83 matches found
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-13062)
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to read the contents of memory or crash the...
Oracle MySQL Cluster Buffer Overflow Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. Oracle MySQL Cluster is vulnerable to buffer overflow, which can be exploited to...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-13061)
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to read memory content or crash an applicatio...
Oracle MySQL 输入验证错误漏洞
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful and redundant version for distributed computing environments. Oracle MySQL Cluster is vulnerable to an input validation error, which can be exploited to execute arbitrary...
samba: Subsequent DCE/RPC fragment injection vulnerability
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...
UBUNTU-CVE-2021-3738
In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...
Apache Storm Command Injection Vulnerability
Apache Storm is a free and open source distributed real-time computing system. A command injection vulnerability exists in Apache Storm's getTopologyHistory service. An attacker can exploit this vulnerability by sending a specially crafted thrift request to the Nimbus server to achieve remote cod...
Apache Storm code issue vulnerability
Apache Storm is a free and open source distributed real-time computing system. Apache Storm code issue vulnerability. An attacker could exploit the vulnerability to achieve remote code execution...
The vulnerability of DCE/RPC DNS software for communicating with Samba network drives relates to default access rights settings, allowing a perpetrator to cause service failure.
The vulnerability of the DCE/RPC DNS software component for communicating with Samba network drives is related to an error in the RPC dnsserver communication channel, which allows for changes to DNS records and zones. Exploiting this vulnerability can enable a remote attacker to cause service...
Prepare for more sophisticated security threats in 2021
As computing becomes more distributed to achieve greater optimization and efficiency, the threats posed by cyberattackers are destined to become increasingly more sophisticated. Here are some steps organizations should take in 2021 to mitigate such sophisticated security threats. Start with...
The vulnerability in the DCE-RPC interaction interface of Siemens’ software and hardware infrastructure allows a perpetrator to trigger a service failure.
The vulnerability of the DCE-RPC interaction interface of Siemens’ software and hardware infrastructure is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow attackers to cause service failures...
PT-2020-2433 · Siemens · Profinet-Io
Name of the Vulnerable Software and Affected Versions: Profinet-IO PNIO stack versions prior to V06.00 Description: The issue is related to an uncontrolled resource consumption in the DCE-RPC interface of Siemens hardware and software. This could lead to a denial of service condition due to lack ...
DEBIAN-CVE-2019-10903
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check...
Apache Hadoop YARN ResourceManager Web Interface
The web interface for Hadoop YARN ResourceManager was detected on the remote host. This interface can be used to monitor and assign resources for application execution. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid117616; scriptversion"1.4";...
OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...
Oracle MySQL Cluster Remote Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation. The database system is characterized by high performance, low cost, good reliability, etc. Oracle MySQL Cluster is one of the high utility, high redundancy version for distributed computing environments....
OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...
samba: Client side SMB2/3 required signing can be downgraded
A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server...
samba: crash in dcesrv_auth_bind_ack due to missing error check
Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...
samba: crash in dcesrv_auth_bind_ack due to missing error check
Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...