CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OPENSUSE Linux•added 2018/09/22 9:15 a.m.•57 views

Security update for python-Django (moderate)

This update for python-Django to version 2.08 fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed: - Fixed a regression in Django 2.0.7 that broke the...

1.9AI score0.2549EPSS

Exploits0References1

OSV•added 2018/09/11 1:29 p.m.•4 views

CVE-2016-7070

A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database...

8CVSS5.8AI score0.00635EPSS

Tenable Nessus•added 2018/08/28 12:0 a.m.•35 views

openSUSE Security Update : python-Django (openSUSE-2018-914)

This update for python-Django to version 2.08 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed : - Fixed a regression in Django 2.0.7 that broke the...

6.1CVSS6.1AI score0.2549EPSS

RedHat Linux•added 2018/08/23 3:18 p.m.•4 views

postgresql: Certain host connection parameters defeat client-side security defenses

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side...

8.5CVSS7.3AI score0.05154EPSS

Exploits0References5

@arpinum/postgres (>=4.0.0-beta12 <=4.0.0-beta14), appointmed-epr-template-common (>=0.0.46 <=0.0.65) +9 more potentially affected by CVE-2017-16082 via pg (>=6.2.2 <=6.2.3)

pg NPM version =6.2.2, =4.0.0-beta12, =0.0.46, =0.0.35, =0.13.3, =0.0.1, =0.0.1, =1.0.0, =1.0.3 - pg-promise-strict =0.3.4 - pgo =0.2.1 Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

vulnersOsv•added 2018/07/24 7:44 p.m.•5 views

@keyv/postgres (>=1.0.7 <=1.0.9), keyv-postgres (>=1.0.5 <=1.0.6) +2 more potentially affected by CVE-2017-16082 via pg (>=7.1.0 <=7.1.1)

pg NPM version =7.1.0, =1.0.7, =1.0.5, =0.0.1, =0.0.3 Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

@emartech/me-psql-query-builder (>=1.0.0 <=1.1.0), @evocodes/parse-server (>=2.2.17 <=2.2.27) +50 more potentially affected by CVE-2017-16082 via pg (>=5.0.0 <=5.1.0)

pg NPM version =5.0.0, =1.0.0, =2.2.17, =0.9.28, =1.0.0, =0.4.0, =0.1.0, =0.0.2, =0.1.3, =0.2.30, =0.2.33 and more Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

@starboard/models (>=2.0.0 <=3.0.1), @starboard/shared-backend (=3.0.0) +25 more potentially affected by CVE-2017-16082 via pg (>=6.0.0 <=6.0.4)

pg NPM version =6.0.0, =2.0.0, =0.6.0, =0.0.1, =1.0.0, =0.2.0, =0.1.0, =2.0.2, =1.3.1, =0.0.1, =0.0.4, =0.1.0, =0.3.3 and more Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

@aliens-lyon.fr/ep_mypads (=1.7.24), @arpinum/postgres (>=1.0.0-beta <=4.0.0-beta11) +56 more potentially affected by CVE-2017-16082 via pg (>=6.1.0 <=6.1.5)

pg NPM version =6.1.0, =1.0.0-beta, =1.0.2, =0.0.1, =0.0.23, =0.1.1, =0.1.1, =0.0.2, =0.0.9, =1.6.5, =0.2.7, =1.0.2, =1.0.3 and more Source cves: CVE-2017-16082 Source advisory: OSV:GHSA-WC9V-MJ63-M9G5...

Kitploit•added 2018/06/09 2:12 p.m.•96 views

Msploitego - Pentesting Suite For Maltego Based On Data In A Metasploit Database

msploitego leverages the data gathered in a Metasploit database by enumerating and creating specific entities for services. Services like samba, smtp, snmp, http have transforms to enumerate even further. Entities can either be loaded from a Metasploit XML file or taken directly from the Postgres...

7.2AI score

Exploits0References1

NVD•added 2018/05/31 8:29 p.m.•27 views

CVE-2016-10554

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

9.8CVSS9.6AI score0.01913EPSS

OSV•added 2018/05/31 8:29 p.m.•20 views

CVE-2016-10554

9.8CVSS9.8AI score

OSV•added 2018/05/31 8:29 p.m.•14 views

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

9.8CVSS10AI score

NVD•added 2018/05/31 8:29 p.m.•34 views

CVE-2016-10553

9.8CVSS9.7AI score0.01285EPSS

Prion•added 2018/05/31 8:29 p.m.•12 views

Code injection

7.5CVSS7.6AI score0.01913EPSS

Exploits0References2Affected Software1

Prion•added 2018/05/31 8:29 p.m.•10 views

Sql injection

7.5CVSS8.1AI score0.01285EPSS

Exploits0References2Affected Software1

CVE•added 2018/05/31 8:0 p.m.•53 views

CVE-2016-10553

CVE-2016-10553 affects the Node.js ORM sequelize . The vulnerability is a SQL Injection when user input is concatenated into queries, specifically in patterns like findOne or where: "user input". Affected versions are the pre-3.0 releases; the recommended fix is to upgrade to version 3.0.0 or lat...

9.8CVSS9.7AI score0.01285EPSS

Exploits0References2Affected Software1

Cvelist•added 2018/05/31 8:0 p.m.•31 views

CVE-2016-10553

9.8AI score0.01285EPSS

Cvelist•added 2018/05/31 8:0 p.m.•20 views

CVE-2016-10550

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements. This affects sequeliz...

9.6AI score0.01913EPSS