chore: generate CVEs metadata 🤖
parent
6c31f69a97
commit
81ee1d2c26
|
@ -457,6 +457,7 @@
|
||||||
{"ID":"CVE-2017-18566","Info":{"Name":"User Role by BestWebSoft \u003c 1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18566.yaml"}
|
{"ID":"CVE-2017-18566","Info":{"Name":"User Role by BestWebSoft \u003c 1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18566.yaml"}
|
||||||
{"ID":"CVE-2017-18598","Info":{"Name":"WordPress Qards - Cross-Site Scripting","Severity":"medium","Description":"WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18598.yaml"}
|
{"ID":"CVE-2017-18598","Info":{"Name":"WordPress Qards - Cross-Site Scripting","Severity":"medium","Description":"WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18598.yaml"}
|
||||||
{"ID":"CVE-2017-18638","Info":{"Name":"Graphite \u003c=1.1.5 - Server-Side Request Forgery","Severity":"high","Description":"Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-18638.yaml"}
|
{"ID":"CVE-2017-18638","Info":{"Name":"Graphite \u003c=1.1.5 - Server-Side Request Forgery","Severity":"high","Description":"Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-18638.yaml"}
|
||||||
|
{"ID":"CVE-2017-3131","Info":{"Name":"FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting","Severity":"medium","Description":"A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in \"Applications\" under FortiView.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-3131.yaml"}
|
||||||
{"ID":"CVE-2017-3506","Info":{"Name":"Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution","Severity":"high","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2017/CVE-2017-3506.yaml"}
|
{"ID":"CVE-2017-3506","Info":{"Name":"Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution","Severity":"high","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2017/CVE-2017-3506.yaml"}
|
||||||
{"ID":"CVE-2017-3528","Info":{"Name":"Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect","Severity":"medium","Description":"The Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)) is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-3528.yaml"}
|
{"ID":"CVE-2017-3528","Info":{"Name":"Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect","Severity":"medium","Description":"The Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)) is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-3528.yaml"}
|
||||||
{"ID":"CVE-2017-4011","Info":{"Name":"McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting","Severity":"medium","Description":"McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-4011.yaml"}
|
{"ID":"CVE-2017-4011","Info":{"Name":"McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting","Severity":"medium","Description":"McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-4011.yaml"}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
414736312463969f32ef17673728ebd0
|
658726d60e1b80f6d5e3cb9733cd2d29
|
||||||
|
|
Loading…
Reference in New Issue