| Max CVSS | 9.3 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-10200 | 6.9 |
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a s
|
07-06-2023 - 12:44 | 07-03-2017 - 21:59 | |
| CVE-2017-7488 | 4.0 |
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.
|
12-02-2023 - 23:30 | 16-05-2017 - 18:29 | |
| CVE-2017-16757 | 4.6 |
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.
|
24-08-2020 - 17:37 | 09-11-2017 - 21:29 | |
| CVE-2017-11511 | 5.0 |
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to do
|
09-10-2019 - 23:22 | 08-11-2017 - 22:29 | |
| CVE-2017-11512 | 5.0 |
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to do
|
09-10-2019 - 23:22 | 08-11-2017 - 22:29 | |
| CVE-2017-4928 | 5.0 |
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by se
|
30-10-2018 - 16:27 | 17-11-2017 - 14:29 | |
| CVE-2017-15099 | 4.0 |
INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full re
|
28-08-2018 - 10:29 | 22-11-2017 - 18:29 | |
| CVE-2017-15098 | 5.5 |
Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server me
|
28-08-2018 - 10:29 | 22-11-2017 - 17:29 | |
| CVE-2017-14020 | 9.3 |
In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Desi
|
01-08-2018 - 01:29 | 13-11-2017 - 20:29 | |
| CVE-2017-4927 | 5.0 |
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
|
04-12-2017 - 16:30 | 17-11-2017 - 14:29 | |
| CVE-2004-0233 | 2.1 |
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 |