admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-30 10:10:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clean attempt, CERT/CC backlog and trivial typo in CVE-2006-6440

Browse Source
This commit is contained in:
Art Manion 2017-12-14 22:02:17 -05:00
parent fceda73500
commit 6c125f8c6c
No known key found for this signature in database
GPG Key ID: 93FF051036C268A3
11 changed files with 696 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2006/6xxx/CVE-2006-6440.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to \"HTTP Security issues.\""
"value" : "Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to \"HTTP Security issues.\""
}
]
},

85
2017/3xxx/CVE-2017-3184.json
View File

@ -1,18 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3184",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3184",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ACTi Corporation",
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/355151"
},
{
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186)."
}
]
}
}

82
2017/3xxx/CVE-2017-3185.json
View File

@ -1,18 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3185",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3185",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ACTi Corporation",
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-598: Information Exposure Through Query Strings in GET Request"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/355151"
},
{
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources."
}
]
}
}

82
2017/3xxx/CVE-2017-3186.json
View File

@ -1,18 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3186",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3186",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ACTi Corporation",
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-521: Weak Password Requirements"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/355151"
},
{
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials."
}
]
}
}

82
2017/3xxx/CVE-2017-3190.json
View File

@ -1,18 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3190",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3190",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Flash Seats",
"product": {
"product_data": [
{
"product_name": "Flash Seats Mobile App",
"version": {
"version_data": [
{
"version_value": "Android version 1.7.9 and earlier"
},
{
"version_value": "iOS version 1.9.51 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/96719"
},
{
"url": "https://www.kb.cert.org/vuls/id/247016"
},
{
"url": "https://www.wilderssecurity.com/threads/flash-seats-mobile-app-for-ios-fails-to-validate-ssl-certificates.392553/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks."
}
]
}
}

92
2017/3xxx/CVE-2017-3191.json
View File

@ -1,18 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3191",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3191",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DIR-130",
"version": {
"version_data": [
{
"version_value": "1.23"
}
]
}
},
{
"product_name": "DIR-330",
"version": {
"version_data": [
{
"version_value": "1.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294: Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/553503"
},
{
"url": "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123293"
},
{
"url": "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials."
}
]
}
}

92
2017/3xxx/CVE-2017-3192.json
View File

@ -1,18 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3192",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3192",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DIR-130",
"version": {
"version_data": [
{
"version_value": "1.23"
}
]
}
},
{
"product_name": "DIR-330",
"version": {
"version_data": [
{
"version_value": "1.12"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/553503"
},
{
"url": "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123292"
},
{
"url": "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device."
}
]
}
}

88
2017/3xxx/CVE-2017-3193.json
View File

@ -1,18 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3193",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3193",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "D-Link",
"product": {
"product_data": [
{
"product_name": "DIR-850L and potentially others",
"version": {
"version_data": [
{
"version_value": "1.14B07"
},
{
"version_value": "2.07.B05"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/96747"
},
{
"url": "https://www.kb.cert.org/vuls/id/305448"
},
{
"url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=52967"
},
{
"url": "https://twitter.com/NCCGroupInfosec/status/845269159277723649"
},
{
"url": "https://www.nccgroup.trust/uk/our-research/d-link-dir-850l-web-admin-interface-vulnerable-to-stack-based-buffer-overflow/?research=Technical+advisories"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service."
}
]
}
}

82
2017/3xxx/CVE-2017-3194.json
View File

@ -1,18 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3194",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3194",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Pandora Media, Inc.",
"product": {
"product_data": [
{
"product_name": "Pandora iOS App",
"version": {
"version_data": [
{
"version_value": "Prior to 8.3.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/97158"
},
{
"url": "https://www.kb.cert.org/vuls/id/342303"
},
{
"url": "https://www.scmagazine.com/pandora-apple-app-vulnerable-to-mitm-attacks/article/647106/"
},
{
"url": "https://exchange.xforce.ibmcloud.com/collection/XFTAS-Daily-Threat-Assessment-for-March-29-2017-0d704f6eb8163d995bbaf57bbf35a018"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks."
}
]
}
}

88
2017/3xxx/CVE-2017-3195.json
View File

@ -1,18 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3195",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3195",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Commvault",
"product": {
"product_data": [
{
"product_name": "Service Pack 6",
"version": {
"version_data": [
{
"version_value": "Version 11 prior to SP7"
},
{
"version_value": "version 11 SP6 prior to hotfix 590"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/96941"
},
{
"url": "https://www.kb.cert.org/vuls/id/214283"
},
{
"url": "http://redr2e.com/commvault-edge-cve-2017-3195/"
},
{
"url": "https://www.exploit-db.com/exploits/41823/"
},
{
"url": "http://kb.commvault.com/article/SEC0013"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges."
}
]
}
}

82
2017/3xxx/CVE-2017-3196.json
View File

@ -1,18 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3196",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3196",
"ASSIGNER": "cert@cert.org"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Printing Communications Assoc., Inc. (PCAUSA)",
"product": {
"product_data": [
{
"product_name": "ASUS PCE-AC56 WLAN Card Utilities",
"version": {
"version_data": [
{
"version_value": "Unknown"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.kb.cert.org/vuls/id/600671"
},
{
"url": "http://www.securityfocus.com/bid/96993/discuss"
},
{
"url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
},
{
"url": "http://blog.rewolf.pl/blog/?p=1778"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges."
}
]
}
}