diff --git a/2018/11xxx/CVE-2018-11054.json b/2018/11xxx/CVE-2018-11054.json index 0f7a54f817c..d3f286e71f0 100644 --- a/2018/11xxx/CVE-2018-11054.json +++ b/2018/11xxx/CVE-2018-11054.json @@ -1,81 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11054", - "STATE": "PUBLIC" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "ID" : "CVE-2018-11054", + "STATE" : "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name" : "BSAFE Micro Edition Suite", + "version" : { + "version_data" : [ { - "affected": "=", - "version_value": "4.1.6" + "affected" : "=", + "version_value" : "4.1.6" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name" : "RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use \nmaliciously constructed ASN.1 data to potentially cause a Denial Of Service. " + "lang" : "eng", + "value" : "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "NETWORK", + "availabilityImpact" : "HIGH", + "baseScore" : 7.5, + "baseSeverity" : "HIGH", + "confidentialityImpact" : "NONE", + "integrityImpact" : "NONE", + "privilegesRequired" : "NONE", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "integer overflow vulnerability" + "lang" : "eng", + "value" : "integer overflow vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name" : "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Aug/46" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } } diff --git a/2018/11xxx/CVE-2018-11055.json b/2018/11xxx/CVE-2018-11055.json index f1a14d6e524..004aba1d62b 100644 --- a/2018/11xxx/CVE-2018-11055.json +++ b/2018/11xxx/CVE-2018-11055.json @@ -1,85 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11055", - "STATE": "PUBLIC" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "ID" : "CVE-2018-11055", + "STATE" : "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name" : "BSAFE Micro Edition Suite", + "version" : { + "version_data" : [ { - "affected": "<", - "version_value": "4.0.11" + "affected" : "<", + "version_value" : "4.0.11" }, { - "affected": "<", - "version_value": "4.1.6.1" + "affected" : "<", + "version_value" : "4.1.6.1" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name" : "RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an \nImproper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory \nis not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the \nunauthorized data by doing heap inspection." + "lang" : "eng", + "value" : "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 4.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "LOCAL", + "availabilityImpact" : "NONE", + "baseScore" : 4.4, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "NONE", + "privilegesRequired" : "HIGH", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" + "lang" : "eng", + "value" : "Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name" : "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Aug/46" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2018/11xxx/CVE-2018-11056.json b/2018/11xxx/CVE-2018-11056.json index 126469a2084..417793a0dd9 100644 --- a/2018/11xxx/CVE-2018-11056.json +++ b/2018/11xxx/CVE-2018-11056.json @@ -1,99 +1,100 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11056", - "STATE": "PUBLIC" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "ID" : "CVE-2018-11056", + "STATE" : "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name" : "BSAFE Micro Edition Suite", + "version" : { + "version_data" : [ { - "affected": "<", - "version_value": "4.1.6.1" + "affected" : "<", + "version_value" : "4.1.6.1" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name" : "RSA" }, { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "BSAFE Crypto-C Micro Edition", - "version": { - "version_data": [ + "product_name" : "BSAFE Crypto-C Micro Edition", + "version" : { + "version_data" : [ { - "affected": "<", - "version_value": "4.0.5.3" + "affected" : "<", + "version_value" : "4.0.5.3" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name" : "RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to \n4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing \nASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially \ncausing a Denial Of Service." + "lang" : "eng", + "value" : "RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "NETWORK", + "availabilityImpact" : "HIGH", + "baseScore" : 6.5, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "NONE", + "integrityImpact" : "NONE", + "privilegesRequired" : "NONE", + "scope" : "UNCHANGED", + "userInteraction" : "REQUIRED", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability " + "lang" : "eng", + "value" : "Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability " } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name" : "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Aug/46" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2018/11xxx/CVE-2018-11057.json b/2018/11xxx/CVE-2018-11057.json index 3a44376c75a..bf4b573e32b 100644 --- a/2018/11xxx/CVE-2018-11057.json +++ b/2018/11xxx/CVE-2018-11057.json @@ -1,85 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "ID": "CVE-2018-11057", - "STATE": "PUBLIC" + "CVE_data_meta" : { + "ASSIGNER" : "secure@dell.com", + "ID" : "CVE-2018-11057", + "STATE" : "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ + "affects" : { + "vendor" : { + "vendor_data" : [ { - "product": { - "product_data": [ + "product" : { + "product_data" : [ { - "product_name": "BSAFE Micro Edition Suite", - "version": { - "version_data": [ + "product_name" : "BSAFE Micro Edition Suite", + "version" : { + "version_data" : [ { - "affected": "<", - "version_value": "4.0.11" + "affected" : "<", + "version_value" : "4.0.11" }, { - "affected": "<", - "version_value": "4.1.6.1" + "affected" : "<", + "version_value" : "4.1.6.1" } ] } } ] }, - "vendor_name": "RSA" + "vendor_name" : "RSA" } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert \nTiming Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote \nattacker may be able to recover a RSA key." + "lang" : "eng", + "value" : "RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key." } ] }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "HIGH", + "attackVector" : "NETWORK", + "availabilityImpact" : "NONE", + "baseScore" : 5.9, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "NONE", + "privilegesRequired" : "NONE", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ + "problemtype" : { + "problemtype_data" : [ { - "description": [ + "description" : [ { - "lang": "eng", - "value": "Covert Timing Channel vulnerability" + "lang" : "eng", + "value" : "Covert Timing Channel vulnerability" } ] } ] }, - "references": { - "reference_data": [ + "references" : { + "reference_data" : [ { - "refsource": "FULLDISC", - "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + "name" : "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Aug/46" } ] }, - "source": { - "discovery": "UNKNOWN" + "source" : { + "discovery" : "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2018/12xxx/CVE-2018-12408.json b/2018/12xxx/CVE-2018-12408.json index 585753e9370..a6f907546f0 100644 --- a/2018/12xxx/CVE-2018-12408.json +++ b/2018/12xxx/CVE-2018-12408.json @@ -2,10 +2,10 @@ "CVE_data_meta" : { "ASSIGNER" : "security@tibco.com", "DATE_PUBLIC" : "2018-08-07T16:00:00.000Z", - "UPDATED" : "2018-08-31T16:00:00.000Z", "ID" : "CVE-2018-12408", "STATE" : "PUBLIC", - "TITLE" : "TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability" + "TITLE" : "TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability", + "UPDATED" : "2018-08-31T16:00:00.000Z" }, "affects" : { "vendor" : {