diff --git a/cves.json b/cves.json index bec45974f3..1d91d6e19f 100644 --- a/cves.json +++ b/cves.json @@ -468,6 +468,7 @@ {"ID":"CVE-2017-5631","Info":{"Name":"KMCIS CaseAware - Cross-Site Scripting","Severity":"medium","Description":"KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-5631.yaml"} {"ID":"CVE-2017-5638","Info":{"Name":"Apache Struts 2 - Remote Command Execution","Severity":"critical","Description":"Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2017/CVE-2017-5638.yaml"} {"ID":"CVE-2017-5689","Info":{"Name":"Intel Active Management - Authentication Bypass","Severity":"critical","Description":"Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability. A non-privileged local attacker can provision manageability features, gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology. The issue has been observed in versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for all three platforms. Versions before 6 and after 11.6 are not impacted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-5689.yaml"} +{"ID":"CVE-2017-5868","Info":{"Name":"OpenVPN Access Server 2.1.4 - CRLF Injection","Severity":"medium","Description":"CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via \"%0A\" characters in the PATH_INFO to __session_start__/.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-5868.yaml"} {"ID":"CVE-2017-5871","Info":{"Name":"Odoo \u003c= 8.0-20160726 \u0026 9.0 - Open Redirect","Severity":"medium","Description":"An Open Redirect vulnerability in Odoo versions \u003c= 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2017/CVE-2017-5871.yaml"} {"ID":"CVE-2017-5982","Info":{"Name":"Kodi 17.1 - Local File Inclusion","Severity":"high","Description":"Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-5982.yaml"} {"ID":"CVE-2017-6090","Info":{"Name":"PhpColl 2.5.1 Arbitrary File Upload","Severity":"high","Description":"PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-6090.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 052434a5bd..90bf08a336 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -82b2d38fd4838befef93981eabef941a +d3f1e008f0e27b83736f6ba5a04abe2d