Security Bulletin: While changing password of administrative user, the supplied password is exposed in shell command history on IBM Storwize V7000 Unified (CVE-2014-3045)

Summary A fix is available for IBM Storwize V7000 Unified for the security issue where the password is exposed in the shell command history while changing the password of administrative user. Vulnerability Details CVEID: CVE-2014-3045 DESCRIPTION: One of the purposes of chuser command is to modif...

Security Bulletin: IBM SONAS Administrator password can be read by the root user from the shell command history (CVE-2014-3045)

Summary A fix is available for IBM SONAS, for the security issue that after changing password of administrative user, the password can be read by the root user from the shell command history. Vulnerability Details CVEID: CVE-2014-3045 DESCRIPTION: One of the purposes of chuser command is to modif...

Security Bulletin: IBM QRadar SIEM is vulnerable to shell command injection vulnerability in the admin panel. (CVE-2015-4930, CVE-2015-2016 )

Summary IBM QRadar SIEM is vulnerable to a shell command injection the in admin panel if logged in as an admin user. Vulnerability Details CVE-ID: CVE-2015-4930 Description: IBM QRadar could allow a user authenticated with admin access, to execute commands on the server as root. CVSS Base Score:8...

Security Bulletin: IBM Security Network Protection is affected by Shell Command Injection vulnerability (CVE-2014-6183)

Summary A Shell Command Injection vulnerability has been discovered in IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-6183 Description: IBM Security Network Protection could allow a remote attacker to execute arbitrary commands on the system. An authenticated attacker cou...

CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...

CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...

MMM mmm_agentd shell command injection vulnerability (CNVD-2018-15651)

MySQL Multi-Master Replication Manager MMM is a set of flexible scripts that performs monitoring/failover and management of MySQL master-master replication configurations. mmmagentd is an agent daemon that runs on each MySQL server and provides a simple set of remote services to the monitoring...

MMM mmm_agentd shell command injection vulnerability (CNVD-2018-15649)

MySQL Multi-Master Replication Manager MMM is a set of flexible scripts that performs monitoring/failover and management of MySQL master-master replication configurations. mmmagentd is an agent daemon that runs on each MySQL server and provides a simple set of remote services to the monitoring...

MMM mmm_agentd shell command injection vulnerability (CNVD-2018-15653)

MySQL Multi-Master Replication Manager MMM is a set of flexible scripts that performs monitoring/failover and management of MySQL master-master replication configurations. mmmagentd is an agent daemon that runs on each MySQL server and provides a simple set of remote services to the monitoring...

MMM mmm_agentd shell command injection vulnerability (CNVD-2018-15654)

MySQL Multi-Master Replication Manager MMM is a set of flexible scripts that performs monitoring/failover and management of MySQL master-master replication configurations. mmmagentd is an agent daemon that runs on each MySQL server and provides a simple set of remote services to the monitoring...

Command injection

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14475

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14478

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14478

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14479

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14476

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14477

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

Command injection

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14479

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14476

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...