admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding 5 CVEs for Tenable.

Browse Source
This commit is contained in:
CVE Team 2018-12-20 15:25:29 -05:00
parent 625023d5a0
commit e1030e9b1e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 239 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
2018/15xxx/CVE-2018-15720.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-12-19T00:00:00",
"ID" : "CVE-2018-15720",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Logitech Harmony Hub",
"version" : {
"version_data" : [
{
"version_value" : "Firmware before 4.15.206"
}
]
}
}
]
},
"vendor_name" : "Logitech"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Logitech Harmony Hub before version 4.15.206 contained two hard-coded accounts in the XMPP server that gave remote users access to the local API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-798 Hard-coded credentials"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tenable.com/security/research/tra-2018-47"
}
]
}

49
2018/15xxx/CVE-2018-15721.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-12-19T00:00:00",
"ID" : "CVE-2018-15721",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Logitech Harmony Hub",
"version" : {
"version_data" : [
{
"version_value" : "Firmware before 4.15.206"
}
]
}
}
]
},
"vendor_name" : "Logitech"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287 Improper Authentication"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tenable.com/security/research/tra-2018-47"
}
]
}

49
2018/15xxx/CVE-2018-15722.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-12-19T00:00:00",
"ID" : "CVE-2018-15722",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Logitech Harmony Hub",
"version" : {
"version_data" : [
{
"version_value" : "Firmware before 4.15.206"
}
]
}
}
]
},
"vendor_name" : "Logitech"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-78 OS Command Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tenable.com/security/research/tra-2018-47"
}
]
}

49
2018/15xxx/CVE-2018-15723.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-12-19T00:00:00",
"ID" : "CVE-2018-15723",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Logitech Harmony Hub",
"version" : {
"version_data" : [
{
"version_value" : "Firmware before 4.15.206"
}
]
}
}
]
},
"vendor_name" : "Logitech"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,26 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-346 Origin Validation Error"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tenable.com/security/research/tra-2018-47"
}
]
}

58
2018/1xxx/CVE-2018-1160.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-12-20T00:00:00",
"ID" : "CVE-2018-1160",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Netatalk",
"version" : {
"version_data" : [
{
"version_value" : "Before 3.1.12"
}
]
}
}
]
},
"vendor_name" : "Netatalk"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +35,35 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787 Out of bounds write"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tenable.com/security/research/tra-2018-48,"
},
{
"url" : "http://netatalk.sourceforge.net/3.1/ReleaseNotes3.1.12.html,"
},
{
"url" : "https://attachments.samba.org/attachment.cgi?id=14735,"
},
{
"url" : "https://github.com/tenable/poc/tree/master/netatalk/cve_2018_1160/"
}
]
}