57 matches found
SUSE CVE-2009-2622
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including 1 "missing or mismatched protocol identifier," 2 missing or negative status value," 3 "missing version," or 4 "missing or invalid status number," related t...
SUSE CVE-2016-10326
In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a heap buffer overflow in the osipbodytostr function defined in osipparser2/osipbody.c, resulting in a remote DoS...
MongoDB Authorization Issues Vulnerability
MongoDB is a document-oriented database management system from the U.S.-based MongoDB, Inc. An authorization issue vulnerability exists in MongoDB that allows an unauthenticated client to trigger a denial of service by issuing a specially crafted wired protocol message, which could cause the...
CVE-2015-0244
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...
Sql injection
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...
CVE-2015-0244
CVE-2015-0244 affects PostgreSQL up to 9.0.19, 9.1.x up to 9.1.15, 9.2.x up to 9.2.10, 9.3.x up to 9.3.6, and 9.4.x up to 9.4.1. It arises from improper handling of errors while reading a protocol message, enabling remote attackers to perform SQL injection via crafted binary data in a parameter a...
CVE-2015-0244
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...
IBM MQ and IBM MQ Appliance Denial of Service Vulnerabilities
IBM MQ IBM WebSphere MQ and IBM MQ Appliance are both products of IBM Corporation, U.S.A. IBM MQ is a messaging middleware product. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA.IBM MQ Appliance is an all-in-one appliance for rapid...
ABB Relion 630 Denial of Service Vulnerability
The ABB Relion 630 is a relay device for substation automation protection and control from ABB Switzerland. A security vulnerability exists in the ABB Relion 630 version 1.1 before 1.1.0.C0, version 1.2 before 1.2.0.B3, and version 1.3 before 1.3.0.A6. A remote attacker could exploit this...
Cisco IOS Software and IOS XE Software Denial of Service Vulnerability (CNVD-2018-20297)
Cisco IOS Software and IOS XE Software are both operating systems developed by Cisco for its network devices.Cluster Management Protocol is one of the cluster management protocols. A denial of service vulnerability exists in Cluster Management Protocol in Cisco IOS Software and IOS XE Software. A...
CVE-2017-12610
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...
Authentication flaw
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...
CVE-2017-12610
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...
CVE-2017-12610
CVE-2017-12610 affects Apache Kafka versions 0.10.0.0–0.10.2.1 and 0.11.0.0–0.11.0.1. The issue allows an authenticated Kafka client to impersonate other users by sending a manually crafted protocol message when SASL/PLAIN or SASL/SCRAM is used against the built-in servers. The vulnerability can ...
CVE-2017-12610
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka...
CVE-2018-1000614
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller...
CVE-2018-1000614
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller...
CVE-2018-1000614
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity XXE vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller...
CVE-2017-14475
In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...
CVE-2017-14478
In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...