Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for just_online_update by justsystems

    CVE-2014-2003 (GCVE-0-2014-2003)

    Vulnerability from nvd – Published: 2014-06-16 14:00 – Updated: 2024-08-06 09:58
    VLAI
    Summary
    JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.justsystems.com/jp/info/js14002.html x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN50129191/index.html third-party-advisoryx_refsource_JVN
    http://www.ipa.go.jp/security/ciadr/vul/20140611-… x_refsource_MISC
    Date Public
    2014-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:58:16.292Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.justsystems.com/jp/info/js14002.html"
              },
              {
                "name": "JVNDB-2014-000053",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053"
              },
              {
                "name": "JVN#50129191",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN50129191/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-06-16T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.justsystems.com/jp/info/js14002.html"
            },
            {
              "name": "JVNDB-2014-000053",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053"
            },
            {
              "name": "JVN#50129191",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN50129191/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2014-2003",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.justsystems.com/jp/info/js14002.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.justsystems.com/jp/info/js14002.html"
                },
                {
                  "name": "JVNDB-2014-000053",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053"
                },
                {
                  "name": "JVN#50129191",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN50129191/index.html"
                },
                {
                  "name": "http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html",
                  "refsource": "MISC",
                  "url": "http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-2003",
        "datePublished": "2014-06-16T14:00:00.000Z",
        "dateReserved": "2014-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:58:16.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-2003 (GCVE-0-2014-2003)

    Vulnerability from cvelistv5 – Published: 2014-06-16 14:00 – Updated: 2024-08-06 09:58
    VLAI
    Summary
    JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.justsystems.com/jp/info/js14002.html x_refsource_CONFIRM
    http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053 third-party-advisoryx_refsource_JVNDB
    http://jvn.jp/en/jp/JVN50129191/index.html third-party-advisoryx_refsource_JVN
    http://www.ipa.go.jp/security/ciadr/vul/20140611-… x_refsource_MISC
    Date Public
    2014-06-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:58:16.292Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.justsystems.com/jp/info/js14002.html"
              },
              {
                "name": "JVNDB-2014-000053",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
                  "x_transferred"
                ],
                "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053"
              },
              {
                "name": "JVN#50129191",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN50129191/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-06-16T14:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.justsystems.com/jp/info/js14002.html"
            },
            {
              "name": "JVNDB-2014-000053",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVNDB"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053"
            },
            {
              "name": "JVN#50129191",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN50129191/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2014-2003",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.justsystems.com/jp/info/js14002.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.justsystems.com/jp/info/js14002.html"
                },
                {
                  "name": "JVNDB-2014-000053",
                  "refsource": "JVNDB",
                  "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000053"
                },
                {
                  "name": "JVN#50129191",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN50129191/index.html"
                },
                {
                  "name": "http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html",
                  "refsource": "MISC",
                  "url": "http://www.ipa.go.jp/security/ciadr/vul/20140611-jvn.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2014-2003",
        "datePublished": "2014-06-16T14:00:00.000Z",
        "dateReserved": "2014-02-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:58:16.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }