admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add entries for VU#873161

Browse Source
This commit is contained in:
Will Dormann 2020-01-03 16:27:14 -05:00
parent 9d54842f2e
commit 53f58a4cc2
6 changed files with 336 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2019/9xxx/CVE-2019-9537.json
View File

@ -1,8 +1,33 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9537", "ID": "CVE-2019-9537",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in uploaditem.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +36,35 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
} }

58
2019/9xxx/CVE-2019-9538.json
View File

@ -1,8 +1,33 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9538", "ID": "CVE-2019-9538",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in LDAP cbURL parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +36,35 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
} }

58
2019/9xxx/CVE-2019-9539.json
View File

@ -1,8 +1,33 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9539", "ID": "CVE-2019-9539",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +36,35 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ModalWindowPopup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
} }

58
2019/9xxx/CVE-2019-9540.json
View File

@ -1,8 +1,33 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9540", "ID": "CVE-2019-9540",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in prefs.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +36,35 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prefs.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
} }

58
2019/9xxx/CVE-2019-9541.json
View File

@ -1,8 +1,33 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9541", "ID": "CVE-2019-9541",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System information disclosure in itemlookup.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +36,35 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": ": Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
} }

58
2019/9xxx/CVE-2019-9542.json
View File

@ -1,8 +1,33 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID": "CVE-2019-9542", "ID": "CVE-2019-9542",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": "Telos Automated Message Handling System reflected XSS in itemlookup.asp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automated Message Handling System",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.1.5.5"
}
]
}
}
]
},
"vendor_name": "Telos"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +36,35 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": ": Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session.\nThis issue affects:\nTelos Automated Message Handling System\nversions prior to 4.1.5.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#873161",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/873161/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
} }