Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by tripadvisor
CVE-2017-17226 (GCVE-0-2017-17226)
Vulnerability from cvelistv5 – Published: 2018-03-09 17:00 – Updated: 2024-08-05 20:43
VLAI
EPSS
VEX
Summary
The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.
Severity
No CVSS data available.
CWE
- arbitrary URL loading
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.huawei.com/en/psirt/security-advisorie… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei Technologies Co., Ltd. | TripAdvisor |
Affected:
The versions before TAMobileApp-24.6.4
|
Date Public
2018-01-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TripAdvisor",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before TAMobileApp-24.6.4"
}
]
}
],
"datePublic": "2018-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "arbitrary URL loading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T16:57:01.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TripAdvisor",
"version": {
"version_data": [
{
"version_value": "The versions before TAMobileApp-24.6.4"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "arbitrary URL loading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17226",
"datePublished": "2018-03-09T17:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:43:59.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4917 (GCVE-0-2012-4917)
Vulnerability from cvelistv5 – Published: 2013-01-26 23:00 – Updated: 2024-08-06 20:50
VLAI
EPSS
VEX
Summary
The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/57535 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/51410 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2013-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57535"
},
{
"name": "51410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "57535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57535"
},
{
"name": "51410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57535"
},
{
"name": "51410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-4917",
"datePublished": "2013-01-26T23:00:00.000Z",
"dateReserved": "2012-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:17.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17226 (GCVE-0-2017-17226)
Vulnerability from nvd – Published: 2018-03-09 17:00 – Updated: 2024-08-05 20:43
VLAI
EPSS
VEX
Summary
The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.
Severity
No CVSS data available.
CWE
- arbitrary URL loading
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.huawei.com/en/psirt/security-advisorie… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei Technologies Co., Ltd. | TripAdvisor |
Affected:
The versions before TAMobileApp-24.6.4
|
Date Public
2018-01-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TripAdvisor",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "The versions before TAMobileApp-24.6.4"
}
]
}
],
"datePublic": "2018-01-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "arbitrary URL loading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T16:57:01.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TripAdvisor",
"version": {
"version_data": [
{
"version_value": "The versions before TAMobileApp-24.6.4"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "arbitrary URL loading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180130-01-tripadvisor-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-17226",
"datePublished": "2018-03-09T17:00:00.000Z",
"dateReserved": "2017-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:43:59.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4917 (GCVE-0-2012-4917)
Vulnerability from nvd – Published: 2013-01-26 23:00 – Updated: 2024-08-06 20:50
VLAI
EPSS
VEX
Summary
The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/57535 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/51410 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2013-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57535"
},
{
"name": "51410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-02T10:00:00.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "57535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57535"
},
{
"name": "51410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57535"
},
{
"name": "51410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-4917",
"datePublished": "2013-01-26T23:00:00.000Z",
"dateReserved": "2012-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:17.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}