Lucene search
K

264 matches found

OSV
OSV
added 2019/07/10 10:44 a.m.7 views

MGASA-2019-0204 Updated postgresql11 packages fix security vulnerabilities

An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL operating system account. Additionally...

9CVSS9.3AI score0.03711EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/07/10 12:0 a.m.28 views

SUSE SLED12 / SLES12 Security Update : postgresql10 (SUSE-SU-2019:1783-1)

This update for postgresql10 to version 10.9 fixes the following issue : Security issue fixed : CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing bsc1138034. More information at https://www.postgresql.org/docs/10/release-10-9.html Note that Tenable Network Security h...

9CVSS7.4AI score0.03711EPSS
Exploits0References5
PostrgeSql
PostrgeSql
added 2019/06/20 12:0 a.m.609 views

Vulnerability in core server (CVE-2019-10164)

Stack-based buffer overflow via setting a password An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as th...

9CVSS8.6AI score0.03711EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2019/06/20 12:0 a.m.41 views

PostgreSQL -- Stack-based buffer overflow via setting a password

The PostgreSQL project reports: An authenticated user could create a stack-based buffer overflow by changing their own password to a purpose-crafted value. In addition to the ability to crash the PostgreSQL server, this could be further exploited to execute arbitrary code as the PostgreSQL...

9CVSS2.4AI score0.03711EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/08/02 2:49 a.m.29 views

CVE-2017-12610

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...

6.8CVSS4.3AI score0.02985EPSS
Exploits0References2
Veracode
Veracode
added 2018/07/27 3:15 a.m.28 views

User Impersonation

kafka-clients is vulnerable to user impersonation attacks. The vulnerabilities exists due to the lack of authentication checks in the SASL/PLAIN and SASL/SCRAM authentication methods using the built-in PLAIN or SCRAM server implementation in kafka-clients...

6.8CVSS7.2AI score0.02985EPSS
Exploits0References13Affected Software1
Prion
Prion
added 2018/07/26 2:29 p.m.22 views

Authentication flaw

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...

4.9CVSS6.7AI score0.02985EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2018/07/26 2:29 p.m.30 views

CVE-2017-12610

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...

6.8CVSS7.2AI score0.02985EPSS
Exploits0References6
OSV
OSV
added 2018/07/26 2:29 p.m.25 views

CVE-2017-12610

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...

6.8CVSS6.7AI score
Exploits0References6
Cvelist
Cvelist
added 2018/07/26 2:0 p.m.33 views

CVE-2017-12610

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...

6.8AI score0.02985EPSS
Exploits0References6
NVD
NVD
added 2017/05/15 2:29 p.m.20 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS7.5AI score0.06181EPSS
Exploits1References4
Prion
Prion
added 2017/05/15 2:29 p.m.19 views

Authentication flaw

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

5CVSS7AI score0.06181EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2017/05/15 2:29 p.m.21 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS6.7AI score0.06181EPSS
Exploits1References4
CVE
CVE
added 2017/05/15 2:0 p.m.89 views

CVE-2016-8741

Apache Qpid Broker for Java (6.0.x before 6.0.6; 6.1.x before 6.1.1) is affected. The SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProviders prematurely terminate SCRAM SASL negotiation when the provided username does not exist, enabling remote attackers to determine whether a user exists. The iss...

7.5CVSS7.3AI score0.06181EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2017/05/15 12:0 a.m.2 views

PT-2017-9775 · Apache · Apache Qpid Broker For Java

Name of the Vulnerable Software and Affected Versions: Apache Qpid Broker for Java versions 6.0.x through 6.0.5 Apache Qpid Broker for Java versions 6.1.x through 6.1.0 Description: The Apache Qpid Broker for Java can be configured to use different AuthenticationProviders to handle user...

7.5CVSS5.9AI score0.06181EPSS
Exploits1References8
n0where
n0where
added 2017/02/16 6:5 a.m.274 views

MongoDB Security Audit: mongoaudit

MongoDB Security Audit mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB’s default configuration settings. This fact, combined with abundant lazy syst...

6.8CVSS9.6AI score0.44543EPSS
Exploits13References1
RedhatCVE
RedhatCVE
added 2017/01/03 3:18 p.m.27 views

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for...

7.5CVSS3.7AI score0.06181EPSS
Exploits1References1
Veracode
Veracode
added 2016/12/30 1:9 a.m.21 views

Information Leakage

qpid-broker-core is vulnerable to information leakage. It is possible for a remote attacker to determine the existence of user accounts due to a prematurely termination SCRAM SASL negotiation. This vulnerability only applies for applications using the SCRAM-SHA-1 or SCAM-SHA-256...

7.5CVSS7.2AI score0.06181EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2016/12/29 12:0 a.m.58 views

Apache Qpid Broker For Java 6.1.0 Information Leak Vulnerability

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders prematurely terminate the...

5CVSS7.5AI score0.06181EPSS
Exploits1
hackapp
hackapp
added 2016/04/01 10:1 a.m.8 views

Scribble Scram - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Scribble Scram published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder