admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2017-12-15 09:03:12 -05:00
parent e7620bf15f
commit 454fd174b0
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
13 changed files with 817 additions and 808 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2006/6xxx/CVE-2006-6440.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to \"HTTP Security issues.\""
"value" : "Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to \"HTTP Security issues.\""
}
]
},

123
2017/10xxx/CVE-2017-10904.json
View File

@ -1,62 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10904",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Qt Company",
"product": {
"product_data": [
{
"product_name": "Qt for Android",
"version": {
"version_data": [
{
"version_value": "prior to 5.9.0"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"OS Command Injection"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"url":"https://jvn.jp/en/jp/JVN67389262/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Qt for Android",
"version" : {
"version_data" : [
{
"version_value" : "prior to 5.9.0"
}
]
}
}
]
},
"vendor_name" : "The Qt Company"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"url" : "https://jvn.jp/en/jp/JVN67389262/index.html"
}
]
}
}

123
2017/10xxx/CVE-2017-10905.json
View File

@ -1,62 +1,63 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10905",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Qt Company",
"product": {
"product_data": [
{
"product_name": "Qt for Android",
"version": {
"version_data": [
{
"version_value": "prior to 5.9.3"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"External Control of Critical State Data"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"url":"https://jvn.jp/en/jp/JVN27342829/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors."
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Qt for Android",
"version" : {
"version_data" : [
{
"version_value" : "prior to 5.9.3"
}
]
}
}
]
},
"vendor_name" : "The Qt Company"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "External Control of Critical State Data"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android/"
},
{
"url" : "https://jvn.jp/en/jp/JVN27342829/index.html"
}
]
}
}

134
2017/3xxx/CVE-2017-3184.json
View File

@ -1,71 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3184",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ACTi Corporation",
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ACTi D, B, I, and E series cameras",
"version" : {
"version_data" : [
{
"version_value" : "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name" : "ACTi Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-306: Missing Authentication for Critical Function"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/355151"
},
{
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186)."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"url" : "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"url" : "https://www.kb.cert.org/vuls/id/355151"
},
{
"url" : "http://www.securityfocus.com/bid/96720/info"
}
]
}
}

131
2017/3xxx/CVE-2017-3185.json
View File

@ -1,68 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3185",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ACTi Corporation",
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ACTi D, B, I, and E series cameras",
"version" : {
"version_data" : [
{
"version_value" : "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name" : "ACTi Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-598: Information Exposure Through Query Strings in GET Request"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-598: Information Exposure Through Query Strings in GET Request"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/355151"
},
{
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"url" : "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"url" : "https://www.kb.cert.org/vuls/id/355151"
},
{
"url" : "http://www.securityfocus.com/bid/96720/info"
}
]
}
}

131
2017/3xxx/CVE-2017-3186.json
View File

@ -1,68 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3186",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ACTi Corporation",
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ACTi D, B, I, and E series cameras",
"version" : {
"version_data" : [
{
"version_value" : "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name" : "ACTi Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-521: Weak Password Requirements"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521: Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/355151"
},
{
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"url" : "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"url" : "https://www.kb.cert.org/vuls/id/355151"
},
{
"url" : "http://www.securityfocus.com/bid/96720/info"
}
]
}
}

131
2017/3xxx/CVE-2017-3190.json
View File

@ -1,68 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3190",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Flash Seats",
"product": {
"product_data": [
{
"product_name": "Flash Seats Mobile App",
"version": {
"version_data": [
{
"version_value": "Android version 1.7.9 and earlier"
},
{
"version_value": "iOS version 1.9.51 and earlier"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Flash Seats Mobile App",
"version" : {
"version_data" : [
{
"version_value" : "Android version 1.7.9 and earlier"
},
{
"version_value" : "iOS version 1.9.51 and earlier"
}
]
}
}
]
},
"vendor_name" : "Flash Seats"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295: Improper Certificate Validation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/96719"
},
{
"url": "https://www.kb.cert.org/vuls/id/247016"
},
{
"url": "https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-validate-ssl-certificates.392553/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-validate-ssl-certificates.392553/"
},
{
"url" : "https://www.kb.cert.org/vuls/id/247016"
},
{
"url" : "http://www.securityfocus.com/bid/96719"
}
]
}
}

151
2017/3xxx/CVE-2017-3191.json
View File

@ -1,78 +1,79 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3191",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DIR-130",
"version": {
"version_data": [
{
"version_value": "1.23"
}
]
}
},
{
"product_name": "DIR-330",
"version": {
"version_data": [
{
"version_value": "1.12"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DIR-130",
"version" : {
"version_data" : [
{
"version_value" : "1.23"
}
]
}
},
{
"product_name" : "DIR-330",
"version" : {
"version_data" : [
{
"version_value" : "1.12"
}
]
}
}
]
},
"vendor_name" : "D-Link"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-294: Authentication Bypass by Capture-replay"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294: Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/553503"
},
{
"url": "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123293"
},
{
"url": "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123293"
},
{
"url" : "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/"
},
{
"url" : "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/"
},
{
"url" : "https://www.kb.cert.org/vuls/id/553503"
}
]
}
}

151
2017/3xxx/CVE-2017-3192.json
View File

@ -1,78 +1,79 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3192",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DIR-130",
"version": {
"version_data": [
{
"version_value": "1.23"
}
]
}
},
{
"product_name": "DIR-330",
"version": {
"version_data": [
{
"version_value": "1.12"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DIR-130",
"version" : {
"version_data" : [
{
"version_value" : "1.23"
}
]
}
},
{
"product_name" : "DIR-330",
"version" : {
"version_data" : [
{
"version_value" : "1.12"
}
]
}
}
]
},
"vendor_name" : "D-Link"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522: Insufficiently Protected Credentials"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/553503"
},
{
"url": "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123292"
},
{
"url": "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123292"
},
{
"url" : "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/"
},
{
"url" : "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/"
},
{
"url" : "https://www.kb.cert.org/vuls/id/553503"
}
]
}
}

143
2017/3xxx/CVE-2017-3193.json
View File

@ -1,74 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3193",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DIR-850L and potentially others",
"version": {
"version_data": [
{
"version_value": "1.14B07"
},
{
"version_value": "2.07.B05"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DIR-850L and potentially others",
"version" : {
"version_data" : [
{
"version_value" : "1.14B07"
},
{
"version_value" : "2.07.B05"
}
]
}
}
]
},
"vendor_name" : "D-Link"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121: Stack-based Buffer Overflow"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/96747"
},
{
"url": "https://www.kb.cert.org/vuls/id/305448"
},
{
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967"
},
{
"url": "https://twitter.com/NCCGroupInfosec/status/845269159277723649"
},
{
"url": "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967"
},
{
"url" : "https://twitter.com/NCCGroupInfosec/status/845269159277723649"
},
{
"url" : "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories"
},
{
"url" : "https://www.kb.cert.org/vuls/id/305448"
},
{
"url" : "http://www.securityfocus.com/bid/96747"
}
]
}
}

131
2017/3xxx/CVE-2017-3194.json
View File

@ -1,68 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3194",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pandora Media, Inc.",
"product": {
"product_data": [
{
"product_name": "Pandora iOS App",
"version": {
"version_data": [
{
"version_value": "Prior to 8.3.2"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pandora iOS App",
"version" : {
"version_data" : [
{
"version_value" : "Prior to 8.3.2"
}
]
}
}
]
},
"vendor_name" : "Pandora Media, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295: Improper Certificate Validation"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/97158"
},
{
"url": "https://www.kb.cert.org/vuls/id/342303"
},
{
"url": "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/"
},
{
"url": "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018"
},
{
"url" : "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/"
},
{
"url" : "https://www.kb.cert.org/vuls/id/342303"
},
{
"url" : "http://www.securityfocus.com/bid/97158"
}
]
}
}

143
2017/3xxx/CVE-2017-3195.json
View File

@ -1,74 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3195",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Commvault",
"product": {
"product_data": [
{
"product_name": "Service Pack 6",
"version": {
"version_data": [
{
"version_value": "Version 11 prior to SP7"
},
{
"version_value": "version 11 SP6 prior to hotfix 590"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Service Pack 6",
"version" : {
"version_data" : [
{
"version_value" : "Version 11 prior to SP7"
},
{
"version_value" : "version 11 SP6 prior to hotfix 590"
}
]
}
}
]
},
"vendor_name" : "Commvault"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121: Stack-based Buffer Overflow"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/96941"
},
{
"url": "https://www.kb.cert.org/vuls/id/214283"
},
{
"url": "http://redr2e.com/commvault-edge-cve-2017-3195/"
},
{
"url": "https://www.exploit-db.com/exploits/41823/"
},
{
"url": "http://kb.commvault.com/article/SEC0013"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.exploit-db.com/exploits/41823/"
},
{
"url" : "http://redr2e.com/commvault-edge-cve-2017-3195/"
},
{
"url" : "http://kb.commvault.com/article/SEC0013"
},
{
"url" : "https://www.kb.cert.org/vuls/id/214283"
},
{
"url" : "http://www.securityfocus.com/bid/96941"
}
]
}
}

131
2017/3xxx/CVE-2017-3196.json
View File

@ -1,68 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3196",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Printing Communications Assoc., Inc. (PCAUSA)",
"product": {
"product_data": [
{
"product_name": "ASUS PCE-AC56 WLAN Card Utilities",
"version": {
"version_data": [
{
"version_value": "Unknown"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ASUS PCE-AC56 WLAN Card Utilities",
"version" : {
"version_data" : [
{
"version_value" : "Unknown"
}
]
}
}
]
},
"vendor_name" : "Printing Communications Assoc., Inc. (PCAUSA)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/600671"
},
{
"url": "http://www.securityfocus.com/bid/96993/discuss"
},
{
"url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
},
{
"url": "http://blog.rewolf.pl/blog/?p=1778"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges."
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://blog.rewolf.pl/blog/?p=1778"
},
{
"url" : "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
},
{
"url" : "https://www.kb.cert.org/vuls/id/600671"
},
{
"url" : "http://www.securityfocus.com/bid/96993/discuss"
}
]
}
}