CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1136 matches found

NVD•added 2020/04/23 7:15 p.m.•10 views

CVE-2020-5865

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle MiTM attacks...

5.8CVSS5.1AI score0.00119EPSS

Exploits0References2

Prion•added 2020/04/23 7:15 p.m.•12 views

Code injection

5.8CVSS5AI score0.00119EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/04/23 6:16 p.m.•16 views

CVE-2020-5865

5.1AI score0.00119EPSS

Exploits0References2

CVE•added 2020/04/23 6:16 p.m.•50 views

CVE-2020-5865

The CVE-2020-5865 issue affects NGINX Controller versions prior to 3.3.0, where the Controller communicates with its Postgres database over unencrypted channels. This enables man-in-the-middle interception of data in transit and, as described in the advisory, could allow an attacker to modify use...

5.8CVSS5AI score0.00119EPSS

Exploits0References2Affected Software1

OSV•added 2020/03/06 10:1 a.m.•4 views

SUSE-RU-2020:0603-1 Recommended update for permissions

This update for permissions fixes the following issues: - CVE-2020-8013: Fixed an improper check which could have allowed the setting of unintented setuid bits bsc1163922. - Fixed handling of relative directory symlinks in chkstat. - Whitelisted postgres sticky directories bsc1123886. - Fixed...

2.5CVSS4AI score0.00053EPSS

Exploits0References7

GithubExploit•added 2020/02/22 1:32 a.m.•7 views

Exploit for SQL Injection in Djangoproject Django

CVE-2020-7471 This repository provides environments and P...

9.8CVSS6.8AI score0.1537EPSS

Exploits9

Rockylinux•added 2020/02/04 11:39 a.m.•7 views

new module: postgresql:12

An update is available for pgaudit, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the postgresql:12 module...

1.8AI score

Exploits0

Veracode•added 2020/02/04 1:22 a.m.•22 views

SQL Injection

django is vulnerable to SQL injection. The vulnerability exists through the unsanitized value of the user-specified column delimiter in contrib.postgres.aggregates.StringAgg...

9.8CVSS2.3AI score0.1537EPSS

Exploits9References15Affected Software1

OSV•added 2020/02/03 10:0 a.m.•0 views

UBUNTU-CVE-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

9.8CVSS6.8AI score0.1537EPSS

Exploits9References4

UbuntuCve•added 2020/02/03 10:0 a.m.•48 views

CVE-2020-7471

9.8CVSS6.8AI score0.1537EPSS

Exploits9References3

ArchLinux•added 2020/02/03 12:0 a.m.•40 views

[ASA-202002-1] python-django: sql injection

Arch Linux Security Advisory ASA-202002-1 ========================================= Severity: Medium Date : 2020-02-03 CVE-ID : CVE-2020-7471 Package : python-django Type : sql injection Remote : Yes Link : https://security.archlinux.org/AVG-1091 Summary ======= The package python-django before...

9.8CVSS1.3AI score0.1537EPSS

Exploits9References3

FreeBSD•added 2020/02/03 12:0 a.m.•37 views

Django -- potential SQL injection vulnerability

MITRE CVE reports: Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitabl...

9.8CVSS2.8AI score0.1537EPSS

Exploits9References4

CVE•added 2019/11/20 8:50 p.m.•257 views

CVE-2015-3166

CVE-2015-3166 affects PostgreSQL; the snprintf implementation fails to properly handle errors from system calls, which can lead to information disclosure or other unspecified impact via out-of-memory scenarios. Affected versions include PostgreSQL releases before 9.0.20, 9.1.x before 9.1.16, 9.2....

9.8CVSS9.1AI score0.05386EPSS

Exploits0References9Affected Software1

OSV•added 2019/11/08 5:5 p.m.•16 views

GHSA-2598-2F59-RMHQ SQL Injection in sequelize

Versions of sequelize prior to 3.35.1 are vulnerable to SQL Injection. The package fails to sanitize JSON path keys in the Postgres dialect, which may allow attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation Upgrade to version 3.35.1 or later...

9.8CVSS9.8AI score0.00357EPSS

Exploits1References4

Zero Day Initiative•added 2019/11/01 12:0 a.m.•17 views

Advantech WISE-PaaS/RMM DeviceMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech WISE-PasS/RMM. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceMg...

6.5CVSS0.7AI score0.00651EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•14 views

Advantech WISE-PaaS/RMM PowerMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability

6.5CVSS1.1AI score0.00651EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•13 views

Advantech WISE-PaaS/RMM ProtectionMgmt fuzzySearch SQL Injection Information Disclosure Vulnerability

6.5CVSS0.7AI score0.00651EPSS

Exploits0References1

Zero Day Initiative•added 2019/11/01 12:0 a.m.•21 views

Advantech WISE-PaaS/RMM SQLMgmt qryData SQL Injection Information Disclosure Vulnerability