD",
"id": "CVE-2013-6853"
},
{
"date": "2021-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FireFox for Yahoo! Toolbar Plug-in clickstream.js Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001253"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "124800"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-536"
}
],
"trust": 0.7
}
}
VAR-201207-0526
Vulnerability from variot - Updated: 2023-12-18 12:31Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Toolbar is prone to a remote security vulnerability. Yahoo! Toolbar (Yahoo! Toolbar) is a web browser toolbar of Yahoo! (Yahoo!) that can be used on Microsoft IE and Mozilla Firefox. It supports custom toolbars, and can check emails and browse the weather anytime, anywhere Forecasts, news, and other information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201207-0526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "toolbar",
"scope": "lte",
"trust": 1.0,
"vendor": "yahoo",
"version": "1.0.0.5"
},
{
"model": "toolbar",
"scope": "eq",
"trust": 0.9,
"vendor": "yahoo",
"version": "1.0.0.5"
},
{
"model": "installer of yahoo! toolbar",
"scope": "lte",
"trust": 0.8,
"vendor": "yahoo",
"version": "for chrome ver.1.0.0.5"
},
{
"model": "installer of yahoo! toolbar",
"scope": "lte",
"trust": 0.8,
"vendor": "yahoo",
"version": "for safari ver.1.0.0.5"
}
],
"sources": [
{
"db": "BID",
"id": "78201"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000072"
},
{
"db": "NVD",
"id": "CVE-2012-2647"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-601"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yahoo:toolbar:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2647"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78201"
}
],
"trust": 0.3
},
"cve": "CVE-2012-2647",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2012-000072",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-55928",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-2647",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2012-000072",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-601",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-55928",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55928"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000072"
},
{
"db": "NVD",
"id": "CVE-2012-2647"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-601"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. Yahoo! Toolbar (for Chrome, Safari) contains a vulnerability where the toolbar may be altered. Keita Haga of keitahaga.com reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Toolbar is prone to a remote security vulnerability. Yahoo! Toolbar (Yahoo! Toolbar) is a web browser toolbar of Yahoo! (Yahoo!) that can be used on Microsoft IE and Mozilla Firefox. It supports custom toolbars, and can check emails and browse the weather anytime, anywhere Forecasts, news, and other information",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2647"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000072"
},
{
"db": "BID",
"id": "78201"
},
{
"db": "VULHUB",
"id": "VHN-55928"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-2647",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN51769987",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000072",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201207-601",
"trust": 0.7
},
{
"db": "JVN",
"id": "JVN#51769987",
"trust": 0.6
},
{
"db": "BID",
"id": "78201",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-55928",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55928"
},
{
"db": "BID",
"id": "78201"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000072"
},
{
"db": "NVD",
"id": "CVE-2012-2647"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-601"
}
]
},
"id": "VAR-201207-0526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-55928"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:31:09.645000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yahoo! Toolbar",
"trust": 0.8,
"url": "http://toolbar.yahoo.co.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-000072"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55928"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000072"
},
{
"db": "NVD",
"id": "CVE-2012-2647"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://jvn.jp/en/jp/jvn51769987/index.html"
},
{
"trust": 2.0,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2012-000072"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2647"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn51769987/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2647"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-55928"
},
{
"db": "BID",
"id": "78201"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000072"
},
{
"db": "NVD",
"id": "CVE-2012-2647"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-601"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-55928"
},
{
"db": "BID",
"id": "78201"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-000072"
},
{
"db": "NVD",
"id": "CVE-2012-2647"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-601"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-55928"
},
{
"date": "2012-07-31T00:00:00",
"db": "BID",
"id": "78201"
},
{
"date": "2012-07-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000072"
},
{
"date": "2012-07-31T10:45:42.093000",
"db": "NVD",
"id": "CVE-2012-2647"
},
{
"date": "2012-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-601"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-55928"
},
{
"date": "2012-07-31T00:00:00",
"db": "BID",
"id": "78201"
},
{
"date": "2012-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-000072"
},
{
"date": "2012-07-31T10:45:42.093000",
"db": "NVD",
"id": "CVE-2012-2647"
},
{
"date": "2012-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-601"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-601"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-000072"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-601"
}
],
"trust": 0.6
}
}