CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-2161
https://notcve.org/view.php?id=CVE-2017-2161
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. Tarjeta de memoria SDHC de FlashAirTM (Serie SD-WE (W-03)) versión 3.00.02 y anteriores y tarjeta de memoria SDHC de FlashAirTM (Serie SD-WD/WC (W-02)) versión 2.00.04 y anteriores, permite a los atacantes autenticados omitir las restricciones de acceso para obtener datos de imagen no autorizados por medio de vectores no especificados. • http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html http://www.toshiba-personalstorage.net/news/20170516a.htm https://jvn.jp/en/jp/JVN46372675/index.html • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-2149
https://notcve.org/view.php?id=CVE-2017-2149
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no confiable en los instaladores de software: Software Update Tool V1.00.03 y versiones anteriores para tarjetas de memoria SDHC/SDXC con funcionalidad NFC integrada, FlashAir Configuration Software V3.0.2 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inalámbrica integrada, FlashAir Software Update tool (SD-WE series) V3.00.01 para tarjetas de memoria SDHC con funcionalidad LAN inalámbrica integrada, FlashAir Software Update tool (SD-WD/WC series) V2.00.03 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inalámbrica integrada, FlashAir Software Update tool (SD-WB/WL series) V1.00.04 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad LAN inalámbrica integrada, Configuration Software V1.02 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, Software Update tool V1.00.06 y versiones anteriores para tarjetas de memoria SDHC con funcionalidad TransferJet integrada, permite a atacantes remotos obtener privilegios a través de una DLL troyanizada en un directorio no especificado. • http://jvn.jp/en/jp/JVN05340816/index.html http://www.securityfocus.com/bid/97697 http://www.toshiba-personalstorage.net/news/20170414.htm • CWE-426: Untrusted Search Path •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4840
https://notcve.org/view.php?id=CVE-2016-4840
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. Coordinate Plus App para Android 1.0.2 y versiones anteriores y Coordinate Plus App para iOS 1.0.2 y versiones anteriores no verifican certificados SSL. • http://jvn.jp/en/jp/JVN06920277/index.html http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000133.html http://www.securityfocus.com/bid/92314 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4876
https://notcve.org/view.php?id=CVE-2014-4876
Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138. Toshiba 4690 Operating System 6 Release 3, cuando el nombre lógico ADXSITCF no está correctamente restringido, permite a atacantes remotos leer variables de entorno potencialmente sensibles a través de una petición manipulada al puerto TCP 54138. • https://www.kb.cert.org/vuls/id/924506 https://www.kb.cert.org/vuls/id/JLAD-9X4TDL • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4875
https://notcve.org/view.php?id=CVE-2014-4875
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access. CreateBossCredentials.jar en Toshiba CHEC anterior a 6.6 build 4014 y 6.7 anterior a build 4329 contiene una clave AES embebida, lo que permite a atacantes descubrir las credenciales de la base de datos Back Office System Server (BOSS) DB2 mediante el aprovechamiento de conocimiento de esta clave en conjunto con el acceso de lectura a bossinfo.pro. • http://www.kb.cert.org/vuls/id/301788 http://www.kb.cert.org/vuls/id/JLAD-9X4SPN • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •