diff --git a/2019/12xxx/CVE-2019-12380.json b/2019/12xxx/CVE-2019-12380.json index 64f506d6c5f..5e4adedf3d9 100644 --- a/2019/12xxx/CVE-2019-12380.json +++ b/2019/12xxx/CVE-2019-12380.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4427-1", "url": "https://usn.ubuntu.com/4427-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2019/16xxx/CVE-2019-16089.json b/2019/16xxx/CVE-2019-16089.json index 2a3cbfe7ad3..14b94db5890 100644 --- a/2019/16xxx/CVE-2019-16089.json +++ b/2019/16xxx/CVE-2019-16089.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://lore.kernel.org/patchwork/patch/1126650/", "url": "https://lore.kernel.org/patchwork/patch/1126650/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19036.json b/2019/19xxx/CVE-2019-19036.json index e6357801bcf..efdc43002d3 100644 --- a/2019/19xxx/CVE-2019-19036.json +++ b/2019/19xxx/CVE-2019-19036.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0336", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19039.json b/2019/19xxx/CVE-2019-19039.json index 86a12558b16..3067b110890 100644 --- a/2019/19xxx/CVE-2019-19039.json +++ b/2019/19xxx/CVE-2019-19039.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039", "url": "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19318.json b/2019/19xxx/CVE-2019-19318.json index d3f32e58ce0..22b33b7c130 100644 --- a/2019/19xxx/CVE-2019-19318.json +++ b/2019/19xxx/CVE-2019-19318.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0336", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19377.json b/2019/19xxx/CVE-2019-19377.json index 6f482a0f6ab..cf7570f50c0 100644 --- a/2019/19xxx/CVE-2019-19377.json +++ b/2019/19xxx/CVE-2019-19377.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4369-1", "url": "https://usn.ubuntu.com/4369-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19462.json b/2019/19xxx/CVE-2019-19462.json index b8fa1ee89a8..8a9c6a8bc2c 100644 --- a/2019/19xxx/CVE-2019-19462.json +++ b/2019/19xxx/CVE-2019-19462.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0935", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19813.json b/2019/19xxx/CVE-2019-19813.json index 554e8ac25cc..4cce1cd6de9 100644 --- a/2019/19xxx/CVE-2019-19813.json +++ b/2019/19xxx/CVE-2019-19813.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19816.json b/2019/19xxx/CVE-2019-19816.json index ad9293d7ce5..3ff9d256245 100644 --- a/2019/19xxx/CVE-2019-19816.json +++ b/2019/19xxx/CVE-2019-19816.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2020/10xxx/CVE-2020-10711.json b/2020/10xxx/CVE-2020-10711.json index bfe921f5155..e64a3ba2e38 100644 --- a/2020/10xxx/CVE-2020-10711.json +++ b/2020/10xxx/CVE-2020-10711.json @@ -103,6 +103,11 @@ "refsource": "UBUNTU", "name": "USN-4419-1", "url": "https://usn.ubuntu.com/4419-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] }, diff --git a/2020/12xxx/CVE-2020-12770.json b/2020/12xxx/CVE-2020-12770.json index 7cdc214a873..9f31fbe46ce 100644 --- a/2020/12xxx/CVE-2020-12770.json +++ b/2020/12xxx/CVE-2020-12770.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4419-1", "url": "https://usn.ubuntu.com/4419-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2020/13xxx/CVE-2020-13143.json b/2020/13xxx/CVE-2020-13143.json index d808776ffc4..0619455f2d1 100644 --- a/2020/13xxx/CVE-2020-13143.json +++ b/2020/13xxx/CVE-2020-13143.json @@ -121,6 +121,11 @@ "refsource": "UBUNTU", "name": "USN-4419-1", "url": "https://usn.ubuntu.com/4419-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4414-1", + "url": "https://usn.ubuntu.com/4414-1/" } ] } diff --git a/2020/14xxx/CVE-2020-14316.json b/2020/14xxx/CVE-2020-14316.json index ed3760aab63..c19efa8d04a 100644 --- a/2020/14xxx/CVE-2020-14316.json +++ b/2020/14xxx/CVE-2020-14316.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-14316", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kubevirt", + "version": { + "version_data": [ + { + "version_value": "All versions before kubevirt 0.30." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1848951", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848951" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." } ] } diff --git a/2020/15xxx/CVE-2020-15358.json b/2020/15xxx/CVE-2020-15358.json index f2803df3a7f..85e784fe20f 100644 --- a/2020/15xxx/CVE-2020-15358.json +++ b/2020/15xxx/CVE-2020-15358.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202007-26", "url": "https://security.gentoo.org/glsa/202007-26" + }, + { + "refsource": "UBUNTU", + "name": "USN-4438-1", + "url": "https://usn.ubuntu.com/4438-1/" } ] } diff --git a/2020/15xxx/CVE-2020-15706.json b/2020/15xxx/CVE-2020-15706.json index 713adbb6390..131bb8e11bf 100644 --- a/2020/15xxx/CVE-2020-15706.json +++ b/2020/15xxx/CVE-2020-15706.json @@ -145,6 +145,11 @@ "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html", "refsource": "CONFIRM", "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4735", + "url": "https://www.debian.org/security/2020/dsa-4735" } ] }, @@ -152,4 +157,4 @@ "advisory": "USN 4432-1", "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15707.json b/2020/15xxx/CVE-2020-15707.json index c9c3762ba3e..c6ef5c2a5fa 100644 --- a/2020/15xxx/CVE-2020-15707.json +++ b/2020/15xxx/CVE-2020-15707.json @@ -149,6 +149,11 @@ "name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html", "refsource": "CONFIRM", "url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4735", + "url": "https://www.debian.org/security/2020/dsa-4735" } ] }, @@ -156,4 +161,4 @@ "advisory": "USN 4432-1", "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16119.json b/2020/16xxx/CVE-2020-16119.json new file mode 100644 index 00000000000..39b5a1d4165 --- /dev/null +++ b/2020/16xxx/CVE-2020-16119.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16119", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16120.json b/2020/16xxx/CVE-2020-16120.json new file mode 100644 index 00000000000..7a8d4447dcd --- /dev/null +++ b/2020/16xxx/CVE-2020-16120.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16120", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16121.json b/2020/16xxx/CVE-2020-16121.json new file mode 100644 index 00000000000..79019049bb2 --- /dev/null +++ b/2020/16xxx/CVE-2020-16121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16122.json b/2020/16xxx/CVE-2020-16122.json new file mode 100644 index 00000000000..948ff90e2ac --- /dev/null +++ b/2020/16xxx/CVE-2020-16122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16123.json b/2020/16xxx/CVE-2020-16123.json new file mode 100644 index 00000000000..902f95cda10 --- /dev/null +++ b/2020/16xxx/CVE-2020-16123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16124.json b/2020/16xxx/CVE-2020-16124.json new file mode 100644 index 00000000000..c382fef8eaa --- /dev/null +++ b/2020/16xxx/CVE-2020-16124.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16124", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16125.json b/2020/16xxx/CVE-2020-16125.json new file mode 100644 index 00000000000..832b6f66e45 --- /dev/null +++ b/2020/16xxx/CVE-2020-16125.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16125", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16126.json b/2020/16xxx/CVE-2020-16126.json new file mode 100644 index 00000000000..25531d7da4b --- /dev/null +++ b/2020/16xxx/CVE-2020-16126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16127.json b/2020/16xxx/CVE-2020-16127.json new file mode 100644 index 00000000000..67a16afd166 --- /dev/null +++ b/2020/16xxx/CVE-2020-16127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16128.json b/2020/16xxx/CVE-2020-16128.json new file mode 100644 index 00000000000..36fee74c86d --- /dev/null +++ b/2020/16xxx/CVE-2020-16128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16129.json b/2020/16xxx/CVE-2020-16129.json new file mode 100644 index 00000000000..ab7489f15e3 --- /dev/null +++ b/2020/16xxx/CVE-2020-16129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16130.json b/2020/16xxx/CVE-2020-16130.json new file mode 100644 index 00000000000..a487f33e3f6 --- /dev/null +++ b/2020/16xxx/CVE-2020-16130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/16xxx/CVE-2020-16131.json b/2020/16xxx/CVE-2020-16131.json new file mode 100644 index 00000000000..ab3532400c8 --- /dev/null +++ b/2020/16xxx/CVE-2020-16131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-16131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5760.json b/2020/5xxx/CVE-2020-5760.json index d0ef8dc69d8..10ed09f6912 100644 --- a/2020/5xxx/CVE-2020-5760.json +++ b/2020/5xxx/CVE-2020-5760.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5760", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Grandstream HT800 Series", + "version": { + "version_data": [ + { + "version_value": "Versions 1.0.17.5 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-43", + "url": "https://www.tenable.com/security/research/tra-2020-43" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message." } ] } diff --git a/2020/5xxx/CVE-2020-5761.json b/2020/5xxx/CVE-2020-5761.json index 685e0492d93..b6549f55b98 100644 --- a/2020/5xxx/CVE-2020-5761.json +++ b/2020/5xxx/CVE-2020-5761.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5761", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Grandstream HT800 Series", + "version": { + "version_data": [ + { + "version_value": "Versions 1.0.17.5 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-835" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-43", + "url": "https://www.tenable.com/security/research/tra-2020-43" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service." } ] } diff --git a/2020/5xxx/CVE-2020-5762.json b/2020/5xxx/CVE-2020-5762.json index 7867b9af948..56cc40728f7 100644 --- a/2020/5xxx/CVE-2020-5762.json +++ b/2020/5xxx/CVE-2020-5762.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5762", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Grandstream HT800 Series", + "version": { + "version_data": [ + { + "version_value": "Versions 1.0.17.5 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-43", + "url": "https://www.tenable.com/security/research/tra-2020-43" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field." } ] } diff --git a/2020/5xxx/CVE-2020-5763.json b/2020/5xxx/CVE-2020-5763.json index 3b1bc0ffb42..b3726bb5594 100644 --- a/2020/5xxx/CVE-2020-5763.json +++ b/2020/5xxx/CVE-2020-5763.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5763", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Grandstream HT800 Series", + "version": { + "version_data": [ + { + "version_value": "Versions 1.0.17.5 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-489" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-43", + "url": "https://www.tenable.com/security/research/tra-2020-43" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt." } ] } diff --git a/2020/7xxx/CVE-2020-7695.json b/2020/7xxx/CVE-2020-7695.json index c1553280872..1c69586d060 100644 --- a/2020/7xxx/CVE-2020-7695.json +++ b/2020/7xxx/CVE-2020-7695.json @@ -63,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects all versions of package uvicorn. Uvicorn's implementation of the HTTP protocol for the httptools parser is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers." + "value": "Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers." } ] },