This repository has been archived by the owner on May 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 25
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ecae482
commit b6794e1
Showing
26,982 changed files
with
757,937 additions
and
133,317 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| { | ||
| "Impact": "The complete impact of this vulnerability is not yet known.", | ||
| "CVSS_SecurityRequirementsIR": "Not Defined (ND)", | ||
| "CVSS_EnvironmentalVector": "CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)", | ||
| "Title": "Artes Marciales Mixtas Mx (com.wArtesMarcialesMixtasMx) fails to properly validate SSL certificates", | ||
| "DateFirstPublished": "", | ||
| "CVSS_AccessVector": "--", | ||
| "CAM_ScoreCurrentWidelyKnown": 0, | ||
| "IDNumber": "101400", | ||
| "SystemsAffectedPreamble": "", | ||
| "CVSS_SecurityRequirementsCR": "Not Defined (ND)", | ||
| "CVSS_Authenication": "--", | ||
| "CVSS_BaseScore": 0, | ||
| "CAM_EaseOfExploitation": "0", | ||
| "IPProtocol": "", | ||
| "CERTAdvisory": "", | ||
| "CVSS_CollateralDamagePotential": "Not Defined (ND)", | ||
| "Revision": 0, | ||
| "CVEIDs": "", | ||
| "VRDA_D1_DirectReport": "1", | ||
| "CAM_WidelyKnown": "0", | ||
| "CAM_Population": "0", | ||
| "Description": "", | ||
| "CVSS_AccessComplexity": "--", | ||
| "CVSS_SecurityRequirementsAR": "Not Defined (ND)", | ||
| "Resolution": "The CERT/CC is currently unaware of a practical solution to this problem.", | ||
| "Author": "This document was written by Will Dormann.", | ||
| "CAM_Exploitation": "0", | ||
| "DateLastUpdated": "2014-12-26T19:28:13-05:00", | ||
| "CVSS_IntegrityImpact": "--", | ||
| "VRDA_D1_Population": "4", | ||
| "CVSS_TemporalVector": "E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)", | ||
| "CVSS_ReportConfidence": "Not Defined (ND)", | ||
| "CVSS_ConfidentialityImpact": "--", | ||
| "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--", | ||
| "VulnerabilityCount": 1, | ||
| "CVSS_Exploitability": "Not Defined (ND)", | ||
| "ThanksAndCredit": "", | ||
| "US-CERTTechnicalAlert": "", | ||
| "CAM_ScoreCurrentWidelyKnownExploited": 0, | ||
| "CVSS_TemporalScore": 0, | ||
| "VRDA_D1_Impact": "3", | ||
| "CVSS_TargetDistribution": "Not Defined (ND)", | ||
| "CAM_InternetInfrastructure": "0", | ||
| "CVSS_RemediationLevel": "Not Defined (ND)", | ||
| "Workarounds": "", | ||
| "ID": "VU#101400", | ||
| "CVSS_AvailabilityImpact": "--", | ||
| "CAM_ScoreCurrent": 0, | ||
| "Overview": "", | ||
| "CAM_Impact": "0", | ||
| "DatePublic": "2012-10-16T00:00:00", | ||
| "DateCreated": "2014-12-26T19:28:12-05:00", | ||
| "References": [ | ||
| "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", | ||
| "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html", | ||
| "http://developer.android.com/training/articles/security-ssl.html", | ||
| "http://www.ftc.gov/news-events/press-releases/2014/03/fandango-credit-karma-settle-ftc-charges-they-deceived-consumers", | ||
| "http://android-ssl.org/", | ||
| "http://android-ssl.org/files/p49.pdf", | ||
| "http://android-ssl.org/files/p50-fahl.pdf", | ||
| "http://cwe.mitre.org/data/definitions/295.html", | ||
| "http://cwe.mitre.org/data/definitions/296.html" | ||
| ], | ||
| "Keywords": [ | ||
| "Mallodroid", | ||
| "SSL", | ||
| "MITM", | ||
| "Java", | ||
| "Android", | ||
| "Google", | ||
| "HTTPS", | ||
| "DRD19-J", | ||
| "Android SSL" | ||
| ], | ||
| "CVSS_EnvironmentalScore": 0, | ||
| "CAM_AttackerAccessRequired": "0" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| { | ||
| "Status": "Affected", | ||
| "VendorReferences": "http://www.retrospect.com/support/kb/cve_2015_2864", | ||
| "Vendor": "Retrospect, Inc.", | ||
| "DateResponded": "2015-06-11T16:20:06-04:00", | ||
| "DateLastUpdated": "2015-06-15T17:07:00-04:00", | ||
| "DateNotified": "2015-04-30T17:06:19-04:00", | ||
| "VendorRecordID": "GWAN-9XDS5M", | ||
| "Addendum": "There are no additional comments at this time.", | ||
| "VendorInformation": "Retrospect has released updates addressing these issues. Windows users should update to version 10.0.2.119 or later. Mac users should update to version 12.0.2.116 or later. Linux users should update to version 10.0.2.104 or later. The public key authentication method used by Retrospect is unaffected by this vulnerability. Retrospect recommends using public key authentication rather than a password and has provided a knowledge base article to guide users through the setup process.", | ||
| "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability.", | ||
| "ID": "VU#101500", | ||
| "Revision": 2 | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| { | ||
| "Impact": "An unauthenticated attacker on the network may be able to brute force a correct password by guessing a string that produces the same hash, granting access to backup data as the victim user.", | ||
| "CVSS_SecurityRequirementsIR": "ND", | ||
| "CVSS_EnvironmentalVector": "CDP:ND/TD:M/CR:ND/IR:ND/AR:ND", | ||
| "Title": "Retrospect Backup Client uses weak password hashing", | ||
| "DateFirstPublished": "2015-06-15T17:08:35-04:00", | ||
| "CVSS_AccessVector": "A", | ||
| "CAM_ScoreCurrentWidelyKnown": 0, | ||
| "IDNumber": "101500", | ||
| "SystemsAffectedPreamble": "", | ||
| "CVSS_SecurityRequirementsCR": "ND", | ||
| "CVSS_Authenication": "N", | ||
| "CVSS_BaseScore": 7.9, | ||
| "CAM_EaseOfExploitation": "0", | ||
| "IPProtocol": "", | ||
| "CERTAdvisory": "", | ||
| "CVSS_CollateralDamagePotential": "ND", | ||
| "Revision": 29, | ||
| "CVEIDs": "CVE-2015-2864", | ||
| "VRDA_D1_DirectReport": "1", | ||
| "CAM_WidelyKnown": "0", | ||
| "CAM_Population": "0", | ||
| "Description": "CWE-916: Use of Password Hash With Insufficient Computational Effort - CVE-2015-2864 Retrospect Backup clients prior to 10.0.2 on Windows and Linux and 12.0.2 on Mac contain an error in the password hash generating algorithm. The password is not fully utilized when generating a hash, allowing the possibility of a weak hash with a higher probability of collision with other passwords. Attackers with network access to a machine running the Retrospect client may be able to generate brute-force passwords that are guaranteed to collide with the hashed password with a maximum of 128 tries. This attack was demonstrated by security researchers Josep Pi Rodriguez and Pedro Guillen Nunez. This vulnerability only affects clients utilizing password authentication; clients using the public key authentication mechanism to login are unaffected. Retrospect recommends that users make use of the public key authentication mechanism. For more details on the vulnerability and instructions on enabling public key authentication, please see Retrospect's advisory.", | ||
| "CVSS_AccessComplexity": "M", | ||
| "CVSS_SecurityRequirementsAR": "ND", | ||
| "Resolution": "Apply an update For users that wish to continue using the password mechanism, Retrospect has released updates addressing this issue. Windows users should update to version 10.0.2.119 or later. Mac users should update to version 12.0.2.116 or later. Linux users should update to version 10.0.2.104 or later. Affected users may also consider the following workaround recommended by the vendor:", | ||
| "Author": "This document was written by Garret Wassermann.", | ||
| "CAM_Exploitation": "0", | ||
| "DateLastUpdated": "2015-06-15T17:42:00-04:00", | ||
| "CVSS_IntegrityImpact": "C", | ||
| "VRDA_D1_Population": "3", | ||
| "CVSS_TemporalVector": "E:POC/RL:OF/RC:C", | ||
| "CVSS_ReportConfidence": "C", | ||
| "CVSS_ConfidentialityImpact": "C", | ||
| "CVSS_BaseVector": "AV:A/AC:M/Au:N/C:C/I:C/A:C", | ||
| "VulnerabilityCount": 1, | ||
| "CVSS_Exploitability": "POC", | ||
| "ThanksAndCredit": "Thanks to Josep Pi Rodriguez and Pedro Guillen Nunez for working with the CERT/CC and the vendor, and thanks to Retrospect for quickly addressing the issue.", | ||
| "US-CERTTechnicalAlert": "", | ||
| "CAM_ScoreCurrentWidelyKnownExploited": 0, | ||
| "CVSS_TemporalScore": 6.2, | ||
| "VRDA_D1_Impact": "3", | ||
| "CVSS_TargetDistribution": "M", | ||
| "CAM_InternetInfrastructure": "0", | ||
| "CVSS_RemediationLevel": "OF", | ||
| "Workarounds": "Switch to Public Key Authentication The public key authentication method used by Retrospect is unaffected by this vulnerability. Retrospect recommends using public key authentication rather than a password and has provided a knowledge base article to guide users through the setup process.", | ||
| "ID": "VU#101500", | ||
| "CVSS_AvailabilityImpact": "C", | ||
| "CAM_ScoreCurrent": 0, | ||
| "Overview": "Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision, allowing an attacker to generate a password hash collision and gain access to the target's backup files.", | ||
| "CAM_Impact": "0", | ||
| "DatePublic": "2014-07-09T00:00:00", | ||
| "DateCreated": "2015-03-02T12:18:48-05:00", | ||
| "References": [ | ||
| "http://www.retrospect.com/support/kb/cve_2015_2864", | ||
| "http://www.retrospect.com/support/downloads", | ||
| "https://www.youtube.com/watch?v=MB8AL5u7JCA&list=PL3UAg9Zuj1yLmemIKw-domjg5UkbN-pLc&index=14" | ||
| ], | ||
| "Keywords": [ | ||
| "weak hash", | ||
| "crypto", | ||
| "backup", | ||
| "client", | ||
| "CWE-916" | ||
| ], | ||
| "CVSS_EnvironmentalScore": 4.64042060842752, | ||
| "CAM_AttackerAccessRequired": "0" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| { | ||
| "Impact": "The complete impact of this vulnerability is not yet known.", | ||
| "CVSS_SecurityRequirementsIR": "Not Defined (ND)", | ||
| "CVSS_EnvironmentalVector": "CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)", | ||
| "Title": "Bad Kittie (com.conduit.app_91a32b2585034cc5bcb1d531274d53ce.app) fails to properly validate SSL certificates", | ||
| "DateFirstPublished": "", | ||
| "CVSS_AccessVector": "--", | ||
| "CAM_ScoreCurrentWidelyKnown": 0, | ||
| "IDNumber": "110200", | ||
| "SystemsAffectedPreamble": "", | ||
| "CVSS_SecurityRequirementsCR": "Not Defined (ND)", | ||
| "CVSS_Authenication": "--", | ||
| "CVSS_BaseScore": 0, | ||
| "CAM_EaseOfExploitation": "0", | ||
| "IPProtocol": "", | ||
| "CERTAdvisory": "", | ||
| "CVSS_CollateralDamagePotential": "Not Defined (ND)", | ||
| "Revision": 0, | ||
| "CVEIDs": "", | ||
| "VRDA_D1_DirectReport": "1", | ||
| "CAM_WidelyKnown": "0", | ||
| "CAM_Population": "0", | ||
| "Description": "", | ||
| "CVSS_AccessComplexity": "--", | ||
| "CVSS_SecurityRequirementsAR": "Not Defined (ND)", | ||
| "Resolution": "The CERT/CC is currently unaware of a practical solution to this problem.", | ||
| "Author": "This document was written by Will Dormann.", | ||
| "CAM_Exploitation": "0", | ||
| "DateLastUpdated": "2014-12-26T18:13:59-05:00", | ||
| "CVSS_IntegrityImpact": "--", | ||
| "VRDA_D1_Population": "4", | ||
| "CVSS_TemporalVector": "E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)", | ||
| "CVSS_ReportConfidence": "Not Defined (ND)", | ||
| "CVSS_ConfidentialityImpact": "--", | ||
| "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--", | ||
| "VulnerabilityCount": 1, | ||
| "CVSS_Exploitability": "Not Defined (ND)", | ||
| "ThanksAndCredit": "", | ||
| "US-CERTTechnicalAlert": "", | ||
| "CAM_ScoreCurrentWidelyKnownExploited": 0, | ||
| "CVSS_TemporalScore": 0, | ||
| "VRDA_D1_Impact": "3", | ||
| "CVSS_TargetDistribution": "Not Defined (ND)", | ||
| "CAM_InternetInfrastructure": "0", | ||
| "CVSS_RemediationLevel": "Not Defined (ND)", | ||
| "Workarounds": "", | ||
| "ID": "VU#110200", | ||
| "CVSS_AvailabilityImpact": "--", | ||
| "CAM_ScoreCurrent": 0, | ||
| "Overview": "", | ||
| "CAM_Impact": "0", | ||
| "DatePublic": "2012-10-16T00:00:00", | ||
| "DateCreated": "2014-12-26T18:13:59-05:00", | ||
| "References": [ | ||
| "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", | ||
| "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html", | ||
| "http://developer.android.com/training/articles/security-ssl.html", | ||
| "http://www.ftc.gov/news-events/press-releases/2014/03/fandango-credit-karma-settle-ftc-charges-they-deceived-consumers", | ||
| "http://android-ssl.org/", | ||
| "http://android-ssl.org/files/p49.pdf", | ||
| "http://android-ssl.org/files/p50-fahl.pdf", | ||
| "http://cwe.mitre.org/data/definitions/295.html", | ||
| "http://cwe.mitre.org/data/definitions/296.html" | ||
| ], | ||
| "Keywords": [ | ||
| "Mallodroid", | ||
| "SSL", | ||
| "MITM", | ||
| "Java", | ||
| "Android", | ||
| "Google", | ||
| "HTTPS", | ||
| "DRD19-J", | ||
| "Android SSL" | ||
| ], | ||
| "CVSS_EnvironmentalScore": 0, | ||
| "CAM_AttackerAccessRequired": "0" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| { | ||
| "Impact": "The complete impact of this vulnerability is not yet known.", | ||
| "CVSS_SecurityRequirementsIR": "Not Defined (ND)", | ||
| "CVSS_EnvironmentalVector": "CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)", | ||
| "Title": "Noukat Marocain 100% (com.noukat.marocain) fails to properly validate SSL certificates", | ||
| "DateFirstPublished": "", | ||
| "CVSS_AccessVector": "--", | ||
| "CAM_ScoreCurrentWidelyKnown": 0, | ||
| "IDNumber": "112400", | ||
| "SystemsAffectedPreamble": "", | ||
| "CVSS_SecurityRequirementsCR": "Not Defined (ND)", | ||
| "CVSS_Authenication": "--", | ||
| "CVSS_BaseScore": 0, | ||
| "CAM_EaseOfExploitation": "0", | ||
| "IPProtocol": "", | ||
| "CERTAdvisory": "", | ||
| "CVSS_CollateralDamagePotential": "Not Defined (ND)", | ||
| "Revision": 0, | ||
| "CVEIDs": "", | ||
| "VRDA_D1_DirectReport": "1", | ||
| "CAM_WidelyKnown": "0", | ||
| "CAM_Population": "0", | ||
| "Description": "", | ||
| "CVSS_AccessComplexity": "--", | ||
| "CVSS_SecurityRequirementsAR": "Not Defined (ND)", | ||
| "Resolution": "The CERT/CC is currently unaware of a practical solution to this problem.", | ||
| "Author": "This document was written by Will Dormann.", | ||
| "CAM_Exploitation": "0", | ||
| "DateLastUpdated": "2014-12-26T18:06:34-05:00", | ||
| "CVSS_IntegrityImpact": "--", | ||
| "VRDA_D1_Population": "4", | ||
| "CVSS_TemporalVector": "E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)", | ||
| "CVSS_ReportConfidence": "Not Defined (ND)", | ||
| "CVSS_ConfidentialityImpact": "--", | ||
| "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--", | ||
| "VulnerabilityCount": 1, | ||
| "CVSS_Exploitability": "Not Defined (ND)", | ||
| "ThanksAndCredit": "", | ||
| "US-CERTTechnicalAlert": "", | ||
| "CAM_ScoreCurrentWidelyKnownExploited": 0, | ||
| "CVSS_TemporalScore": 0, | ||
| "VRDA_D1_Impact": "3", | ||
| "CVSS_TargetDistribution": "Not Defined (ND)", | ||
| "CAM_InternetInfrastructure": "0", | ||
| "CVSS_RemediationLevel": "Not Defined (ND)", | ||
| "Workarounds": "", | ||
| "ID": "VU#112400", | ||
| "CVSS_AvailabilityImpact": "--", | ||
| "CAM_ScoreCurrent": 0, | ||
| "Overview": "", | ||
| "CAM_Impact": "0", | ||
| "DatePublic": "2012-10-16T00:00:00", | ||
| "DateCreated": "2014-12-26T18:06:33-05:00", | ||
| "References": [ | ||
| "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", | ||
| "http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html", | ||
| "http://developer.android.com/training/articles/security-ssl.html", | ||
| "http://www.ftc.gov/news-events/press-releases/2014/03/fandango-credit-karma-settle-ftc-charges-they-deceived-consumers", | ||
| "http://android-ssl.org/", | ||
| "http://android-ssl.org/files/p49.pdf", | ||
| "http://android-ssl.org/files/p50-fahl.pdf", | ||
| "http://cwe.mitre.org/data/definitions/295.html", | ||
| "http://cwe.mitre.org/data/definitions/296.html" | ||
| ], | ||
| "Keywords": [ | ||
| "Mallodroid", | ||
| "SSL", | ||
| "MITM", | ||
| "Java", | ||
| "Android", | ||
| "Google", | ||
| "HTTPS", | ||
| "DRD19-J", | ||
| "Android SSL" | ||
| ], | ||
| "CVSS_EnvironmentalScore": 0, | ||
| "CAM_AttackerAccessRequired": "0" | ||
| } |
Oops, something went wrong.