Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-r9sb-489v-fqc9

Summary

phpMyAdmin Cryptographic Vulnerability
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.

Aliases

alias	CVE-2016-1927

alias	GHSA-4gmg-gwjh-3mmr

Fixed_packages

url	pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B13
purl	pkg:composer/phpmyadmin/phpmyadmin@4.0.10%2B13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.10%252B13

url pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B3

purl pkg:composer/phpmyadmin/phpmyadmin@4.4.15%2B3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hvw-4h4d-zkhv

vulnerability	VCID-4kax-4bpz-g7c5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.15%252B3

url pkg:composer/phpmyadmin/phpmyadmin@4.5.4

purl pkg:composer/phpmyadmin/phpmyadmin@4.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b6ng-ygap-zqh4

vulnerability	VCID-pfdk-db4h-47dx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.5.4

Affected_packages

url pkg:composer/phpmyadmin/phpmyadmin@4.0.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hvw-4h4d-zkhv

vulnerability	VCID-23dq-w66r-k3bt

vulnerability	VCID-2vqn-z4en-duh4

vulnerability	VCID-38tp-acy8-57hj

vulnerability	VCID-3va7-xx14-gkds

vulnerability	VCID-44uc-xrvp-7bet

vulnerability	VCID-4avx-e9mf-2yb1

vulnerability	VCID-4kax-4bpz-g7c5

vulnerability	VCID-4vgu-cagj-hfhb

vulnerability	VCID-4wn2-pnbv-sked

vulnerability	VCID-52xs-45kd-w3hz

vulnerability	VCID-ajf6-bk2g-wkb7

vulnerability	VCID-amgy-teas-euh5

vulnerability	VCID-btc1-yng3-ckhx

vulnerability	VCID-cbjd-e3sk-m7bu

vulnerability	VCID-gmjk-222y-abda

vulnerability	VCID-gtps-py3z-13cu

vulnerability	VCID-jmn8-a5r9-2qc8

vulnerability	VCID-k5ph-wws1-fqg4

vulnerability	VCID-mgu4-pf1x-r3dy

vulnerability	VCID-n66y-s36g-fqck

vulnerability	VCID-n7cc-xfym-u7g4

vulnerability	VCID-nuju-ekmt-k7g9

vulnerability	VCID-nv3j-xj42-wfcw

vulnerability	VCID-q45d-5bf4-tff5

vulnerability	VCID-q7pe-bvr1-g3bc

vulnerability	VCID-qqyb-zags-bbhz

vulnerability	VCID-r9sb-489v-fqc9

vulnerability	VCID-rz6q-hthe-1uer

vulnerability	VCID-tvfz-v881-sufp

vulnerability	VCID-txba-1at4-ekg2

vulnerability	VCID-xqf5-yxf3-u3he

vulnerability	VCID-zvcj-g6rt-s3de

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.0.0

url pkg:composer/phpmyadmin/phpmyadmin@4.4.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hvw-4h4d-zkhv

vulnerability	VCID-23dq-w66r-k3bt

vulnerability	VCID-282b-1ugg-yuev

vulnerability	VCID-38tp-acy8-57hj

vulnerability	VCID-4kax-4bpz-g7c5

vulnerability	VCID-bddg-5zgr-3uew

vulnerability	VCID-btc1-yng3-ckhx

vulnerability	VCID-cbjd-e3sk-m7bu

vulnerability	VCID-q45d-5bf4-tff5

vulnerability	VCID-r9sb-489v-fqc9

vulnerability	VCID-rc63-nakx-ebbe

vulnerability	VCID-segg-gk79-9bc6

vulnerability	VCID-tvfz-v881-sufp

vulnerability	VCID-txba-1at4-ekg2

vulnerability	VCID-utga-335m-dua9

vulnerability	VCID-zvcj-g6rt-s3de

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.4.0

url pkg:composer/phpmyadmin/phpmyadmin@4.5.0

purl pkg:composer/phpmyadmin/phpmyadmin@4.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1hvw-4h4d-zkhv

vulnerability	VCID-4kax-4bpz-g7c5

vulnerability	VCID-b6ng-ygap-zqh4

vulnerability	VCID-bd83-vf81-sfa4

vulnerability	VCID-pfdk-db4h-47dx

vulnerability	VCID-r9sb-489v-fqc9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@4.5.0

References

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html

reference_url	https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22
reference_id
reference_type
scores
url	https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407c43694c60b22

reference_url	https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4
reference_id
reference_type
scores
url	https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f390d446339b6e4

reference_url	http://www.debian.org/security/2016/dsa-3627
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3627

reference_url	http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php
reference_id
reference_type
scores
url	http://www.phpmyadmin.net/home_page/security/PMASA-2016-4.php

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-1927
reference_id	CVE-2016-1927
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-1927

reference_url	https://github.com/advisories/GHSA-4gmg-gwjh-3mmr
reference_id	GHSA-4gmg-gwjh-3mmr
reference_type
scores
url	https://github.com/advisories/GHSA-4gmg-gwjh-3mmr

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	254
name	7PK - Security Features
description	Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

cwe_id	255
name	Credentials Management Errors
description	Weaknesses in this category are related to the management of credentials.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9sb-489v-fqc9

Vulnerability Instance