|
255321
|
6.1 |
MEDIUM
Network
|
mycred
|
mycred
|
The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2017-20008
|
2024-11-21 12:22 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255322
|
5.3 |
MEDIUM
Network
|
ingeteam
|
ingepac_da_au_firmware
|
Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated a…
|
NVD-CWE-noinfo
|
CVE-2017-20007
|
2024-11-21 12:22 |
2021-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255323
|
7.8 |
HIGH
Local
|
rarlab
|
unrar
|
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
|
CWE-787
Out-of-bounds Write
|
CVE-2017-20006
|
2024-11-21 12:22 |
2021-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255324
|
9.8 |
CRITICAL
Network
|
f5
debian
|
nginx
debian_linux
|
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date f…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-20005
|
2024-11-21 12:22 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255325
|
5.9 |
MEDIUM
Network
|
rust-lang
|
rust
|
In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues th…
|
CWE-362
Race Condition
|
CVE-2017-20004
|
2024-11-21 12:22 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255326
|
7.8 |
HIGH
Local
|
debian
|
debian_linux
shadow
|
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are…
|
CWE-269
Improper Privilege Management
|
CVE-2017-20002
|
2024-11-21 12:22 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255327
|
7.5 |
HIGH
Network
|
aes_encryption_project
|
aes_encryption
|
The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisor…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-20001
|
2024-11-21 12:22 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255328
|
5.9 |
MEDIUM
Network
|
hcltech
|
domino
|
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threa…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-1712
|
2024-11-21 12:22 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255329
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
|
"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
|
CWE-79
Cross-site Scripting
|
CVE-2017-1659
|
2024-11-21 12:22 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255330
|
5.9 |
MEDIUM
Network
|
ibm
|
infosphere_streams
|
IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-1713
|
2024-11-21 12:22 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
