"-Synchronized-Data."

2013/7xxx/CVE-2013-7285.json

@@ -2,7 +2,7 @@
     "CVE_data_meta": {
         "ASSIGNER": "cve@mitre.org",
         "ID": "CVE-2013-7285",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
     },
     "data_format": "MITRE",
     "data_type": "CVE",
@@ -11,7 +11,71 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20140109 Re: CVE request: remote code execution via deserialization in XStream",
+                "url": "http://seclists.org/oss-sec/2014/q1/69"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[xstream-user] 20130717 Re: Is it possible to unregister the DynamicProxyConverter using the SpringOXM wrapper",
+                "url": "https://www.mail-archive.com/user@xstream.codehaus.org/msg00604.html"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[xstream-user] 20130718 Re: Is it possible to unregister the DynamicProxyConverter using the SpringOXM wrapper",
+                "url": "https://www.mail-archive.com/user@xstream.codehaus.org/msg00607.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html",
+                "url": "http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://x-stream.github.io/CVE-2013-7285.html",
+                "url": "https://x-stream.github.io/CVE-2013-7285.html"
             }
         ]
     }

2018/15xxx/CVE-2018-15610.json

@@ -73,6 +73,11 @@
                 "name": "https://downloads.avaya.com/css/P8/documents/101051984",
                 "refsource": "CONFIRM",
                 "url": "https://downloads.avaya.com/css/P8/documents/101051984"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html",
+                "url": "https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html"
             }
         ]
     },

2018/8xxx/CVE-2018-8812.json

@@ -1,71 +1,17 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2018-8812",
-        "STATE": "PUBLIC"
-    },
-    "affects": {
-        "vendor": {
-            "vendor_data": [
-                {
-                    "product": {
-                        "product_data": [
-                            {
-                                "product_name": "n/a",
-                                "version": {
-                                    "version_data": [
-                                        {
-                                            "version_value": "n/a"
-                                        }
-                                    ]
-                                }
-                            }
-                        ]
-                    },
-                    "vendor_name": "n/a"
-                }
-            ]
-        }
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2018-8812",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "REJECT"
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "An issue was discovered in Avaya one-X Portal for IP Office 9.1.2.0 and prior. The DownloadToLocalDriveServlet function from the AFA portal is only intended to download backup ZIP files from the server to the operator desktop; however, a malicious user capable of intercepting the HTTP request would be able to modify folder and filename parameters in order to get access to any file on the underlying operating system, as demonstrated by a folder=/etc/&filename=passwd query string. Additionally it could cause a DoS, as this functions also implements file deletion after downloading."
+                "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-15610. Reason: This candidate is a reservation duplicate of CVE-2018-15610. Notes: All CVE users should reference CVE-2018-15610 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
-            }
-        ]
-    },
-    "problemtype": {
-        "problemtype_data": [
-            {
-                "description": [
-                    {
-                        "lang": "eng",
-                        "value": "n/a"
-                    }
-                ]
-            }
-        ]
-    },
-    "references": {
-        "reference_data": [
-            {
-                "url": "http://avaya.com",
-                "refsource": "MISC",
-                "name": "http://avaya.com"
-            },
-            {
-                "url": "http://one-x.com",
-                "refsource": "MISC",
-                "name": "http://one-x.com"
-            },
-            {
-                "refsource": "MISC",
-                "name": "https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html",
-                "url": "https://packetstormsecurity.com/files/149284/Avaya-one-X-9.x-10.0.x-10.1.x-Arbitrary-File-Disclosure-Deletion.html"
             }
         ]
     }

2019/8xxx/CVE-2019-8936.json

@@ -106,6 +106,11 @@
                 "refsource": "CONFIRM",
                 "name": "http://bugs.ntp.org/show_bug.cgi?id=3565",
                 "url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html",
+                "url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
             }
         ]
     }

2019/9xxx/CVE-2019-9494.json

@@ -108,6 +108,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
                 "url": "https://seclists.org/bugtraq/2019/May/40"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
+                "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
             }
         ]
     },

2019/9xxx/CVE-2019-9495.json

@@ -100,6 +100,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
                 "url": "https://seclists.org/bugtraq/2019/May/40"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
+                "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
             }
         ]
     },

2019/9xxx/CVE-2019-9496.json

@@ -100,6 +100,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
                 "url": "https://seclists.org/bugtraq/2019/May/40"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
+                "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
             }
         ]
     },

2019/9xxx/CVE-2019-9497.json

@@ -124,6 +124,11 @@
                 "refsource": "BUGTRAQ",
                 "name": "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa",
                 "url": "https://seclists.org/bugtraq/2019/May/40"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html",
+                "url": "http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"
             }
         ]
     },