diff --git a/2018/11xxx/CVE-2018-11566.json b/2018/11xxx/CVE-2018-11566.json new file mode 100644 index 00000000000..6b9bc35eb44 --- /dev/null +++ b/2018/11xxx/CVE-2018-11566.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11566", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11567.json b/2018/11xxx/CVE-2018-11567.json new file mode 100644 index 00000000000..710d4e8e139 --- /dev/null +++ b/2018/11xxx/CVE-2018-11567.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11567", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still does not respond, the microphone is then turned off. The vulnerability involves empty output-speech reprompts, custom wildcard (\"gibberish\") input slots, and logging of detected speech. If a maliciously designed skill is installed, an attacker could obtain transcripts of speech not intended for Alexa to process, but simply spoken within the device's hearing range." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://info.checkmarx.com/hubfs/Amazon_Echo_Research.pdf", + "refsource" : "MISC", + "url" : "https://info.checkmarx.com/hubfs/Amazon_Echo_Research.pdf" + }, + { + "name" : "https://www.checkmarx.com/2018/04/25/eavesdropping-with-amazon-alexa/", + "refsource" : "MISC", + "url" : "https://www.checkmarx.com/2018/04/25/eavesdropping-with-amazon-alexa/" + }, + { + "name" : "https://www.wired.com/story/amazon-echo-alexa-skill-spying/", + "refsource" : "MISC", + "url" : "https://www.wired.com/story/amazon-echo-alexa-skill-spying/" + }, + { + "name" : "https://www.yahoo.com/news/amazon-alexa-bug-let-hackers-104609600.html", + "refsource" : "MISC", + "url" : "https://www.yahoo.com/news/amazon-alexa-bug-let-hackers-104609600.html" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11568.json b/2018/11xxx/CVE-2018-11568.json new file mode 100644 index 00000000000..73cb5cb2407 --- /dev/null +++ b/2018/11xxx/CVE-2018-11568.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11568", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have < and > representations." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://packetstormsecurity.com/files/143666/WordPress-GamePlan-Event-And-Gym-Fitness-Theme-1.5.13.2-Cross-Site-Scripting.html", + "refsource" : "MISC", + "url" : "https://packetstormsecurity.com/files/143666/WordPress-GamePlan-Event-And-Gym-Fitness-Theme-1.5.13.2-Cross-Site-Scripting.html" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11569.json b/2018/11xxx/CVE-2018-11569.json new file mode 100644 index 00000000000..a5d7e4de535 --- /dev/null +++ b/2018/11xxx/CVE-2018-11569.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11569", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11570.json b/2018/11xxx/CVE-2018-11570.json new file mode 100644 index 00000000000..88db96476a2 --- /dev/null +++ b/2018/11xxx/CVE-2018-11570.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11570", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}