|
251721
|
9.8 |
CRITICAL
Network
|
mit
|
kerberos_5
|
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15088
|
2024-11-21 12:14 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251722
|
3.7 |
LOW
Network
|
norton
|
install_norton_security
|
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pu…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-15528
|
2024-11-21 12:14 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251723
|
6.5 |
MEDIUM
Network
|
postgresql
debian
|
postgresql
debian_linux
|
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits …
|
CWE-200
Information Exposure
|
CVE-2017-15099
|
2024-11-21 12:14 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251724
|
8.1 |
HIGH
Network
|
postgresql
debian
|
postgresql
debian_linux
|
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can cr…
|
CWE-200
Information Exposure
|
CVE-2017-15098
|
2024-11-21 12:14 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251725
|
6.8 |
MEDIUM
Adjacent
|
symantec
|
management_console
|
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / s…
|
CWE-22
Path Traversal
|
CVE-2017-15527
|
2024-11-21 12:14 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251726
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless …
|
CWE-200
Information Exposure
|
CVE-2017-15110
|
2024-11-21 12:14 |
2017-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251727
|
5.5 |
MEDIUM
Local
|
netapp
|
altavault_ost_plug-in
|
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by …
|
CWE-200
Information Exposure
|
CVE-2017-15517
|
2024-11-21 12:14 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251728
|
8.8 |
HIGH
Network
|
netapp
|
snapcenter_server
|
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user inte…
|
CWE-352
Origin Validation Error
|
CVE-2017-15516
|
2024-11-21 12:14 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251729
|
7.8 |
HIGH
Local
|
linux
debian
suse
canonical
|
linux_kernel
debian_linux
linux_enterprise_server
ubuntu_linux
|
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of…
|
CWE-416
Use After Free
|
CVE-2017-15115
|
2024-11-21 12:14 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251730
|
6.3 |
MEDIUM
Physics
|
linux
redhat
canonical
|
linux_kernel
enterprise_linux
ubuntu_linux
|
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15102
|
2024-11-21 12:14 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
