admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-07-13 16:03:51 -04:00
parent f4b6e26167
commit 5829745bb6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
46 changed files with 1999 additions and 1989 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
2016/6xxx/CVE-2016-6542.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6542",
"STATE": "PUBLIC",
"TITLE": "The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the device"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6542",
"STATE" : "PUBLIC",
"TITLE" : "The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the device"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Easy",
"version": {
"version_data": [
"product_name" : "Easy",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "iTrack"
"vendor_name" : "iTrack"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The iTrack device tracking ID number, also called \"LosserID\" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address."
"lang" : "eng",
"value" : "The iTrack device tracking ID number, also called \"LosserID\" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
"lang" : "eng",
"value" : "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#974055",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/974055"
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
"name" : "VU#974055",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/974055"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

84
2016/6xxx/CVE-2016-6543.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6543",
"STATE": "PUBLIC",
"TITLE": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6543",
"STATE" : "PUBLIC",
"TITLE" : "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Easy",
"version": {
"version_data": [
"product_name" : "Easy",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "iTrack"
"vendor_name" : "iTrack"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device."
"lang" : "eng",
"value" : "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-799: Improper Control of Interaction Frequency"
"lang" : "eng",
"value" : "CWE-799: Improper Control of Interaction Frequency"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#974055",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/974055"
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
"name" : "VU#974055",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/974055"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

84
2016/6xxx/CVE-2016-6544.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6544",
"STATE": "PUBLIC",
"TITLE": "iTrack Easy's getgps data can be modified without authentication"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6544",
"STATE" : "PUBLIC",
"TITLE" : "iTrack Easy's getgps data can be modified without authentication"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Easy",
"version": {
"version_data": [
"product_name" : "Easy",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "iTrack"
"vendor_name" : "iTrack"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device."
"lang" : "eng",
"value" : "getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
"lang" : "eng",
"value" : "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#974055",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/974055"
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
"name" : "VU#974055",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/974055"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

84
2016/6xxx/CVE-2016-6545.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6545",
"STATE": "PUBLIC",
"TITLE": "iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6545",
"STATE" : "PUBLIC",
"TITLE" : "iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Easy",
"version": {
"version_data": [
"product_name" : "Easy",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "iTrack"
"vendor_name" : "iTrack"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password."
"lang" : "eng",
"value" : "Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-613: Insufficient Session Expiration"
"lang" : "eng",
"value" : "CWE-613: Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#974055",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/974055"
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
"name" : "VU#974055",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/974055"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

84
2016/6xxx/CVE-2016-6546.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6546",
"STATE": "PUBLIC",
"TITLE": "iTrack Easy mobile application stores the user password in base-64 encoding/cleartext"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6546",
"STATE" : "PUBLIC",
"TITLE" : "iTrack Easy mobile application stores the user password in base-64 encoding/cleartext"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Easy",
"version": {
"version_data": [
"product_name" : "Easy",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "iTrack"
"vendor_name" : "iTrack"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext."
"lang" : "eng",
"value" : "The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-313: Cleartext Storage in a File or on Disk"
"lang" : "eng",
"value" : "CWE-313: Cleartext Storage in a File or on Disk"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#974055",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/974055"
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
"name" : "VU#974055",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/974055"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

90
2016/6xxx/CVE-2016-6547.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6547",
"STATE": "PUBLIC",
"TITLE": "Zizai Tech Nut stores the account password in cleartext"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6547",
"STATE" : "PUBLIC",
"TITLE" : "Zizai Tech Nut stores the account password in cleartext"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Tech Nut Mobile Application",
"version": {
"version_data": [
"product_name" : "Tech Nut Mobile Application",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Zizai Technology"
"vendor_name" : "Zizai Technology"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file."
"lang" : "eng",
"value" : "The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-313: Cleartext Storage in a File or on Disk"
"lang" : "eng",
"value" : "CWE-313: Cleartext Storage in a File or on Disk"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "93877",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93877"
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "VU#402847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/402847"
"name" : "VU#402847",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/402847"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
"name" : "93877",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/93877"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

90
2016/6xxx/CVE-2016-6548.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6548",
"STATE": "PUBLIC",
"TITLE": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6548",
"STATE" : "PUBLIC",
"TITLE" : "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Tech Nut Mobile Application",
"version": {
"version_data": [
"product_name" : "Tech Nut Mobile Application",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Zizai Technology"
"vendor_name" : "Zizai Technology"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account."
"lang" : "eng",
"value" : "The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-200: Information Exposure"
"lang" : "eng",
"value" : "CWE-200: Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "93877",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93877"
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "VU#402847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/402847"
"name" : "VU#402847",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/402847"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
"name" : "93877",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/93877"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

90
2016/6xxx/CVE-2016-6549.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6549",
"STATE": "PUBLIC",
"TITLE": "Zizai Tech Nut allows for unauthenticated Bluetooth pairing"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6549",
"STATE" : "PUBLIC",
"TITLE" : "Zizai Tech Nut allows for unauthenticated Bluetooth pairing"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Tech Nut",
"version": {
"version_data": [
"product_name" : "Tech Nut",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Zizai Technology"
"vendor_name" : "Zizai Technology"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute."
"lang" : "eng",
"value" : "The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
"lang" : "eng",
"value" : "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "93877",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93877"
"name" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"name": "VU#402847",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/402847"
"name" : "VU#402847",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/402847"
},
{
"name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
"name" : "93877",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/93877"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

80
2016/6xxx/CVE-2016-6551.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6551",
"STATE": "PUBLIC",
"TITLE": "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6551",
"STATE" : "PUBLIC",
"TITLE" : "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Antennas",
"version": {
"version_data": [
"product_name" : "Antennas",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "t-Series",
"version_value": "1.07"
"affected" : "=",
"version_name" : "t-Series",
"version_value" : "1.07"
},
{
"affected": "=",
"version_name": "v-Series",
"version_value": "1.07"
"affected" : "=",
"version_name" : "v-Series",
"version_value" : "1.07"
}
]
}
}
]
},
"vendor_name": "Intellian Satellite TV"
"vendor_name" : "Intellian Satellite TV"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device."
"lang" : "eng",
"value" : "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-255"
"lang" : "eng",
"value" : "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#200907",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/200907"
"name" : "VU#200907",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/200907"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

80
2016/6xxx/CVE-2016-6552.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6552",
"STATE": "PUBLIC",
"TITLE": "Green Packet DX-350 uses default credentials"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6552",
"STATE" : "PUBLIC",
"TITLE" : "Green Packet DX-350 uses default credentials"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "WiFi Access Point",
"version": {
"version_data": [
"product_name" : "WiFi Access Point",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "DX-350",
"version_value": "DX-350"
"affected" : "=",
"version_name" : "DX-350",
"version_value" : "DX-350"
}
]
}
}
]
},
"vendor_name": "Green Packet"
"vendor_name" : "Green Packet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device."
"lang" : "eng",
"value" : "Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-255"
"lang" : "eng",
"value" : "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "93806",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93806"
"name" : "VU#970379",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/970379"
},
{
"name": "VU#970379",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/970379"
"name" : "93806",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/93806"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2016/6xxx/CVE-2016-6553.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6553",
"STATE": "PUBLIC",
"TITLE": "Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses default credentials"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6553",
"STATE" : "PUBLIC",
"TITLE" : "Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses default credentials"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "NT-4040 Titan",
"version": {
"version_data": [
"product_name" : "NT-4040 Titan",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "NT-4040_01.07.0000.0015_1120",
"version_value": "NT-4040_01.07.0000.0015_1120"
"affected" : "=",
"version_name" : "NT-4040_01.07.0000.0015_1120",
"version_value" : "NT-4040_01.07.0000.0015_1120"
}
]
}
}
]
},
"vendor_name": "Nuuo"
"vendor_name" : "Nuuo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111 . A remote network attacker can gain privileged access to a vulnerable device."
"lang" : "eng",
"value" : "Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-255"
"lang" : "eng",
"value" : "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#326395",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/326395"
"name" : "VU#326395",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/326395"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

109
2016/6xxx/CVE-2016-6554.json
View File

@ -1,97 +1,102 @@
{
"CVE_data_meta": {
"ASSIGNER": "cret@cert.org",
"ID": "CVE-2016-6554",
"STATE": "PUBLIC",
"TITLE": "Synology NAS servers DS107, DS116, and DS213, use default credentials"
"CVE_data_meta" : {
"ASSIGNER" : "cret@cert.org",
"ID" : "CVE-2016-6554",
"STATE" : "PUBLIC",
"TITLE" : "Synology NAS servers DS107, DS116, and DS213, use default credentials"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "NAS server DS107",
"version": {
"version_data": [
"product_name" : "NAS server DS107",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "3.1-1639",
"version_value": "3.1-1639"
"affected" : "<=",
"version_name" : "3.1-1639",
"version_value" : "3.1-1639"
}
]
}
},
{
"product_name": "NAS server DS116",
"version": {
"version_data": [
"product_name" : "NAS server DS116",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.2-5644-1",
"version_value": "5.2-5644-1"
"affected" : "<",
"version_name" : "5.2-5644-1",
"version_value" : "5.2-5644-1"
}
]
}
},
{
"product_name": "NAS server DS213",
"version": {
"version_data": [
"product_name" : "NAS server DS213",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "5.2-5644-1",
"version_value": "5.2-5644-1"
"affected" : "<",
"version_name" : "5.2-5644-1",
"version_value" : "5.2-5644-1"
}
]
}
}
]
},
"vendor_name": "Synology"
"vendor_name" : "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device."
"lang" : "eng",
"value" : "Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-255"
"lang" : "eng",
"value" : "CWE-255"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#404187",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/404187"
"name" : "https://www.synology.com/en-global/releaseNote/DS213",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/en-global/releaseNote/DS213"
},
{
"name": "93805",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93805"
"name" : "VU#404187",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/404187"
},
{
"name" : "93805",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/93805"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

80
2016/6xxx/CVE-2016-6557.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6557",
"STATE": "PUBLIC",
"TITLE": "The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6557",
"STATE" : "PUBLIC",
"TITLE" : "The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "RP-AC52 Access Point",
"version": {
"version_data": [
"product_name" : "RP-AC52 Access Point",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "1.0.1.1s",
"version_value": "1.0.1.1s"
"affected" : "=",
"version_name" : "1.0.1.1s",
"version_value" : "1.0.1.1s"
}
]
}
}
]
},
"vendor_name": "ASUS"
"vendor_name" : "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The ASUS RP-AC52 web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request."
"lang" : "eng",
"value" : "In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-352"
"lang" : "eng",
"value" : "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#763843",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/763843"
"name" : "VU#763843",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/763843"
},
{
"name": "93596",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93596"
"name" : "93596",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/93596"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

80
2016/6xxx/CVE-2016-6558.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6558",
"STATE": "PUBLIC",
"TITLE": "The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to command injection"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6558",
"STATE" : "PUBLIC",
"TITLE" : "The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to command injection"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "RP-AC52 Access Point",
"version": {
"version_data": [
"product_name" : "RP-AC52 Access Point",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "1.0.1.1s",
"version_value": "1.0.1.1s"
"affected" : "=",
"version_name" : "1.0.1.1s",
"version_value" : "1.0.1.1s"
}
]
}
}
]
},
"vendor_name": "ASUS"
"vendor_name" : "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A command injection vulnerability exists in apply.cgi on the The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed."
"lang" : "eng",
"value" : "A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-77"
"lang" : "eng",
"value" : "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#763843",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/763843"
"name" : "VU#763843",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/763843"
},
{
"name": "93596",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/93596"
"name" : "93596",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/93596"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

86
2016/6xxx/CVE-2016-6559.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6559",
"STATE": "PUBLIC",
"TITLE": "The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6559",
"STATE" : "PUBLIC",
"TITLE" : "The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "libc library",
"version": {
"version_data": [
"product_name" : "libc library",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "link_ntoa()",
"version_value": "link_ntoa()"
"affected" : "=",
"version_name" : "link_ntoa()",
"version_value" : "link_ntoa()"
}
]
}
}
]
},
"vendor_name": "BSD"
"vendor_name" : "BSD"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory.\nThe full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37."
"lang" : "eng",
"value" : "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-120"
"lang" : "eng",
"value" : "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#548487",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/548487"
"name" : "FreeBSD-SA-16:37",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
},
{
"name": "94694",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/94694"
"name" : "VU#548487",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/548487"
},
{
"name": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc",
"refsource": "CONFIRM",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc"
"name" : "94694",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/94694"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

103
2016/6xxx/CVE-2016-6562.json
View File

@ -1,91 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6562",
"STATE": "PUBLIC",
"TITLE": "ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6562",
"STATE" : "PUBLIC",
"TITLE" : "ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Mobility Client iOS",
"version": {
"version_data": [
"product_name" : "Mobility Client iOS",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "9.1.3.109",
"version_value": "9.1.3.109"
"affected" : "<=",
"version_name" : "9.1.3.109",
"version_value" : "9.1.3.109"
}
]
}
},
{
"product_name": "Mobility Client Andoid ",
"version": {
"version_data": [
"product_name" : "Mobility Client Andoid ",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "9.1.3.109",
"version_value": "9.1.3.109"
"affected" : "<=",
"version_name" : "9.1.3.109",
"version_value" : "9.1.3.109"
}
]
}
}
]
},
"vendor_name": "ShoreTel"
"vendor_name" : "ShoreTel"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials."
"lang" : "eng",
"value" : "On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-295"
"lang" : "eng",
"value" : "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#475907",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/475907"
"name" : "https://www.info-sec.ca/advisories/ShoreTel-Mobility.html",
"refsource" : "MISC",
"url" : "https://www.info-sec.ca/advisories/ShoreTel-Mobility.html"
},
{
"name": "95224",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/95224"
"name" : "VU#475907",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/475907"
},
{
"name" : "95224",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/95224"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "ShoreTel has released version 9.1.5.104 for all devices to address the vulnerability."
"lang" : "eng",
"value" : "ShoreTel has released version 9.1.5.104 for all devices to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

158
2016/6xxx/CVE-2016-6563.json
View File

@ -1,160 +1,160 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6563",
"STATE": "PUBLIC",
"TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6563",
"STATE" : "PUBLIC",
"TITLE" : "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "DIR-823",
"version": {
"version_data": [
"product_name" : "DIR-823",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DIR-822",
"version": {
"version_data": [
"product_name" : "DIR-822",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DIR-818L(W)",
"version": {
"version_data": [
"product_name" : "DIR-818L(W)",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DIR-895L",
"version": {
"version_data": [
"product_name" : "DIR-895L",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DIR-890L",
"version": {
"version_data": [
"product_name" : "DIR-890L",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DIR-885L",
"version": {
"version_data": [
"product_name" : "DIR-885L",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DIR-880L",
"version": {
"version_data": [
"product_name" : "DIR-880L",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DIR-868L",
"version": {
"version_data": [
"product_name" : "DIR-868L",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DIR-850L",
"version": {
"version_data": [
"product_name" : "DIR-850L",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "D-Link"
"vendor_name" : "D-Link"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
"lang" : "eng",
"value" : "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-121"
"lang" : "eng",
"value" : "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#677427",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/677427"
"name" : "20161107 [CVE-2016-6563 / VU#677427]: Dlink DIR routers HNAP Login stack buffer overflow",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2016/Nov/38"
},
{
"name": "http://seclists.org/fulldisclosure/2016/Nov/38",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2016/Nov/38"
"name" : "VU#677427",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/677427"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

90
2016/6xxx/CVE-2016-6564.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6564",
"STATE": "PUBLIC",
"TITLE": "Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6564",
"STATE" : "PUBLIC",
"TITLE" : "Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Android software",
"version": {
"version_data": [
"product_name" : "Android software",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Ragentek"
"vendor_name" : "Ragentek"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Dan Dahlberg and Tiago Pereira of BitSight Technologies and Anubis Networks for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Dan Dahlberg and Tiago Pereira of BitSight Technologies and Anubis Networks for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit.\nThis binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel.\nThe binary has been shown to communicate with three hosts via HTTP:\noyag[.]lhzbdvm[.]com\noyag[.]prugskh[.]net\noyag[.]prugskh[.]com\n\nServer responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations.\n\nExamples of a request sent by the client binary:\nPOST /pagt/agent?data={\"name\":\"c_regist\",\"details\":{...}} HTTP/1. 1\nHost: 114.80.68.223\nConnection: Close\n\nAn example response from the server could be:\nHTTP/1.1 200 OK\n{\"code\": \"01\", \"name\": \"push_commands\", \"details\": {\"server_id\": \"1\" ,\n\"title\": \"Test Command\", \"comments\": \"Test\", \"commands\": \"touch /tmp/test\"}}\n\nThis binary is reported to be present in the following devices:\nBLU Studio G\nBLU Studio G Plus\nBLU Studio 6.0 HD\nBLU Studio X\nBLU Studio X Plus\nBLU Studio C HD\nInfinix Hot X507\nInfinix Hot 2 X510\nInfinix Zero X506\nInfinix Zero 2 X509\nDOOGEE Voyager 2 DG310\nLEAGOO Lead 5\nLEAGOO Lead 6\nLEAGOO Lead 3i\nLEAGOO Lead 2S\nLEAGOO Alfa 6\nIKU Colorful K45i\nBeeline Pro 2\nXOLO Cube 5.0"
"lang" : "eng",
"value" : "Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit. This binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel. The binary has been shown to communicate with three hosts via HTTP: oyag[.]lhzbdvm[.]com oyag[.]prugskh[.]net oyag[.]prugskh[.]com Server responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations. Examples of a request sent by the client binary: POST /pagt/agent?data={\"name\":\"c_regist\",\"details\":{...}} HTTP/1. 1 Host: 114.80.68.223 Connection: Close An example response from the server could be: HTTP/1.1 200 OK {\"code\": \"01\", \"name\": \"push_commands\", \"details\": {\"server_id\": \"1\" , \"title\": \"Test Command\", \"comments\": \"Test\", \"commands\": \"touch /tmp/test\"}} This binary is reported to be present in the following devices: BLU Studio G BLU Studio G Plus BLU Studio 6.0 HD BLU Studio X BLU Studio X Plus BLU Studio C HD Infinix Hot X507 Infinix Hot 2 X510 Infinix Zero X506 Infinix Zero 2 X509 DOOGEE Voyager 2 DG310 LEAGOO Lead 5 LEAGOO Lead 6 LEAGOO Lead 3i LEAGOO Lead 2S LEAGOO Alfa 6 IKU Colorful K45i Beeline Pro 2 XOLO Cube 5.0"
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-494"
"lang" : "eng",
"value" : "CWE-494"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#624539",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/624539"
"name" : "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack",
"refsource" : "MISC",
"url" : "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack"
},
{
"name": "94393",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/94393/"
"name" : "VU#624539",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/624539"
},
{
"name": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack",
"refsource": "MISC",
"url": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack"
"name" : "94393",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/94393/"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

80
2016/6xxx/CVE-2016-6565.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6565",
"STATE": "PUBLIC",
"TITLE": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6565",
"STATE" : "PUBLIC",
"TITLE" : "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "NextGen Gallery plugin",
"version": {
"version_data": [
"product_name" : "NextGen Gallery plugin",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "2.1.57",
"version_value": "2.1.57"
"affected" : "<",
"version_name" : "2.1.57",
"version_value" : "2.1.57"
}
]
}
}
]
},
"vendor_name": "Imagely"
"vendor_name" : "Imagely"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration)."
"lang" : "eng",
"value" : "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration)."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-98"
"lang" : "eng",
"value" : "CWE-98"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#346175",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/346175"
"name" : "VU#346175",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/346175"
},
{
"name": "94356",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/94356/"
"name" : "94356",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/94356/"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2016/6xxx/CVE-2016-6566.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6566",
"STATE": "PUBLIC",
"TITLE": "The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6566",
"STATE" : "PUBLIC",
"TITLE" : "The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "eTRAKiT3",
"version": {
"version_data": [
"product_name" : "eTRAKiT3",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "3.2.1.17",
"version_value": "3.2.1.17"
"affected" : "=",
"version_name" : "3.2.1.17",
"version_value" : "3.2.1.17"
}
]
}
}
]
},
"vendor_name": "Sungard"
"vendor_name" : "Sungard"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable."
"lang" : "eng",
"value" : "The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-89"
"lang" : "eng",
"value" : "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#846103",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/846103"
"name" : "VU#846103",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/846103"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

82
2016/6xxx/CVE-2016-6567.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6567",
"STATE": "PUBLIC",
"TITLE": "SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devices"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6567",
"STATE" : "PUBLIC",
"TITLE" : "SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devices"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Resident Download Manager",
"version": {
"version_data": [
"product_name" : "Resident Download Manager",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "Ethernet Download Manager",
"version": {
"version_data": [
"product_name" : "Ethernet Download Manager",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "SHDesigns"
"vendor_name" : "SHDesigns"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executing code and deploying the firmware to devices. A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device. According to SHDesigns' website, the Resident Download Manager and other Rabbit Tools have been discontinued since June 2011."
"lang" : "eng",
"value" : "SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executing code and deploying the firmware to devices. A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device. According to SHDesigns' website, the Resident Download Manager and other Rabbit Tools have been discontinued since June 2011."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-494"
"lang" : "eng",
"value" : "CWE-494"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#167623",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/167623"
"name" : "VU#167623",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/167623"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2016/6xxx/CVE-2016-6578.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-6578",
"STATE": "PUBLIC",
"TITLE": "CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF)"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-6578",
"STATE" : "PUBLIC",
"TITLE" : "CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF)"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "FileCloud",
"version": {
"version_data": [
"product_name" : "FileCloud",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "13.0.0.32841",
"version_value": "13.0.0.32841"
"affected" : "=",
"version_name" : "13.0.0.32841",
"version_value" : "13.0.0.32841"
}
]
}
}
]
},
"vendor_name": "CodeLathe"
"vendor_name" : "CodeLathe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "CodeLathe FileCloud is an \"is an Enterprise File Access, Sync and Share solution that runs on-premise.\" FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request."
"lang" : "eng",
"value" : "CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-352"
"lang" : "eng",
"value" : "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#865216",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/865216"
"name" : "VU#865216",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/865216"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

86
2016/9xxx/CVE-2016-9482.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9482",
"STATE": "PUBLIC",
"TITLE": "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9482",
"STATE" : "PUBLIC",
"TITLE" : "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Generator",
"version": {
"version_data": [
"product_name" : "Generator",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "2016-12-06",
"version_value": "2016-12-06"
"affected" : "<",
"version_name" : "2016-12-06",
"version_value" : "2016-12-06"
}
]
}
}
]
},
"vendor_name": "PHP FormMail"
"vendor_name" : "PHP FormMail"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Pouya Darabi for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Pouya Darabi for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel"
"lang" : "eng",
"value" : "Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel"
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-302"
"lang" : "eng",
"value" : "CWE-302"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#494015",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/494015"
"name" : "VU#494015",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/494015"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches."
"lang" : "eng",
"value" : "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

86
2016/9xxx/CVE-2016-9483.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9483",
"STATE": "PUBLIC",
"TITLE": "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9483",
"STATE" : "PUBLIC",
"TITLE" : "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Generator",
"version": {
"version_data": [
"product_name" : "Generator",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "2016-12-06",
"version_value": "2016-12-06"
"affected" : "<",
"version_name" : "2016-12-06",
"version_value" : "2016-12-06"
}
]
}
}
]
},
"vendor_name": "PHP FormMail"
"vendor_name" : "PHP FormMail"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Pouya Darabi for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Pouya Darabi for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server."
"lang" : "eng",
"value" : "The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-502"
"lang" : "eng",
"value" : "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#494015",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/494015"
"name" : "VU#494015",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/494015"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches."
"lang" : "eng",
"value" : "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

86
2016/9xxx/CVE-2016-9484.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9484",
"STATE": "PUBLIC",
"TITLE": "PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9484",
"STATE" : "PUBLIC",
"TITLE" : "PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Generator",
"version": {
"version_data": [
"product_name" : "Generator",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "2016-12-06",
"version_value": "2016-12-06"
"affected" : "<",
"version_name" : "2016-12-06",
"version_value" : "2016-12-06"
}
]
}
}
]
},
"vendor_name": "PHP FormMail"
"vendor_name" : "PHP FormMail"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Pouya Darabi for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Pouya Darabi for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable."
"lang" : "eng",
"value" : "The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-22"
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#494015",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/494015"
"name" : "VU#494015",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/494015"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches."
"lang" : "eng",
"value" : "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

78
2016/9xxx/CVE-2016-9485.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9485",
"STATE": "PUBLIC",
"TITLE": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9485",
"STATE" : "PUBLIC",
"TITLE" : "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Windows SecureConnector agent",
"version": {
"version_data": [
"product_name" : "Windows SecureConnector agent",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint.\nThe SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account."
"lang" : "eng",
"value" : "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. The SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-378"
"lang" : "eng",
"value" : "CWE-378"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#768331",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/768331"
"name" : "VU#768331",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/768331"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
"lang" : "eng",
"value" : "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

78
2016/9xxx/CVE-2016-9486.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9486",
"STATE": "PUBLIC",
"TITLE": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9486",
"STATE" : "PUBLIC",
"TITLE" : "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Windows SecureConnector agent",
"version": {
"version_data": [
"product_name" : "Windows SecureConnector agent",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Microsoft"
"vendor_name" : "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint.\nBy default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it.\n\nIt is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property."
"lang" : "eng",
"value" : "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint. By default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it. It is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-379"
"lang" : "eng",
"value" : "CWE-379"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#768331",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/768331"
"name" : "VU#768331",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/768331"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
"lang" : "eng",
"value" : "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

92
2016/9xxx/CVE-2016-9487.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9487",
"STATE": "PUBLIC",
"TITLE": "EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9487",
"STATE" : "PUBLIC",
"TITLE" : "EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "EpubCheck",
"version": {
"version_data": [
"product_name" : "EpubCheck",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "4.0.1",
"version_value": "4.0.1"
"affected" : "=",
"version_name" : "4.0.1",
"version_value" : "4.0.1"
}
]
}
}
]
},
"vendor_name": "EpubCheck"
"vendor_name" : "EpubCheck"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Craig Arendt for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Craig Arendt for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "EpubCheck is a tool to validate that EPUB files follow the proper format. It can be used as a stand alone command line utility, or included in a project (most commonly being epub readers) as a library. EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities."
"lang" : "eng",
"value" : "EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-611"
"lang" : "eng",
"value" : "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#779243",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/779243"
"name" : "VU#779243",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/779243"
},
{
"name": "94864",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/94864/"
"name" : "94864",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/94864/"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "EpubCheck has released version 4.0.2 to address the vulnerability."
"lang" : "eng",
"value" : "EpubCheck has released version 4.0.2 to address the vulnerability."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

92
2016/9xxx/CVE-2016-9489.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9489",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9489",
"STATE" : "PUBLIC",
"TITLE" : "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
"product_name" : "Applications Manager",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "12",
"version_value": "12"
"affected" : "=",
"version_name" : "12",
"version_value" : "12"
},
{
"affected": "=",
"version_name": "13",
"version_value": "13"
"affected" : "=",
"version_name" : "13",
"version_value" : "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
"vendor_name" : "ManageEngine"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Lukasz Juszczyk for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "In ManageEngine Applications Manager 12 and 13, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like \"ADMIN\". A user is also able to change properties of another user, e.g. change another user's password."
"lang" : "eng",
"value" : "In ManageEngine Applications Manager 12 and 13, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like \"ADMIN\". A user is also able to change properties of another user, e.g. change another user's password."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-269"
"lang" : "eng",
"value" : "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/9",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
"name" : "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/97394/"
"name" : "97394",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/97394/"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

92
2016/9xxx/CVE-2016-9491.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9491",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity "
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9491",
"STATE" : "PUBLIC",
"TITLE" : "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity "
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
"product_name" : "Applications Manager",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "12",
"version_value": "12"
"affected" : "=",
"version_name" : "12",
"version_value" : "12"
},
{
"affected": "=",
"version_name": "13",
"version_value": "13"
"affected" : "=",
"version_name" : "13",
"version_value" : "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
"vendor_name" : "ManageEngine"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Lukasz Juszczyk for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "ManageEngine Applications Manager 12 and 13 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system."
"lang" : "eng",
"value" : "ManageEngine Applications Manager 12 and 13 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-611"
"lang" : "eng",
"value" : "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/9",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
"name" : "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/97394/"
"name" : "97394",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/97394/"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

80
2016/9xxx/CVE-2016-9492.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9492",
"STATE": "PUBLIC",
"TITLE": "PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9492",
"STATE" : "PUBLIC",
"TITLE" : "PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Generator",
"version": {
"version_data": [
"product_name" : "Generator",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "17/12/2016",
"version_value": "17/12/2016"
"affected" : "<",
"version_name" : "17/12/2016",
"version_value" : "17/12/2016"
}
]
}
}
]
},
"vendor_name": "PHP FormMail"
"vendor_name" : "PHP FormMail"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Ibram Marzouk for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Ibram Marzouk for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The code generated by the website prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."
"lang" : "eng",
"value" : "The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-434"
"lang" : "eng",
"value" : "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#608591",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/608591"
"name" : "VU#608591",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/608591"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

80
2016/9xxx/CVE-2016-9493.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9493",
"STATE": "PUBLIC",
"TITLE": "PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9493",
"STATE" : "PUBLIC",
"TITLE" : "PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Generator",
"version": {
"version_data": [
"product_name" : "Generator",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "17/12/2016",
"version_value": "17/12/2016"
"affected" : "<",
"version_name" : "17/12/2016",
"version_value" : "17/12/2016"
}
]
}
}
]
},
"vendor_name": "PHP FormMail"
"vendor_name" : "PHP FormMail"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Ibram Marzouk for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Ibram Marzouk for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The code generated by the website prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."
"lang" : "eng",
"value" : "The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-80"
"lang" : "eng",
"value" : "CWE-80"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#608591",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/608591"
"name" : "VU#608591",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/608591"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

98
2016/9xxx/CVE-2016-9494.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9494",
"STATE": "PUBLIC",
"TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9494",
"STATE" : "PUBLIC",
"TITLE" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "HN7740S",
"version": {
"version_data": [
"product_name" : "HN7740S",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DW7000",
"version": {
"version_data": [
"product_name" : "DW7000",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "HN7000S/SM",
"version": {
"version_data": [
"product_name" : "HN7000S/SM",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Hughes Satellite Modem"
"vendor_name" : "Hughes Satellite Modem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": " Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service."
"lang" : "eng",
"value" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-20"
"lang" : "eng",
"value" : "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#614751",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/614751"
"name" : "VU#614751",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/614751"
},
{
"name": "96244",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/96244"
"name" : "96244",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/96244"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

98
2016/9xxx/CVE-2016-9495.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9495",
"STATE": "PUBLIC",
"TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9495",
"STATE" : "PUBLIC",
"TITLE" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "HN7740S",
"version": {
"version_data": [
"product_name" : "HN7740S",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DW7000",
"version": {
"version_data": [
"product_name" : "DW7000",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "HN7000S/SM",
"version": {
"version_data": [
"product_name" : "HN7000S/SM",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Hughes Satellite Modem"
"vendor_name" : "Hughes Satellite Modem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": " Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices.\n"
"lang" : "eng",
"value" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-798"
"lang" : "eng",
"value" : "CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#614751",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/614751"
"name" : "VU#614751",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/614751"
},
{
"name": "96244",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/96244"
"name" : "96244",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/96244"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

98
2016/9xxx/CVE-2016-9496.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9496",
"STATE": "PUBLIC",
"TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication to access certain pages"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9496",
"STATE" : "PUBLIC",
"TITLE" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication to access certain pages"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "HN7740S",
"version": {
"version_data": [
"product_name" : "HN7740S",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DW7000",
"version": {
"version_data": [
"product_name" : "DW7000",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "HN7000S/SM",
"version": {
"version_data": [
"product_name" : "HN7000S/SM",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Hughes Satellite Modem"
"vendor_name" : "Hughes Satellite Modem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": " Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.\n"
"lang" : "eng",
"value" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-306"
"lang" : "eng",
"value" : "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#614751",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/614751"
"name" : "VU#614751",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/614751"
},
{
"name": "96244",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/96244"
"name" : "96244",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/96244"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

98
2016/9xxx/CVE-2016-9497.json
View File

@ -1,94 +1,94 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9497",
"STATE": "PUBLIC",
"TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9497",
"STATE" : "PUBLIC",
"TITLE" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "HN7740S",
"version": {
"version_data": [
"product_name" : "HN7740S",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "DW7000",
"version": {
"version_data": [
"product_name" : "DW7000",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
},
{
"product_name": "HN7000S/SM",
"version": {
"version_data": [
"product_name" : "HN7000S/SM",
"version" : {
"version_data" : [
{
"affected": "?",
"version_value": "N/A"
"affected" : "?",
"version_value" : "N/A"
}
]
}
}
]
},
"vendor_name": "Hughes Satellite Modem"
"vendor_name" : "Hughes Satellite Modem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": " Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem."
"lang" : "eng",
"value" : "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-288"
"lang" : "eng",
"value" : "CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#614751",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/614751"
"name" : "VU#614751",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/614751"
},
{
"name": "96244",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/96244"
"name" : "96244",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/96244"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

92
2016/9xxx/CVE-2016-9498.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9498",
"STATE": "PUBLIC",
"TITLE": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9498",
"STATE" : "PUBLIC",
"TITLE" : "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
"product_name" : "Applications Manager",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "12",
"version_value": "12"
"affected" : "=",
"version_name" : "12",
"version_value" : "12"
},
{
"affected": "=",
"version_name": "13",
"version_value": "13"
"affected" : "=",
"version_name" : "13",
"version_value" : "13"
}
]
}
}
]
},
"vendor_name": "ManageEngine"
"vendor_name" : "ManageEngine"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Lukasz Juszczyk for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Lukasz Juszczyk for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
"lang" : "eng",
"value" : "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-502"
"lang" : "eng",
"value" : "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/9",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/9"
"name" : "20170404 ManageEngine Applications Manager Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Apr/9"
},
{
"name": "97394",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/97394/"
"name" : "97394",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/97394/"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

98
2016/9xxx/CVE-2016-9499.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9499",
"STATE": "PUBLIC",
"TITLE": "The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting."
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9499",
"STATE" : "PUBLIC",
"TITLE" : "The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting."
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "FTP Server",
"version": {
"version_data": [
"product_name" : "FTP Server",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": " FTA_9_12_220",
"version_value": " FTA_9_12_220"
"affected" : "<",
"version_name" : " FTA_9_12_220",
"version_value" : " FTA_9_12_220"
}
]
}
}
]
},
"vendor_name": "Accellion"
"vendor_name" : "Accellion"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Ashish Kamble for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Ashish Kamble for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them."
"lang" : "eng",
"value" : "Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-204"
"lang" : "eng",
"value" : "CWE-204"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#745607",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/745607"
"name" : "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf",
"refsource" : "MISC",
"url" : "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf"
},
{
"name": "96154",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/96154"
"name" : "VU#745607",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/745607"
},
{
"name": "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf",
"refsource": "MISC",
"url": "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf"
"name" : "96154",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/96154"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Both issues have been addressed in the most recent version FTA_9_12_220, released on 31 January 2017. Previously, CVE-2016-9500 was addressed in FTA_9_12_160 released on 29 November 2016."
"lang" : "eng",
"value" : "Both issues have been addressed in the most recent version FTA_9_12_220, released on 31 January 2017. Previously, CVE-2016-9500 was addressed in FTA_9_12_160 released on 29 November 2016."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

98
2016/9xxx/CVE-2016-9500.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-9500",
"STATE": "PUBLIC",
"TITLE": "The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposure"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2016-9500",
"STATE" : "PUBLIC",
"TITLE" : "The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposure"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "FTP Server",
"version": {
"version_data": [
"product_name" : "FTP Server",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": " FTA_9_12_220",
"version_value": " FTA_9_12_220"
"affected" : "<",
"version_name" : " FTA_9_12_220",
"version_value" : " FTA_9_12_220"
}
]
}
}
]
},
"vendor_name": "Accellion"
"vendor_name" : "Accellion"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "Thanks to Ashish Kamble for reporting this vulnerability."
"lang" : "eng",
"value" : "Thanks to Ashish Kamble for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting."
"lang" : "eng",
"value" : "Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-80"
"lang" : "eng",
"value" : "CWE-80"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#745607",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/745607"
"name" : "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf",
"refsource" : "MISC",
"url" : "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf"
},
{
"name": "96154",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/96154"
"name" : "VU#745607",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/745607"
},
{
"name": "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf",
"refsource": "MISC",
"url": "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf"
"name" : "96154",
"refsource" : "BID",
"url" : "https://www.securityfocus.com/bid/96154"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Both issues have been addressed in the most recent version FTA_9_12_220, released on 31 January 2017. Previously, CVE-2016-9500 was addressed in FTA_9_12_160 released on 29 November 2016."
"lang" : "eng",
"value" : "Both issues have been addressed in the most recent version FTA_9_12_220, released on 31 January 2017. Previously, CVE-2016-9500 was addressed in FTA_9_12_160 released on 29 November 2016."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2017/13xxx/CVE-2017-13091.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13091",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-13091",
"STATE" : "PUBLIC",
"TITLE" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Standard",
"version": {
"version_data": [
"product_name" : "Standard",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "P1735",
"version_value": "P1735"
"affected" : "=",
"version_name" : "P1735",
"version_value" : "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
"vendor_name" : "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
"lang" : "eng",
"value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-310"
"lang" : "eng",
"value" : "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
"name" : "VU#739007",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2017/13xxx/CVE-2017-13092.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13092",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-13092",
"STATE" : "PUBLIC",
"TITLE" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Standard",
"version": {
"version_data": [
"product_name" : "Standard",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "P1735",
"version_value": "P1735"
"affected" : "=",
"version_name" : "P1735",
"version_value" : "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
"vendor_name" : "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
"lang" : "eng",
"value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-310"
"lang" : "eng",
"value" : "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
"name" : "VU#739007",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2017/13xxx/CVE-2017-13093.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13093",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of encrypted IP cyphertext to insert hardware trojans"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-13093",
"STATE" : "PUBLIC",
"TITLE" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of encrypted IP cyphertext to insert hardware trojans"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Standard",
"version": {
"version_data": [
"product_name" : "Standard",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "P1735",
"version_value": "P1735"
"affected" : "=",
"version_name" : "P1735",
"version_value" : "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
"vendor_name" : "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
"lang" : "eng",
"value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-310"
"lang" : "eng",
"value" : "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
"name" : "VU#739007",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2017/13xxx/CVE-2017-13094.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13094",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of the encryption key and insertion of hardware trojans in any IP"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-13094",
"STATE" : "PUBLIC",
"TITLE" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of the encryption key and insertion of hardware trojans in any IP"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Standard",
"version": {
"version_data": [
"product_name" : "Standard",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "P1735",
"version_value": "P1735"
"affected" : "=",
"version_name" : "P1735",
"version_value" : "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
"vendor_name" : "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
"lang" : "eng",
"value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-310"
"lang" : "eng",
"value" : "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
"name" : "VU#739007",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2017/13xxx/CVE-2017-13095.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13095",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of a license-deny response to a license grant"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-13095",
"STATE" : "PUBLIC",
"TITLE" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of a license-deny response to a license grant"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Standard",
"version": {
"version_data": [
"product_name" : "Standard",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "P1735",
"version_value": "P1735"
"affected" : "=",
"version_name" : "P1735",
"version_value" : "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
"vendor_name" : "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
"lang" : "eng",
"value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-310"
"lang" : "eng",
"value" : "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
"name" : "VU#739007",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2017/13xxx/CVE-2017-13096.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13096",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax access control"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-13096",
"STATE" : "PUBLIC",
"TITLE" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax access control"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Standard",
"version": {
"version_data": [
"product_name" : "Standard",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "P1735",
"version_value": "P1735"
"affected" : "=",
"version_name" : "P1735",
"version_value" : "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
"vendor_name" : "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
"lang" : "eng",
"value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-310"
"lang" : "eng",
"value" : "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
"name" : "VU#739007",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

74
2017/13xxx/CVE-2017-13097.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-13097",
"STATE": "PUBLIC",
"TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax license requirement"
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-13097",
"STATE" : "PUBLIC",
"TITLE" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax license requirement"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Standard",
"version": {
"version_data": [
"product_name" : "Standard",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "P1735",
"version_value": "P1735"
"affected" : "=",
"version_name" : "P1735",
"version_value" : "P1735"
}
]
}
}
]
},
"vendor_name": "IEEE"
"vendor_name" : "IEEE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
"lang" : "eng",
"value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "CWE-310"
"lang" : "eng",
"value" : "CWE-310"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "VU#739007",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/739007"
"name" : "VU#739007",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/739007"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}