new vul reports since last update

Author: ahouseholder

data/0/vu_369800/vu_369800.json

@@ -0,0 +1,67 @@
+{
+  "Impact": "By causing an application to process a malformed ICC profile, a remote, unauthenticated attacker may be able to cause arbitrary code execution with the privileges of the application that uses the Little CMS library. Exploitability of the vulnerability depends on how the application uses liblcms2 and what capabilities are exposed to an attacker.", 
+  "CVSS_SecurityRequirementsIR": "ND", 
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:H/CR:ND/IR:ND/AR:ND", 
+  "Title": "Little CMS 2 DefaultICCintents double-free vulnerability", 
+  "DateFirstPublished": "2016-05-04T13:31:33-04:00", 
+  "CVSS_AccessVector": "N", 
+  "CAM_ScoreCurrentWidelyKnown": 0, 
+  "IDNumber": "369800", 
+  "SystemsAffectedPreamble": "", 
+  "CVSS_SecurityRequirementsCR": "ND", 
+  "CVSS_Authenication": "N", 
+  "CVSS_BaseScore": 10, 
+  "CAM_EaseOfExploitation": "0", 
+  "IPProtocol": "", 
+  "CERTAdvisory": "", 
+  "CVSS_CollateralDamagePotential": "ND", 
+  "Revision": 17, 
+  "CVEIDs": "CVE-2013-7455", 
+  "VRDA_D1_DirectReport": "1", 
+  "CAM_WidelyKnown": "0", 
+  "CAM_Population": "0", 
+  "Description": "Little CMS is an open-source color management engine that supports the International Color Consortium (ICC) standard. Little CMS 2.5 and earlier 2.x versions (liblcms2) contain a double-free vulnerability in the DefaultICCintents() function, which is provided in cmscnvrt.c. When the \"Lut\" cmsPipeline object is freed more than once, this can result in an exploitable memory corruption situation. Although this issue was addressed in 2013, it was not assigned a CVE identifier at that time. Because of this, some vendors may not have upgraded liblcms2 to a version that contains the fix for this vulnerability.", 
+  "CVSS_AccessComplexity": "L", 
+  "CVSS_SecurityRequirementsAR": "ND", 
+  "Resolution": "Apply an update This issue is resolved in Little CMS 2.6. Please check with your vendor for update availability.", 
+  "Author": "This document was written by Will Dormann.", 
+  "CAM_Exploitation": "0", 
+  "DateLastUpdated": "2016-05-10T09:38:00-04:00", 
+  "CVSS_IntegrityImpact": "C", 
+  "VRDA_D1_Population": "4", 
+  "CVSS_TemporalVector": "E:U/RL:OF/RC:C", 
+  "CVSS_ReportConfidence": "C", 
+  "CVSS_ConfidentialityImpact": "C", 
+  "CVSS_BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", 
+  "VulnerabilityCount": 1, 
+  "CVSS_Exploitability": "U", 
+  "ThanksAndCredit": "This vulnerability was corrected in 2013 by Marti Maria, and was independently discovered by Will Dormann of the CERT/CC.", 
+  "US-CERTTechnicalAlert": "", 
+  "CAM_ScoreCurrentWidelyKnownExploited": 0, 
+  "CVSS_TemporalScore": 7.4, 
+  "VRDA_D1_Impact": "4", 
+  "CVSS_TargetDistribution": "H", 
+  "CAM_InternetInfrastructure": "0", 
+  "CVSS_RemediationLevel": "OF", 
+  "Workarounds": "", 
+  "ID": "VU#369800", 
+  "CVSS_AvailabilityImpact": "C", 
+  "CAM_ScoreCurrent": 0, 
+  "Overview": "Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.", 
+  "CAM_Impact": "0", 
+  "DatePublic": "2013-07-10T00:00:00", 
+  "DateCreated": "2016-04-29T14:45:06-04:00", 
+  "References": [
+    "http://www.littlecms.com/", 
+    "https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db#diff-189a94f0a7a47efdd43f5567e27a973b", 
+    "https://penteston.com/OSVDB-105462", 
+    "http://www.ubuntu.com/usn/usn-2961-1/"
+  ], 
+  "Keywords": [
+    "lcms2", 
+    "liblcms2", 
+    "icc"
+  ], 
+  "CVSS_EnvironmentalScore": 7.39092884544, 
+  "CAM_AttackerAccessRequired": "0"
+}

data/11/vu_117111/vu_117111.json

@@ -0,0 +1,68 @@
+{
+  "Impact": "A remote unauthenticated attacker may be able to gain root access to the device.", 
+  "CVSS_SecurityRequirementsIR": "ND", 
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:L/CR:ND/IR:ND/AR:ND", 
+  "Title": "Nanometrics Taurus Digital Seismograph contains multiple vulnerabilities", 
+  "DateFirstPublished": "", 
+  "CVSS_AccessVector": "N", 
+  "CAM_ScoreCurrentWidelyKnown": 0, 
+  "IDNumber": "117111", 
+  "SystemsAffectedPreamble": "", 
+  "CVSS_SecurityRequirementsCR": "ND", 
+  "CVSS_Authenication": "N", 
+  "CVSS_BaseScore": 10, 
+  "CAM_EaseOfExploitation": "0", 
+  "IPProtocol": "", 
+  "CERTAdvisory": "", 
+  "CVSS_CollateralDamagePotential": "ND", 
+  "Revision": 18, 
+  "CVEIDs": [
+    "CVE-2014-6271", 
+    "CVE-2016-5656"
+  ], 
+  "VRDA_D1_DirectReport": "1", 
+  "CAM_WidelyKnown": "0", 
+  "CAM_Population": "0", 
+  "Description": "CVE-2014-6271 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') According to the reporter, the Nanometrics Taurus Digital Seismograph contains an older version of bash that is vulnerable to the \"Shellshock\" vulnerability. An attacker may be able to use this vulnerability to execute arbitrary commands on the device. The reporter states it is possible to use custom shell commands to upload new firmware to the device. CVE-2016-5656 - CWE-798: Use of Hard-coded Credentials According to the reporter, the Nanometrics Taurus Digital Seismograph contains several hard-coded credentials, and a hard-coded root password. The CERT/CC has been unable to confirm this information with the vendor as of the publication date.", 
+  "CVSS_AccessComplexity": "L", 
+  "CVSS_SecurityRequirementsAR": "ND", 
+  "Resolution": "The CERT/CC is currently unaware of a full solution to this problem. Affected users may consider the following workaround:", 
+  "Author": "This document was written by Garret Wassermann.", 
+  "CAM_Exploitation": "0", 
+  "DateLastUpdated": "2016-07-19T15:10:00-04:00", 
+  "CVSS_IntegrityImpact": "C", 
+  "VRDA_D1_Population": "1", 
+  "CVSS_TemporalVector": "E:F/RL:U/RC:UR", 
+  "CVSS_ReportConfidence": "UR", 
+  "CVSS_ConfidentialityImpact": "C", 
+  "CVSS_BaseVector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", 
+  "VulnerabilityCount": 2, 
+  "CVSS_Exploitability": "F", 
+  "ThanksAndCredit": "Thanks to Bertin Bervis for reporting this vulnerability.", 
+  "US-CERTTechnicalAlert": "", 
+  "CAM_ScoreCurrentWidelyKnownExploited": 0, 
+  "CVSS_TemporalScore": 9, 
+  "VRDA_D1_Impact": "3", 
+  "CVSS_TargetDistribution": "L", 
+  "CAM_InternetInfrastructure": "0", 
+  "CVSS_RemediationLevel": "U", 
+  "Workarounds": "Restrict Network Access As a general good security practice, only allow connections from trusted hosts and networks. Consult your firewall product's manual for more information.", 
+  "ID": "VU#117111", 
+  "CVSS_AvailabilityImpact": "C", 
+  "CAM_ScoreCurrent": 0, 
+  "Overview": "The Nanometrics Taurus Digital Seismograph has been reported to be vulnerable to CVE-2014-6271 (the \"Shellshock\" vulnerability), and contain several hard-coded credentials.", 
+  "CAM_Impact": "0", 
+  "DatePublic": "2016-07-26T00:00:00", 
+  "DateCreated": "2016-07-06T14:45:06-04:00", 
+  "References": [
+    "http://cwe.mitre.org/data/definitions/78.html", 
+    "http://cwe.mitre.org/data/definitions/798.html"
+  ], 
+  "Keywords": [
+    "shellshock", 
+    "bash", 
+    "hard-coded"
+  ], 
+  "CVSS_EnvironmentalScore": 2.2550078712, 
+  "CAM_AttackerAccessRequired": "0"
+}

data/11/vu_696611/vu_696611.json

@@ -0,0 +1,58 @@
+{
+  "Impact": "The complete impact of this vulnerability is not yet known.", 
+  "CVSS_SecurityRequirementsIR": "ND", 
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:H/CR:ND/IR:ND/AR:ND", 
+  "Title": "TCP off-path info leak", 
+  "DateFirstPublished": "", 
+  "CVSS_AccessVector": "--", 
+  "CAM_ScoreCurrentWidelyKnown": 0, 
+  "IDNumber": "696611", 
+  "SystemsAffectedPreamble": "", 
+  "CVSS_SecurityRequirementsCR": "ND", 
+  "CVSS_Authenication": "--", 
+  "CVSS_BaseScore": 0, 
+  "CAM_EaseOfExploitation": "0", 
+  "IPProtocol": "", 
+  "CERTAdvisory": "", 
+  "CVSS_CollateralDamagePotential": "ND", 
+  "Revision": 3, 
+  "CVEIDs": "", 
+  "VRDA_D1_DirectReport": "0", 
+  "CAM_WidelyKnown": "0", 
+  "CAM_Population": "0", 
+  "Description": "", 
+  "CVSS_AccessComplexity": "--", 
+  "CVSS_SecurityRequirementsAR": "ND", 
+  "Resolution": "The CERT/CC is currently unaware of a practical solution to this problem.", 
+  "Author": "This document was written by [Unassigned].", 
+  "CAM_Exploitation": "0", 
+  "DateLastUpdated": "2016-08-29T14:35:00-04:00", 
+  "CVSS_IntegrityImpact": "--", 
+  "VRDA_D1_Population": "4", 
+  "CVSS_TemporalVector": "E:ND/RL:ND/RC:ND", 
+  "CVSS_ReportConfidence": "ND", 
+  "CVSS_ConfidentialityImpact": "--", 
+  "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--", 
+  "VulnerabilityCount": 1, 
+  "CVSS_Exploitability": "ND", 
+  "ThanksAndCredit": "", 
+  "US-CERTTechnicalAlert": "", 
+  "CAM_ScoreCurrentWidelyKnownExploited": 0, 
+  "CVSS_TemporalScore": 0, 
+  "VRDA_D1_Impact": "4", 
+  "CVSS_TargetDistribution": "H", 
+  "CAM_InternetInfrastructure": "0", 
+  "CVSS_RemediationLevel": "ND", 
+  "Workarounds": "", 
+  "ID": "VU#696611", 
+  "CVSS_AvailabilityImpact": "--", 
+  "CAM_ScoreCurrent": 0, 
+  "Overview": "", 
+  "CAM_Impact": "0", 
+  "DatePublic": "", 
+  "DateCreated": "2016-08-16T17:29:58-04:00", 
+  "References": "", 
+  "Keywords": "", 
+  "CVSS_EnvironmentalScore": 0, 
+  "CAM_AttackerAccessRequired": "0"
+}

data/15/vu_332115/vu_332115.json

@@ -0,0 +1,67 @@
+{
+  "Impact": "This  function allows a buffer overflow condition in which arbitrary code may be executed. The impact may vary depending on if the use case is local or remote.", 
+  "CVSS_SecurityRequirementsIR": "ND", 
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:M/CR:ND/IR:ND/AR:ND", 
+  "Title": "D-Link routers contain buffer overflow vulnerability", 
+  "DateFirstPublished": "2016-08-11T13:49:56-04:00", 
+  "CVSS_AccessVector": "N", 
+  "CAM_ScoreCurrentWidelyKnown": 0, 
+  "IDNumber": "332115", 
+  "SystemsAffectedPreamble": "", 
+  "CVSS_SecurityRequirementsCR": "ND", 
+  "CVSS_Authenication": "N", 
+  "CVSS_BaseScore": 9.3, 
+  "CAM_EaseOfExploitation": "0", 
+  "IPProtocol": "", 
+  "CERTAdvisory": "", 
+  "CVSS_CollateralDamagePotential": "ND", 
+  "Revision": 17, 
+  "CVEIDs": "CVE-2016-5681", 
+  "VRDA_D1_DirectReport": "1", 
+  "CAM_WidelyKnown": "0", 
+  "CAM_Population": "0", 
+  "Description": "CWE-121: Stack-based Buffer Overflow - CVE-2016-5681 A stack-based buffer overflow occurs in the function within the cgibin binary which validates the session cookie. This function is used by a service which is exposed to the WAN network on port 8181 by default. CVE-2016-5681  has been confirmed to affect: DIR-850L B1\nDIR-822 A1\nDIR-823 A1\nDIR-895L A1\nDIR-890L A1\nDIR-885L A1\nDIR-880L A1\nDIR-868L B1\nDIR-868L C1\nDIR-817L(W)\nDIR-818L(W)", 
+  "CVSS_AccessComplexity": "M", 
+  "CVSS_SecurityRequirementsAR": "ND", 
+  "Resolution": "Apply Updates D-Link has provided firmware updates for the affected devices. Please see their public advisory  for links to the updated firmware.", 
+  "Author": "This document was written by Trent Novelly.", 
+  "CAM_Exploitation": "0", 
+  "DateLastUpdated": "2016-08-29T14:38:00-04:00", 
+  "CVSS_IntegrityImpact": "C", 
+  "VRDA_D1_Population": "2", 
+  "CVSS_TemporalVector": "E:POC/RL:ND/RC:C", 
+  "CVSS_ReportConfidence": "C", 
+  "CVSS_ConfidentialityImpact": "C", 
+  "CVSS_BaseVector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", 
+  "VulnerabilityCount": 1, 
+  "CVSS_Exploitability": "POC", 
+  "ThanksAndCredit": "Thanks to Daniel Romero @daniel_rome (NCC Group)  for reporting this vulnerability.", 
+  "US-CERTTechnicalAlert": "", 
+  "CAM_ScoreCurrentWidelyKnownExploited": 0, 
+  "CVSS_TemporalScore": 8.4, 
+  "VRDA_D1_Impact": "2", 
+  "CVSS_TargetDistribution": "M", 
+  "CAM_InternetInfrastructure": "0", 
+  "CVSS_RemediationLevel": "ND", 
+  "Workarounds": "Restrict Access As a general good security practice, only allow connections from trusted hosts and networks", 
+  "ID": "VU#332115", 
+  "CVSS_AvailabilityImpact": "C", 
+  "CAM_ScoreCurrent": 0, 
+  "Overview": "D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.", 
+  "CAM_Impact": "0", 
+  "DatePublic": "2016-08-11T00:00:00", 
+  "DateCreated": "2016-08-05T15:39:43-04:00", 
+  "References": [
+    "https://cwe.mitre.org/data/definitions/121.html", 
+    "http://support.dlink.com/", 
+    "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063"
+  ], 
+  "Keywords": [
+    "dlink", 
+    "router", 
+    "stack buffer overflow", 
+    "CWE-121"
+  ], 
+  "CVSS_EnvironmentalScore": 6.299215776, 
+  "CAM_AttackerAccessRequired": "0"
+}

data/16/vu_735416/vu_735416.json

@@ -0,0 +1,68 @@
+{
+  "Impact": "A remote, unauthenticated attacker may induce a default-configured repeater to initiate connections to arbitrary hosts and services.", 
+  "CVSS_SecurityRequirementsIR": "ND", 
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:L/CR:ND/IR:ND/AR:ND", 
+  "Title": "UltraVNC repeater does not restrict IP addresses or ports by default", 
+  "DateFirstPublished": "2016-08-08T10:01:36-04:00", 
+  "CVSS_AccessVector": "N", 
+  "CAM_ScoreCurrentWidelyKnown": 0, 
+  "IDNumber": "735416", 
+  "SystemsAffectedPreamble": "", 
+  "CVSS_SecurityRequirementsCR": "ND", 
+  "CVSS_Authenication": "N", 
+  "CVSS_BaseScore": 5, 
+  "CAM_EaseOfExploitation": "0", 
+  "IPProtocol": "", 
+  "CERTAdvisory": "", 
+  "CVSS_CollateralDamagePotential": "ND", 
+  "Revision": 22, 
+  "CVEIDs": "CVE-2016-5673", 
+  "VRDA_D1_DirectReport": "1", 
+  "CAM_WidelyKnown": "0", 
+  "CAM_Population": "0", 
+  "Description": "CWE-16: Configuration - CVE-2016-5673 UltraVNC repeater acts as a proxy to route remote desktop VNC connections. IP addresses are not restricted in default configurations, and ports cannot be selectively restricted. Consequently, in a default installation, a repeater can be caused to initiate connections to arbitrary hosts using any port. To initiate a connection to a common web service, for instance, an attacker may request a connection to <IP>::<80><padding>, where padding consists of null bytes and the request length is 250 bytes.", 
+  "CVSS_AccessComplexity": "L", 
+  "CVSS_SecurityRequirementsAR": "ND", 
+  "Resolution": "Update repeater configuration New installations of UltraVNC repeater now default to restricting access to all IP addresses and support more granular port restrictions. Existing installations should consider updating to ultravnc_repeater_1300, review the vendor's advisory, and make modifications as appropriate: \"WARNING:\u00a0 In MODE I the repeater works like a proxy.\u00a0 If you don't limit the destination and or ports your repeater can be used to connect to all ip adresses and all ports that can be reached from the repeater. You need to restrict the ip addreses and ports to prevent unwanted access.\"", 
+  "Author": "This document was written by Joel Land.", 
+  "CAM_Exploitation": "0", 
+  "DateLastUpdated": "2016-08-09T15:10:00-04:00", 
+  "CVSS_IntegrityImpact": "P", 
+  "VRDA_D1_Population": "1", 
+  "CVSS_TemporalVector": "E:POC/RL:OF/RC:C", 
+  "CVSS_ReportConfidence": "C", 
+  "CVSS_ConfidentialityImpact": "N", 
+  "CVSS_BaseVector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", 
+  "VulnerabilityCount": 1, 
+  "CVSS_Exploitability": "POC", 
+  "ThanksAndCredit": "Thanks to Yonathan Klijnsma and Dan Tentler for reporting this vulnerability.", 
+  "US-CERTTechnicalAlert": "", 
+  "CAM_ScoreCurrentWidelyKnownExploited": 0, 
+  "CVSS_TemporalScore": 3.9, 
+  "VRDA_D1_Impact": "2", 
+  "CVSS_TargetDistribution": "L", 
+  "CAM_InternetInfrastructure": "0", 
+  "CVSS_RemediationLevel": "OF", 
+  "Workarounds": "", 
+  "ID": "VU#735416", 
+  "CVSS_AvailabilityImpact": "N", 
+  "CAM_ScoreCurrent": 0, 
+  "Overview": "UltraVNC repeater versions prior to ultravnc_repeater_1300 do not restrict usage by IP address by default and cannot restrict by ports, which may be leveraged to induce connections to arbitrary hosts using any port.", 
+  "CAM_Impact": "0", 
+  "DatePublic": "2016-08-06T00:00:00", 
+  "DateCreated": "2016-04-21T12:44:28-04:00", 
+  "References": [
+    "https://cwe.mitre.org/data/definitions/16.html", 
+    "http://www.uvnc.com/products/uvnc-repeater.html", 
+    "http://www.uvnc.com/downloads/repeater/83-repeater-downloads.html"
+  ], 
+  "Keywords": [
+    "ultravnc", 
+    "uvnc", 
+    "repeater", 
+    "default", 
+    "configuration"
+  ], 
+  "CVSS_EnvironmentalScore": 0.97061680674, 
+  "CAM_AttackerAccessRequired": "0"
+}