Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20026 | 1 Humhub | 1 Humhub | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20025 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20024 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20023 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20021 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20020 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20019 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20018 | 1 Apachefriends | 1 Xampp | 2024-11-21 | 4.4 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. | |||||
| CVE-2017-20017 | 1 Tngsitebuilding | 1 The Next Generation Of Genealogy Sitebuilding | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20016 | 1 Weka | 1 Interest Security Scanner | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation with an unknown input leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20015 | 1 Weka | 1 Interest Security Scanner | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. The manipulation with an unknown input leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20014 | 1 Weka | 1 Interest Security Scanner | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality of the component Webspider. The manipulation with an unknown input leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20013 | 1 Weka | 1 Interest Security Scanner | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. A manipulation leads to a local denial of service. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20012 | 1 Weka | 1 Interest Security Scanner | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20011 | 1 Weka | 1 Interest Security Scanner | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Handler. The manipulation with an unknown input leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2017-20008 | 1 Mycred | 1 Mycred | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2017-20007 | 1 Ingeteam | 2 Ingepac Da Au, Ingepac Da Au Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the deviceĀ“s web service could exploit this vulnerability in order to obtain different configuration files. | |||||
| CVE-2017-20006 | 2 Linux, Rarlab | 2 Linux Kernel, Unrar | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). | |||||
| CVE-2017-20005 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module. | |||||
| CVE-2017-20004 | 1 Rust-lang | 1 Rust | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions. | |||||