diff --git a/2012/0xxx/CVE-2012-0828.json b/2012/0xxx/CVE-2012-0828.json index acc5f571182..9557002f0c7 100644 --- a/2012/0xxx/CVE-2012-0828.json +++ b/2012/0xxx/CVE-2012-0828.json @@ -1,8 +1,41 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0828", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "xchat", + "product": { + "product_data": [ + { + "product_name": "Xchat-WDK", + "version": { + "version_data": [ + { + "version_value": "before 1499-4 (2012-01-18)" + } + ] + } + }, + { + "product_name": "xchat", + "version": { + "version_data": [ + { + "version_value": "2.8.6 on Maemo architecture" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +44,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service (xchat client crash) or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-0828", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-0828" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0828", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0828" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-0828", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-0828" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/02/01/9", + "url": "http://www.openwall.com/lists/oss-security/2012/02/01/9" } ] } diff --git a/2012/0xxx/CVE-2012-0844.json b/2012/0xxx/CVE-2012-0844.json index d127025ed2a..9c601dd16c3 100644 --- a/2012/0xxx/CVE-2012-0844.json +++ b/2012/0xxx/CVE-2012-0844.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0844", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "netsurf", + "product": { + "product_data": [ + { + "product_name": "netsurf", + "version": { + "version_data": [ + { + "version_value": "through 2.8" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNKNOWN_TYPE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-0844", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-0844" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-0844", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-0844" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/02/11/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/02/11/3" + }, + { + "refsource": "BID", + "name": "51981", + "url": "https://www.securityfocus.com/bid/51981" } ] } diff --git a/2013/3xxx/CVE-2013-3587.json b/2013/3xxx/CVE-2013-3587.json index e674af7639f..11b0db424ad 100644 --- a/2013/3xxx/CVE-2013-3587.json +++ b/2013/3xxx/CVE-2013-3587.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2013-3587", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,101 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a \"BREACH\" attack, a different issue than CVE-2012-4929." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HTTPS protocol", + "version": { + "version_data": [ + { + "version_value": "all" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://breachattack.com/", + "url": "http://breachattack.com/" + }, + { + "refsource": "MISC", + "name": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407", + "url": "http://security.stackexchange.com/questions/20406/is-http-compression-safe#20407" + }, + { + "refsource": "MISC", + "name": "http://slashdot.org/story/13/08/05/233216", + "url": "http://slashdot.org/story/13/08/05/233216" + }, + { + "refsource": "MISC", + "name": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf", + "url": "http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.blackhat.com/us-13/briefings.html#Prado", + "url": "https://www.blackhat.com/us-13/briefings.html#Prado" + }, + { + "refsource": "MISC", + "name": "http://github.com/meldium/breach-mitigation-rails", + "url": "http://github.com/meldium/breach-mitigation-rails" + }, + { + "refsource": "MISC", + "name": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/", + "url": "https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/" + }, + { + "refsource": "MISC", + "name": "http://www.kb.cert.org/vuls/id/987798", + "url": "http://www.kb.cert.org/vuls/id/987798" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/254895", + "url": "https://hackerone.com/reports/254895" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=995168", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995168" + }, + { + "refsource": "MISC", + "name": "https://support.f5.com/csp/article/K14634", + "url": "https://support.f5.com/csp/article/K14634" } ] } diff --git a/2019/9xxx/CVE-2019-9853.json b/2019/9xxx/CVE-2019-9853.json index d2932415016..59145777276 100644 --- a/2019/9xxx/CVE-2019-9853.json +++ b/2019/9xxx/CVE-2019-9853.json @@ -149,6 +149,11 @@ "refsource": "FULLDISC", "name": "20200220 Open-Xchange Security Advisory 2020-02-19", "url": "http://seclists.org/fulldisclosure/2020/Feb/23" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/156474/Open-Xchange-App-Suite-Documents-Server-Side-Request-Forgery.html" } ] }, diff --git a/2020/9xxx/CVE-2020-9320.json b/2020/9xxx/CVE-2020-9320.json index 83e30cc721d..9926fd2df55 100644 --- a/2020/9xxx/CVE-2020-9320.json +++ b/2020/9xxx/CVE-2020-9320.json @@ -61,6 +61,11 @@ "url": "https://www.zoller.lu/[TZO-01-2020]%20AVIRA%20Generic%20Bypass%20ISO.pdf", "refsource": "MISC", "name": "https://www.zoller.lu/[TZO-01-2020]%20AVIRA%20Generic%20Bypass%20ISO.pdf" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html", + "url": "http://packetstormsecurity.com/files/156472/AVIRA-Generic-Malformed-Container-Bypass.html" } ] }