admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '08312018' of https://github.com/DellEMCProductSecurity/cvelist into DellEMCProductSecurity-08312018

Browse Source
This commit is contained in:
CVE Team 2018-08-31 13:24:34 -04:00
commit 752630cfa5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 325 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2018/11xxx/CVE-2018-11054.json
View File

@ -1,18 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11054",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2018-11054",
"STATE": "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BSAFE Micro Edition Suite",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "4.1.6"
}
]
}
}
]
},
"vendor_name": "RSA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use \nmaliciously constructed ASN.1 data to potentially cause a Denial Of Service. "
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/46"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

91
2018/11xxx/CVE-2018-11055.json
View File

@ -1,18 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11055",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2018-11055",
"STATE": "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BSAFE Micro Edition Suite",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.0.11"
},
{
"affected": "<",
"version_value": "4.1.6.1"
}
]
}
}
]
},
"vendor_name": "RSA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an \nImproper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory \nis not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the \nunauthorized data by doing heap inspection."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/46"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

105
2018/11xxx/CVE-2018-11056.json
View File

@ -1,18 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11056",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2018-11056",
"STATE": "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BSAFE Micro Edition Suite",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.1.6.1"
}
]
}
}
]
},
"vendor_name": "RSA"
},
{
"product": {
"product_data": [
{
"product_name": "BSAFE Crypto-C Micro Edition",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.0.5.3"
}
]
}
}
]
},
"vendor_name": "RSA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to \n4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing \nASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially \ncausing a Denial Of Service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/46"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}

91
2018/11xxx/CVE-2018-11057.json
View File

@ -1,18 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11057",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ID": "CVE-2018-11057",
"STATE": "PUBLIC"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BSAFE Micro Edition Suite",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "4.0.11"
},
{
"affected": "<",
"version_value": "4.1.6.1"
}
]
}
}
]
},
"vendor_name": "RSA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert \nTiming Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote \nattacker may be able to recover a RSA key."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Covert Timing Channel vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/46"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}