CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4652 matches found

VulnCheck KEV•added 2017/10/19 12:0 a.m.•3 views

VulnCheck KEV: CVE-2017-8225

On Wireless IP Camera P2P WIFICAM devices, access to .ini files containing credentials is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI...

9.8CVSS7.4AI score0.17865EPSS

Exploits4References1

CNVD•added 2017/10/16 12:0 a.m.•2 views

Flexense VX Search Enterprise Buffer Overflow Vulnerability

Flexense VX Search Enterprise is an automated rules-based document search solution from Flexense Canada. A buffer overflow vulnerability exists in Flexense VX Search Enterprise version 10.1.12. A remote attacker could exploit the vulnerability by sending a buffer overflow to a file that begins wi...

9.8CVSS9.9AI score0.07104EPSS

Exploits5References1

OSV•added 2017/10/11 1:29 p.m.•2 views

CVE-2017-15220

Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code...

9.8CVSS6.4AI score0.07104EPSS

Exploits5References1

Tenable Nessus•added 2017/10/11 12:0 a.m.•41 views

Amazon Linux AMI : postgresql96 (ALAS-2017-908)

The pgusermappings view discloses passwords to users lacking server privileges : An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords from the user...

9.8CVSS7.1AI score0.61566EPSS

Exploits0References3

Tenable Nessus•added 2017/10/10 12:0 a.m.•30 views

EulerOS 2.0 SP2 : postgresql (EulerOS-SA-2017-1232)

According to the versions of the postgresql packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an emp...

9.8CVSS7.2AI score0.61566EPSS

Exploits0References3

OpenVAS•added 2017/10/07 12:0 a.m.•32 views

CentOS Update for postgresql CESA-2017:2860 centos6

Check the version of postgresql SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882782";...

9.8CVSS7.2AI score0.61566EPSS

Exploits0References2

Amazon•added 2017/10/06 12:0 a.m.•34 views

Medium: postgresql96

Issue Overview: The pgusermappings view discloses passwords to users lacking server privileges: An authorization flaw was found in the way PostgreSQL handled access to the pgusermappings view on foreign servers. A remote authenticated attacker could potentially use this flaw to retrieve passwords...

9.8CVSS9.8AI score0.61566EPSS

Exploits0

Tenable Nessus•added 2017/10/06 12:0 a.m.•39 views

Scientific Linux Security Update : postgresql on SL6.x i386/x86_64 (20171005)

Security Fixes : - It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. CVE-2017-7546...

9.8CVSS7.3AI score0.61566EPSS

Exploits0References2

RedHat Linux•added 2017/10/05 8:19 a.m.•118 views

Moderate: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.8AI score0.61566EPSS

Exploits0References3

RedHat Linux•added 2017/10/05 8:19 a.m.•3 views

postgresql: Empty password accepted in some authentication methods

It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords...

9.8CVSS7.4AI score0.61566EPSS

Exploits0References5

Veracode•added 2017/10/04 9:26 a.m.•28 views

github.com/go-ldap/ldap allows the user to login with empty password or credentials. The vulnerability is only affects applications with the following conditions: - authorization of a user is performed by relying on the return error of the Bind function call i.e., a nil return is considered...

8.1CVSS8AI score0.01669EPSS

Exploits0References3Affected Software1

OSV•added 2017/09/27 8:29 a.m.•1 views

DEBIAN-CVE-2017-14767

The sdpparsefmtpconfigh264 function in libavformat/rtpdech264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service heap buffer overflow or possibly have unspecified other impact via a crafted sdp file...

8.8CVSS8.5AI score0.02712EPSS

Exploits0References1

OSV•added 2017/09/27 8:29 a.m.•0 views

UBUNTU-CVE-2017-14767

8.8CVSS7.5AI score0.02712EPSS

Exploits0References4

OSV•added 2017/09/27 8:29 a.m.•2 views

ALPINE-CVE-2017-14767

8.8CVSS7.6AI score0.02712EPSS

Exploits0References1

UbuntuCve•added 2017/09/20 11:29 p.m.•21 views

CVE-2017-14623

In the ldap.v2 aka go-ldap package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: 1 it relies only on the return error of the Bind function call to determine whether a user is...

8.1CVSS6.8AI score0.01669EPSS

Exploits0References3

OSV•added 2017/09/20 11:29 p.m.•1 views

DEBIAN-CVE-2017-14623

8.1CVSS6.7AI score0.01669EPSS

Exploits0References1

OSV•added 2017/09/20 11:29 p.m.•0 views

UBUNTU-CVE-2017-14623

8.1CVSS5.8AI score0.01669EPSS

Exploits0References4