Lucene search
K

91 matches found

OSV
OSV
added 2021/04/06 5:22 p.m.16 views

GHSA-W3HJ-WR2Q-X83G Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

5.3CVSS5.2AI score0.00489EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/04/06 5:22 p.m.43 views

Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

5.3CVSS1.4AI score0.00489EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2020/12/02 12:0 a.m.17 views

MongoDB 3.4 < 3.4.24, 3.6 < 3.6.15, 4.0 < 4.0.13, 4.2 < 4.2.1 DoS Vulnerability - Windows

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

7.5CVSS7.3AI score0.01655EPSS
Exploits0References1
Prion
Prion
added 2020/11/24 11:15 a.m.12 views

Code injection

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB...

5CVSS7.3AI score0.01655EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/11/24 11:15 a.m.2 views

UBUNTU-CVE-2019-20925

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB...

7.5CVSS7.1AI score0.01655EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2020/11/24 11:0 a.m.27 views

CVE-2019-20925

Removed by vendor...

7.5CVSS7.5AI score0.01655EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/11/24 12:0 a.m.1 views

PT-2020-10880 · Mongodb +3 · Mongodb Server +4

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.2.1 MongoDB Server versions prior to 4.0.13 MongoDB Server versions prior to 3.6.15 MongoDB Server versions prior to 3.4.24 Description: An unauthenticated client can trigger denial of service by issuing...

7.5CVSS5.9AI score0.01655EPSS
Exploits2References33
OpenVAS
OpenVAS
added 2020/02/12 12:0 a.m.64 views

Java Debug Wire Protocol (JDWP) Service Detection (TCP)

TCP based detection of services supporting the Java Debug Wire Protocol JDWP. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0
Mageia
Mageia
added 2018/08/31 9:11 p.m.47 views

Updated mercurial packages fix security vulnerabilities

This update provides mercurial version 4.6.2 and fixes the following security issues: Fix the mpatchapply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data CVE-2018-13346. Fix mpatch.c that mishandles integer addition and...

9.8CVSS2.1AI score0.02687EPSS
Exploits0References3
Prion
Prion
added 2018/04/25 9:29 p.m.17 views

Code injection

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol JDWP enabled which allows unauthorized local attackers to execute arbitrary code...

4.6CVSS7.8AI score0.004EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2017/11/01 1:29 a.m.26 views

CVE-2017-15535

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...

9.1CVSS7.2AI score0.01567EPSS
Exploits0References2
Prion
Prion
added 2017/11/01 1:29 a.m.17 views

Design/Logic Flaw

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...

6.4CVSS9AI score0.01567EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/11/01 1:29 a.m.18 views

CVE-2017-15535

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...

9.1CVSS9.2AI score0.01567EPSS
Exploits0References2
OSV
OSV
added 2017/11/01 1:29 a.m.4 views

UBUNTU-CVE-2017-15535

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...

9.1CVSS7.2AI score0.01567EPSS
Exploits0References3
CVE
CVE
added 2017/11/01 1:0 a.m.106 views

CVE-2017-15535

CVE-2017-15535 affects MongoDB 3.4.x before 3.4.10 and 3.5.x-development in the wire protocol compression feature (networkMessageCompressors), which is disabled by default but if enabled can allow a remote attacker to cause a denial of service or modify memory. Public advisories and updates exist...

9.1CVSS8.9AI score0.01567EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/11/01 1:0 a.m.30 views

CVE-2017-15535

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors aka wire protocol compression, which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory...

9.1AI score0.01567EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/11/01 1:0 a.m.37 views

CVE-2017-15535

Removed by vendor...

9.1CVSS9.2AI score0.01567EPSS
Exploits0
exploitpack
exploitpack
added 2016/12/20 12:0 a.m.29 views

Java Debug Wire Protocol (JDWP) - Remote Code Execution

Java Debug Wire Protocol JDWP - Remote Code Execution !/usr/bin/python Universal JDWP shellifier @hugsy And special cheers to @lanjelot import socket import time import sys import struct import urllib import argparse JDWP protocol variables HANDSHAKE = "JDWP-Handshake" REQUESTPACKETTYPE = 0x00...

0.6AI score
Exploits0
OSV
OSV
added 2016/11/17 10:29 p.m.5 views

USN-3130-1 openjdk-7 vulnerabilities

It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. CVE-2016-5542 It was discovered that the JMX component of OpenJDK did not...

9.6CVSS6.8AI score0.05437EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/11/07 9:5 a.m.9 views

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS7.4AI score0.03255EPSS
Exploits0References5
Rows per page
Query Builder