diff --git a/2018/16xxx/CVE-2018-16855.json b/2018/16xxx/CVE-2018-16855.json index 3ba89e6f374..9f2c3d7b0cc 100644 --- a/2018/16xxx/CVE-2018-16855.json +++ b/2018/16xxx/CVE-2018-16855.json @@ -1,74 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-16855", - "ASSIGNER": "lpardo@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "[UNKNOWN]", - "product": { - "product_data": [ - { - "product_name": "pdns-recursor", - "version": { - "version_data": [ - { - "version_value": "4.1.8" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "lpardo@redhat.com", + "ID" : "CVE-2018-16855", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "pdns-recursor", + "version" : { + "version_data" : [ + { + "version_value" : "4.1.8" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html", + "refsource" : "MISC", + "url" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855" + } + ] + } } diff --git a/2018/16xxx/CVE-2018-16868.json b/2018/16xxx/CVE-2018-16868.json index 145ca71a637..aed618494f5 100644 --- a/2018/16xxx/CVE-2018-16868.json +++ b/2018/16xxx/CVE-2018-16868.json @@ -1,74 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-16868", - "ASSIGNER": "lpardo@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "[UNKNOWN]", - "product": { - "product_data": [ - { - "product_name": "gnutls", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "lpardo@redhat.com", + "ID" : "CVE-2018-16868", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "gnutls", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-200" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868", - "refsource": "CONFIRM" - }, - { - "url": "http://cat.eyalro.net/" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - } -} \ No newline at end of file + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://cat.eyalro.net/", + "refsource" : "MISC", + "url" : "http://cat.eyalro.net/" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16868" + } + ] + } +} diff --git a/2018/16xxx/CVE-2018-16869.json b/2018/16xxx/CVE-2018-16869.json index 45eebcae066..c0841a385f1 100644 --- a/2018/16xxx/CVE-2018-16869.json +++ b/2018/16xxx/CVE-2018-16869.json @@ -1,74 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-16869", - "ASSIGNER": "lpardo@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "[UNKNOWN]", - "product": { - "product_data": [ - { - "product_name": "nettle", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "lpardo@redhat.com", + "ID" : "CVE-2018-16869", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "nettle", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-200" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://cat.eyalro.net/" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.7/CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://cat.eyalro.net/", + "refsource" : "MISC", + "url" : "http://cat.eyalro.net/" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16869" + } + ] + } } diff --git a/2018/6xxx/CVE-2018-6332.json b/2018/6xxx/CVE-2018-6332.json index 227bc92cda5..a71cf5af742 100644 --- a/2018/6xxx/CVE-2018-6332.json +++ b/2018/6xxx/CVE-2018-6332.json @@ -1,74 +1,76 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve-assign@fb.com", - "DATE_ASSIGNED": "2018-03-15", - "ID": "CVE-2018-6332", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "HHVM", - "version": { - "version_data": [ - { - "version_affected": "!=>", - "version_value": "3.24.4" - }, - { - "version_affected": ">=", - "version_value": "3.22.0" - }, - { - "version_affected": "!=>", - "version_value": "3.21.8" - }, - { - "version_affected": "<", - "version_value": "3.21.8" - } - ] - } - } - ] - }, - "vendor_name": "Facebook" - } + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@fb.com", + "DATE_ASSIGNED" : "2018-03-15", + "ID" : "CVE-2018-6332", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "HHVM", + "version" : { + "version_data" : [ + { + "version_affected" : "!=>", + "version_value" : "3.24.4" + }, + { + "version_affected" : ">=", + "version_value" : "3.22.0" + }, + { + "version_affected" : "!=>", + "version_value" : "3.21.8" + }, + { + "version_affected" : "<", + "version_value" : "3.21.8" + } + ] + } + } + ] + }, + "vendor_name" : "Facebook" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service (CWE-400)" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Denial of Service (CWE-400)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://hhvm.com/blog/2018/03/15/hhvm-3.25.html" - } - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://hhvm.com/blog/2018/03/15/hhvm-3.25.html", + "refsource" : "MISC", + "url" : "https://hhvm.com/blog/2018/03/15/hhvm-3.25.html" + } + ] + } }