Lucene search
K

83 matches found

CNVD
CNVD
added 2022/01/24 12:0 a.m.22 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-13062)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to read the contents of memory or crash the...

6.3CVSS2.6AI score0.02584EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.24 views

Oracle MySQL Cluster Buffer Overflow Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. Oracle MySQL Cluster is vulnerable to buffer overflow, which can be exploited to...

2.9CVSS2.7AI score0.01553EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.17 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-13061)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to read memory content or crash an applicatio...

6.3CVSS2.5AI score0.02621EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.7 views

Oracle MySQL 输入验证错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful and redundant version for distributed computing environments. Oracle MySQL Cluster is vulnerable to an input validation error, which can be exploited to execute arbitrary...

6.3CVSS8.5AI score0.02621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2022/01/04 8:27 a.m.1 views

samba: Subsequent DCE/RPC fragment injection vulnerability

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

7.5CVSS6.8AI score0.01906EPSS
Exploits0References5
OSV
OSV
added 2021/11/09 12:0 a.m.1 views

UBUNTU-CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

8.8CVSS6.9AI score0.01843EPSS
Exploits0References5
CNVD
CNVD
added 2021/10/26 12:0 a.m.26 views

Apache Storm Command Injection Vulnerability

Apache Storm is a free and open source distributed real-time computing system. A command injection vulnerability exists in Apache Storm's getTopologyHistory service. An attacker can exploit this vulnerability by sending a specially crafted thrift request to the Nimbus server to achieve remote cod...

9.8CVSS9.7AI score0.84489EPSS
Exploits4References1
CNVD
CNVD
added 2021/10/26 12:0 a.m.27 views

Apache Storm code issue vulnerability

Apache Storm is a free and open source distributed real-time computing system. Apache Storm code issue vulnerability. An attacker could exploit the vulnerability to achieve remote code execution...

9.8CVSS3.8AI score0.65587EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.6 views

The vulnerability of DCE/RPC DNS software for communicating with Samba network drives relates to default access rights settings, allowing a perpetrator to cause service failure.

The vulnerability of the DCE/RPC DNS software component for communicating with Samba network drives is related to an error in the RPC dnsserver communication channel, which allows for changes to DNS records and zones. Exploiting this vulnerability can enable a remote attacker to cause service...

5.3CVSS6.3AI score0.023EPSS
Exploits0References11Affected Software6
Imperva Blog
Imperva Blog
added 2021/01/07 2:18 p.m.29 views

Prepare for more sophisticated security threats in 2021

As computing becomes more distributed to achieve greater optimization and efficiency, the threats posed by cyberattackers are destined to become increasingly more sophisticated. Here are some steps organizations should take in 2021 to mitigate such sophisticated security threats. Start with...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/05/29 12:0 a.m.5 views

The vulnerability in the DCE-RPC interaction interface of Siemens’ software and hardware infrastructure allows a perpetrator to trigger a service failure.

The vulnerability of the DCE-RPC interaction interface of Siemens’ software and hardware infrastructure is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow attackers to cause service failures...

7.8CVSS7.2AI score0.01448EPSS
Exploits1References2Affected Software23
Positive Technologies
Positive Technologies
added 2020/02/11 12:0 a.m.4 views

PT-2020-2433 · Siemens · Profinet-Io

Name of the Vulnerable Software and Affected Versions: Profinet-IO PNIO stack versions prior to V06.00 Description: The issue is related to an uncontrolled resource consumption in the DCE-RPC interface of Siemens hardware and software. This could lead to a denial of service condition due to lack ...

7.8CVSS7.1AI score0.01448EPSS
Exploits1References6
OSV
OSV
added 2019/04/09 4:29 a.m.1 views

DEBIAN-CVE-2019-10903

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check...

7.5CVSS8.7AI score0.05592EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/09/20 12:0 a.m.54 views

Apache Hadoop YARN ResourceManager Web Interface

The web interface for Hadoop YARN ResourceManager was detected on the remote host. This interface can be used to monitor and assign resources for application execution. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid117616; scriptversion"1.4";...

5.5AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/02/28 8:19 a.m.8 views

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

9CVSS7.8AI score0.32839EPSS
Exploits4References4
CNVD
CNVD
added 2017/01/20 12:0 a.m.4 views

Oracle MySQL Cluster Remote Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. The database system is characterized by high performance, low cost, good reliability, etc. Oracle MySQL Cluster is one of the high utility, high redundancy version for distributed computing environments....

4.3CVSS6.3AI score0.0182EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/01/19 1:59 p.m.4 views

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

9CVSS7.8AI score0.32839EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2016/07/26 11:51 a.m.0 views

samba: Client side SMB2/3 required signing can be downgraded

A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server...

7.5CVSS7.3AI score0.03122EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/04/13 1:25 a.m.4 views

samba: crash in dcesrv_auth_bind_ack due to missing error check

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...

5.9CVSS7.1AI score0.19103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/12 7:33 p.m.5 views

samba: crash in dcesrv_auth_bind_ack due to missing error check

Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server high CPU load or a crash or, possibly, execute arbitrary code with the permissions of the user running Samba root. Thi...

5.9CVSS7.1AI score0.19103EPSS
Exploits0References5
Rows per page
Query Builder