diff --git a/2014/6xxx/CVE-2014-6309.json b/2014/6xxx/CVE-2014-6309.json index efa6cbee05c..ad4da343b79 100644 --- a/2014/6xxx/CVE-2014-6309.json +++ b/2014/6xxx/CVE-2014-6309.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-6309", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879", + "refsource" : "CONFIRM", + "url" : "https://support.kaazing.com/hc/en-us/articles/115004550547-Advisory-for-KGS-879" } ] } diff --git a/2014/6xxx/CVE-2014-6633.json b/2014/6xxx/CVE-2014-6633.json index b5b0fd0ea05..928ecfc63ac 100644 --- a/2014/6xxx/CVE-2014-6633.json +++ b/2014/6xxx/CVE-2014-6633.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-6633", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.tryton.org/posts/security-release-for-issue4155.html", + "refsource" : "CONFIRM", + "url" : "http://www.tryton.org/posts/security-release-for-issue4155.html" + }, + { + "name" : "https://bugs.tryton.org/issue4155", + "refsource" : "CONFIRM", + "url" : "https://bugs.tryton.org/issue4155" } ] } diff --git a/2015/1xxx/CVE-2015-1777.json b/2015/1xxx/CVE-2015-1777.json index 2eab24555fb..33dd6023ede 100644 --- a/2015/1xxx/CVE-2015-1777.json +++ b/2015/1xxx/CVE-2015-1777.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-1777", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20150304 Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2015/03/04/7" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198740", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1198740" + }, + { + "name" : "72943", + "refsource" : "BID", + "url" : "http://www.securityfocus.com/bid/72943" } ] } diff --git a/2015/4xxx/CVE-2015-4557.json b/2015/4xxx/CVE-2015-4557.json index c1754f62c93..2b8935048fd 100644 --- a/2015/4xxx/CVE-2015-4557.json +++ b/2015/4xxx/CVE-2015-4557.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-4557", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in the new_Twitter_sign_button function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter. NOTE: this may overlap CVE-2015-4413." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20151231 CVE-2015-4557 - Wordpress \"Nextend Twitter Connect\" & \"Nextend Google Connect\" Cross Site Scripting", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2015/Jun/71" + }, + { + "name" : "http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/132432/WordPress-Nextend-Twitter-Connect-1.5.1-Cross-Site-Scripting.html" + }, + { + "name" : "https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect", + "refsource" : "CONFIRM", + "url" : "https://plugins.trac.wordpress.org/changeset/1178744/nextend-twitter-connect" + }, + { + "name" : "75395", + "refsource" : "BID", + "url" : "http://www.securityfocus.com/bid/75395" } ] } diff --git a/2017/13xxx/CVE-2017-13220.json b/2017/13xxx/CVE-2017-13220.json index 4797589b83b..899b1252df2 100644 --- a/2017/13xxx/CVE-2017-13220.json +++ b/2017/13xxx/CVE-2017-13220.json @@ -57,6 +57,31 @@ "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "CONFIRM", "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1536155", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1536155" + }, + { + "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1076537", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1076537" + }, + { + "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a", + "refsource" : "CONFIRM", + "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a" + }, + { + "name" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html", + "refsource" : "CONFIRM", + "url" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html" + }, + { + "name" : "https://security-tracker.debian.org/tracker/CVE-2017-13220", + "refsource" : "CONFIRM", + "url" : "https://security-tracker.debian.org/tracker/CVE-2017-13220" } ] } diff --git a/2017/1xxx/CVE-2017-1790.json b/2017/1xxx/CVE-2017-1790.json index a662ad6e1ef..1b8852ac3f2 100644 --- a/2017/1xxx/CVE-2017-1790.json +++ b/2017/1xxx/CVE-2017-1790.json @@ -1,29 +1,14 @@ { - "data_format" : "MITRE", - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } - ] - } - ] - }, "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", "DATE_PUBLIC" : "2018-04-10T00:00:00", "ID" : "CVE-2017-1790", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { @@ -61,34 +46,47 @@ } } ] - } + }, + "vendor_name" : "IBM" } ] } }, - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012660", - "refsource" : "CONFIRM", - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012660", - "title" : "IBM Security Bulletin 2012660 (Rational DOORS Next Generation)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137035", - "refsource" : "XF", - "name" : "X-Force Vulnerability Report", - "title" : "ibm-dng-cve20171790-xss(137035)" - } - ] - }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035." } ] }, - "data_version" : "4.0" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137035", + "refsource" : "MISC", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137035" + }, + { + "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012660", + "refsource" : "CONFIRM", + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012660" + } + ] + } } diff --git a/2017/6xxx/CVE-2017-6910.json b/2017/6xxx/CVE-2017-6910.json index ea4270ab173..6101d16b572 100644 --- a/2017/6xxx/CVE-2017-6910.json +++ b/2017/6xxx/CVE-2017-6910.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-6910", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.kaazing.com/hc/en-us/articles/115004752368", + "refsource" : "CONFIRM", + "url" : "https://support.kaazing.com/hc/en-us/articles/115004752368" } ] } diff --git a/2018/4xxx/CVE-2018-4148.json b/2018/4xxx/CVE-2018-4148.json index ccd1fd080ef..0cf5f09c3ec 100644 --- a/2018/4xxx/CVE-2018-4148.json +++ b/2018/4xxx/CVE-2018-4148.json @@ -52,6 +52,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/", + "refsource" : "MISC", + "url" : "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/" + }, { "name" : "https://support.apple.com/HT208693", "refsource" : "CONFIRM", diff --git a/2018/9xxx/CVE-2018-9118.json b/2018/9xxx/CVE-2018-9118.json index c77a9fef260..b5330028516 100644 --- a/2018/9xxx/CVE-2018-9118.json +++ b/2018/9xxx/CVE-2018-9118.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9118", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wpvulndb.com/vulnerabilities/9056", + "refsource" : "MISC", + "url" : "https://wpvulndb.com/vulnerabilities/9056" + }, + { + "name" : "https://99robots.com/docs/wp-background-takeover-advertisements/", + "refsource" : "CONFIRM", + "url" : "https://99robots.com/docs/wp-background-takeover-advertisements/" } ] } diff --git a/2018/9xxx/CVE-2018-9155.json b/2018/9xxx/CVE-2018-9155.json index d6cfdc7dc65..0dae916068b 100644 --- a/2018/9xxx/CVE-2018-9155.json +++ b/2018/9xxx/CVE-2018-9155.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9155", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin->Logs section (with a logs?logs.type= URI) and the Manage->Attributes section (via the \"Name (display)\" field to the attributes/create URI)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing", + "refsource" : "MISC", + "url" : "https://docs.google.com/document/d/1ZG1qiwpECbVnv92yNckDn7yyuluKoC2_ON-eLhAY97Q/edit?usp=sharing" } ] } diff --git a/2018/9xxx/CVE-2018-9842.json b/2018/9xxx/CVE-2018-9842.json index e7d5e615e96..366124540d6 100644 --- a/2018/9xxx/CVE-2018-9842.json +++ b/2018/9xxx/CVE-2018-9842.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9842", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180409 [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure", + "refsource" : "BUGTRAQ", + "url" : "http://www.securityfocus.com/archive/1/archive/1/541931/100/0/threaded" + }, + { + "name" : "20180409 [RT-SA-2017-015] CyberArk Password Vault Memory Disclosure", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Apr/19" + }, + { + "name" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure", + "refsource" : "MISC", + "url" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure" } ] } diff --git a/2018/9xxx/CVE-2018-9843.json b/2018/9xxx/CVE-2018-9843.json index 992c188c133..10621c7c0f0 100644 --- a/2018/9xxx/CVE-2018-9843.json +++ b/2018/9xxx/CVE-2018-9843.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9843", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180409 [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution", + "refsource" : "BUGTRAQ", + "url" : "http://www.securityfocus.com/archive/1/archive/1/541932/100/0/threaded" + }, + { + "name" : "20180409 [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Apr/18" + }, + { + "name" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-014/-cyberark-password-vault-web-access-remote-code-execution", + "refsource" : "MISC", + "url" : "https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-014/-cyberark-password-vault-web-access-remote-code-execution" } ] }