Search criteria
19 vulnerabilities by TOSHIBA
CVE-2022-30421 (GCVE-0-2022-30421)
Vulnerability from cvelistv5 – Published: 2023-01-31 00:00 – Updated: 2025-03-27 18:39
VLAI?
Summary
Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://global.gmarket.co.kr/item?goodscode=741668527"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ebay.com/itm/274246695791"
},
{
"tags": [
"x_transferred"
],
"url": "http://global.11st.co.kr/glb/product/SellerProductDetail.tmall?method=getSellerProductDetail\u0026prdNo=1398327038"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-px7r-44vj-8h7m"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-30421",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T18:38:47.687758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T18:39:20.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-31T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://global.gmarket.co.kr/item?goodscode=741668527"
},
{
"url": "https://www.ebay.com/itm/274246695791"
},
{
"url": "http://global.11st.co.kr/glb/product/SellerProductDetail.tmall?method=getSellerProductDetail\u0026prdNo=1398327038"
},
{
"url": "https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-px7r-44vj-8h7m"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30421",
"datePublished": "2023-01-31T00:00:00.000Z",
"dateReserved": "2022-05-09T00:00:00.000Z",
"dateUpdated": "2025-03-27T18:39:20.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4981 (GCVE-0-2012-4981)
Vulnerability from cvelistv5 – Published: 2020-01-23 14:25 – Updated: 2024-08-06 20:50
VLAI?
Summary
Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55643"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-23T14:25:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/55643"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78800"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/55643",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/55643"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78800",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78800"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4981",
"datePublished": "2020-01-23T14:25:37",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4980 (GCVE-0-2012-4980)
Vulnerability from cvelistv5 – Published: 2019-12-27 20:21 – Updated: 2024-08-06 20:50
VLAI?
Summary
Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55644",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55644"
},
{
"name": "78801",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-27T20:21:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55644",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55644"
},
{
"name": "78801",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55644"
},
{
"name": "78801",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4980",
"datePublished": "2019-12-27T20:21:46",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2161 (GCVE-0-2017-2161)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Corporation | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) |
Affected:
V3.00.02 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000090",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"name": "JVN#46372675",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00.02 and earlier"
}
]
},
{
"product": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V2.00.04 and earlier"
}
]
}
],
"datePublic": "2017-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000090",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"name": "JVN#46372675",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"version": {
"version_data": [
{
"version_value": "V3.00.02 and earlier"
}
]
}
},
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"version": {
"version_data": [
{
"version_value": "V2.00.04 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000090",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000090.html"
},
{
"name": "JVN#46372675",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN46372675/index.html"
},
{
"name": "http://www.toshiba-personalstorage.net/news/20170516a.htm",
"refsource": "CONFIRM",
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2161",
"datePublished": "2017-05-22T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2162 (GCVE-0-2017-2162)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.
Severity ?
No CVSS data available.
CWE
- Configures default credentials
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Toshiba Corporation | FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) |
Affected:
V3.00.02 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000091",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"name": "JVN#81820501",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00.02 and earlier"
}
]
},
{
"product": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V2.00.04 and earlier"
}
]
}
],
"datePublic": "2017-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Configures default credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000091",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"name": "JVN#81820501",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e)",
"version": {
"version_data": [
{
"version_value": "V3.00.02 and earlier"
}
]
}
},
{
"product_name": "FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e)",
"version": {
"version_data": [
{
"version_value": "V2.00.04 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FlashAirTM SDHC Memory Card (SD-WE Series \u003cW-03\u003e) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series \u003cW-02\u003e) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configures default credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000091",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000091"
},
{
"name": "JVN#81820501",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN81820501/index.html"
},
{
"name": "http://www.toshiba-personalstorage.net/news/20170516a.htm",
"refsource": "CONFIRM",
"url": "http://www.toshiba-personalstorage.net/news/20170516a.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2162",
"datePublished": "2017-05-22T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4863 (GCVE-0-2016-4863)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-06 00:46
VLAI?
Summary
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.
Severity ?
No CVSS data available.
CWE
- Lack of authentication mechanism
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Toshiba | FlashAir SD-WD/WC series Class 6 model |
Affected:
firmware version 1.00.04 and later
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93479"
},
{
"name": "JVN#39619137",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"name": "JVNDB-2016-000168",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FlashAir SD-WD/WC series Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir SD-WD/WC series Class 10 model W-02",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir SD-WE series Class 10 model W-03",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "FlashAir Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir II Class 10 model W-02 series",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir III Class 10 model W-03 series",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "FlashAir Class 6 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 1.00.04 and later"
}
]
},
{
"product": "FlashAir W-02 series Class 10 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "firmware version 2.00.02 and later"
}
]
},
{
"product": "FlashAir W-03 series Class 10 model",
"vendor": "Toshiba",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"datePublic": "2016-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when \"Internet pass-thru Mode\" is enabled, which allows attackers with access to STA side LAN can obtain files or data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of authentication mechanism",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-23T09:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "93479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93479"
},
{
"name": "JVN#39619137",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"name": "JVNDB-2016-000168",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FlashAir SD-WD/WC series Class 6 model",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00.04 and later"
}
]
}
},
{
"product_name": "FlashAir SD-WD/WC series Class 10 model W-02",
"version": {
"version_data": [
{
"version_value": "firmware version 2.00.02 and later"
}
]
}
},
{
"product_name": "FlashAir SD-WE series Class 10 model W-03",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
},
{
"product_name": "FlashAir Class 6 model",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00.04 and later"
}
]
}
},
{
"product_name": "FlashAir II Class 10 model W-02 series",
"version": {
"version_data": [
{
"version_value": "firmware version 2.00.02 and later"
}
]
}
},
{
"product_name": "FlashAir III Class 10 model W-03 series",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
},
{
"product_name": "FlashAir Class 6 model",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00.04 and later"
}
]
}
},
{
"product_name": "FlashAir W-02 series Class 10 model",
"version": {
"version_data": [
{
"version_value": "firmware version 2.00.02 and later"
}
]
}
},
{
"product_name": "FlashAir W-03 series Class 10 model",
"version": {
"version_data": [
{
"version_value": "all firmware versions"
}
]
}
}
]
},
"vendor_name": "Toshiba"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when \"Internet pass-thru Mode\" is enabled, which allows attackers with access to STA side LAN can obtain files or data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Lack of authentication mechanism"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93479"
},
{
"name": "JVN#39619137",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN39619137/index.html"
},
{
"name": "JVNDB-2016-000168",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4863",
"datePublished": "2017-05-22T16:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:46:38.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2149 (GCVE-0-2017-2149)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity ?
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#05340816",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"name": "97697",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97697"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.00.03 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.0.2 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series\u003cW-03\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V3.00.01"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series\u003cW-02\u003e)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V2.00.03 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.00.04 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.02 and earlier"
}
]
},
{
"product": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
"vendor": "Toshiba Corporation",
"versions": [
{
"status": "affected",
"version": "V1.00.06 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#05340816",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"name": "97697",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97697"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool",
"version": {
"version_data": [
{
"version_value": "V1.00.03 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software",
"version": {
"version_data": [
{
"version_value": "V3.0.2 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series\u003cW-03\u003e)",
"version": {
"version_data": [
{
"version_value": "V3.00.01"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series\u003cW-02\u003e)",
"version": {
"version_data": [
{
"version_value": "V2.00.03 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)",
"version": {
"version_data": [
{
"version_value": "V1.00.04 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software",
"version": {
"version_data": [
{
"version_value": "V1.02 and earlier"
}
]
}
},
{
"product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool",
"version": {
"version_data": [
{
"version_value": "V1.00.06 and earlier"
}
]
}
}
]
},
"vendor_name": "Toshiba Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series\u003cW-03\u003e) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series\u003cW-02\u003e) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#05340816",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN05340816/index.html"
},
{
"name": "http://www.toshiba-personalstorage.net/news/20170414.htm",
"refsource": "MISC",
"url": "http://www.toshiba-personalstorage.net/news/20170414.htm"
},
{
"name": "97697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97697"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2149",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4840 (GCVE-0-2016-4840)
Vulnerability from cvelistv5 – Published: 2017-04-21 14:00 – Updated: 2024-08-06 00:39
VLAI?
Summary
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92314",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92314"
},
{
"name": "JVNDB-2016-000133",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000133.html"
},
{
"name": "JVN#06920277",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN06920277/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-21T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "92314",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92314"
},
{
"name": "JVNDB-2016-000133",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000133.html"
},
{
"name": "JVN#06920277",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN06920277/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92314"
},
{
"name": "JVNDB-2016-000133",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000133.html"
},
{
"name": "JVN#06920277",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06920277/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4840",
"datePublished": "2017-04-21T14:00:00",
"dateReserved": "2016-05-17T00:00:00",
"dateUpdated": "2024-08-06T00:39:26.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4876 (GCVE-0-2014-4876)
Vulnerability from cvelistv5 – Published: 2015-12-31 02:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#924506",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/924506"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/JLAD-9X4TDL"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-31T04:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#924506",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/924506"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kb.cert.org/vuls/id/JLAD-9X4TDL"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#924506",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/924506"
},
{
"name": "https://www.kb.cert.org/vuls/id/JLAD-9X4TDL",
"refsource": "CONFIRM",
"url": "https://www.kb.cert.org/vuls/id/JLAD-9X4TDL"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4876",
"datePublished": "2015-12-31T02:00:00",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4875 (GCVE-0-2014-4875)
Vulnerability from cvelistv5 – Published: 2015-06-24 10:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#301788",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-24T05:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#301788",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-4875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 database credentials by leveraging knowledge of this key in conjunction with bossinfo.pro read access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#301788",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/301788"
},
{
"name": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JLAD-9X4SPN"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-4875",
"datePublished": "2015-06-24T10:00:00",
"dateReserved": "2014-07-10T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0884 (GCVE-0-2015-0884)
Vulnerability from cvelistv5 – Published: 2015-02-28 02:00 – Updated: 2024-08-06 04:26
VLAI?
Summary
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.support.toshiba.com/sscontent?contentId=4007187"
},
{
"name": "1031825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.support.toshiba.com/sscontent?contentId=4007185"
},
{
"name": "VU#632140",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/632140"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/vu/JVNVU99205169/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.support.toshiba.com/sscontent?contentId=4007187"
},
{
"name": "1031825",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.support.toshiba.com/sscontent?contentId=4007185"
},
{
"name": "VU#632140",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/632140"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/vu/JVNVU99205169/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-0884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.support.toshiba.com/sscontent?contentId=4007187",
"refsource": "CONFIRM",
"url": "http://www.support.toshiba.com/sscontent?contentId=4007187"
},
{
"name": "1031825",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031825"
},
{
"name": "http://www.support.toshiba.com/sscontent?contentId=4007185",
"refsource": "CONFIRM",
"url": "http://www.support.toshiba.com/sscontent?contentId=4007185"
},
{
"name": "VU#632140",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/632140"
},
{
"name": "http://jvn.jp/vu/JVNVU99205169/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/vu/JVNVU99205169/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-0884",
"datePublished": "2015-02-28T02:00:00",
"dateReserved": "2015-01-08T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0657 (GCVE-0-2009-0657)
Vulnerability from cvelistv5 – Published: 2009-02-20 19:00 – Updated: 2024-08-07 04:40
VLAI?
Summary
Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf"
},
{
"name": "20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498997"
},
{
"name": "toshibaface-notebook-unauth-access(48963)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48963"
},
{
"name": "32700",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.bkis.vn/?p=292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf"
},
{
"name": "20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498997"
},
{
"name": "toshibaface-notebook-unauth-access(48963)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48963"
},
{
"name": "32700",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.bkis.vn/?p=292"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf",
"refsource": "MISC",
"url": "http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf"
},
{
"name": "20081208 [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498997"
},
{
"name": "toshibaface-notebook-unauth-access(48963)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48963"
},
{
"name": "32700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32700"
},
{
"name": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen",
"refsource": "MISC",
"url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen"
},
{
"name": "http://security.bkis.vn/?p=292",
"refsource": "MISC",
"url": "http://security.bkis.vn/?p=292"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0657",
"datePublished": "2009-02-20T19:00:00",
"dateReserved": "2009-02-20T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0399 (GCVE-0-2008-0399)
Vulnerability from cvelistv5 – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "toshiba-recordsend-bo(39792)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39792"
},
{
"name": "4946",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4946"
},
{
"name": "28557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28557"
},
{
"name": "27360",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27360"
},
{
"name": "ADV-2008-0214",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0214"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/rgod_toshiba_control.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "toshiba-recordsend-bo(39792)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39792"
},
{
"name": "4946",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4946"
},
{
"name": "28557",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28557"
},
{
"name": "27360",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27360"
},
{
"name": "ADV-2008-0214",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0214"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/rgod_toshiba_control.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "toshiba-recordsend-bo(39792)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39792"
},
{
"name": "4946",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4946"
},
{
"name": "28557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28557"
},
{
"name": "27360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27360"
},
{
"name": "ADV-2008-0214",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0214"
},
{
"name": "http://retrogod.altervista.org/rgod_toshiba_control.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/rgod_toshiba_control.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0399",
"datePublished": "2008-01-23T11:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6903 (GCVE-0-2006-6903)
Vulnerability from cvelistv5 – Published: 2007-01-08 20:00 – Updated: 2024-08-07 20:42
VLAI?
Summary
Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf",
"refsource": "MISC",
"url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf"
},
{
"name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded"
},
{
"name": "37607",
"refsource": "OSVDB",
"url": "http://osvdb.org/37607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6903",
"datePublished": "2007-01-08T20:00:00",
"dateReserved": "2007-01-08T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5611 (GCVE-0-2006-5611)
Vulnerability from cvelistv5 – Published: 2006-10-31 00:00 – Updated: 2024-08-07 19:55
VLAI?
Summary
Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=bltstack-42001-notebook"
},
{
"name": "toshiba-bluetooth-unspecified(44391)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44391"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) \"Security fix.\" NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=bltstack-42001-notebook"
},
{
"name": "toshiba-bluetooth-unspecified(44391)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44391"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) \"Security fix.\" NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=bltstack-42001-notebook",
"refsource": "CONFIRM",
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=bltstack-42001-notebook"
},
{
"name": "toshiba-bluetooth-unspecified(44391)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44391"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5611",
"datePublished": "2006-10-31T00:00:00",
"dateReserved": "2006-10-30T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5405 (GCVE-0-2006-5405)
Vulnerability from cvelistv5 – Published: 2006-10-19 01:00 – Updated: 2024-08-07 19:48
VLAI?
Summary
Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name": "20061012 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448422/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/press/20061011-dell.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name": "ADV-2006-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4057"
},
{
"name": "1017075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017075"
},
{
"name": "22402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22402"
},
{
"name": "toshiba-bluetooth-stack-code-execute(29503)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29503"
},
{
"name": "1744",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name": "20061012 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448422/100/100/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/press/20061011-dell.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name": "ADV-2006-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4057"
},
{
"name": "1017075",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017075"
},
{
"name": "22402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22402"
},
{
"name": "toshiba-bluetooth-stack-code-execute(29503)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29503"
},
{
"name": "1744",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name": "20061012 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448422/100/100/threaded"
},
{
"name": "http://www.secureworks.com/press/20061011-dell.html",
"refsource": "MISC",
"url": "http://www.secureworks.com/press/20061011-dell.html"
},
{
"name": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html",
"refsource": "MISC",
"url": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name": "ADV-2006-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4057"
},
{
"name": "1017075",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017075"
},
{
"name": "22402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22402"
},
{
"name": "toshiba-bluetooth-stack-code-execute(29503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29503"
},
{
"name": "1744",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5405",
"datePublished": "2006-10-19T01:00:00",
"dateReserved": "2006-10-18T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3146 (GCVE-0-2006-3146)
Vulnerability from cvelistv5 – Published: 2006-06-22 22:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to "Ping o' Death" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2455"
},
{
"name": "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name": "toshiba-bluetooth-dos(27228)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27228"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name": "20657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20657"
},
{
"name": "1016345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016345"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://trifinite.org/trifinite_advisory_toshiba.html"
},
{
"name": "20060620 trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437811/100/0/threaded"
},
{
"name": "26686",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26686"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2"
},
{
"name": "18527",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18527"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to \"Ping o\u0027 Death\" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2455"
},
{
"name": "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name": "toshiba-bluetooth-dos(27228)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27228"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name": "20657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20657"
},
{
"name": "1016345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016345"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://trifinite.org/trifinite_advisory_toshiba.html"
},
{
"name": "20060620 trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437811/100/0/threaded"
},
{
"name": "26686",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26686"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2"
},
{
"name": "18527",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18527"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar to \"Ping o\u0027 Death\" and as demonstrated by BlueSmack. NOTE: this issue was originally reported for 4.00.23."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2455"
},
{
"name": "20061017 SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-October/001085.html"
},
{
"name": "toshiba-bluetooth-dos(27228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27228"
},
{
"name": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html",
"refsource": "MISC",
"url": "http://briankrebswatch.blogspot.com/2006/10/more-on-toshiba-patches.html"
},
{
"name": "20657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20657"
},
{
"name": "1016345",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016345"
},
{
"name": "http://trifinite.org/trifinite_advisory_toshiba.html",
"refsource": "MISC",
"url": "http://trifinite.org/trifinite_advisory_toshiba.html"
},
{
"name": "20060620 trifinite Security Advisory: Buffer Overrun in Toshiba Bluetooth Stack for Windows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437811/100/0/threaded"
},
{
"name": "26686",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26686"
},
{
"name": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2",
"refsource": "CONFIRM",
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2"
},
{
"name": "18527",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18527"
},
{
"name": "http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html",
"refsource": "MISC",
"url": "http://trifinite.org/blog/archives/2006/06/update_tosiba_a.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3146",
"datePublished": "2006-06-22T22:00:00",
"dateReserved": "2006-06-22T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0212 (GCVE-0-2006-0212)
Vulnerability from cvelistv5 – Published: 2006-01-14 01:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060113 DMA[2006-0112a] - \u0027Toshiba Bluetooth Stack Directory Transversal\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421993/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2"
},
{
"name": "16236",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16236"
},
{
"name": "ADV-2006-0184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0184"
},
{
"name": "18437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18437"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt"
},
{
"name": "22380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22380"
},
{
"name": "20060113 DMA[2006-0112a] - \u0027Toshiba Bluetooth Stack Directory Transversal\u0027",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113712413907526\u0026w=2"
},
{
"name": "1015486",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\\\ sequences in the RFILE argument of ussp-push."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060113 DMA[2006-0112a] - \u0027Toshiba Bluetooth Stack Directory Transversal\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421993/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2"
},
{
"name": "16236",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16236"
},
{
"name": "ADV-2006-0184",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0184"
},
{
"name": "18437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18437"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt"
},
{
"name": "22380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22380"
},
{
"name": "20060113 DMA[2006-0112a] - \u0027Toshiba Bluetooth Stack Directory Transversal\u0027",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113712413907526\u0026w=2"
},
{
"name": "1015486",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\\\ sequences in the RFILE argument of ussp-push."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060113 DMA[2006-0112a] - \u0027Toshiba Bluetooth Stack Directory Transversal\u0027",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421993/100/0/threaded"
},
{
"name": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2",
"refsource": "MISC",
"url": "http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2"
},
{
"name": "16236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16236"
},
{
"name": "ADV-2006-0184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0184"
},
{
"name": "18437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18437"
},
{
"name": "http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt"
},
{
"name": "22380",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22380"
},
{
"name": "20060113 DMA[2006-0112a] - \u0027Toshiba Bluetooth Stack Directory Transversal\u0027",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113712413907526\u0026w=2"
},
{
"name": "1015486",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0212",
"datePublished": "2006-01-14T01:00:00",
"dateReserved": "2006-01-14T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0963 (GCVE-0-2005-0963)
Vulnerability from cvelistv5 – Published: 2005-04-03 05:00 – Updated: 2024-08-07 21:35
VLAI?
Summary
An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this issue poses a security vulnerability, since administrative privileges would be required, and other DoS attacks are possible with such privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:35:58.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050331 Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111229708208629\u0026w=2"
},
{
"name": "20050331 RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111229803502643\u0026w=2"
},
{
"name": "toshiba-acpi-bios-dos(19895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19895"
},
{
"name": "20050329 Portcullis Security Advisory 05-011 ACPI 1.6 BIOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111214319914810\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this issue poses a security vulnerability, since administrative privileges would be required, and other DoS attacks are possible with such privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050331 Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111229708208629\u0026w=2"
},
{
"name": "20050331 RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111229803502643\u0026w=2"
},
{
"name": "toshiba-acpi-bios-dos(19895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19895"
},
{
"name": "20050329 Portcullis Security Advisory 05-011 ACPI 1.6 BIOS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111214319914810\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this issue poses a security vulnerability, since administrative privileges would be required, and other DoS attacks are possible with such privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050331 Re: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111229708208629\u0026w=2"
},
{
"name": "20050331 RE: Portcullis Security Advisory 05-011 ACPI 1.6 BIOS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111229803502643\u0026w=2"
},
{
"name": "toshiba-acpi-bios-dos(19895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19895"
},
{
"name": "20050329 Portcullis Security Advisory 05-011 ACPI 1.6 BIOS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111214319914810\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0963",
"datePublished": "2005-04-03T05:00:00",
"dateReserved": "2005-04-03T00:00:00",
"dateUpdated": "2024-08-07T21:35:58.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}