admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding 2 CVEs for Tenable.

Browse Source
This commit is contained in:
CVE Team 2018-11-30 14:25:38 -05:00
parent 2d524b713a
commit 67390ca30f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
2 changed files with 92 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
2018/15xxx/CVE-2018-15715.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-29T00:00:00",
"ID" : "CVE-2018-15715",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Zoom",
"version" : {
"version_data" : [
{
"version_value" : "Zoom on Windows before version 4.1.34814.1119, Zoom on Mac OS before version 4.1.34801.1116, Zoom on Linux version 2.4.129780.0915 and below."
}
]
}
}
]
},
"vendor_name" : "Zoom"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-290 Authentication Bypass by Spoofing"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tenable.com/security/research/tra-2018-40"
}
]
}

49
2018/15xxx/CVE-2018-15716.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-29T00:00:00",
"ID" : "CVE-2018-15716",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NUUO NVRMini2",
"version" : {
"version_data" : [
{
"version_value" : "3.9.1"
}
]
}
}
]
},
"vendor_name" : "NUUO"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "NUUO NVRMini2 version 3.10.0 and earlier is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-78 Command Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tenable.com/security/research/tra-2018-41"
}
]
}