admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-28 18:00:49 +00:00
parent 8bce4dc9c8
commit e1bcd7deba
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
70 changed files with 1337 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/14xxx/CVE-2018-14867.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14867",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/odoo/odoo/commits/master",
"refsource": "MISC",
"name": "https://github.com/odoo/odoo/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/odoo/odoo/issues/32503",
"url": "https://github.com/odoo/odoo/issues/32503"
}
]
}

53
2018/14xxx/CVE-2018-14868.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14868",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/odoo/odoo/commits/master",
"refsource": "MISC",
"name": "https://github.com/odoo/odoo/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/odoo/odoo/issues/32507",
"url": "https://github.com/odoo/odoo/issues/32507"
}
]
}

53
2018/14xxx/CVE-2018-14885.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14885",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/odoo/odoo/commits/master",
"refsource": "MISC",
"name": "https://github.com/odoo/odoo/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/odoo/odoo/issues/32512",
"url": "https://github.com/odoo/odoo/issues/32512"
}
]
}

53
2018/14xxx/CVE-2018-14886.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14886",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The module-description renderer in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier does not disable RST's local file inclusion, which allows privileged authenticated users to read local files via a crafted module description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/odoo/odoo/commits/master",
"refsource": "MISC",
"name": "https://github.com/odoo/odoo/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/odoo/odoo/issues/32513",
"url": "https://github.com/odoo/odoo/issues/32513"
}
]
}

53
2018/14xxx/CVE-2018-14887.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14887",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/odoo/odoo/commits/master",
"refsource": "MISC",
"name": "https://github.com/odoo/odoo/commits/master"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/odoo/odoo/issues/32511",
"url": "https://github.com/odoo/odoo/issues/32511"
}
]
}

58
2018/14xxx/CVE-2018-14916.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14916",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20190409 Loytec LGATE-902: Multiple Vulnerabilities (XSS, Path traversal and File Deletion)",
"url": "http://seclists.org/fulldisclosure/2019/Apr/12"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html",
"url": "http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html"
},
{
"refsource": "FULLDISC",
"name": "20190407 Loytec LGATE-902: Multiple Vulnerabilities (XSS, Path traversal and File Deletion)",
"url": "https://seclists.org/fulldisclosure/2019/Apr/12"
}
]
}

58
2018/14xxx/CVE-2018-14918.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14918",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LOYTEC LGATE-902 6.3.2 devices allow Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20190409 Loytec LGATE-902: Multiple Vulnerabilities (XSS, Path traversal and File Deletion)",
"url": "http://seclists.org/fulldisclosure/2019/Apr/12"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html",
"url": "http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html"
},
{
"refsource": "FULLDISC",
"name": "20190407 Loytec LGATE-902: Multiple Vulnerabilities (XSS, Path traversal and File Deletion)",
"url": "https://seclists.org/fulldisclosure/2019/Apr/12"
}
]
}

48
2018/17xxx/CVE-2018-17170.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17170",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://research.hisolutions.com/2019/06/web-vulnerabilities-are-coming-to-the-desktop-template-injections-lead-to-rce-in-teamwire/",
"url": "https://research.hisolutions.com/2019/06/web-vulnerabilities-are-coming-to-the-desktop-template-injections-lead-to-rce-in-teamwire/"
}
]
}

48
2018/17xxx/CVE-2018-17560.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17560",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The admin interface of the Grouptime Teamwire Client 1.5.1 prior to 1.9.0 on-premises messenger server allows stored XSS. All backend versions prior to prod-2018-11-13-15-00-42 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://research.hisolutions.com/2019/06/web-vulnerabilities-are-coming-to-the-desktop-template-injections-lead-to-rce-in-teamwire/",
"url": "https://research.hisolutions.com/2019/06/web-vulnerabilities-are-coming-to-the-desktop-template-injections-lead-to-rce-in-teamwire/"
}
]
}

5
2018/19xxx/CVE-2018-19210.json
View File

@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1161",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00041.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-fa3e40f00a",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TX5UEYHGMTNEHJB4FHE7HCJ75UQDNKGB/"
}
]
}

62
2018/20xxx/CVE-2018-20807.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20807",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730/",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly."
}
]
}
}

62
2018/20xxx/CVE-2018-20808.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20808",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX."
}
]
}
}

62
2018/20xxx/CVE-2018-20809.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20809",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX."
}
]
}
}

62
2018/20xxx/CVE-2018-20810.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20810",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session data between cluster nodes during cluster synchronization is not properly encrypted in Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX, PPS 5.2RX, or stand-alone devices."
}
]
}
}

62
2018/20xxx/CVE-2018-20811.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20811",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hidden RPC service issue was found with Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2 and 8.1RX before 8.1R12."
}
]
}
}

62
2018/20xxx/CVE-2018-20812.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20812",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure issue where IPv6 DNS traffic would be sent outside of the VPN tunnel (when Traffic Enforcement was enabled) exists in Pulse Secure Pulse Secure Desktop 9.0R1 and below. This is applicable only to dual-stack (IPv4/IPv6) endpoints."
}
]
}
}

62
2018/20xxx/CVE-2018-20813.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20813",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An input validation issue has been found with login_meeting.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R2."
}
]
}
}

62
2018/20xxx/CVE-2018-20814.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20814",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX."
}
]
}
}

56
2019/12xxx/CVE-2019-12932.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12932",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG",
"url": "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG"
}
]
}

5
2019/5xxx/CVE-2019-5787.json
View File

@ -53,6 +53,11 @@
"url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5788.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/925864",
"refsource": "MISC",
"name": "https://crbug.com/925864"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5789.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/921581",
"refsource": "MISC",
"name": "https://crbug.com/921581"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5790.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/914736",
"refsource": "MISC",
"name": "https://crbug.com/914736"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5791.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/926651",
"refsource": "MISC",
"name": "https://crbug.com/926651"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5792.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/914983",
"refsource": "MISC",
"name": "https://crbug.com/914983"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5793.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/937487",
"refsource": "MISC",
"name": "https://crbug.com/937487"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5794.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/935175",
"refsource": "MISC",
"name": "https://crbug.com/935175"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5795.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/919643",
"refsource": "MISC",
"name": "https://crbug.com/919643"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5796.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/918861",
"refsource": "MISC",
"name": "https://crbug.com/918861"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5798.json
View File

@ -103,6 +103,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1664",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5799.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/905301",
"refsource": "MISC",
"name": "https://crbug.com/905301"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5800.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/894228",
"refsource": "MISC",
"name": "https://crbug.com/894228"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5801.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/921390",
"refsource": "MISC",
"name": "https://crbug.com/921390"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5802.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/632514",
"refsource": "MISC",
"name": "https://crbug.com/632514"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5803.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/909865",
"refsource": "MISC",
"name": "https://crbug.com/909865"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5804.json
View File

@ -53,6 +53,11 @@
"url": "https://crbug.com/933004",
"refsource": "MISC",
"name": "https://crbug.com/933004"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5805.json
View File

@ -54,6 +54,11 @@
"url": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5806.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/943087",
"refsource": "MISC",
"name": "https://crbug.com/943087"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5807.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/945644",
"refsource": "MISC",
"name": "https://crbug.com/945644"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5808.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/947029",
"refsource": "MISC",
"name": "https://crbug.com/947029"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5809.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/941008",
"refsource": "MISC",
"name": "https://crbug.com/941008"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5810.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/916838",
"refsource": "MISC",
"name": "https://crbug.com/916838"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5811.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/771815",
"refsource": "MISC",
"name": "https://crbug.com/771815"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5812.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/925598",
"refsource": "MISC",
"name": "https://crbug.com/925598"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5813.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/942699",
"refsource": "MISC",
"name": "https://crbug.com/942699"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5814.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/930057",
"refsource": "MISC",
"name": "https://crbug.com/930057"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5816.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/940245",
"refsource": "MISC",
"name": "https://crbug.com/940245"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5817.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/943709",
"refsource": "MISC",
"name": "https://crbug.com/943709"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5818.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/929962",
"refsource": "MISC",
"name": "https://crbug.com/929962"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5819.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/919356",
"refsource": "MISC",
"name": "https://crbug.com/919356"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5820.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/919635",
"refsource": "MISC",
"name": "https://crbug.com/919635"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5821.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/919640",
"refsource": "MISC",
"name": "https://crbug.com/919640"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5822.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/926105",
"refsource": "MISC",
"name": "https://crbug.com/926105"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5823.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/930154",
"refsource": "MISC",
"name": "https://crbug.com/930154"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5824.json
View File

@ -54,6 +54,11 @@
"url": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5827.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/952406",
"refsource": "MISC",
"name": "https://crbug.com/952406"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5828.json
View File

@ -54,6 +54,11 @@
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5829.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/958533",
"refsource": "MISC",
"name": "https://crbug.com/958533"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5830.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/665766",
"refsource": "MISC",
"name": "https://crbug.com/665766"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5831.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/950328",
"refsource": "MISC",
"name": "https://crbug.com/950328"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5832.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/959390",
"refsource": "MISC",
"name": "https://crbug.com/959390"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5833.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/945067",
"refsource": "MISC",
"name": "https://crbug.com/945067"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5834.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/962368",
"refsource": "MISC",
"name": "https://crbug.com/962368"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5835.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/939239",
"refsource": "MISC",
"name": "https://crbug.com/939239"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5836.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/947342",
"refsource": "MISC",
"name": "https://crbug.com/947342"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5837.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/918293",
"refsource": "MISC",
"name": "https://crbug.com/918293"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5838.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/893087",
"refsource": "MISC",
"name": "https://crbug.com/893087"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5839.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/925614",
"refsource": "MISC",
"name": "https://crbug.com/925614"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

5
2019/5xxx/CVE-2019-5840.json
View File

@ -54,6 +54,11 @@
"url": "https://crbug.com/951782",
"refsource": "MISC",
"name": "https://crbug.com/951782"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1666",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
}
]
},

77
2019/9xxx/CVE-2019-9843.json Normal file
View File

@ -0,0 +1,77 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9843",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/diffplug/spotless/blob/master/plugin-maven/CHANGES.md#version-1200---march-14th-2018-javadoc-jcenter",
"url": "https://github.com/diffplug/spotless/blob/master/plugin-maven/CHANGES.md#version-1200---march-14th-2018-javadoc-jcenter"
},
{
"refsource": "MISC",
"name": "https://github.com/diffplug/spotless/issues/358",
"url": "https://github.com/diffplug/spotless/issues/358"
},
{
"refsource": "MISC",
"name": "https://github.com/diffplug/spotless/blob/master/plugin-gradle/CHANGES.md#version-3200---march-11th-2018-javadoc-jcenter",
"url": "https://github.com/diffplug/spotless/blob/master/plugin-gradle/CHANGES.md#version-3200---march-11th-2018-javadoc-jcenter"
},
{
"refsource": "MISC",
"name": "https://github.com/diffplug/spotless/pull/369",
"url": "https://github.com/diffplug/spotless/pull/369"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file."
}
]
}
}