|
247291
|
7.8 |
HIGH
Local
|
solarcontrols
|
wattconfig_m
|
An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-9648
|
2024-11-21 12:36 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247292
|
7.8 |
HIGH
Local
|
solarcontrols
|
heating_control_downloader
|
An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identifie…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-9646
|
2024-11-21 12:36 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247293
|
6.1 |
MEDIUM
Network
|
apache
|
sling_servlets_post
|
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially craf…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9802
|
2024-11-21 12:36 |
2017-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247294
|
9.8 |
CRITICAL
Network
|
apache
|
subversion
|
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be ge…
|
CWE-20
Improper Input Validation
|
CVE-2017-9800
|
2024-11-21 12:36 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247295
|
5.4 |
MEDIUM
Network
|
synology
|
video_station
|
Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the titl…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9556
|
2024-11-21 12:36 |
2017-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247296
|
8.8 |
HIGH
Network
|
apache
|
storm
|
It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to…
|
NVD-CWE-noinfo
|
CVE-2017-9799
|
2024-11-21 12:36 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247297
|
7.5 |
HIGH
Network
|
apache
|
commons_email
|
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.
|
CWE-20
Improper Input Validation
|
CVE-2017-9801
|
2024-11-21 12:36 |
2017-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247298
|
7.5 |
HIGH
Network
|
sma
|
sunny_explorer
|
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the ven…
|
NVD-CWE-noinfo
|
CVE-2017-9851
|
2024-11-21 12:36 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247299
|
5.5 |
MEDIUM
Local
|
razerzone
|
razer_synapse
|
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9770
|
2024-11-21 12:36 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247300
|
9.8 |
CRITICAL
Network
|
razer
|
synapse
|
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
|
NVD-CWE-noinfo
|
CVE-2017-9769
|
2024-11-21 12:36 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
