mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-07 21:47:16 +00:00
- Synchronized data.
This commit is contained in:
CVE Team
parent
509d838d65
commit
b39afc999b
@ -36,7 +36,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request."
|
||||
"value" : "libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,87 +1,88 @@
|
||||
{
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@dell.com",
|
||||
"DATE_PUBLIC": "2018-11-12T18:00:00.000Z",
|
||||
"ID": "CVE-2018-15769",
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "DSA-2018-198: RSA® BSAFE® Micro Edition Suite Key Management Error Vulnerability"
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "secure@dell.com",
|
||||
"DATE_PUBLIC" : "2018-11-12T18:00:00.000Z",
|
||||
"ID" : "CVE-2018-15769",
|
||||
"STATE" : "PUBLIC",
|
||||
"TITLE" : "DSA-2018-198: RSA® BSAFE® Micro Edition Suite Key Management Error Vulnerability"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name": "BSAFE Micro Edition Suite",
|
||||
"version": {
|
||||
"version_data": [
|
||||
"product_name" : "BSAFE Micro Edition Suite",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"affected": "<",
|
||||
"version_value": "4.0.11"
|
||||
"affected" : "<",
|
||||
"version_value" : "4.0.11"
|
||||
},
|
||||
{
|
||||
"affected": "<",
|
||||
"version_value": "4.1.6.2"
|
||||
"affected" : "<",
|
||||
"version_value" : "4.1.6.2"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "RSA "
|
||||
"vendor_name" : "RSA "
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x \nseries) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) \non TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or \nAnonymous Diffie-Hellman cipher suite (DHE or ADH) is used."
|
||||
"lang" : "eng",
|
||||
"value" : "RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||||
"version": "3.0"
|
||||
"impact" : {
|
||||
"cvss" : {
|
||||
"attackComplexity" : "LOW",
|
||||
"attackVector" : "NETWORK",
|
||||
"availabilityImpact" : "LOW",
|
||||
"baseScore" : 5.3,
|
||||
"baseSeverity" : "MEDIUM",
|
||||
"confidentialityImpact" : "NONE",
|
||||
"integrityImpact" : "NONE",
|
||||
"privilegesRequired" : "NONE",
|
||||
"scope" : "UNCHANGED",
|
||||
"userInteraction" : "NONE",
|
||||
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||||
"version" : "3.0"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description": [
|
||||
"description" : [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "key management error issue"
|
||||
"lang" : "eng",
|
||||
"value" : "key management error issue"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://seclists.org/fulldisclosure/2018/Nov/37"
|
||||
"name" : "20181112 DSA-2018-198: RSA BSAFE Micro Edition Suite Key Management Error Vulnerability",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "https://seclists.org/fulldisclosure/2018/Nov/37"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
"source" : {
|
||||
"discovery" : "UNKNOWN"
|
||||
}
|
||||
}
|
||||
|
||||
@ -38,7 +38,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occuring. IBM X-Force ID: 149607."
|
||||
"value" : "IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring. IBM X-Force ID: 149607."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -61,7 +61,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occuring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61."
|
||||
"value" : "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user