CVE-2016-9051

CVE-2016-9051 describes an exploitable out-of-bounds write in Aerospike Database Server 3.10.0.3 during batch transaction field parsing. The bug arises in as_batch_queue_task/as_msg_field handling: a missing bounds check when reading fields (field_sz) and subsequent field traversal can advance be...

CVE-2016-9049

CVE-2016-9049 : A denial-of-service in Aerospike Database Server’s fabric-worker (3.10.0.3) can be triggered by a crafted packet over TCP. The exploit writes to a NULL pointer due to a vulnerable allocation path when handling large message sizes, leading to a crash. A PoC exists and targets port ...

CVE-2016-9053

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can...

PT-2017-2444 · Aerospike · Aerospike Database Server

Name of the Vulnerable Software and Affected Versions: Aerospike Database Server version 3.10.0.3 Description: The issue is related to an out-of-bounds write vulnerability in the batch transaction field parsing functionality. This can be triggered by a specially crafted packet, leading to memory...

PT-2017-9933 · Aerospike · Aerospike Database Server

Name of the Vulnerable Software and Affected Versions: Aerospike Database Server version 3.10.0.3 Description: A denial-of-service issue exists due to a specially crafted packet that can cause the server process to dereference a null pointer. An attacker can trigger this by connecting to a TCP...

PT-2017-2443 · Aerospike · Aerospike Database Server

Name of the Vulnerable Software and Affected Versions: Aerospike Database Server version 3.10.0.3 Description: The issue is related to an out-of-bounds indexing vulnerability in the RW fabric message particle type. This can be triggered by a specially crafted packet, causing the server to fetch a...

Aerospike Database Server Client Batch Request Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attack...

Aerospike Database Server Fabric-Worker Socket-Loop Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this...

Vulnerability of the Server component: DML of the MySQL database management system, which allows a hacker to cause a service failure.

The vulnerability of the Server component in the MySQL database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause the system to become unresponsive or, in rare cases, to crash using network...

CVE-2017-3310

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise...

CVE-2017-3240

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise...

CVE-2017-3240

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise...

CVE-2017-3310

Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise...

CVE-2017-3310

CVE-2017-3310 affects Oracle Database Server’s OJVM component in versions 11.2.0.4 and 12.1.0.2. The vulnerability allows a low-privileged attacker with Create Session and Create Procedure privileges, with network access via multiple protocols, to compromise OJVM. The exploitation requires user i...

CVE-2017-3240

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise...

CVE-2017-3240

CVE-2017-3240 is tied to the Oracle Database Server, specifically the RDBMS Security component. The vulnerability affects at least version 12.1.0.2 and, as described in the provided documents, enables a low-privileged, locally authenticated attacker to access (read) a subset of data within RDBMS ...

Aerospike Database Server <= 3.10.0.3 Multiple Vulnerabilities

Aerospike Database Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Stack overflow

An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchbyiname resulting in remote code execution. An attacker can simply...

Out-of-bounds

An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be used to...

Stack overflow

An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchlistbysetbinid resulting in remote code execution. An attacker can...