57 matches found
Command injection
In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...
Command injection
In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...
CVE-2017-14474
In the MMM::Agent::Helpers::execute function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An attacker that can...
CVE-2017-14477
In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...
CVE-2017-14479
In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...
CVE-2017-14478
CVE-2017-14478 affects MMM mmm_agentd 2.2.1 on Linux, enabling remote shell command injection via crafted MMM protocol messages that reach MMM::Agent::Helpers::Network::clear_ip (and related helpers). The vulnerability stems from unsanitized shell invocation in _execute(), which is called with un...
CVE-2017-14479
CVE-2017-14479 affects MMM MMM Agent (mmm_agentd) 2.2.1 on Solaris, with a shell command injection in MMM::Agent::Helpers::Network::clear_ip triggered by specially crafted protocol messages via a TCP session. The vulnerability arises from unsafely passing untrusted input (IP/if, etc.) through she...
CVE-2017-14480
In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...
CVE-2017-14475
In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...
ALPINE-CVE-2017-6542
The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...
Cisco TelePresence Multipoint Control Unit Denial of Service Vulnerability
Cisco TelePresence is a telepresence conferencing solution developed by Cisco. A denial of service vulnerability exists in the Cisco TelePresence Multipoint Control Unit, which allows an attacker to exploit the vulnerability by submitting a special TCP message that crashes the application due to...
Mandriva Linux Security Advisory : postgresql (MDVSA-2015:048)
Multiple vulnerabilities has been discovered and corrected in postgresql : Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions CVE-2014-8161. Andres...
USN-2499-1: PostgreSQL vulnerabilities
Stephen Frost discovered that PostgreSQL incorrectly displayed certain values in error messages. An authenticated user could gain access to seeing certain values, contrary to expected permissions. CVE-2014-8161 Andres Freund, Peter Geoghegan and Noah Misch discovered that PostgreSQL incorrectly...
postgresql: multiple issues
CVE-2014-8161 information leak Some server error messages show the values of columns that violate a constraint, such as a unique constraint. If the user does not have SELECT privilege on all columns of the table, this could mean exposing values that the user should not be able to see. Adjust the...
CVE-2015-0244
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an...
PostgreSQL -- multiple buffer overflows and memory issues
PostgreSQL Project reports: This update fixes multiple security issues reported in PostgreSQL over the past few months. All of these issues require prior authentication, and some require additional conditions, and as such are not considered generally urgent. However, users should examine the list...
Vulnerability in core server (CVE-2015-0244)
An error in extended protocol message reading...