admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-12-03 09:04:46 -05:00
parent 026aa60b85
commit 9ef3a74cb0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 296 additions and 285 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
2018/16xxx/CVE-2018-16855.json
View File

@ -1,74 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16855",
"ASSIGNER": "lpardo@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "pdns-recursor",
"version": {
"version_data": [
{
"version_value": "4.1.8"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-16855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pdns-recursor",
"version" : {
"version_data" : [
{
"version_value" : "4.1.8"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html",
"refsource" : "MISC",
"url" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855"
}
]
}
}

147
2018/16xxx/CVE-2018-16868.json
View File

@ -1,74 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16868",
"ASSIGNER": "lpardo@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "gnutls",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-16868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "gnutls",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868",
"refsource": "CONFIRM"
},
{
"url": "http://cat.eyalro.net/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
}
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cat.eyalro.net/",
"refsource" : "MISC",
"url" : "http://cat.eyalro.net/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868"
}
]
}
}

145
2018/16xxx/CVE-2018-16869.json
View File

@ -1,74 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16869",
"ASSIGNER": "lpardo@redhat.com"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
{
"product_name": "nettle",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
}
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-16869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "nettle",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://cat.eyalro.net/"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869",
"refsource": "CONFIRM"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cat.eyalro.net/",
"refsource" : "MISC",
"url" : "http://cat.eyalro.net/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869"
}
]
}
}

144
2018/6xxx/CVE-2018-6332.json
View File

@ -1,74 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-03-15",
"ID": "CVE-2018-6332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "3.24.4"
},
{
"version_affected": ">=",
"version_value": "3.22.0"
},
{
"version_affected": "!=>",
"version_value": "3.21.8"
},
{
"version_affected": "<",
"version_value": "3.21.8"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@fb.com",
"DATE_ASSIGNED" : "2018-03-15",
"ID" : "CVE-2018-6332",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HHVM",
"version" : {
"version_data" : [
{
"version_affected" : "!=>",
"version_value" : "3.24.4"
},
{
"version_affected" : ">=",
"version_value" : "3.22.0"
},
{
"version_affected" : "!=>",
"version_value" : "3.21.8"
},
{
"version_affected" : "<",
"version_value" : "3.21.8"
}
]
}
}
]
},
"vendor_name" : "Facebook"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://hhvm.com/blog/2018/03/15/hhvm-3.25.html"
}
]
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hhvm.com/blog/2018/03/15/hhvm-3.25.html",
"refsource" : "MISC",
"url" : "https://hhvm.com/blog/2018/03/15/hhvm-3.25.html"
}
]
}
}