21 matches found
EUVD-2019-12031
Malware in sbrugna...
Security Bulletin: Vulnerability in MongoDB affects IBM Spectrum Protect Plus (CVE-2019-2389)
Summary A denial of service vulnerability in MongoDB affects IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-2389 DESCRIPTION: MongoDB Server is vulnerable to a denial of service, caused by a flaw in the SysV init scripts. By inserting a specially-crafted PID file, a remote...
Security Bulletin: Multiple Vulnerabilities in MongoDB affects IBM Watson Studio Local
Summary Multiple Vulnerabilities in MongoDB affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-2389 DESCRIPTION: Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be kill...
New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The...
[SECURITY] Fedora 31 Update: systemd-243.4-1.fc31
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
FreeBSD : mongodb -- Our init scripts check /proc/[pid]/stat should validate that `(${procname})` is the process' command name. (273c6c43-e3ad-11e9-8af7-08002720423d)
Sicheng Liu of Beijing DBSEC Technology Co., Ltd reports : Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. C Tenable...
MongoDB 3.4 < 3.4.22, 3.6 < 3.6.14, 4.0 < 4.0.11, 4.1 < 4.1.14 DoS Vulnerability - Linux
MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...
CVE-2019-2389
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...
CVE-2019-2389
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...
Code injection
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...
CVE-2019-2389
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...
CVE-2019-2389
Removed by vendor...
CVE-2019-2389 Process termination via PID file manipulation
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11;...
CVE-2019-2389
CVE-2019-2389 affects MongoDB Server via incorrect scoping of kill operations in packaged SysV init scripts. The flaw lets users with write access to the PID file influence kills when the root user stops MongoDB, enabling denial-of-service conditions. Affected are MongoDB Server v4.0 prior to 4.0...
Process termination via PID file manipulation
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior t...
PT-2019-16409 · Mongodb +1 · Mongodb Server +2
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.11 MongoDB Server versions prior to 3.6.14 MongoDB Server versions prior to 3.4.22 Description: The issue is related to incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts...
SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2018:3767-2)
This update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 CVE-2018-15686: A vulnerability in unitdeserialize ...
[SECURITY] Fedora 26 Update: systemd-233-7.fc26
systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...
Updated varnish packages fix CVE-2013-4484 and correct service behaviour
Updated varnish packages fix security vulnerabilities: Varnish before 3.0.5 allows remote attackers to cause a denial of service child-process crash and temporary caching outage via a GET request with trailing whitespace characters and no URI CVE-2013-4484. Also, the services have been converted...
Low: Red Hat Enhancement Advisory: subversion enhancement update
Updated subversion packages that upgrade Subversion to upstream version 1.6.11 and provide two enhancements are now available for Red Hat Enterprise Linux 5. Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a...