admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

jpcert20171201 batch

Browse Source
This commit is contained in:
Takayuki Uchiyama 2017-12-01 17:13:50 +09:00
parent 546aa85c01
commit 9adc352b7f
12 changed files with 722 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
2017/10xxx/CVE-2017-10861.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10861",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10861",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QualitySoft Corporation",
"product": {
"product_data": [
{
"product_name": "QND Advance/Standard",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Directory traversal"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"http://www.qualitysoft.com/qnd_vulnerabilities"
},
{
"url":"https://jvn.jp/en/vu/JVNVU94198685/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via via a specially crafted command."
}
]
}
}

78
2017/10xxx/CVE-2017-10874.json
View File

@ -1,18 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10874",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10874",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION",
"product": {
"product_data": [
{
"product_name": "PWR-Q200",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Use of Insufficiently Random Values"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"http://web116.jp/shop/hikari_p/q200/q200_00.html"
},
{
"url":"https://jvn.jp/en/jp/JVN73141967/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks."
}
]
}
}

75
2017/10xxx/CVE-2017-10891.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10891",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10891",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sony Video & Sound Products Inc.",
"product": {
"product_data": [
{
"product_name": "Media Go",
"version": {
"version_data": [
{
"version_value": "version 3.2.0.191 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Untrusted search path vulnerability"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN08517069/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
}
}

75
2017/10xxx/CVE-2017-10892.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10892",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10892",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Sony Video & Sound Products Inc.",
"product": {
"product_data": [
{
"product_name": "Music Center for PC",
"version": {
"version_data": [
{
"version_value": "version 1.0.00"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Untrusted search path vulnerability"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN08517069/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
}
}

75
2017/10xxx/CVE-2017-10894.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10894",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10894",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tomoki Sanaki",
"product": {
"product_data": [
{
"product_name": "StreamRelay.NET.exe",
"version": {
"version_data": [
{
"version_value": "ver2.14.0.7 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Denial-of-service (DoS)"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN71291160/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors."
}
]
}
}

75
2017/10xxx/CVE-2017-10895.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10895",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10895",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tomoki Sanaki",
"product": {
"product_data": [
{
"product_name": "sDNSProxy.exe",
"version": {
"version_data": [
{
"version_value": "ver1.1.0.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Denial-of-service (DoS)"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN71291160/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors."
}
]
}
}

85
2017/10xxx/CVE-2017-10898.json
View File

@ -1,18 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10898",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10898",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Princeton Ltd.",
"product": {
"product_data": [
{
"product_name": "A-Member",
"version": {
"version_data": [
{
"version_value": "versions 3.8.6 and earlier"
}
]
}
},
{
"product_name": "A-Member for MT cloud",
"version": {
"version_data": [
{
"version_value": "versions 3.8.6 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"SQL Injection"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN78501037/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors."
}
]
}
}

85
2017/10xxx/CVE-2017-10899.json
View File

@ -1,18 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10899",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10899",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Princeton Ltd.",
"product": {
"product_data": [
{
"product_name": "A-Reserve",
"version": {
"version_data": [
{
"version_value": "versions 3.8.6 and earlier"
}
]
}
},
{
"product_name": "A-Reserve for MT cloud",
"version": {
"version_data": [
{
"version_value": "versions 3.8.6 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"SQL Injection"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN78501037/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors."
}
]
}
}

75
2017/10xxx/CVE-2017-10900.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10900",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10900",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Princeton Ltd.",
"product": {
"product_data": [
{
"product_name": "PTW-WMS1",
"version": {
"version_data": [
{
"version_value": "firmware version 2.000.012"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Fails to restrict access"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN98295787/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors."
}
]
}
}

75
2017/10xxx/CVE-2017-10901.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10901",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10901",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Princeton Ltd.",
"product": {
"product_data": [
{
"product_name": "PTW-WMS1",
"version": {
"version_data": [
{
"version_value": "firmware version 2.000.012"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Buffer Overflow"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN98295787/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors."
}
]
}
}

75
2017/10xxx/CVE-2017-10902.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10902",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10902",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Princeton Ltd.",
"product": {
"product_data": [
{
"product_name": "PTW-WMS1",
"version": {
"version_data": [
{
"version_value": "firmware version 2.000.012"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"OS Command Injection"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN98295787/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
}
}

75
2017/10xxx/CVE-2017-10903.json
View File

@ -1,18 +1,59 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10903",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-10903",
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Princeton Ltd.",
"product": {
"product_data": [
{
"product_name": "PTW-WMS1",
"version": {
"version_data": [
{
"version_value": "firmware version 2.000.012"
}
]
}
}
]
}
}
]
}
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang": "eng",
"value":"Improper authentication"
}
]
}
]
},
"references":{
"reference_data":[
{
"url":"https://jvn.jp/en/jp/JVN98295787/index.html"
}
]
},
"description":{
"description_data":[
{
"lang": "eng",
"value":"Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors."
}
]
}
}