From e3d38d66974f6defa65ad3ce14da2f1797dab182 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 22 Aug 2018 09:04:58 -0400 Subject: [PATCH] - Synchronized data. --- 2018/10xxx/CVE-2018-10844.json | 152 +++++++++++++++++---------------- 2018/10xxx/CVE-2018-10845.json | 152 +++++++++++++++++---------------- 2018/10xxx/CVE-2018-10846.json | 152 +++++++++++++++++---------------- 2018/11xxx/CVE-2018-11776.json | 4 +- 2018/15xxx/CVE-2018-15686.json | 18 ++++ 2018/15xxx/CVE-2018-15687.json | 18 ++++ 2018/15xxx/CVE-2018-15688.json | 18 ++++ 2018/15xxx/CVE-2018-15689.json | 18 ++++ 2018/15xxx/CVE-2018-15690.json | 18 ++++ 2018/15xxx/CVE-2018-15691.json | 18 ++++ 10 files changed, 348 insertions(+), 220 deletions(-) create mode 100644 2018/15xxx/CVE-2018-15686.json create mode 100644 2018/15xxx/CVE-2018-15687.json create mode 100644 2018/15xxx/CVE-2018-15688.json create mode 100644 2018/15xxx/CVE-2018-15689.json create mode 100644 2018/15xxx/CVE-2018-15690.json create mode 100644 2018/15xxx/CVE-2018-15691.json diff --git a/2018/10xxx/CVE-2018-10844.json b/2018/10xxx/CVE-2018-10844.json index 577b1c63a0c..5707c31a166 100644 --- a/2018/10xxx/CVE-2018-10844.json +++ b/2018/10xxx/CVE-2018-10844.json @@ -1,76 +1,82 @@ { - "impact": { - "cvss": [ - [ - { - "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" - } + "CVE_data_meta" : { + "ASSIGNER" : "lpardo@redhat.com", + "ID" : "CVE-2018-10844", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "gnutls", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-385" + } ] - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "It was found that GnuTLS implementation of HMAC-SHA-256 was vulnerable to Lucky thirteen style attack. A remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - }, - "product_name": "gnutls" - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-385" - } - ] - } - ] - }, - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844", - "refsource": "CONFIRM", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844" - }, - { - "url": "https://eprint.iacr.org/2018/747", - "refsource": "CONFIRM", - "name": "https://eprint.iacr.org/2018/747" - } - ] - }, - "CVE_data_meta": { - "ID": "CVE-2018-10844", - "ASSIGNER": "lpardo@redhat.com" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://eprint.iacr.org/2018/747", + "refsource" : "MISC", + "url" : "https://eprint.iacr.org/2018/747" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844" + }, + { + "name" : "https://gitlab.com/gnutls/gnutls/merge_requests/657", + "refsource" : "CONFIRM", + "url" : "https://gitlab.com/gnutls/gnutls/merge_requests/657" + } + ] + } } diff --git a/2018/10xxx/CVE-2018-10845.json b/2018/10xxx/CVE-2018-10845.json index 02eb0266764..7c73d1f663d 100644 --- a/2018/10xxx/CVE-2018-10845.json +++ b/2018/10xxx/CVE-2018-10845.json @@ -1,76 +1,82 @@ { - "impact": { - "cvss": [ - [ - { - "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" - } + "CVE_data_meta" : { + "ASSIGNER" : "lpardo@redhat.com", + "ID" : "CVE-2018-10845", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "gnutls", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-385" + } ] - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "It was found that GnuTLS implementation of HMAC-SHA-384 was vulnerable to Lucky thirteen style attack. A remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - }, - "product_name": "gnutls" - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-385" - } - ] - } - ] - }, - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845", - "refsource": "CONFIRM", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845" - }, - { - "url": "https://eprint.iacr.org/2018/747", - "refsource": "CONFIRM", - "name": "https://eprint.iacr.org/2018/747" - } - ] - }, - "CVE_data_meta": { - "ID": "CVE-2018-10845", - "ASSIGNER": "lpardo@redhat.com" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://eprint.iacr.org/2018/747", + "refsource" : "MISC", + "url" : "https://eprint.iacr.org/2018/747" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10845" + }, + { + "name" : "https://gitlab.com/gnutls/gnutls/merge_requests/657", + "refsource" : "CONFIRM", + "url" : "https://gitlab.com/gnutls/gnutls/merge_requests/657" + } + ] + } } diff --git a/2018/10xxx/CVE-2018-10846.json b/2018/10xxx/CVE-2018-10846.json index 0e75745bfe4..3a09e12241e 100644 --- a/2018/10xxx/CVE-2018-10846.json +++ b/2018/10xxx/CVE-2018-10846.json @@ -1,76 +1,82 @@ { - "impact": { - "cvss": [ - [ - { - "vectorString": "5.3/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version": "3.0" - } + "CVE_data_meta" : { + "ASSIGNER" : "lpardo@redhat.com", + "ID" : "CVE-2018-10846", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "gnutls", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "5.3/CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-385" + } ] - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets." - } - ] - }, - "data_type": "CVE", - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - }, - "product_name": "gnutls" - } - ] - }, - "vendor_name": "[UNKNOWN]" - } - ] - } - }, - "data_format": "MITRE", - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-385" - } - ] - } - ] - }, - "data_version": "4.0", - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846", - "refsource": "CONFIRM", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846" - }, - { - "url": "https://eprint.iacr.org/2018/747", - "refsource": "CONFIRM", - "name": "https://eprint.iacr.org/2018/747" - } - ] - }, - "CVE_data_meta": { - "ID": "CVE-2018-10846", - "ASSIGNER": "lpardo@redhat.com" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://eprint.iacr.org/2018/747", + "refsource" : "MISC", + "url" : "https://eprint.iacr.org/2018/747" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10846" + }, + { + "name" : "https://gitlab.com/gnutls/gnutls/merge_requests/657", + "refsource" : "CONFIRM", + "url" : "https://gitlab.com/gnutls/gnutls/merge_requests/657" + } + ] + } } diff --git a/2018/11xxx/CVE-2018-11776.json b/2018/11xxx/CVE-2018-11776.json index a183bcc1219..116db82e78c 100644 --- a/2018/11xxx/CVE-2018-11776.json +++ b/2018/11xxx/CVE-2018-11776.json @@ -38,7 +38,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Man Yue Mo from the Semmle Security Research team was noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace." + "value" : "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace." } ] }, @@ -57,6 +57,8 @@ "references" : { "reference_data" : [ { + "name" : "https://cwiki.apache.org/confluence/display/WW/S2-057", + "refsource" : "CONFIRM", "url" : "https://cwiki.apache.org/confluence/display/WW/S2-057" } ] diff --git a/2018/15xxx/CVE-2018-15686.json b/2018/15xxx/CVE-2018-15686.json new file mode 100644 index 00000000000..beadbb5ab9b --- /dev/null +++ b/2018/15xxx/CVE-2018-15686.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-15686", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/15xxx/CVE-2018-15687.json b/2018/15xxx/CVE-2018-15687.json new file mode 100644 index 00000000000..0217283ceb9 --- /dev/null +++ b/2018/15xxx/CVE-2018-15687.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-15687", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/15xxx/CVE-2018-15688.json b/2018/15xxx/CVE-2018-15688.json new file mode 100644 index 00000000000..a2f8484a364 --- /dev/null +++ b/2018/15xxx/CVE-2018-15688.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-15688", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/15xxx/CVE-2018-15689.json b/2018/15xxx/CVE-2018-15689.json new file mode 100644 index 00000000000..54ae38a1650 --- /dev/null +++ b/2018/15xxx/CVE-2018-15689.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-15689", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/15xxx/CVE-2018-15690.json b/2018/15xxx/CVE-2018-15690.json new file mode 100644 index 00000000000..f120e793340 --- /dev/null +++ b/2018/15xxx/CVE-2018-15690.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-15690", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/15xxx/CVE-2018-15691.json b/2018/15xxx/CVE-2018-15691.json new file mode 100644 index 00000000000..370e09ee58b --- /dev/null +++ b/2018/15xxx/CVE-2018-15691.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-15691", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}