mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-08 11:37:04 +00:00
- Synchronized data.
This commit is contained in:
CVE Team
parent
8c5760e7e5
commit
0e4ad40a18
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server."
|
||||
"value" : "It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -55,6 +55,15 @@
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1489161"
|
||||
},
|
||||
{
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2904"
|
||||
},
|
||||
{
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2905"
|
||||
},
|
||||
{
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2906"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -55,6 +55,15 @@
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484111"
|
||||
},
|
||||
{
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2904"
|
||||
},
|
||||
{
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2905"
|
||||
},
|
||||
{
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2906"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -55,6 +55,15 @@
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484154"
|
||||
},
|
||||
{
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2904"
|
||||
},
|
||||
{
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2905"
|
||||
},
|
||||
{
|
||||
"url" : "https://access.redhat.com/errata/RHSA-2017:2906"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,30 @@
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-15911",
|
||||
"STATE" : "RESERVED"
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
@ -11,7 +34,29 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value" : "The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://becomepentester.blogspot.ae/2017/10/Cross-Site-Scripting-Openfire-4.1.6-CVE-2017-15911.html"
|
||||
},
|
||||
{
|
||||
"url" : "https://issues.igniterealtime.org/browse/OF-1417"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
60
2017/15xxx/CVE-2017-15917.json
Normal file
60
2017/15xxx/CVE-2017-15917.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-15917",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://medium.com/stolabs/security-issue-on-prtg-network-manager-ada65b45d37b"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -34,7 +34,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.?"
|
||||
"value" : "System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user