"-Synchronized-Data."

2011/5xxx/CVE-2011-5057.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces.  NOTE: the vendor disputes the significance of this report because of an \"easy work-around in existing apps by configuring the interceptor.\""
+                "value": "Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an \"easy work-around in existing apps by configuring the interceptor.\""
             }
         ]
     },
@@ -74,4 +74,4 @@
             }
         ]
     }
-}
+}

2014/0xxx/CVE-2014-0112.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094."
+                "value": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094."
             }
         ]
     },
@@ -124,4 +124,4 @@
             }
         ]
     }
-}
+}

2014/0xxx/CVE-2014-0113.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094."
+                "value": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094."
             }
         ]
     },
@@ -79,4 +79,4 @@
             }
         ]
     }
-}
+}

2014/0xxx/CVE-2014-0116.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113."
+                "value": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113."
             }
         ]
     },
@@ -79,4 +79,4 @@
             }
         ]
     }
-}
+}

2014/4xxx/CVE-2014-4035.json

@@ -61,6 +61,11 @@
                 "name": "67914",
                 "refsource": "BID",
                 "url": "http://www.securityfocus.com/bid/67914"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/154024/BSI-Advance-Hotel-Booking-System-2.0-Cross-Site-Scripting.html",
+                "url": "http://packetstormsecurity.com/files/154024/BSI-Advance-Hotel-Booking-System-2.0-Cross-Site-Scripting.html"
             }
         ]
     }

2019/11xxx/CVE-2019-11922.json

@@ -67,7 +67,12 @@
                 "refsource": "MISC",
                 "name": "https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0",
                 "url": "https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:1845",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html"
             }
         ]
     }
-}
+}

2019/12xxx/CVE-2019-12255.json

@@ -81,6 +81,11 @@
                 "refsource": "MISC",
                 "name": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12255",
                 "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12255"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.html",
+                "url": "http://packetstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.html"
             }
         ]
     }

2019/14xxx/CVE-2019-14232.json

@@ -76,6 +76,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190812 [SECURITY] [DSA 4498-1] python-django security update",
                 "url": "https://seclists.org/bugtraq/2019/Aug/15"
+            },
+            {
+                "refsource": "DEBIAN",
+                "name": "DSA-4498",
+                "url": "https://www.debian.org/security/2019/dsa-4498"
             }
         ]
     }

2019/14xxx/CVE-2019-14233.json

@@ -76,6 +76,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190812 [SECURITY] [DSA 4498-1] python-django security update",
                 "url": "https://seclists.org/bugtraq/2019/Aug/15"
+            },
+            {
+                "refsource": "DEBIAN",
+                "name": "DSA-4498",
+                "url": "https://www.debian.org/security/2019/dsa-4498"
             }
         ]
     }

2019/14xxx/CVE-2019-14234.json

@@ -71,6 +71,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190812 [SECURITY] [DSA 4498-1] python-django security update",
                 "url": "https://seclists.org/bugtraq/2019/Aug/15"
+            },
+            {
+                "refsource": "DEBIAN",
+                "name": "DSA-4498",
+                "url": "https://www.debian.org/security/2019/dsa-4498"
             }
         ]
     }

2019/14xxx/CVE-2019-14235.json

@@ -76,6 +76,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190812 [SECURITY] [DSA 4498-1] python-django security update",
                 "url": "https://seclists.org/bugtraq/2019/Aug/15"
+            },
+            {
+                "refsource": "DEBIAN",
+                "name": "DSA-4498",
+                "url": "https://www.debian.org/security/2019/dsa-4498"
             }
         ]
     }