CVE-2024-29905

DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...

CVE-2024-29905 DIRAC: Unauthorized users can read proxy contents during generation

DIRAC is an interware, meaning a software framework for distributed computing. Prior to version 8.0.41, during the proxy generation process e.g., when using dirac-proxy-init, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then...

CVE-2024-29905

Summary: CVE-2024-29905 affects DIRAC prior to version 8.0.41. During the proxy generation process (e.g., dirac-proxy-init), unauthorized users on the same machine could gain read access to the proxy for a sub-millisecond window, enabling actions as if using the original proxy. The issue is mitig...

[SECURITY] Fedora 39 Update: perl-Data-UUID-1.227-1.fc39

This module provides a framework for generating v3 UUIDs Universally Unique Identifiers, also known as GUIDs Globally Unique Identifiers. A UUID is 128 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...

Today’s Evolving Cloud Strategies Are Embracing Distributed Computing

...

PowerJob 安全漏洞

PowerJob is an open source distributed computing and job scheduling framework that allows developers to easily schedule tasks in their applications. A security vulnerability exists in PowerJob version V4.3.1 that stems from the presence of insecure privileges...

GHSA-34M5-796P-MJCP Apache UIMA DUCC allows remote code execution

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...

AZL-8903 CVE-2021-23192 affecting package samba 4.12.5-7

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-13056)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful and redundant version for distributed computing environments. Oracle MySQL Cluster is vulnerable to an input validation error that could be exploited by attackers to...

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-13059)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to allow a remote privileged user to compute...

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-13058)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful and redundant version for distributed computing environments. Oracle MySQL Cluster is vulnerable to an input validation error, which can be exploited to execute arbitrary...

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-13053)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. Oracle MySQL Cluster is vulnerable to buffer overflow, which can be exploited to...

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-13055)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful and redundant version for distributed computing environments. Oracle MySQL Cluster is vulnerable to an input validation error, which can be exploited by attackers to...

Oracle MySQL Cluster Buffer Overflow Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. Oracle MySQL Cluster is vulnerable to buffer overflow, which can be exploited to...

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-13062)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to read the contents of memory or crash the...

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-13061)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to read memory content or crash an applicatio...

Oracle MySQL 输入验证错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful and redundant version for distributed computing environments. Oracle MySQL Cluster is vulnerable to an input validation error, which can be exploited to execute arbitrary...

samba: Subsequent DCE/RPC fragment injection vulnerability

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

UBUNTU-CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

Apache Storm Command Injection Vulnerability

Apache Storm is a free and open source distributed real-time computing system. A command injection vulnerability exists in Apache Storm's getTopologyHistory service. An attacker can exploit this vulnerability by sending a specially crafted thrift request to the Nimbus server to achieve remote cod...