9 results (0.013 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue. • https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/AsyncRead.java#L68 https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L1157 https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L489 https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/cl • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 84%CPEs: 6EXPL: 6

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service. Aerospike Community Edition versión 4.9.0.5, permite el envío y la ejecución no autenticada de funciones definidas por el usuario (UDF), escritas en Lua, como parte de una consulta de base de datos. Intenta restringir la ejecución del código al deshabilitar las llamadas a la función os.execute(), pero esto es insuficiente. • https://www.exploit-db.com/exploits/49067 https://github.com/b4ny4n/CVE-2020-13151 http://packetstormsecurity.com/files/160106/Aerospike-Database-5.1.0.3-Remote-Command-Execution.html http://packetstormsecurity.com/files/160451/Aerospike-Database-UDF-Lua-Code-Execution.html https://b4ny4n.github.io/network-pentest/2020/08/01/cve-2020-13151-poc-aerospike.html https://www.aerospike.com/docs/operations/configure/security/access-control/index.html#create-users-and-assign-roles https://www.aerospike.com&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. aerospike es un módulo add-on de Aerospike para Node.js. Las versiones anteriores a la 2.4.2 de aerospike descargan recursos binarios por HTTP, lo que hace que el módulo sea vulnerable a ataques MitM. Podría ser posible provocar la ejecución remota de código (RCE) cambiando el binario solicitado por otro controlado por el atacante si éste está en la red o posicionado entre el usuario y el servidor remoto. • https://nodesecurity.io/advisories/167 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •

CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 1

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. Existe una vulnerabilidad de indexación fuera de límites dentro del tipo de partícula de mensaje RW fabric de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar que el servidor busque una tabla de funciones fuera de límite de un array resultando en ejecución remota de código. • http://www.securityfocus.com/bid/96372 http://www.talosintelligence.com/reports/TALOS-2016-0267 • CWE-129: Improper Validation of Array Index •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability. Existe una vulnerabilidad explotable de denegación de servicio en el componente fabric-worker de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar que el proceso del servidor no haga referencia a un puntero nulo. • http://www.securityfocus.com/bid/96376 http://www.talosintelligence.com/reports/TALOS-2016-0263 • CWE-476: NULL Pointer Dereference •