Lucene search
K

5126 matches found

NVD
NVD
added 2018/05/31 8:29 p.m.30 views

CVE-2016-10554

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

9.8CVSS9.6AI score0.01913EPSS
Exploits0References2
NVD
NVD
added 2018/05/31 8:29 p.m.34 views

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

9.8CVSS9.7AI score0.01285EPSS
Exploits0References2
Prion
Prion
added 2018/05/31 8:29 p.m.13 views

Code injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3, sequelize defaulted SQLite to use MySQL backslash escaping, even though SQLite uses Postgres escapin...

7.5CVSS7.6AI score0.01913EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/05/31 8:29 p.m.11 views

Sql injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

7.5CVSS8.1AI score0.01285EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/05/31 8:0 p.m.60 views

CVE-2016-10554

The CVE concerns sequelize (Node.js ORM). Before 1.7.0-alpha3, sequelize defaults SQLite to MySQL backslash escaping, even though SQLite uses PostgreSQL escaping, creating a SQL injection risk when Sequelize connects to SQLite. Affected: sequelize versions prior to 1.7.0-alpha3. Root cause: escap...

9.8CVSS9.5AI score0.01913EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.20 views

CVE-2016-10550

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements. This affects sequeliz...

9.6AI score0.01913EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.31 views

CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

9.8AI score0.01285EPSS
Exploits0References2
CVE
CVE
added 2018/05/29 8:0 p.m.66 views

CVE-2016-10556

CVE-2016-10556 affects the Sequelize ORM for Node.js (v3.19.3 and earlier). The issue: when an array is used as a string in a query, Sequelize incorrectly escapes it, causing a SQL injection in Postgres, SQLite, and MSSQL. The PoC shows a crafted replacements value leading to a query like: SELECT...

7.5CVSS7.7AI score0.01342EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2018/05/29 12:0 a.m.53 views

Facebook Graph OpenSearch Phone Number Metadata Crosswalk Mapping

!/usr/bin/perl Facebook 'Graph' OpenSearch Phone Number metadata crosswalk mapping PoC 2018 Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Description: Criminal hacker CRACKER can take advantage of this weakness by creating a specialized database to manipulate...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/05/21 12:0 a.m.4 views

Apache Impala Information Disclosure Vulnerability (CNVD-2018-10329)

Apache Impala incubating is a large-scale, distributed parallel processing database query system of the United States Apache Apache Software Foundation. The system is able to query the Hadoop big data analytics software stored in HDFS distributed file system and HBase database in the petabytes of...

6.5CVSS6.8AI score0.01576EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/05/15 5:46 p.m.7 views

dpdk: Information exposure in unchecked guest physical to host virtual address translations

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory...

6.1CVSS6.6AI score0.00878EPSS
Exploits0References4
exploitpack
exploitpack
added 2018/05/10 12:0 a.m.87 views

Dell Touchpad - ApMsgFwd.exe Denial of Service

Dell Touchpad - ApMsgFwd.exe Denial of Service / Title: Dell Touchpad - ApMsgFwd.exe Denial Of Service Author: Souhail Hammou Vendor Homepage: https://www.alps.com/ Tested on : Alps Pointing-device Driver 10.1.101.207 CVE: CVE-2018-10828 / include include include / Details: ========== ApMsgFwd.ex...

2.1CVSS5.5AI score0.01396EPSS
Exploits4
NVD
NVD
added 2018/05/09 6:29 p.m.23 views

CVE-2018-10828

An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when...

5.5CVSS5.4AI score0.01396EPSS
Exploits4References3
OSV
OSV
added 2018/05/09 6:29 p.m.6 views

CVE-2018-10828

An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when...

5.5CVSS5.8AI score0.01396EPSS
Exploits4References3
Prion
Prion
added 2018/05/09 6:29 p.m.28 views

Design/Logic Flaw

An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when...

2.1CVSS5.3AI score0.01396EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2018/05/09 6:0 p.m.27 views

CVE-2018-10828

An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to functions. This causes a denial of service condition when...

5.4AI score0.01396EPSS
Exploits4References3
CNVD
CNVD
added 2018/05/03 12:0 a.m.3 views

Blktrace Buffer Overflow Vulnerability

blktrace a.k.a. Block IO Tracing is a Linux-based tool for collecting IO information from disks. A buffer overflow vulnerability exists in the 'devmapread' function of the btt/devmap.c file in version 1.2.0 of blktrace, which stems from an array of devices and devno's being too small. When used...

5.5CVSS7.9AI score0.02001EPSS
Exploits0References1
OSV
OSV
added 2018/04/26 5:29 a.m.1 views

DEBIAN-CVE-2018-10392

mapping0forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service heap-based buffer overflow or over-read or possibly have unspecified other impact via a crafted file...

8.8CVSS7.1AI score0.03343EPSS
Exploits1References1
OSV
OSV
added 2018/04/26 5:29 a.m.4 views

AZL-7276 CVE-2018-10392 affecting package libvorbis for versions less than 1.3.7-1

mapping0forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service heap-based buffer overflow or over-read or possibly have unspecified other impact via a crafted file...

8.8CVSS7.1AI score0.03343EPSS
Exploits1References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/04/25 2:48 p.m.36 views

Customer data & marketing operations: Keeping your data safe on the journey to GDPR compliance

Emails. Web forms. Events. Oh my! These marketing tactics are all designed to gather, store, and evolve relationships with your prospects, customers, and partners. Often times, they are the first point of contact for your organization from the outside world—and they all feed into your marketing...

1.5AI score
Exploits0
Rows per page
Query Builder