Download
| Alert*
oval:org.secpod.oval:def:602584
libdbd-mysql-perl is installed oval:org.secpod.oval:def:602585 collectd is installed oval:org.secpod.oval:def:1600830 Double free in csnmp_read_table function in snmp.c:The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash oval:org.secpod.oval:def:602577 Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl DBI driver for the MySQL database server. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using DBD::mysql , or potentially to execute arbitrary code with the privileges o ... oval:org.secpod.oval:def:52815 libdbd-mysql-perl: Perl5 database interface to the MySQL database DBD::mysql could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:1800160 collectd is installed oval:org.secpod.oval:def:111150 collectd is installed oval:org.secpod.oval:def:703313 libdbd-mysql-perl: Perl5 database interface to the MySQL database DBD::mysql could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:602638 Paul Rohar discovered that libdbd-mysql-perl, the Perl DBI database driver for MySQL and MariaDB, constructed an error message in a fixed-length buffer, leading to a crash and, potentially, to denial of service. oval:org.secpod.oval:def:1800159 A heap overflow in collectd"s network plugin which can be triggered remotely and is potentially exploitable. Fixed In Version collectd 5.5.2, collectd 5.4.3 oval:org.secpod.oval:def:2000008 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional , which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. oval:org.secpod.oval:def:1900173 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional , which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. oval:org.secpod.oval:def:1900188 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relyi ... oval:org.secpod.oval:def:2000771 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering certain error responses from a MySQL server or a loss of a network connection to a MySQL server. The use-after-free defect was introduced by re ... oval:org.secpod.oval:def:113750 collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. oval:org.secpod.oval:def:113725 collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. oval:org.secpod.oval:def:1900293 The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash . oval:org.secpod.oval:def:2001560 The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash . oval:org.secpod.oval:def:113719 collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. oval:org.secpod.oval:def:2001467 Incorrect interaction of the parse_packet and parse_part_sign_sha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service of a collectd instance via a crafted UDP packet. oval:org.secpod.oval:def:112308 collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. oval:org.secpod.oval:def:112309 collectd is a daemon which collects system performance statistics periodically and provides mechanisms to store the values in a variety of ways, for example in RRD files. oval:org.secpod.oval:def:1600701 Infinite loop due to incorrect interaction of parse_packet and parse_part_sign_sha256 functions:Collectd contains an infinite loop due to how the parse_packet and parse_part_sign_sha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and with empty "AuthFile" o ... oval:org.secpod.oval:def:1900406 Incorrect interaction of the parse_packet and parse_part_sign_sha256functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service of a collectd instance via a crafted UDP packet. oval:org.secpod.oval:def:1800540 CVE-2017-7401: Incorrect interaction of the parse_packet and parse_part_sign_sha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service of a collectd instance via a crafted UDP packet. oval:org.secpod.oval:def:1800475 CVE-2017-7401: Incorrect interaction of the parse_packet and parse_part_sign_sha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service of a collectd instance via a crafted UDP packet. oval:org.secpod.oval:def:602575 Emilien Gaspar discovered that collectd, a statistics collection and monitoring daemon, incorrectly processed incoming network packets. This resulted in a heap overflow, allowing a remote attacker to either cause a DoS via application crash, or potentially execute arbitrary code. Additionally, secur ... oval:org.secpod.oval:def:1600444 A heap-based buffer overflow in the parse_packet function in network.c in collectd allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted network packet. oval:org.secpod.oval:def:1800464 A heap overflow in collectd"s network plugin which can be triggered remotely and is potentially exploitable. Fixed In Version: collectd 5.5.2, collectd 5.4.3 oval:org.secpod.oval:def:1901441 There is a vulnerability of type use-after-free affecting DBD::mysql 3.x and 4.x before 4.041 when used with mysql_server_prepare=1. oval:org.secpod.oval:def:1901406 Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted network packet. |