CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

221 matches found

PostrgeSql•added 2019/06/20 12:0 a.m.•597 views

Vulnerability in core server (CVE-2019-10164)

Stack-based buffer overflow via setting a password An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as th...

9CVSS8.6AI score0.11379EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2018/08/02 2:49 a.m.•26 views

CVE-2017-12610

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...

6.8CVSS4.3AI score0.00684EPSS

Exploits0References2

Veracode•added 2018/07/27 3:15 a.m.•25 views

User Impersonation

kafka-clients is vulnerable to user impersonation attacks. The vulnerabilities exists due to the lack of authentication checks in the SASL/PLAIN and SASL/SCRAM authentication methods using the built-in PLAIN or SCRAM server implementation in kafka-clients...

6.8CVSS7.2AI score0.00684EPSS

Exploits0References13Affected Software1

NVD•added 2018/07/26 2:29 p.m.•19 views

CVE-2017-12610

6.8CVSS7.2AI score0.00684EPSS

Exploits0References6

Prion•added 2018/07/26 2:29 p.m.•18 views

Authentication flaw

4.9CVSS6.7AI score0.00684EPSS

Exploits0References6Affected Software1

OSV•added 2018/07/26 2:29 p.m.•22 views

CVE-2017-12610

6.8CVSS6.7AI score

Exploits0References6

Cvelist•added 2018/07/26 2:0 p.m.•22 views

CVE-2017-12610

6.8AI score0.00684EPSS

Exploits0References6

NVD•added 2017/05/15 2:29 p.m.•10 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS7.5AI score0.00771EPSS

Exploits1References4

Prion•added 2017/05/15 2:29 p.m.•18 views

Authentication flaw

5CVSS7AI score0.00771EPSS

Exploits1References4Affected Software1

OSV•added 2017/05/15 2:29 p.m.•18 views

CVE-2016-8741

7.5CVSS6.7AI score0.00771EPSS

Exploits1References4

CVE•added 2017/05/15 2:0 p.m.•81 views

CVE-2016-8741

Apache Qpid Broker for Java (6.0.x before 6.0.6; 6.1.x before 6.1.1) is affected. The SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProviders prematurely terminate SCRAM SASL negotiation when the provided username does not exist, enabling remote attackers to determine whether a user exists. The iss...

7.5CVSS7.3AI score0.00771EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2017/05/15 12:0 a.m.•1 views

PT-2017-9775 · Apache · Apache Qpid Broker For Java

Name of the Vulnerable Software and Affected Versions: Apache Qpid Broker for Java versions 6.0.x through 6.0.5 Apache Qpid Broker for Java versions 6.1.x through 6.1.0 Description: The Apache Qpid Broker for Java can be configured to use different AuthenticationProviders to handle user...

7.5CVSS5.9AI score0.00771EPSS

Exploits1References8

n0where•added 2017/02/16 6:5 a.m.•252 views

MongoDB Security Audit: mongoaudit

MongoDB Security Audit mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. This fact, combined with abundant lazy syst...

6.8CVSS9.6AI score0.52168EPSS

Exploits13References1

RedhatCVE•added 2017/01/03 3:18 p.m.•23 views

CVE-2016-8741

7.5CVSS3.7AI score0.00771EPSS

Exploits1References1

Veracode•added 2016/12/30 1:9 a.m.•18 views

Information Leakage

qpid-broker-core is vulnerable to information leakage. It is possible for a remote attacker to determine the existence of user accounts due to a prematurely termination SCRAM SASL negotiation. This vulnerability only applies for applications using the SCRAM-SHA-1 or SCAM-SHA-256...

7.5CVSS7.2AI score0.00771EPSS

Exploits1References2Affected Software1

0day.today•added 2016/12/29 12:0 a.m.•25 views

Apache Qpid Broker For Java 6.1.0 Information Leak Vulnerability

5CVSS7.5AI score0.00771EPSS

Exploits1

hackapp•added 2016/04/01 10:1 a.m.•7 views

Scribble Scram - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Scribble Scram published at the 'play' market has multiple vulnerabilities...

0.8AI score

Exploits0References1Affected Software1

Tenable Nessus•added 2016/03/04 12:0 a.m.•25 views

Fedora 22 : prosody-0.9.9-2.fc22 (2016-e289f41b76)

Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- Fix path traversal vulnerability in modhttpfiles CVE-2016-1231 Fix use of weak PRNG in generation of dialback secrets CVE-2016-1232 Bugs ---- Improve handling of CNAME records in DNS Fix traceback when deleting a user...

7.5CVSS6.6AI score0.00741EPSS

Exploits0References5

Tenable Nessus•added 2016/03/04 12:0 a.m.•27 views

Fedora 23 : prosody-0.9.9-2.fc23 (2016-38e48069f8)

7.5CVSS6.6AI score0.00741EPSS

Exploits0References5

The Hacker News•added 2011/04/07 10:26 a.m.•9 views

Hydra v6.2 with a password bruteforcing mode, xmpp and irc modules, MD5/SHA1/ Support !

Hydra v6.2 with a password bruteforcing mode, xmpp and irc modules, MD5/SHA1/ Support ! A very fast network logon cracker which support many different services. Have a look at the feature sets and services coverage page - including a speed comparison against ncrack and medusa! CHANGELOG for 6.2...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by