|
256371
|
5.4 |
MEDIUM
Network
|
teampass
|
teampass
|
Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15051
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256372
|
8.1 |
HIGH
Network
|
redhat
|
openstack_platform
|
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authenticati…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-15114
|
2024-11-21 12:14 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256373
|
6.1 |
MEDIUM
Network
|
theforeman
redhat
|
foreman
satellite
satellite_capsule
|
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends…
|
-
|
CVE-2017-15100
|
2024-11-21 12:14 |
2017-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256374
|
9.8 |
CRITICAL
Network
|
mit
|
kerberos_5
|
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15088
|
2024-11-21 12:14 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256375
|
3.7 |
LOW
Network
|
norton
|
install_norton_security
|
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the pu…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-15528
|
2024-11-21 12:14 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256376
|
6.5 |
MEDIUM
Network
|
postgresql
debian
|
postgresql
debian_linux
|
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits …
|
CWE-200
Information Exposure
|
CVE-2017-15099
|
2024-11-21 12:14 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256377
|
8.1 |
HIGH
Network
|
postgresql
debian
|
postgresql
debian_linux
|
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can cr…
|
CWE-200
Information Exposure
|
CVE-2017-15098
|
2024-11-21 12:14 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256378
|
6.8 |
MEDIUM
Adjacent
|
symantec
|
management_console
|
Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / s…
|
CWE-22
Path Traversal
|
CVE-2017-15527
|
2024-11-21 12:14 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256379
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless …
|
CWE-200
Information Exposure
|
CVE-2017-15110
|
2024-11-21 12:14 |
2017-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256380
|
5.5 |
MEDIUM
Local
|
netapp
|
altavault_ost_plug-in
|
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by …
|
CWE-200
Information Exposure
|
CVE-2017-15517
|
2024-11-21 12:14 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
