Search criteria
4 vulnerabilities found for Pebble by Pebble
VAR-201711-0014
Vulnerability from variot - Updated: 2023-12-18 12:19Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary. Pebble Smartwatch The device contains an information disclosure vulnerability.Information may be obtained and information may be altered. Pebble Smartwatch devices is a smart watch of Pebble Company in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0014",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pebble",
"scope": "lte",
"trust": 1.0,
"vendor": "pebble",
"version": "4.3"
},
{
"model": "pebble",
"scope": "lte",
"trust": 0.8,
"vendor": "pebble",
"version": "firmware 4.3"
},
{
"model": "pebble",
"scope": "eq",
"trust": 0.6,
"vendor": "pebble",
"version": "4.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"db": "NVD",
"id": "CVE-2016-10702"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pebble:pebble_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:pebble:pebble:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10702"
}
]
},
"cve": "CVE-2016-10702",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-10702",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-89505",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10702",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-10702",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-1120",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-89505",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89505"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"db": "NVD",
"id": "CVE-2016-10702"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application\u0027s flash storage, and access an arbitrary application\u0027s JavaScript instance, by modifying a UUID value within the header of a crafted application binary. Pebble Smartwatch The device contains an information disclosure vulnerability.Information may be obtained and information may be altered. Pebble Smartwatch devices is a smart watch of Pebble Company in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10702"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"db": "VULHUB",
"id": "VHN-89505"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10702",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008869",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1120",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89505",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89505"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"db": "NVD",
"id": "CVE-2016-10702"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
]
},
"id": "VAR-201711-0014",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89505"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:19:24.765000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.pebble.com/"
},
{
"title": "Pebble Smartwatch Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76781"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89505"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"db": "NVD",
"id": "CVE-2016-10702"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://blog.fletchto99.com/2016/november/pebble-app-sandbox-escape/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10702"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10702"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89505"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"db": "NVD",
"id": "CVE-2016-10702"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89505"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"db": "NVD",
"id": "CVE-2016-10702"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-89505"
},
{
"date": "2018-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"date": "2017-11-28T07:29:00.197000",
"db": "NVD",
"id": "CVE-2016-10702"
},
{
"date": "2017-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-89505"
},
{
"date": "2018-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008869"
},
{
"date": "2017-12-20T23:19:37.043000",
"db": "NVD",
"id": "CVE-2016-10702"
},
{
"date": "2017-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pebble Smartwatch Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008869"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-1120"
}
],
"trust": 0.6
}
}
JVNDB-2012-000100
Vulnerability from jvndb - Published: 2012-11-02 14:23 - Updated:2012-11-02 14:23Summary
Pebble vulnerable to open redirect
Details
Pebble contains an open redirect vulnerability.
Pebble is an open source weblog system. Pebble contains an open redirect vulnerability.
Takahisa Kishiya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000100.html",
"dc:date": "2012-11-02T14:23+09:00",
"dcterms:issued": "2012-11-02T14:23+09:00",
"dcterms:modified": "2012-11-02T14:23+09:00",
"description": "Pebble contains an open redirect vulnerability.\r\n\r\nPebble is an open source weblog system. Pebble contains an open redirect vulnerability.\r\n\r\nTakahisa Kishiya reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000100.html",
"sec:cpe": {
"#text": "cpe:/a:pebble:pebble",
"@product": "Pebble",
"@vendor": "Pebble",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000100",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN55398821/index.html",
"@id": "JVN#55398821",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5170",
"@id": "CVE-2012-5170",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5170",
"@id": "CVE-2012-5170",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Pebble vulnerable to open redirect"
}
JVNDB-2012-000099
Vulnerability from jvndb - Published: 2012-11-02 14:21 - Updated:2012-11-02 14:21Summary
Pebble vulnerable to HTTP header injection
Details
Pebble contains an HTTP header injection vulnerability.
Pebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability.
Takahisa Kishiya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000099.html",
"dc:date": "2012-11-02T14:21+09:00",
"dcterms:issued": "2012-11-02T14:21+09:00",
"dcterms:modified": "2012-11-02T14:21+09:00",
"description": "Pebble contains an HTTP header injection vulnerability.\r\n\r\nPebble is an open source weblog system. Pebble contains an HTTP header injection vulnerability.\r\n\r\nTakahisa Kishiya reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000099.html",
"sec:cpe": {
"#text": "cpe:/a:pebble:pebble",
"@product": "Pebble",
"@vendor": "Pebble",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000099",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN39563771/index.html",
"@id": "JVN#39563771",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4023",
"@id": "CVE-2012-4023",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4023",
"@id": "CVE-2012-4023",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Pebble vulnerable to HTTP header injection"
}
JVNDB-2012-000098
Vulnerability from jvndb - Published: 2012-11-02 14:20 - Updated:2012-11-02 14:20Summary
Pebble vulnerability where entries may become unviewable
Details
Pebble contains a vulnerability where blog entries may become unviewable due to a specially crafted comment being posted.
Pebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability where blog entries may become unviewable.
Takahisa Kishiya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000098.html",
"dc:date": "2012-11-02T14:20+09:00",
"dcterms:issued": "2012-11-02T14:20+09:00",
"dcterms:modified": "2012-11-02T14:20+09:00",
"description": "Pebble contains a vulnerability where blog entries may become unviewable due to a specially crafted comment being posted.\r\n\r\nPebble is an open source weblog system. Pebble contains an issue in the processing of comments that are posted on blog entries, which may lead to a vulnerability where blog entries may become unviewable.\r\n\r\nTakahisa Kishiya reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000098.html",
"sec:cpe": {
"#text": "cpe:/a:pebble:pebble",
"@product": "Pebble",
"@vendor": "Pebble",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000098",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75492883/index.html",
"@id": "JVN#75492883",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4022",
"@id": "CVE-2012-4022",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4022",
"@id": "CVE-2012-4022",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Pebble vulnerability where entries may become unviewable"
}