Merge branch 'cna/jpcert20171102' of https://github.com/tuchiyama/cvelist

2025-06-12 02:05:39 +00:00 · 2017-11-02 10:14:47 -04:00 · 2017-11-02 10:14:47 -04:00 · aeee682fb8
commit aeee682fb8
parent e096bdbaea 59abdca893
3 changed files with 232 additions and 51 deletions
--- a/2017/10xxx/CVE-2017-10825.json
+++ b/2017/10xxx/CVE-2017-10825.json
@ -1,18 +1,62 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2017-10825",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+	"data_type": "CVE",
+	"data_format": "MITRE",
+	"data_version": "4.0",
+	"CVE_data_meta": {
+		"ID": "CVE-2017-10825",
+		"ASSIGNER": "vultures@jpcert.or.jp"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [
+				{
+					"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION",
+					"product": {
+						"product_data": [
+							{
+								"product_name": "Installer of Flets Easy Setup Tool",
+								"version": {
+									"version_data": [
+										{
+											"version_value": "Ver1.2.0 and earlier"
+										}
+									]
+								}
+							}
+						]
+					}
+				}
+			]
+		}
+	},
+	"problemtype":{
+		"problemtype_data":[
+			{
+				"description":[
+					{
+						"lang": "eng",
+						"value":"Untrusted search path vulnerability"
+					}
+				]
+			}
+		]
+	},
+	"references":{
+		"reference_data":[
+			{
+				"url":"http://flets-w.com/topics/setup_tool_vulnerability/"
+			},
+			{
+				"url":"https://jvn.jp/en/jp/JVN97243511/278948/index.html"
+			}
+		]
+	},
+	"description":{
+		"description_data":[
+			{
+				"lang": "eng",
+				"value":"Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
+			}
+		]
+	}
+}
--- a/2017/10xxx/CVE-2017-10870.json
+++ b/2017/10xxx/CVE-2017-10870.json
@ -1,18 +1,108 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2017-10870",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+	"data_type": "CVE",
+	"data_format": "MITRE",
+	"data_version": "4.0",
+	"CVE_data_meta": {
+		"ID": "CVE-2017-10870",
+		"ASSIGNER": "vultures@jpcert.or.jp"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [
+				{
+					"vendor_name": "Justsystem",
+					"product": {
+						"product_data": [
+							{
+								"product_name": "Rakuraku Hagaki",
+								"version": {
+									"version_data": [
+										{
+											"version_value": "Rakuraku Hagaki 2018"
+										},
+										{
+											"version_value": "Rakuraku Hagaki 2017"
+										},
+										{
+											"version_value": "Rakuraku Hagaki 2016"
+										}
+									]
+								}
+							},
+							{
+								"product_name": "Rakuraku Hagaki Select for Ichitaro",
+								"version": {
+									"version_data": [
+										{
+											"version_value": "Ichitaro 2017"
+										},
+										{
+											"version_value": "Ichitaro 2016"
+										},
+										{
+											"version_value": "Ichitaro 2015"
+										},
+										{
+											"version_value": "Ichitaro Pro3"
+										},
+										{
+											"version_value": "Ichitaro Pro2"
+										},
+										{
+											"version_value": "Ichitaro Pro"
+										},
+										{
+											"version_value": "Ichitaro 2011"
+										},
+										{
+											"version_value": "Ichitaro Government 8"
+										},
+										{
+											"version_value": "Ichitaro Government 7"
+										},
+										{
+											"version_value": "Ichitaro Government 6"
+										},
+										{
+											"version_value": "Ichitaro 2017 Trial version"
+										}
+									]
+								}
+							}
+						]
+					}
+				}
+			]
+		}
+	},
+	"problemtype":{
+		"problemtype_data":[
+			{
+				"description":[
+					{
+						"lang": "eng",
+						"value":"Memory Corrution vulnerability"
+					}
+				]
+			}
+		]
+	},
+	"references":{
+		"reference_data":[
+			{
+				"url":"https://www.justsystems.com/jp/info/js17003.html"
+			},
+			{
+				"url":"https://jvn.jp/en/vu/JVNVU93703434/index.html"
+			}
+		]
+	},
+	"description":{
+		"description_data":[
+			{
+				"lang": "eng",
+				"value":"Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file."
+			}
+		]
+	}
+}
--- a/2017/10xxx/CVE-2017-10873.json
+++ b/2017/10xxx/CVE-2017-10873.json
@ -1,18 +1,65 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2017-10873",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
-         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-         }
-      ]
-   }
-}
+	"data_type": "CVE",
+	"data_format": "MITRE",
+	"data_version": "4.0",
+	"CVE_data_meta": {
+		"ID": "CVE-2017-10873",
+		"ASSIGNER": "vultures@jpcert.or.jp"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [
+				{
+					"vendor_name": "Open Source Solution Technology Corporation",
+					"product": {
+						"product_data": [
+							{
+								"product_name": "OpenAM",
+								"version": {
+									"version_data": [
+										{
+											"version_value": "Open Source Edition"
+										}
+									]
+								}
+							}
+						]
+					}
+				}
+			]
+		}
+	},
+	"problemtype":{
+		"problemtype_data":[
+			{
+				"description":[
+					{
+						"lang": "eng",
+						"value":"Authentication bypass"
+					}
+				]
+			}
+		]
+	},
+	"references":{
+		"reference_data":[
+			{
+				"url":"https://www.osstech.co.jp/support/am2017-2-1-en"
+			},
+			{
+				"url":"https://www.cs.themistruct.com/"
+			},
+			{
+				"url":"https://jvn.jp/en/jp/JVN97243511/index.html"
+			}
+		]
+	},
+	"description":{
+		"description_data":[
+			{
+				"lang": "eng",
+				"value":"OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider."
+			}
+		]
+	}
+}