admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-02 11:42:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-02-12 17:02:27 -05:00
parent 1dbfefbe78
commit 8db30a70aa
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
12 changed files with 209 additions and 242 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
2017/17xxx/CVE-2017-17722.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17722",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1524116"
}
]
}

46
2017/17xxx/CVE-2017-17723.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17723",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1524104"
}
]
}

46
2017/17xxx/CVE-2017-17724.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17724",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1524107"
}
]
}

49
2017/17xxx/CVE-2017-17725.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17725",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,29 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from CVE-2017-14864, which is an invalid memory address dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525055"
},
{
"url" : "https://github.com/Exiv2/exiv2/issues/188"
}
]
}

51
2017/9xxx/CVE-2017-9963.json
View File

@ -1,32 +1,9 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-02-12T00:00:00",
"ID" : "CVE-2017-9963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pelco Sarix",
"version" : {
"version_data" : [
{
"version_value" : "Version 1.0 of PowerSCADA Anywhere redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2, Citect Anywhere version 1.0"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -35,29 +12,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site request forgery vulnerability exists) on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Request Forgery"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/,"
},
{
"url" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere"
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

7
2017/9xxx/CVE-2017-9964.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A security bypass vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack."
"value" : "A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack."
}
]
},
@ -54,7 +54,10 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02"
},
{
"url" : "http://www.securityfocus.com/bid/102338"
}
]
}

7
2017/9xxx/CVE-2017-9965.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "An exposure of sensitive information vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. Using a directory traversal attack, an unauthorized person can view web server files."
"value" : "A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. Using a directory traversal attack, an unauthorized person can view web server files."
}
]
},
@ -54,7 +54,10 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02"
},
{
"url" : "http://www.securityfocus.com/bid/102338"
}
]
}

7
2017/9xxx/CVE-2017-9966.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A privelege escalation vulnerability exists in Schneider Electric's Pelco VideoXpert Enterprise versions 2.0 and prior. By replacing certain files, an unauthorized user can obtain system privileges and the inserted code would execute at an elevated privilege level."
"value" : "An Improper Access Control issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By replacing certain files, an authorized user can obtain system privileges and the inserted code would execute at an elevated privilege level."
}
]
},
@ -54,7 +54,10 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-339-01/"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-355-02"
},
{
"url" : "http://www.securityfocus.com/bid/102338"
}
]
}

48
2017/9xxx/CVE-2017-9967.json
View File

@ -1,32 +1,9 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-02-12T00:00:00",
"ID" : "CVE-2017-9967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IGGSS SCADA software",
"version" : {
"version_data" : [
{
"version_value" : "V12 and all previous versions."
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -35,26 +12,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A security misconfiguration vulnerability exists in Schneider Electric's IGSS SCADA Software versions 12 and prior. Security configuration settings such as Address Space Layout Randomization (ASLR) and Data Execution prevention (DEP) were not properly configured resulting in weak security."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security misconfiguration"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-037-01/"
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

48
2017/9xxx/CVE-2017-9968.json
View File

@ -1,32 +1,9 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-02-12T00:00:00",
"ID" : "CVE-2017-9968",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IGSS Mobile for Android and iOS",
"version" : {
"version_data" : [
{
"version_value" : "version 3.01 and all versions prior"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -35,26 +12,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security misconfiguration"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

48
2017/9xxx/CVE-2017-9969.json
View File

@ -1,32 +1,9 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-02-12T00:00:00",
"ID" : "CVE-2017-9969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IGSS mobile for Android and iOS",
"version" : {
"version_data" : [
{
"version_value" : "version 3.01 and all versions prior"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -35,26 +12,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists in Schneider Electrics's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Clear text storage of sensitive information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

48
2017/9xxx/CVE-2017-9970.json
View File

@ -1,32 +1,9 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@schneider-electric.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-02-12T00:00:00",
"ID" : "CVE-2017-9970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "StruxureOn Gateway",
"version" : {
"version_data" : [
{
"version_value" : "Versions 1.1.3 and prior."
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -35,26 +12,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code exucution vulnerability exists in Schneider Electric's StruxureOn Gateway versions 1.1.3 and prior. Uploading a zip which contains carefully crafted metadata allows for the file to be uploaded to any directory on the host machine information which could lead to remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-01/"
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}