From 59cd8367b6af189d02267eecfada0abc905539e1 Mon Sep 17 00:00:00 2001 From: Madison Quinn Oliver <> Date: Thu, 12 Jul 2018 10:31:27 -0400 Subject: [PATCH] 46 file updates from various VU#s --- 2016/6xxx/CVE-2016-6542.json | 83 ++++++++++++++--- 2016/6xxx/CVE-2016-6543.json | 83 ++++++++++++++--- 2016/6xxx/CVE-2016-6544.json | 83 ++++++++++++++--- 2016/6xxx/CVE-2016-6545.json | 83 ++++++++++++++--- 2016/6xxx/CVE-2016-6546.json | 83 ++++++++++++++--- 2016/6xxx/CVE-2016-6547.json | 88 +++++++++++++++--- 2016/6xxx/CVE-2016-6548.json | 88 +++++++++++++++--- 2016/6xxx/CVE-2016-6549.json | 88 +++++++++++++++--- 2016/6xxx/CVE-2016-6551.json | 79 ++++++++++++++--- 2016/6xxx/CVE-2016-6552.json | 79 ++++++++++++++--- 2016/6xxx/CVE-2016-6553.json | 74 +++++++++++++--- 2016/6xxx/CVE-2016-6554.json | 103 ++++++++++++++++++--- 2016/6xxx/CVE-2016-6557.json | 79 ++++++++++++++--- 2016/6xxx/CVE-2016-6558.json | 79 ++++++++++++++--- 2016/6xxx/CVE-2016-6559.json | 84 +++++++++++++++--- 2016/6xxx/CVE-2016-6562.json | 97 +++++++++++++++++--- 2016/6xxx/CVE-2016-6563.json | 157 ++++++++++++++++++++++++++++++--- 2016/6xxx/CVE-2016-6564.json | 88 +++++++++++++++--- 2016/6xxx/CVE-2016-6565.json | 79 ++++++++++++++--- 2016/6xxx/CVE-2016-6566.json | 74 +++++++++++++--- 2016/6xxx/CVE-2016-6567.json | 82 ++++++++++++++--- 2016/6xxx/CVE-2016-6578.json | 74 +++++++++++++--- 2016/9xxx/CVE-2016-9482.json | 86 +++++++++++++++--- 2016/9xxx/CVE-2016-9483.json | 86 +++++++++++++++--- 2016/9xxx/CVE-2016-9484.json | 86 +++++++++++++++--- 2016/9xxx/CVE-2016-9485.json | 78 +++++++++++++--- 2016/9xxx/CVE-2016-9486.json | 78 +++++++++++++--- 2016/9xxx/CVE-2016-9487.json | 91 ++++++++++++++++--- 2016/9xxx/CVE-2016-9489.json | 90 ++++++++++++++++--- 2016/9xxx/CVE-2016-9491.json | 90 ++++++++++++++++--- 2016/9xxx/CVE-2016-9492.json | 80 ++++++++++++++--- 2016/9xxx/CVE-2016-9493.json | 80 ++++++++++++++--- 2016/9xxx/CVE-2016-9494.json | 97 +++++++++++++++++--- 2016/9xxx/CVE-2016-9495.json | 97 +++++++++++++++++--- 2016/9xxx/CVE-2016-9496.json | 97 +++++++++++++++++--- 2016/9xxx/CVE-2016-9497.json | 97 +++++++++++++++++--- 2016/9xxx/CVE-2016-9498.json | 90 ++++++++++++++++--- 2016/9xxx/CVE-2016-9499.json | 96 +++++++++++++++++--- 2016/9xxx/CVE-2016-9500.json | 96 +++++++++++++++++--- 2017/13xxx/CVE-2017-13091.json | 74 +++++++++++++--- 2017/13xxx/CVE-2017-13092.json | 74 +++++++++++++--- 2017/13xxx/CVE-2017-13093.json | 74 +++++++++++++--- 2017/13xxx/CVE-2017-13094.json | 74 +++++++++++++--- 2017/13xxx/CVE-2017-13095.json | 74 +++++++++++++--- 2017/13xxx/CVE-2017-13096.json | 74 +++++++++++++--- 2017/13xxx/CVE-2017-13097.json | 74 +++++++++++++--- 46 files changed, 3388 insertions(+), 552 deletions(-) diff --git a/2016/6xxx/CVE-2016-6542.json b/2016/6xxx/CVE-2016-6542.json index dc43f8ede4c..75d636cff7b 100644 --- a/2016/6xxx/CVE-2016-6542.json +++ b/2016/6xxx/CVE-2016-6542.json @@ -1,18 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6542", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6542", + "STATE": "PUBLIC", + "TITLE": "The MAC address/device tracking ID of an iTrack Easy can be obtained within range of the device" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Easy", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "iTrack" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The iTrack device tracking ID number, also called \"LosserID\" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#974055", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/974055" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6543.json b/2016/6xxx/CVE-2016-6543.json index f70f724112a..e64cd2a4f6f 100644 --- a/2016/6xxx/CVE-2016-6543.json +++ b/2016/6xxx/CVE-2016-6543.json @@ -1,18 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6543", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6543", + "STATE": "PUBLIC", + "TITLE": "A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Easy", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "iTrack" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "A captured MAC/device ID can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-799: Improper Control of Interaction Frequency" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#974055", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/974055" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6544.json b/2016/6xxx/CVE-2016-6544.json index 096be2d8d8e..75ed61abd37 100644 --- a/2016/6xxx/CVE-2016-6544.json +++ b/2016/6xxx/CVE-2016-6544.json @@ -1,18 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6544", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6544", + "STATE": "PUBLIC", + "TITLE": "iTrack Easy's getgps data can be modified without authentication" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Easy", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "iTrack" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#974055", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/974055" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6545.json b/2016/6xxx/CVE-2016-6545.json index 5d16a6d5bca..ce14db9c14d 100644 --- a/2016/6xxx/CVE-2016-6545.json +++ b/2016/6xxx/CVE-2016-6545.json @@ -1,18 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6545", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6545", + "STATE": "PUBLIC", + "TITLE": "iTrack Easy does not use session cookies to maintain sessions and POSTs the users password over HTTPS for each request" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Easy", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "iTrack" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the user changes the associated password." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613: Insufficient Session Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#974055", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/974055" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6546.json b/2016/6xxx/CVE-2016-6546.json index 96462be6097..cf925f26cef 100644 --- a/2016/6xxx/CVE-2016-6546.json +++ b/2016/6xxx/CVE-2016-6546.json @@ -1,18 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6546", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6546", + "STATE": "PUBLIC", + "TITLE": "iTrack Easy mobile application stores the user password in base-64 encoding/cleartext" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Easy", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "iTrack" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-313: Cleartext Storage in a File or on Disk" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#974055", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/974055" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6547.json b/2016/6xxx/CVE-2016-6547.json index e75e30280b8..ffbe0e81c97 100644 --- a/2016/6xxx/CVE-2016-6547.json +++ b/2016/6xxx/CVE-2016-6547.json @@ -1,18 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6547", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6547", + "STATE": "PUBLIC", + "TITLE": "Zizai Tech Nut stores the account password in cleartext" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tech Nut Mobile Application", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Zizai Technology" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-313: Cleartext Storage in a File or on Disk" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93877", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/93877" + }, + { + "name": "VU#402847", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/402847" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6548.json b/2016/6xxx/CVE-2016-6548.json index 47b01010291..944f5be412f 100644 --- a/2016/6xxx/CVE-2016-6548.json +++ b/2016/6xxx/CVE-2016-6548.json @@ -1,18 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6548", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6548", + "STATE": "PUBLIC", + "TITLE": "Zizai Tech Nut mobile application makes requests using HTTP, which includes the users session token" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tech Nut Mobile Application", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Zizai Technology" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93877", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/93877" + }, + { + "name": "VU#402847", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/402847" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6549.json b/2016/6xxx/CVE-2016-6549.json index 2d6bdda0a89..5405f27a453 100644 --- a/2016/6xxx/CVE-2016-6549.json +++ b/2016/6xxx/CVE-2016-6549.json @@ -1,18 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6549", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6549", + "STATE": "PUBLIC", + "TITLE": "Zizai Tech Nut allows for unauthenticated Bluetooth pairing" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tech Nut", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Zizai Technology" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Deral Heiland and Adam Compton of Rapid7, Inc. for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93877", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/93877" + }, + { + "name": "VU#402847", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/402847" + }, + { + "name": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6551.json b/2016/6xxx/CVE-2016-6551.json index b10143bd35f..fac8c91d850 100644 --- a/2016/6xxx/CVE-2016-6551.json +++ b/2016/6xxx/CVE-2016-6551.json @@ -1,18 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6551", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6551", + "STATE": "PUBLIC", + "TITLE": "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses default credentials" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Antennas", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "t-Series", + "version_value": "1.07" + }, + { + "affected": "=", + "version_name": "v-Series", + "version_value": "1.07" + } + ] + } + } + ] + }, + "vendor_name": "Intellian Satellite TV" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-255" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#200907", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/200907" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6552.json b/2016/6xxx/CVE-2016-6552.json index e01c3a59c1b..25d4444761e 100644 --- a/2016/6xxx/CVE-2016-6552.json +++ b/2016/6xxx/CVE-2016-6552.json @@ -1,18 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6552", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6552", + "STATE": "PUBLIC", + "TITLE": "Green Packet DX-350 uses default credentials" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WiFi Access Point", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "DX-350", + "version_value": "DX-350" + } + ] + } + } + ] + }, + "vendor_name": "Green Packet" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-255" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "93806", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/93806" + }, + { + "name": "VU#970379", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/970379" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6553.json b/2016/6xxx/CVE-2016-6553.json index 0ee3377c7a0..9f16ff95da0 100644 --- a/2016/6xxx/CVE-2016-6553.json +++ b/2016/6xxx/CVE-2016-6553.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6553", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6553", + "STATE": "PUBLIC", + "TITLE": "Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses default credentials" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NT-4040 Titan", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "NT-4040_01.07.0000.0015_1120", + "version_value": "NT-4040_01.07.0000.0015_1120" + } + ] + } + } + ] + }, + "vendor_name": "Nuuo" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111 . A remote network attacker can gain privileged access to a vulnerable device." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-255" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#326395", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/326395" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6554.json b/2016/6xxx/CVE-2016-6554.json index d3084eec2b3..95dfa6236bd 100644 --- a/2016/6xxx/CVE-2016-6554.json +++ b/2016/6xxx/CVE-2016-6554.json @@ -1,18 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6554", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cret@cert.org", + "ID": "CVE-2016-6554", + "STATE": "PUBLIC", + "TITLE": "Synology NAS servers DS107, DS116, and DS213, use default credentials" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NAS server DS107", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "3.1-1639", + "version_value": "3.1-1639" + } + ] + } + }, + { + "product_name": "NAS server DS116", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5.2-5644-1", + "version_value": "5.2-5644-1" + } + ] + } + }, + { + "product_name": "NAS server DS213", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5.2-5644-1", + "version_value": "5.2-5644-1" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vulnerable device." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-255" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#404187", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/404187" + }, + { + "name": "93805", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/93805" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6557.json b/2016/6xxx/CVE-2016-6557.json index 39390fe9fa2..004136af15a 100644 --- a/2016/6xxx/CVE-2016-6557.json +++ b/2016/6xxx/CVE-2016-6557.json @@ -1,18 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6557", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6557", + "STATE": "PUBLIC", + "TITLE": "The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to cross-site request forgery" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RP-AC52 Access Point", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "1.0.1.1s", + "version_value": "1.0.1.1s" + } + ] + } + } + ] + }, + "vendor_name": "ASUS" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The RP-AC52 web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#763843", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/763843" + }, + { + "name": "93596", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/93596" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6558.json b/2016/6xxx/CVE-2016-6558.json index 115ddeb2bc5..28ff0afd5b6 100644 --- a/2016/6xxx/CVE-2016-6558.json +++ b/2016/6xxx/CVE-2016-6558.json @@ -1,18 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6558", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6557", + "STATE": "PUBLIC", + "TITLE": "The ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, is vulnerable to command injection" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RP-AC52 Access Point", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "1.0.1.1s", + "version_value": "1.0.1.1s" + } + ] + } + } + ] + }, + "vendor_name": "ASUS" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "A command injection vulnerability exists in apply.cgi on the RP-AC52 web interface specifically in the action_script parameter. The action_script parameter specifies a script to be executed if the action_mode parameter does not contain a valid state. If the input provided by action_script does not match one of the hard coded options, then it will be executed as the argument of either a system() or an eval() call allowing arbitrary commands to be executed." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#763843", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/763843" + }, + { + "name": "93596", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/93596" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6559.json b/2016/6xxx/CVE-2016-6559.json index ba17d61cd8c..3775e031fda 100644 --- a/2016/6xxx/CVE-2016-6559.json +++ b/2016/6xxx/CVE-2016-6559.json @@ -1,18 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6559", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6559", + "STATE": "PUBLIC", + "TITLE": "The BSD libc library's link_ntoa() function may be vulnerable to a classic buffer overflow" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libc library", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "link_ntoa()", + "version_value": "link_ntoa()" + } + ] + } + } + ] + }, + "vendor_name": "BSD" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c may allow an attacker to read or write from memory.\nThe full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#548487", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/548487" + }, + { + "name": "94694", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/94694" + }, + { + "name": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc", + "refsource": "CONFIRM", + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6562.json b/2016/6xxx/CVE-2016-6562.json index fee9fe1ace3..76968411735 100644 --- a/2016/6xxx/CVE-2016-6562.json +++ b/2016/6xxx/CVE-2016-6562.json @@ -1,18 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6562", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6562", + "STATE": "PUBLIC", + "TITLE": "ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mobility Client iOS", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "9.1.3.109", + "version_value": "9.1.3.109" + } + ] + } + }, + { + "product_name": "Mobility Client Andoid ", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "9.1.3.109", + "version_value": "9.1.3.109" + } + ] + } + } + ] + }, + "vendor_name": "ShoreTel" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#475907", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/475907" + }, + { + "name": "95224", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/95224" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "ShoreTel has released version 9.1.5.104 for all devices to address the vulnerability." + } + ], + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6563.json b/2016/6xxx/CVE-2016-6563.json index 9936ad7b1ba..941364ad649 100644 --- a/2016/6xxx/CVE-2016-6563.json +++ b/2016/6xxx/CVE-2016-6563.json @@ -1,18 +1,151 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6563", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6563", + "STATE": "PUBLIC", + "TITLE": "D-Link DIR routers contain a stack-based buffer overflow in the HNAP Login action" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIR-823", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DIR-822", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DIR-818L(W)", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DIR-895L", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DIR-890L", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DIR-885L", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DIR-880L", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DIR-868L", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DIR-850L", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#677427", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/677427" + }, + { + "name": "http://seclists.org/fulldisclosure/2016/Nov/38", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2016/Nov/38" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6564.json b/2016/6xxx/CVE-2016-6564.json index f8a1cb673fd..4636230ade3 100644 --- a/2016/6xxx/CVE-2016-6564.json +++ b/2016/6xxx/CVE-2016-6564.json @@ -1,18 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6564", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6564", + "STATE": "PUBLIC", + "TITLE": "Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android software", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Ragentek" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Dan Dahlberg and Tiago Pereira of BitSight Technologies and Anubis Networks for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. Additionally, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit.\nThis binary, which resides as /system/bin/debugs, runs with root privileges and does not communicate over an encrypted channel.\nThe binary has been shown to communicate with three hosts via HTTP:\noyag[.]lhzbdvm[.]com\noyag[.]prugskh[.]net\noyag[.]prugskh[.]com\n\nServer responses to requests sent by the debugs binary include functionalities to execute arbitrary commands as root, install applications, or update configurations.\n\nExamples of a request sent by the client binary:\nPOST /pagt/agent?data={\"name\":\"c_regist\",\"details\":{...}} HTTP/1. 1\nHost: 114.80.68.223\nConnection: Close\n\nAn example response from the server could be:\nHTTP/1.1 200 OK\n{\"code\": \"01\", \"name\": \"push_commands\", \"details\": {\"server_id\": \"1\" ,\n\"title\": \"Test Command\", \"comments\": \"Test\", \"commands\": \"touch /tmp/test\"}}\n\nThis binary is reported to be present in the following devices:\nBLU Studio G\nBLU Studio G Plus\nBLU Studio 6.0 HD\nBLU Studio X\nBLU Studio X Plus\nBLU Studio C HD\nInfinix Hot X507\nInfinix Hot 2 X510\nInfinix Zero X506\nInfinix Zero 2 X509\nDOOGEE Voyager 2 DG310\nLEAGOO Lead 5\nLEAGOO Lead 6\nLEAGOO Lead 3i\nLEAGOO Lead 2S\nLEAGOO Alfa 6\nIKU Colorful K45i\nBeeline Pro 2\nXOLO Cube 5.0" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#624539", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/624539" + }, + { + "name": "94393", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/94393/" + }, + { + "name": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack", + "refsource": "MISC", + "url": "https://www.bitsighttech.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6565.json b/2016/6xxx/CVE-2016-6565.json index 1b053c0c929..b7e8e4adb20 100644 --- a/2016/6xxx/CVE-2016-6565.json +++ b/2016/6xxx/CVE-2016-6565.json @@ -1,18 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6565", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6565", + "STATE": "PUBLIC", + "TITLE": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NextGen Gallery plugin", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2.1.57", + "version_value": "2.1.57" + } + ] + } + } + ] + }, + "vendor_name": "Imagely" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration)." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#346175", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/346175" + }, + { + "name": "94356", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/94356/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6566.json b/2016/6xxx/CVE-2016-6566.json index abdf287b668..94d98b069c7 100644 --- a/2016/6xxx/CVE-2016-6566.json +++ b/2016/6xxx/CVE-2016-6566.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6566", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6566", + "STATE": "PUBLIC", + "TITLE": "The Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eTRAKiT3", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "3.2.1.17", + "version_value": "3.2.1.17" + } + ] + } + } + ] + }, + "vendor_name": "Sungard" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#846103", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/846103" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6567.json b/2016/6xxx/CVE-2016-6567.json index 87c323929ab..beb97d50c45 100644 --- a/2016/6xxx/CVE-2016-6567.json +++ b/2016/6xxx/CVE-2016-6567.json @@ -1,18 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6567", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6567", + "STATE": "PUBLIC", + "TITLE": "SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devices" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Resident Download Manager", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "Ethernet Download Manager", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "SHDesigns" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applications. The Resident Download Manager does not verify that the firmware is authentic before executing code and deploying the firmware to devices. A remote attacker with the ability to send UDP traffic to the device may be able to execute arbitrary code on the device. According to SHDesigns' website, the Resident Download Manager and other Rabbit Tools have been discontinued since June 2011." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-494" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#167623", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/167623" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6578.json b/2016/6xxx/CVE-2016-6578.json index 6c01a974d0b..219035d24f2 100644 --- a/2016/6xxx/CVE-2016-6578.json +++ b/2016/6xxx/CVE-2016-6578.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6578", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6578", + "STATE": "PUBLIC", + "TITLE": "CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF)" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FileCloud", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "13.0.0.32841", + "version_value": "13.0.0.32841" + } + ] + } + } + ] + }, + "vendor_name": "CodeLathe" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "CodeLathe FileCloud is an \"is an Enterprise File Access, Sync and Share solution that runs on-premise.\" FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#865216", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/865216" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9482.json b/2016/9xxx/CVE-2016-9482.json index bf527df7f64..5fbcdf40ece 100644 --- a/2016/9xxx/CVE-2016-9482.json +++ b/2016/9xxx/CVE-2016-9482.json @@ -1,18 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9482", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9482", + "STATE": "PUBLIC", + "TITLE": "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to authentication bypass" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Generator", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2016-12-06", + "version_value": "2016-12-06" + } + ] + } + } + ] + }, + "vendor_name": "PHP FormMail" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Pouya Darabi for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "A remote unauthenticated user may bypass authentication to access the administrator panel by navigating directly to /admin.php?mod=admin&func=panel" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-302" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#494015", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/494015" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches." + } + ], + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9483.json b/2016/9xxx/CVE-2016-9483.json index ab69e352e57..06f5b739050 100644 --- a/2016/9xxx/CVE-2016-9483.json +++ b/2016/9xxx/CVE-2016-9483.json @@ -1,18 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9483", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9483", + "STATE": "PUBLIC", + "TITLE": "PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Generator", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2016-12-06", + "version_value": "2016-12-06" + } + ] + } + } + ] + }, + "vendor_name": "PHP FormMail" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Pouya Darabi for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The generated PHP form code deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#494015", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/494015" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches." + } + ], + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9484.json b/2016/9xxx/CVE-2016-9484.json index 5c9df8d81e6..e23789b5ffc 100644 --- a/2016/9xxx/CVE-2016-9484.json +++ b/2016/9xxx/CVE-2016-9484.json @@ -1,18 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9484", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9484", + "STATE": "PUBLIC", + "TITLE": "PHP FormMail Generator generates PHP code for standard web forms, and the code generated does not properly validate user input folder directories and is vulnerable to path traversal" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Generator", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "2016-12-06", + "version_value": "2016-12-06" + } + ] + } + } + ] + }, + "vendor_name": "PHP FormMail" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Pouya Darabi for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any PHP form code generated by this website prior to 2016-12-06 may be vulnerable." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#494015", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/494015" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The PHP FormMail Generator website as of 2016-12-06 generates PHP code that addresses these issues. Affected users are encouraged to regenerate the PHP form code using the website, or manually apply patches." + } + ], + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9485.json b/2016/9xxx/CVE-2016-9485.json index d1abc469501..6b87bc485bc 100644 --- a/2016/9xxx/CVE-2016-9485.json +++ b/2016/9xxx/CVE-2016-9485.json @@ -1,18 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9485", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9485", + "STATE": "PUBLIC", + "TITLE": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because it fails to set any permissions on downloaded file objects" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows SecureConnector agent", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint.\nThe SecureConnector agent fails to set any permissions on downloaded file objects. This allows a malicious user to take ownership of any of these files and make modifications to it, regardless of where the files are saved. These files are then executed under SYSTEM privileges. A malicious unprivileged user can overwrite these executable files with malicious code before the SecureConnector agent executes them, causing the malicious code to be run under the SYSTEM account." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-378" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#768331", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/768331" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability." + } + ], + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9486.json b/2016/9xxx/CVE-2016-9486.json index 866cbdfa20a..1a546c03a0b 100644 --- a/2016/9xxx/CVE-2016-9486.json +++ b/2016/9xxx/CVE-2016-9486.json @@ -1,18 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9486", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9486", + "STATE": "PUBLIC", + "TITLE": "On Windows endpoints, the SecureConnector agent is vulnerable to privilege escalation whereby an authenticated unprivileged user can obtain administrator privileges on the endpoint because files are created in a folder with incorrect privileges" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows SecureConnector agent", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration is for the agent to run as a Windows service under the local SYSTEM account. The SecureConnector agent runs various plugin scripts and executables on the endpoint in order to gather and report information about the host to the CounterACT management appliance. The SecureConnector agent downloads these scripts and executables as needed from the CounterACT management appliance and runs them on the endpoint.\nBy default, these executable files are downloaded to and run from the %TEMP% directory of the currently logged on user, despite the fact that the SecureConnector agent is running as SYSTEM. Aside from the downloaded scripts, the SecureConnector agent runs a batch file with SYSTEM privileges from the temp directory of the currently logged on user. If the naming convention of this script can be derived, which is made possible by placing it in a directory to which the user has read access, it may be possible overwrite the legitimate batch file with a malicious one before SecureConnector executes it.\n\nIt is possible to change this directory by setting the the configuration property config.script_run_folder.value in the local.properties configuration file on the CounterACT management appliance, however the batch file which is run does not follow this property." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-379" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#768331", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/768331" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The vendor has released the HPS Inspection Engine Plugin, version 10.4.1.1 to address the vulnerability." + } + ], + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9487.json b/2016/9xxx/CVE-2016-9487.json index bcbea645033..a010b4bbbcf 100644 --- a/2016/9xxx/CVE-2016-9487.json +++ b/2016/9xxx/CVE-2016-9487.json @@ -1,18 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9487", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9487", + "STATE": "PUBLIC", + "TITLE": "EpubCheck 4.0.1 is vulnerable to external XML entity processing attacks" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EpubCheck", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "4.0.1", + "version_value": "4.0.1" + } + ] + } + } + ] + }, + "vendor_name": "EpubCheck" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Craig Arendt for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "EpubCheck is a tool to validate that EPUB files follow the proper format. It can be used as a stand alone command line utility, or included in a project (most commonly being epub readers) as a library. EpubCheck 4.0.1 does not properly restrict resolving external entities when parsing XML in EPUB files during validation. An attacker who supplies a specially crafted EPUB file may be able to exploit this behavior to read arbitrary files, or have the victim execute arbitrary requests on his behalf, abusing the victim's trust relationship with other entities." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#779243", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/779243" + }, + { + "name": "94864", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/94864/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "EpubCheck has released version 4.0.2 to address the vulnerability." + } + ], + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9489.json b/2016/9xxx/CVE-2016-9489.json index 1a641c6ecdf..972d8493914 100644 --- a/2016/9xxx/CVE-2016-9489.json +++ b/2016/9xxx/CVE-2016-9489.json @@ -1,18 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9489", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9489", + "STATE": "PUBLIC", + "TITLE": "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation and authentication bypass" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Manager", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "12", + "version_value": "12" + }, + { + "affected": "=", + "version_name": "13", + "version_value": "13" + } + ] + } + } + ] + }, + "vendor_name": "ManageEngine" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Lukasz Juszczyk for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "In ManageEngine Applications Manager 12 and 13, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like \"ADMIN\". A user is also able to change properties of another user, e.g. change another user's password." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Apr/9", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/9" + }, + { + "name": "97394", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/97394/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9491.json b/2016/9xxx/CVE-2016-9491.json index 097946d6c23..91a7f6be756 100644 --- a/2016/9xxx/CVE-2016-9491.json +++ b/2016/9xxx/CVE-2016-9491.json @@ -1,18 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9491", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9491", + "STATE": "PUBLIC", + "TITLE": "ManageEngine Applications Manager 12 and 13 is vulnerable to privilege escalation due to improper restriction of an XML external entity " }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Manager", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "12", + "version_value": "12" + }, + { + "affected": "=", + "version_name": "13", + "version_value": "13" + } + ] + } + } + ] + }, + "vendor_name": "ManageEngine" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Lukasz Juszczyk for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "ManageEngine Applications Manager 12 and 13 allows an authenticated user, who is able to access /register.do page (most likely limited to administrator), to browse the filesystem and read the system files, including Applications Manager configuration, stored private keys, etc. By default Application Manager is running with administrative privileges, therefore it is possible to access every directory on the underlying operating system." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Apr/9", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/9" + }, + { + "name": "97394", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/97394/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9492.json b/2016/9xxx/CVE-2016-9492.json index b87d0a1bb5c..a50930d1028 100644 --- a/2016/9xxx/CVE-2016-9492.json +++ b/2016/9xxx/CVE-2016-9492.json @@ -1,18 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9492", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9492", + "STATE": "PUBLIC", + "TITLE": "PHP forms generated using the PHP FormMail Generator are vulnerable to unrestricted upload of dangerous file types" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Generator", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "17/12/2016", + "version_value": "17/12/2016" + } + ] + } + } + ] + }, + "vendor_name": "PHP FormMail" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Ibram Marzouk for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The code generated by the website prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#608591", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/608591" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9493.json b/2016/9xxx/CVE-2016-9493.json index e75efa38803..1db3ba1c1a0 100644 --- a/2016/9xxx/CVE-2016-9493.json +++ b/2016/9xxx/CVE-2016-9493.json @@ -1,18 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9493", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9493", + "STATE": "PUBLIC", + "TITLE": "PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Generator", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "17/12/2016", + "version_value": "17/12/2016" + } + ] + } + } + ] + }, + "vendor_name": "PHP FormMail" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Ibram Marzouk for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "PHP FormMail Generator is a website that generates PHP form code for inclusion in a PHP-based or Wordpress-based website. The code generated by the website prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#608591", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/608591" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9494.json b/2016/9xxx/CVE-2016-9494.json index ed6815fa674..b2fe92d7e77 100644 --- a/2016/9xxx/CVE-2016-9494.json +++ b/2016/9xxx/CVE-2016-9494.json @@ -1,18 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9494", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9494", + "STATE": "PUBLIC", + "TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation, potentially leading to denial of service" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HN7740S", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DW7000", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "HN7000S/SM", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Hughes Satellite Modem" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": " Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, are potentially vulnerable to improper input validation. The device's advanced status web page that is linked to from the basic status web page does not appear to properly parse malformed GET requests. This may lead to a denial of service." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#614751", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/614751" + }, + { + "name": "96244", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/96244" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9495.json b/2016/9xxx/CVE-2016-9495.json index 389f9f31e47..e67ac9cce13 100644 --- a/2016/9xxx/CVE-2016-9495.json +++ b/2016/9xxx/CVE-2016-9495.json @@ -1,18 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9495", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9495", + "STATE": "PUBLIC", + "TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HN7740S", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DW7000", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "HN7000S/SM", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Hughes Satellite Modem" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": " Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, uses hard coded credentials. Access to the device's default telnet port (23) can be obtained through using one of a few default credentials shared among all devices.\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#614751", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/614751" + }, + { + "name": "96244", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/96244" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9496.json b/2016/9xxx/CVE-2016-9496.json index 32836c52009..01550480e73 100644 --- a/2016/9xxx/CVE-2016-9496.json +++ b/2016/9xxx/CVE-2016-9496.json @@ -1,18 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9496", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9496", + "STATE": "PUBLIC", + "TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication to access certain pages" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HN7740S", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DW7000", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "HN7000S/SM", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Hughes Satellite Modem" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": " Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks authentication. An unauthenticated user may send an HTTP GET request to http://[ip]/com/gatewayreset or http://[ip]/cgi/reboot.bin to cause the modem to reboot.\n" } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#614751", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/614751" + }, + { + "name": "96244", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/96244" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9497.json b/2016/9xxx/CVE-2016-9497.json index be1c332860e..bb3b6d707ad 100644 --- a/2016/9xxx/CVE-2016-9497.json +++ b/2016/9xxx/CVE-2016-9497.json @@ -1,18 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9497", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9497", + "STATE": "PUBLIC", + "TITLE": "Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HN7740S", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "DW7000", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + }, + { + "product_name": "HN7000S/SM", + "version": { + "version_data": [ + { + "affected": "?" + } + ] + } + } + ] + }, + "vendor_name": "Hughes Satellite Modem" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": " Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#614751", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/614751" + }, + { + "name": "96244", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/96244" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9498.json b/2016/9xxx/CVE-2016-9498.json index 08f03ba4014..657600865fa 100644 --- a/2016/9xxx/CVE-2016-9498.json +++ b/2016/9xxx/CVE-2016-9498.json @@ -1,18 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9498", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9498", + "STATE": "PUBLIC", + "TITLE": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Manager", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "12", + "version_value": "12" + }, + { + "affected": "=", + "version_name": "13", + "version_value": "13" + } + ] + } + } + ] + }, + "vendor_name": "ManageEngine" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Lukasz Juszczyk for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Apr/9", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/9" + }, + { + "name": "97394", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/97394/" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9499.json b/2016/9xxx/CVE-2016-9499.json index cfa9f9186ae..240a9095723 100644 --- a/2016/9xxx/CVE-2016-9499.json +++ b/2016/9xxx/CVE-2016-9499.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9499", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9499", + "STATE": "PUBLIC", + "TITLE": "The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to cross-site scripting." }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": " FTA_9_12_220", + "version_value": " FTA_9_12_220" + } + ] + } + } + ] + }, + "vendor_name": "Accellion" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Ashish Kamble for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-204" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#745607", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/745607" + }, + { + "name": "96154", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/96154" + }, + { + "name": "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf", + "refsource": "MISC", + "url": "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Both issues have been addressed in the most recent version FTA_9_12_220, released on 31 January 2017. Previously, CVE-2016-9500 was addressed in FTA_9_12_160 released on 29 November 2016." + } + ], + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2016/9xxx/CVE-2016-9500.json b/2016/9xxx/CVE-2016-9500.json index 93e468afeba..586d60e979a 100644 --- a/2016/9xxx/CVE-2016-9500.json +++ b/2016/9xxx/CVE-2016-9500.json @@ -1,18 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-9500", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-9500", + "STATE": "PUBLIC", + "TITLE": "The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposure" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FTP Server", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": " FTA_9_12_220", + "version_value": " FTA_9_12_220" + } + ] + } + } + ] + }, + "vendor_name": "Accellion" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Ashish Kamble for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-80" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#745607", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/745607" + }, + { + "name": "96154", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/96154" + }, + { + "name": "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf", + "refsource": "MISC", + "url": "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Both issues have been addressed in the most recent version FTA_9_12_220, released on 31 January 2017. Previously, CVE-2016-9500 was addressed in FTA_9_12_160 released on 29 November 2016." + } + ], + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13091.json b/2017/13xxx/CVE-2017-13091.json index 65650c01948..b69722aea79 100644 --- a/2017/13xxx/CVE-2017-13091.json +++ b/2017/13xxx/CVE-2017-13091.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13091", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13091", + "STATE": "PUBLIC", + "TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Standard", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "P1735", + "version_value": "P1735" + } + ] + } + } + ] + }, + "vendor_name": "IEEE" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#739007", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/739007" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13092.json b/2017/13xxx/CVE-2017-13092.json index 77e4159f8de..c0c3218cebd 100644 --- a/2017/13xxx/CVE-2017-13092.json +++ b/2017/13xxx/CVE-2017-13092.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13092", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13092", + "STATE": "PUBLIC", + "TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Standard", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "P1735", + "version_value": "P1735" + } + ] + } + } + ] + }, + "vendor_name": "IEEE" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#739007", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/739007" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13093.json b/2017/13xxx/CVE-2017-13093.json index f7caf887f9c..cef72785658 100644 --- a/2017/13xxx/CVE-2017-13093.json +++ b/2017/13xxx/CVE-2017-13093.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13093", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13093", + "STATE": "PUBLIC", + "TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of encrypted IP cyphertext to insert hardware trojans" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Standard", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "P1735", + "version_value": "P1735" + } + ] + } + } + ] + }, + "vendor_name": "IEEE" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#739007", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/739007" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13094.json b/2017/13xxx/CVE-2017-13094.json index d6a9dbca13a..1b789c0bea9 100644 --- a/2017/13xxx/CVE-2017-13094.json +++ b/2017/13xxx/CVE-2017-13094.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13094", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13094", + "STATE": "PUBLIC", + "TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of the encryption key and insertion of hardware trojans in any IP" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Standard", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "P1735", + "version_value": "P1735" + } + ] + } + } + ] + }, + "vendor_name": "IEEE" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#739007", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/739007" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13095.json b/2017/13xxx/CVE-2017-13095.json index bb216ac6a19..ebf79370401 100644 --- a/2017/13xxx/CVE-2017-13095.json +++ b/2017/13xxx/CVE-2017-13095.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13095", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13095", + "STATE": "PUBLIC", + "TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of a license-deny response to a license grant" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Standard", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "P1735", + "version_value": "P1735" + } + ] + } + } + ] + }, + "vendor_name": "IEEE" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#739007", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/739007" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13096.json b/2017/13xxx/CVE-2017-13096.json index b634cf2fcab..11f3d814cb3 100644 --- a/2017/13xxx/CVE-2017-13096.json +++ b/2017/13xxx/CVE-2017-13096.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13096", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13096", + "STATE": "PUBLIC", + "TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax access control" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Standard", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "P1735", + "version_value": "P1735" + } + ] + } + } + ] + }, + "vendor_name": "IEEE" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#739007", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/739007" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2017/13xxx/CVE-2017-13097.json b/2017/13xxx/CVE-2017-13097.json index 1cb2cc2de35..93515dff3f9 100644 --- a/2017/13xxx/CVE-2017-13097.json +++ b/2017/13xxx/CVE-2017-13097.json @@ -1,18 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-13097", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-13097", + "STATE": "PUBLIC", + "TITLE": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including modification of Rights Block to remove or relax license requirement" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Standard", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "P1735", + "version_value": "P1735" + } + ] + } + } + ] + }, + "vendor_name": "IEEE" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-310" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#739007", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/739007" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } -} +} \ No newline at end of file