Find a vulnerability
Search criteria
12 vulnerabilities by entrust
VAR-200412-0107
Vulnerability from variot - Updated: 2025-04-03 22:31Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. The Entrust LibKMP ISAKMP library is reported to be affected by a remote buffer overflow vulnerability. Malicious ISAKMP packets may trigger a buffer overrun in the affected library resulting in the corruption of process memory. Although unconfirmed, it is conjectured that this vulnerability may be related to the vulnerability described in BID 10273, as Checkpoint VPN-1 may use the affected library. The Entrust LibKmp ISAKMP library is used by multiple VPN vendors to exchange IKE keys for IPSEC-based VPN products. libKmp handles all incoming ISAKMP packets, this library is also used to authenticate and check the processing of incoming requests. The Entrust LibKmp ISAKMP library does not correctly verify incoming ISAKMP packets when implementing the IKE key exchange protocol. Entrust\'\'s LibKmp library is provided by the vendor to third parties to handle the exchange of IKE keys. This library is used in several enterprise firewall VPN products. Entrust\'\'s LibKmp library is fully checked for handling ISAKMP payloads and sizes. But the proposal payload embedded in the main SA payload is not properly filtered. The code that handles these loads has a flaw that can lead to memory corruption, a heap overflow. An attacker exploits this vulnerability to send malicious ISAKMP packets, which can cause the VPN component to crash, and carefully constructed and submitted data may execute arbitrary instructions on the system with process privileges. Product: Symantec Gateway Security 2.0 - Model 5400 Series
Copyright \xa9 2004 Symantec Corporation August, 2004
Hotfix: SG8000-20040715-00 - Entrust updates
This document contains the following information about the Symantec Gateway Security 2.0 - Model 5400 Series:
- Prerequisites
- Included modules
- Fix description
- Installation instructions
- Uninstallation instructions
Prerequisites:
HB8000-20031023-00 - December 2003 patch SG8000-20040405-00 - April 2004 patch
Included modules:
isakmpd libEntrust.so libkmp.so
Fix description:
Corrects problem with Denial of Service attack reported against isakmpd in CAN-2004-0369.
Installation instructions:
The April 2004 patch must be installed prior to installing this hotfix.
To install the patch
- Download the entrust-sgs20.tgz file to a location that is accessible from the Security Gateway Management Interface (SGMI).
- In the SGMI, on the Action menu, click HotFix.
- In the left pane of the Hotfix Management window, click Install hotfix.
- In the right pane of the Hotfix Management window, click Browse.
- In the Choose file dialog box, browse to and select the entrust-sgs20.tgz file, and then click Open.
- In the right pane of the Hotfix Management window, click Install.
- Wait until a message appears in the right pane of the Hotfix Management window. (Note: there is no visible indication of activity.)
- If the message includes a "Restart" link, click the link and wait until the "Security gateway is restarting" message appears.
- Close the Hotfix Management window.
Uninstallation instructions:
To uninstall the patch
- In the SGMI, on the Action menu, click HotFix.
- In the left pane of the Hotfix Management window, click Uninstall hotfix.
- In the right pane of the Hotfix Management window, click the radio button next to hotfix ID SG8000-20040715-00.
- In the right pane of the Hotfix Management window, click Uninstall.
- Wait until a message appears in the right pane of the Hotfix Management window. (Note: there is no visible indication of activity.)
- If the message includes a "Restart" link, click the link and wait until the "Security gateway is restarting" message appears.
- Close the Hotfix Management window.
. Connect to Symantec Gateway Security (SGS) using the SRMC. Connect to the VelociRaptor using the SRMC. Right-click the VelociRaptor icon. Browse to the location of the *.tgz file. Select Open to load the patch. Answer "No" when asked if you want to reboot the system. Connect to the VelociRaptor using the SRMC. Right-click the VelociRaptor. Select All Tasks > SRL Client. Log into the system. Type: cd /usr/vr/hotfixes/SG7004-20040715-00 and press Enter. Type: ./Uninstall and press Enter
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "enterprise firewall",
"scope": "eq",
"trust": 2.4,
"vendor": "symantec",
"version": "7.0.4"
},
{
"_id": null,
"model": "enterprise firewall",
"scope": "eq",
"trust": 2.4,
"vendor": "symantec",
"version": "8.0"
},
{
"_id": null,
"model": "velociraptor",
"scope": "eq",
"trust": 1.9,
"vendor": "symantec",
"version": "1.5"
},
{
"_id": null,
"model": "enterprise firewall",
"scope": "eq",
"trust": 1.8,
"vendor": "symantec",
"version": "7.0"
},
{
"_id": null,
"model": "gateway security 5300",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "1.0"
},
{
"_id": null,
"model": "gateway security 5400",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "2.0"
},
{
"_id": null,
"model": "libkmp isakmp library",
"scope": "eq",
"trust": 1.0,
"vendor": "entrust",
"version": "*"
},
{
"_id": null,
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5440"
},
{
"_id": null,
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "5300"
},
{
"_id": null,
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "52001.0"
},
{
"_id": null,
"model": "gateway security",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "51101.0"
},
{
"_id": null,
"model": "gateway security 360r",
"scope": null,
"trust": 0.3,
"vendor": "symantec",
"version": null
},
{
"_id": null,
"model": "enterprise firewall solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.0.4"
},
{
"_id": null,
"model": "enterprise firewall nt/2000",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.0.4"
},
{
"_id": null,
"model": "enterprise firewall solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise firewall nt/2000",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.0"
},
{
"_id": null,
"model": "libkmp isakmp library",
"scope": null,
"trust": 0.3,
"vendor": "entrust",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "11039"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000340"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-576"
},
{
"db": "NVD",
"id": "CVE-2004-0369"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:symantec:enterprise_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000340"
}
]
},
"credits": {
"_id": null,
"data": "Mark Dowd\nNeel Mehta",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-576"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0369",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-0369",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-8799",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-0369",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2004-0369",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-576",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-8799",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8799"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000340"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-576"
},
{
"db": "NVD",
"id": "CVE-2004-0369"
}
]
},
"description": {
"_id": null,
"data": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. The Entrust LibKMP ISAKMP library is reported to be affected by a remote buffer overflow vulnerability. Malicious ISAKMP packets may trigger a buffer overrun in the affected library resulting in the corruption of process memory. \nAlthough unconfirmed, it is conjectured that this vulnerability may be related to the vulnerability described in BID 10273, as Checkpoint VPN-1 may use the affected library. The Entrust LibKmp ISAKMP library is used by multiple VPN vendors to exchange IKE keys for IPSEC-based VPN products. libKmp handles all incoming ISAKMP packets, this library is also used to authenticate and check the processing of incoming requests. The Entrust LibKmp ISAKMP library does not correctly verify incoming ISAKMP packets when implementing the IKE key exchange protocol. Entrust\\\u0027\\\u0027s LibKmp library is provided by the vendor to third parties to handle the exchange of IKE keys. This library is used in several enterprise firewall VPN products. Entrust\\\u0027\\\u0027s LibKmp library is fully checked for handling ISAKMP payloads and sizes. But the proposal payload embedded in the main SA payload is not properly filtered. The code that handles these loads has a flaw that can lead to memory corruption, a heap overflow. An attacker exploits this vulnerability to send malicious ISAKMP packets, which can cause the VPN component to crash, and carefully constructed and submitted data may execute arbitrary instructions on the system with process privileges. \nProduct: Symantec Gateway Security 2.0 - Model 5400 Series\t\n\nCopyright \\xa9 2004 Symantec Corporation August, 2004\n************************************************************************************\nHotfix: SG8000-20040715-00 - Entrust updates\n\n************************************************************************************\nThis document contains the following information about the Symantec Gateway Security\n2.0 - Model 5400 Series:\n\n* Prerequisites\n* Included modules\n* Fix description\n* Installation instructions\n* Uninstallation instructions\n\n************************************************************************************\nPrerequisites:\n\nHB8000-20031023-00 - December 2003 patch\nSG8000-20040405-00 - April 2004 patch\n\n************************************************************************************\nIncluded modules:\n\nisakmpd\nlibEntrust.so\nlibkmp.so\n \n************************************************************************************\nFix description:\n\nCorrects problem with Denial of Service attack reported against isakmpd in \nCAN-2004-0369. \n\n************************************************************************************\nInstallation instructions:\n\nThe April 2004 patch must be installed prior to installing this hotfix. \n\nTo install the patch\n\n1. Download the entrust-sgs20.tgz file to a location that is accessible from \n the Security Gateway Management Interface (SGMI). \n2. In the SGMI, on the Action menu, click HotFix. \n3. In the left pane of the Hotfix Management window, click Install hotfix. \n4. In the right pane of the Hotfix Management window, click Browse. \n5. In the Choose file dialog box, browse to and select the entrust-sgs20.tgz file,\n and then click Open. \n6. In the right pane of the Hotfix Management window, click Install. \n7. Wait until a message appears in the right pane of the Hotfix Management window. \n (Note: there is no visible indication of activity.)\n8. If the message includes a \"Restart\" link, click the link and wait until the\n \"Security gateway is restarting\" message appears. \n9. Close the Hotfix Management window. \n\n\n************************************************************************************\nUninstallation instructions:\n\nTo uninstall the patch\n\n1. In the SGMI, on the Action menu, click HotFix. \n2. In the left pane of the Hotfix Management window, click Uninstall hotfix. \n3. In the right pane of the Hotfix Management window, click the radio button next\n to hotfix ID SG8000-20040715-00. \n4. In the right pane of the Hotfix Management window, click Uninstall. \n5. Wait until a message appears in the right pane of the Hotfix Management window. \n (Note: there is no visible indication of activity.)\n6. If the message includes a \"Restart\" link, click the link and wait until the\n \"Security gateway is restarting\" message appears. \n7. Close the Hotfix Management window. \n\n\n************************************************************************************\n\n. Connect to Symantec Gateway Security (SGS) using the SRMC. Connect to the VelociRaptor using the SRMC. Right-click the VelociRaptor icon. Browse to the location of the *.tgz file. Select Open to load the patch. Answer \"No\" when asked if you want to reboot the system. Connect to the VelociRaptor using the SRMC. Right-click the VelociRaptor. Select All Tasks \u003e SRL Client. Log into the system. Type: cd /usr/vr/hotfixes/SG7004-20040715-00 and press Enter. Type: ./Uninstall and press Enter",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0369"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000340"
},
{
"db": "BID",
"id": "11039"
},
{
"db": "VULHUB",
"id": "VHN-8799"
},
{
"db": "PACKETSTORM",
"id": "34156"
},
{
"db": "PACKETSTORM",
"id": "34155"
},
{
"db": "PACKETSTORM",
"id": "34154"
}
],
"trust": 2.25
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2004-0369",
"trust": 3.1
},
{
"db": "BID",
"id": "11039",
"trust": 2.8
},
{
"db": "AUSCERT",
"id": "ESB-2004.0538",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "12371",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000340",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-576",
"trust": 0.7
},
{
"db": "ISS",
"id": "20040826 ENTRUST LIBKMP LIBRARY BUFFER OVERFLOW",
"trust": 0.6
},
{
"db": "CIAC",
"id": "O-206",
"trust": 0.6
},
{
"db": "XF",
"id": "15669",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6852",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "34156",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "34155",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "34154",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-8799",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8799"
},
{
"db": "BID",
"id": "11039"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000340"
},
{
"db": "PACKETSTORM",
"id": "34156"
},
{
"db": "PACKETSTORM",
"id": "34155"
},
{
"db": "PACKETSTORM",
"id": "34154"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-576"
},
{
"db": "NVD",
"id": "CVE-2004-0369"
}
]
},
"id": "VAR-200412-0107",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-8799"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:31:39.482000Z",
"patch": {
"_id": null,
"data": [
{
"title": "SYM04-012",
"trust": 0.8,
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
},
{
"title": "SYM04-012",
"trust": 0.8,
"url": "http://www.symantec.com/region/jp/sarcj/security/content/2004.08.26.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000340"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0369"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "http://xforce.iss.net/xforce/alerts/id/181"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/11039"
},
{
"trust": 2.0,
"url": "http://securityresponse.symantec.com/avcenter/security/content/2004.08.26.html"
},
{
"trust": 1.7,
"url": "http://www.auscert.org.au/render.html?it=4339"
},
{
"trust": 1.7,
"url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-0369"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-0369"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/12371/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/15669"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6852"
},
{
"trust": 0.3,
"url": "https://www.entrust.com/trustedcare/troubleshooting/bulletins.htm"
},
{
"trust": 0.3,
"url": "http://enterprisesecurity.symantec.com/products/products.cfm?productid=342\u0026eid=0"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/updates/entrust-70w-readme.txt"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/updates/entrust-70s-readme.txt"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/updates/entrust-704s-readme.txt"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/updates/entrust-704w-readme.txt"
},
{
"trust": 0.3,
"url": "http://enterprisesecurity.symantec.com/products/products.cfm?productid=47"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/updates/entrust-sgs10-readme.txt"
},
{
"trust": 0.3,
"url": "ftp://ftp.symantec.com/public/updates/entrust-sgs20-readme.txt"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0369"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-8799"
},
{
"db": "BID",
"id": "11039"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000340"
},
{
"db": "PACKETSTORM",
"id": "34156"
},
{
"db": "PACKETSTORM",
"id": "34155"
},
{
"db": "PACKETSTORM",
"id": "34154"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-576"
},
{
"db": "NVD",
"id": "CVE-2004-0369"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-8799",
"ident": null
},
{
"db": "BID",
"id": "11039",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000340",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "34156",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "34155",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "34154",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200412-576",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2004-0369",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-8799",
"ident": null
},
{
"date": "2004-08-25T00:00:00",
"db": "BID",
"id": "11039",
"ident": null
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000340",
"ident": null
},
{
"date": "2004-08-26T20:10:18",
"db": "PACKETSTORM",
"id": "34156",
"ident": null
},
{
"date": "2004-08-26T20:09:14",
"db": "PACKETSTORM",
"id": "34155",
"ident": null
},
{
"date": "2004-08-26T20:07:58",
"db": "PACKETSTORM",
"id": "34154",
"ident": null
},
{
"date": "2004-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-576",
"ident": null
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-0369",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-8799",
"ident": null
},
{
"date": "2009-07-12T06:17:00",
"db": "BID",
"id": "11039",
"ident": null
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000340",
"ident": null
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-576",
"ident": null
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-0369",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-576"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Entrust LibKMP ISAKMP Library Remote IPsec/ISAKMP Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "11039"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-576"
}
],
"trust": 0.9
},
"type": {
"_id": null,
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "11039"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-576"
}
],
"trust": 0.9
}
}
VAR-201807-0667
Vulnerability from variot - Updated: 2024-11-23 22:26Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. Entrust Datacard Syntera CS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Entrust Datacard Syntera CS is an integrated suite of Entrust Datacard Corporation in the United States for connecting Datacard issuing systems and special software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0667",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syntera customization suite",
"scope": "eq",
"trust": 1.6,
"vendor": "entrustdatacard",
"version": "5.1"
},
{
"model": "syntera customization suite",
"scope": "eq",
"trust": 1.6,
"vendor": "entrustdatacard",
"version": "5.0"
},
{
"model": "syntera customization suite",
"scope": "eq",
"trust": 0.8,
"vendor": "entrust datacard",
"version": "5.x"
},
{
"model": "datacard syntera cs",
"scope": "eq",
"trust": 0.6,
"vendor": "entrust",
"version": "5.*"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13037"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007774"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-338"
},
{
"db": "NVD",
"id": "CVE-2018-13252"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:entrustdatacard:syntera_customization_suite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007774"
}
]
},
"cve": "CVE-2018-13252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-13252",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-13037",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-13252",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-13252",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-13252",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-13037",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-338",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13037"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007774"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-338"
},
{
"db": "NVD",
"id": "CVE-2018-13252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Entrust Datacard Syntera CS 5.x has XSS via the name field of \"Domain or Computer Name\" in the login page. Entrust Datacard Syntera CS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Entrust Datacard Syntera CS is an integrated suite of Entrust Datacard Corporation in the United States for connecting Datacard issuing systems and special software",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13252"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007774"
},
{
"db": "CNVD",
"id": "CNVD-2018-13037"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13252",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007774",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-13037",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-338",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13037"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007774"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-338"
},
{
"db": "NVD",
"id": "CVE-2018-13252"
}
]
},
"id": "VAR-201807-0667",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13037"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13037"
}
]
},
"last_update_date": "2024-11-23T22:26:16.869000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Syntera Customization Suite Software Support",
"trust": 0.8,
"url": "https://www.datacard.com/manufacturing-efficiency-software-support/syntera-cs"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007774"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007774"
},
{
"db": "NVD",
"id": "CVE-2018-13252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/herwonowr/cve/tree/master/cve-2018-13252"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13252"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13252"
},
{
"trust": 0.6,
"url": "https://www.entrustdatacard.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13037"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007774"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-338"
},
{
"db": "NVD",
"id": "CVE-2018-13252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-13037"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007774"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-338"
},
{
"db": "NVD",
"id": "CVE-2018-13252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13037"
},
{
"date": "2018-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007774"
},
{
"date": "2018-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-338"
},
{
"date": "2018-07-05T17:29:00.250000",
"db": "NVD",
"id": "CVE-2018-13252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13037"
},
{
"date": "2018-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007774"
},
{
"date": "2018-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-338"
},
{
"date": "2024-11-21T03:46:43.920000",
"db": "NVD",
"id": "CVE-2018-13252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-338"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Entrust Datacard Syntera CS Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13037"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-338"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-338"
}
],
"trust": 0.6
}
}
CVE-2007-4594 (GCVE-0-2007-4594)
Vulnerability from nvd – Published: 2007-08-29 22:00 – Updated: 2024-08-07 15:01- n/a
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26630 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25471 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26630"
},
{
"name": "25471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25471"
},
{
"name": "esp-certificate-security-bypass(36331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26630"
},
{
"name": "25471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25471"
},
{
"name": "esp-certificate-security-bypass(36331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26630"
},
{
"name": "25471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25471"
},
{
"name": "esp-certificate-security-bypass(36331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4594",
"datePublished": "2007-08-29T22:00:00.000Z",
"dateReserved": "2007-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0369 (GCVE-0-2004-0369)
Vulnerability from nvd – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:17- n/a
| URL | Tags |
|---|---|
| http://www.auscert.org.au/render.html?it=4339 | third-party-advisoryx_refsource_AUSCERT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://xforce.iss.net/xforce/alerts/id/181 | third-party-advisoryx_refsource_ISS |
| http://securityresponse.symantec.com/avcenter/sec… | x_refsource_CONFIRM |
| http://www.ciac.org/ciac/bulletins/o-206.shtml | third-party-advisorygovernment-resourcex_refsource_CIAC |
| http://www.securityfocus.com/bid/11039 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ESB-2004.0538",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/render.html?it=4339"
},
{
"name": "isakmp-spi-size-bo(15669)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
},
{
"name": "20040826 Entrust LibKmp Library Buffer Overflow",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
},
{
"name": "O-206",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
},
{
"name": "11039",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ESB-2004.0538",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/render.html?it=4339"
},
{
"name": "isakmp-spi-size-bo(15669)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
},
{
"name": "20040826 Entrust LibKmp Library Buffer Overflow",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
},
{
"name": "O-206",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
},
{
"name": "11039",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ESB-2004.0538",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=4339"
},
{
"name": "isakmp-spi-size-bo(15669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
},
{
"name": "20040826 Entrust LibKmp Library Buffer Overflow",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/181"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
},
{
"name": "O-206",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
},
{
"name": "11039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0369",
"datePublished": "2005-04-14T04:00:00.000Z",
"dateReserved": "2004-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:17:14.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0712 (GCVE-0-2002-0712)
Vulnerability from nvd – Published: 2004-01-14 05:00 – Updated: 2024-08-08 02:56- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/720017 | third-party-advisoryx_refsource_CERT-VN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/AAMN-5KKVXC | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/7284 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#720017",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/720017"
},
{
"name": "easm-multiple-authorization-bypass(11724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
},
{
"name": "7284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#720017",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/720017"
},
{
"name": "easm-multiple-authorization-bypass(11724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
},
{
"name": "7284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#720017",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/720017"
},
{
"name": "easm-multiple-authorization-bypass(11724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
},
{
"name": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
},
{
"name": "7284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0712",
"datePublished": "2004-01-14T05:00:00.000Z",
"dateReserved": "2002-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:56:38.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0853 (GCVE-0-2001-0853)
Vulnerability from nvd – Published: 2001-11-22 05:00 – Updated: 2024-08-08 04:37- n/a
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=100498111712723&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/3508 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/243243 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
},
{
"name": "20011105 New getAccess[tm] Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
},
{
"name": "getaccess-shellscripts-retrieve-files(7474)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
},
{
"name": "3508",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3508"
},
{
"name": "VU#243243",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/243243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
},
{
"name": "20011105 New getAccess[tm] Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
},
{
"name": "getaccess-shellscripts-retrieve-files(7474)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
},
{
"name": "3508",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3508"
},
{
"name": "VU#243243",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/243243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
},
{
"name": "20011105 New getAccess[tm] Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
},
{
"name": "getaccess-shellscripts-retrieve-files(7474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
},
{
"name": "3508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3508"
},
{
"name": "VU#243243",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/243243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0853",
"datePublished": "2001-11-22T05:00:00.000Z",
"dateReserved": "2001-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:37:06.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1024 (GCVE-0-2001-1024)
Vulnerability from nvd – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:44- n/a
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:06.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010727 Entrust - getAccess",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
},
{
"name": "entrust-getaccess-execute-commands(6915)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010727 Entrust - getAccess",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
},
{
"name": "entrust-getaccess-execute-commands(6915)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010727 Entrust - getAccess",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
},
{
"name": "entrust-getaccess-execute-commands(6915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1024",
"datePublished": "2002-02-02T05:00:00.000Z",
"dateReserved": "2002-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:44:06.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4594 (GCVE-0-2007-4594)
Vulnerability from cvelistv5 – Published: 2007-08-29 22:00 – Updated: 2024-08-07 15:01- n/a
| URL | Tags |
|---|---|
| http://secunia.com/advisories/26630 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/25471 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26630"
},
{
"name": "25471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25471"
},
{
"name": "esp-certificate-security-bypass(36331)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26630",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26630"
},
{
"name": "25471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25471"
},
{
"name": "esp-certificate-security-bypass(36331)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26630"
},
{
"name": "25471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25471"
},
{
"name": "esp-certificate-security-bypass(36331)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4594",
"datePublished": "2007-08-29T22:00:00.000Z",
"dateReserved": "2007-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:01:09.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0369 (GCVE-0-2004-0369)
Vulnerability from cvelistv5 – Published: 2005-04-14 04:00 – Updated: 2024-08-08 00:17- n/a
| URL | Tags |
|---|---|
| http://www.auscert.org.au/render.html?it=4339 | third-party-advisoryx_refsource_AUSCERT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://xforce.iss.net/xforce/alerts/id/181 | third-party-advisoryx_refsource_ISS |
| http://securityresponse.symantec.com/avcenter/sec… | x_refsource_CONFIRM |
| http://www.ciac.org/ciac/bulletins/o-206.shtml | third-party-advisorygovernment-resourcex_refsource_CIAC |
| http://www.securityfocus.com/bid/11039 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ESB-2004.0538",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT",
"x_transferred"
],
"url": "http://www.auscert.org.au/render.html?it=4339"
},
{
"name": "isakmp-spi-size-bo(15669)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
},
{
"name": "20040826 Entrust LibKmp Library Buffer Overflow",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
},
{
"name": "O-206",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
},
{
"name": "11039",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ESB-2004.0538",
"tags": [
"third-party-advisory",
"x_refsource_AUSCERT"
],
"url": "http://www.auscert.org.au/render.html?it=4339"
},
{
"name": "isakmp-spi-size-bo(15669)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
},
{
"name": "20040826 Entrust LibKmp Library Buffer Overflow",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
},
{
"name": "O-206",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
},
{
"name": "11039",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ESB-2004.0538",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=4339"
},
{
"name": "isakmp-spi-size-bo(15669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669"
},
{
"name": "20040826 Entrust LibKmp Library Buffer Overflow",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/181"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html"
},
{
"name": "O-206",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-206.shtml"
},
{
"name": "11039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0369",
"datePublished": "2005-04-14T04:00:00.000Z",
"dateReserved": "2004-03-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:17:14.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0712 (GCVE-0-2002-0712)
Vulnerability from cvelistv5 – Published: 2004-01-14 05:00 – Updated: 2024-08-08 02:56- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/720017 | third-party-advisoryx_refsource_CERT-VN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/AAMN-5KKVXC | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/7284 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#720017",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/720017"
},
{
"name": "easm-multiple-authorization-bypass(11724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
},
{
"name": "7284",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#720017",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/720017"
},
{
"name": "easm-multiple-authorization-bypass(11724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
},
{
"name": "7284",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#720017",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/720017"
},
{
"name": "easm-multiple-authorization-bypass(11724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11724"
},
{
"name": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/AAMN-5KKVXC"
},
{
"name": "7284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0712",
"datePublished": "2004-01-14T05:00:00.000Z",
"dateReserved": "2002-07-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:56:38.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1024 (GCVE-0-2001-1024)
Vulnerability from cvelistv5 – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:44- n/a
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:06.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010727 Entrust - getAccess",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
},
{
"name": "entrust-getaccess-execute-commands(6915)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010727 Entrust - getAccess",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
},
{
"name": "entrust-getaccess-execute-commands(6915)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010727 Entrust - getAccess",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html"
},
{
"name": "entrust-getaccess-execute-commands(6915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1024",
"datePublished": "2002-02-02T05:00:00.000Z",
"dateReserved": "2002-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:44:06.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0853 (GCVE-0-2001-0853)
Vulnerability from cvelistv5 – Published: 2001-11-22 05:00 – Updated: 2024-08-08 04:37- n/a
| URL | Tags |
|---|---|
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://marc.info/?l=bugtraq&m=100498111712723&w=2 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/3508 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/243243 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
},
{
"name": "20011105 New getAccess[tm] Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
},
{
"name": "getaccess-shellscripts-retrieve-files(7474)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
},
{
"name": "3508",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3508"
},
{
"name": "VU#243243",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/243243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
},
{
"name": "20011105 New getAccess[tm] Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
},
{
"name": "getaccess-shellscripts-retrieve-files(7474)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
},
{
"name": "3508",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3508"
},
{
"name": "VU#243243",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/243243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html"
},
{
"name": "20011105 New getAccess[tm] Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=100498111712723\u0026w=2"
},
{
"name": "getaccess-shellscripts-retrieve-files(7474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7474"
},
{
"name": "3508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3508"
},
{
"name": "VU#243243",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/243243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0853",
"datePublished": "2001-11-22T05:00:00.000Z",
"dateReserved": "2001-11-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:37:06.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}