|
248811
|
7.5 |
HIGH
Network
|
openvpn
|
openvpn
|
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
|
CWE-20
Improper Input Validation
|
CVE-2017-7478
|
2024-11-21 12:31 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248812
|
10.0 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2017-7213
|
2024-11-21 12:31 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248813
|
7.5 |
HIGH
Network
|
postgresql
|
postgresql
|
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
|
CWE-200
Information Exposure
|
CVE-2017-7486
|
2024-11-21 12:31 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248814
|
5.9 |
MEDIUM
Network
|
postgresql
|
postgresql
|
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connectio…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-7485
|
2024-11-21 12:31 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248815
|
7.5 |
HIGH
Network
|
postgresql
|
postgresql
|
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges…
|
CWE-200
Information Exposure
|
CVE-2017-7484
|
2024-11-21 12:31 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248816
|
9.8 |
CRITICAL
Network
|
keycloak
|
keycloak-nodejs-auth-utils
|
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, …
|
NVD-CWE-noinfo
|
CVE-2017-7474
|
2024-11-21 12:31 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248817
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring cal…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2017-7472
|
2024-11-21 12:31 |
2017-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248818
|
9.1 |
CRITICAL
Network
|
vaultive
|
office_365_security
|
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-7229
|
2024-11-21 12:31 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248819
|
9.8 |
CRITICAL
Network
|
novell
netiq
|
imanager
|
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
|
NVD-CWE-noinfo
|
CVE-2017-7432
|
2024-11-21 12:31 |
2017-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248820
|
8.8 |
HIGH
Network
|
novell
netiq
|
imanager
|
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
|
CWE-352
Origin Validation Error
|
CVE-2017-7431
|
2024-11-21 12:31 |
2017-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
