admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-12-15 12:22:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-08-22 09:04:58 -04:00
parent 7e12a33604
commit e3d38d6697
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 348 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
2018/10xxx/CVE-2018-10844.json
View File

@ -1,76 +1,82 @@
{
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-10844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "gnutls",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-385"
}
]
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that GnuTLS implementation of HMAC-SHA-256 was vulnerable to Lucky thirteen style attack. A remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
},
"product_name": "gnutls"
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844",
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844"
},
{
"url": "https://eprint.iacr.org/2018/747",
"refsource": "CONFIRM",
"name": "https://eprint.iacr.org/2018/747"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2018-10844",
"ASSIGNER": "lpardo@redhat.com"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://eprint.iacr.org/2018/747",
"refsource" : "MISC",
"url" : "https://eprint.iacr.org/2018/747"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844"
},
{
"name" : "https://gitlab.com/gnutls/gnutls/merge_requests/657",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gnutls/gnutls/merge_requests/657"
}
]
}
}

152
2018/10xxx/CVE-2018-10845.json
View File

@ -1,76 +1,82 @@
{
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-10845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "gnutls",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-385"
}
]
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that GnuTLS implementation of HMAC-SHA-384 was vulnerable to Lucky thirteen style attack. A remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
},
"product_name": "gnutls"
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845",
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845"
},
{
"url": "https://eprint.iacr.org/2018/747",
"refsource": "CONFIRM",
"name": "https://eprint.iacr.org/2018/747"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2018-10845",
"ASSIGNER": "lpardo@redhat.com"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://eprint.iacr.org/2018/747",
"refsource" : "MISC",
"url" : "https://eprint.iacr.org/2018/747"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845"
},
{
"name" : "https://gitlab.com/gnutls/gnutls/merge_requests/657",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gnutls/gnutls/merge_requests/657"
}
]
}
}

152
2018/10xxx/CVE-2018-10846.json
View File

@ -1,76 +1,82 @@
{
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-10846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "gnutls",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-385"
}
]
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets."
}
]
},
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
},
"product_name": "gnutls"
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-385"
}
]
}
]
},
"data_version": "4.0",
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846",
"refsource": "CONFIRM",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846"
},
{
"url": "https://eprint.iacr.org/2018/747",
"refsource": "CONFIRM",
"name": "https://eprint.iacr.org/2018/747"
}
]
},
"CVE_data_meta": {
"ID": "CVE-2018-10846",
"ASSIGNER": "lpardo@redhat.com"
}
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://eprint.iacr.org/2018/747",
"refsource" : "MISC",
"url" : "https://eprint.iacr.org/2018/747"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846"
},
{
"name" : "https://gitlab.com/gnutls/gnutls/merge_requests/657",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gnutls/gnutls/merge_requests/657"
}
]
}
}

4
2018/11xxx/CVE-2018-11776.json
View File

@ -38,7 +38,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Man Yue Mo from the Semmle Security Research team was noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace."
"value" : "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace."
}
]
},
@ -57,6 +57,8 @@
"references" : {
"reference_data" : [
{
"name" : "https://cwiki.apache.org/confluence/display/WW/S2-057",
"refsource" : "CONFIRM",
"url" : "https://cwiki.apache.org/confluence/display/WW/S2-057"
}
]

18
2018/15xxx/CVE-2018-15686.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15686",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/15xxx/CVE-2018-15687.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15687",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/15xxx/CVE-2018-15688.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15688",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/15xxx/CVE-2018-15689.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15689",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/15xxx/CVE-2018-15690.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15690",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/15xxx/CVE-2018-15691.json Normal file
View File

@ -0,0 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15691",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}