|
250211
|
5.5 |
MEDIUM
Local
|
weka
|
interest_security_scanner
|
A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an u…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2017-20011
|
2024-11-21 12:22 |
2022-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250212
|
6.1 |
MEDIUM
Network
|
mycred
|
mycred
|
The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting
|
-
|
CVE-2017-20008
|
2024-11-21 12:22 |
2021-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250213
|
5.3 |
MEDIUM
Network
|
ingeteam
|
ingepac_da_au_firmware
|
Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated a…
|
NVD-CWE-noinfo
|
CVE-2017-20007
|
2024-11-21 12:22 |
2021-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250214
|
7.8 |
HIGH
Local
|
rarlab
|
unrar
|
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
|
CWE-787
Out-of-bounds Write
|
CVE-2017-20006
|
2024-11-21 12:22 |
2021-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250215
|
9.8 |
CRITICAL
Network
|
f5
debian
|
nginx
debian_linux
|
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date f…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-20005
|
2024-11-21 12:22 |
2021-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250216
|
5.9 |
MEDIUM
Network
|
rust-lang
|
rust
|
In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues th…
|
CWE-362
Race Condition
|
CVE-2017-20004
|
2024-11-21 12:22 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250217
|
7.8 |
HIGH
Local
|
debian
|
debian_linux
shadow
|
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are…
|
CWE-269
Improper Privilege Management
|
CVE-2017-20002
|
2024-11-21 12:22 |
2021-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250218
|
7.5 |
HIGH
Network
|
aes_encryption_project
|
aes_encryption
|
The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisor…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-20001
|
2024-11-21 12:22 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250219
|
5.9 |
MEDIUM
Network
|
hcltech
|
domino
|
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threa…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-1712
|
2024-11-21 12:22 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250220
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
|
"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
|
CWE-79
Cross-site Scripting
|
CVE-2017-1659
|
2024-11-21 12:22 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
