MidnightBSD

Advisories for newrelic

CVE-2013-0284 MEDIUM

Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
newrelic ruby_agent 3.5.0.1
newrelic ruby_agent 3.3.3
newrelic ruby_agent 3.3.0
newrelic ruby_agent 3.5.0
newrelic ruby_agent 3.3.1
newrelic ruby_agent 3.4.0
newrelic ruby_agent 3.4.2
newrelic ruby_agent 3.3.4
newrelic ruby_agent 3.4.0.1
newrelic ruby_agent 3.4.2.1
newrelic ruby_agent 3.3.2
newrelic ruby_agent 3.3.2.1
newrelic ruby_agent 3.3.5
newrelic ruby_agent 3.3.4.1
newrelic ruby_agent 3.2.0
newrelic ruby_agent 3.5.1.14
newrelic ruby_agent 3.5.2
newrelic ruby_agent 3.5.1
newrelic ruby_agent 3.4.1
CVE-2017-9246 HIGH

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
newrelic .net_agent *
CVE-2019-3800 LOW

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,CWE-200,

Products Affected

Vendor Product Version
pivotal single_sign-on *
pivotal credhub_service_broker_for_pcf *
pivotal cloud_foundry_log_cache_release *
pivotal cloud_foundry_autoscaling_release *
pivotal cloud_foundry_command_line_interface *
newrelic dotnet_extension_buildpack *
forgerock service_broker *
anynines postgresql *
anynines rabbitmq *
pivotal cloud_foundry_networking_release *
pagerduty service_broker *
riverbed steelcentral_appinternals *
pivotal pivotal_cloud_foundry_service_broker *
pivotal on_demand_service_broker *
appdynamics application_analytics *
bluemedora nozzle *
appdynamics application_performance_monitoring *
dynatrace service_broker *
pivotal cloud_foundry_healthwatch *
pivotal application_service *
solace pubsub+ *
splunk nozzle *
microsoft azure_service_broker *
newrelic service_broker *
pivotal cloud_foundry_deployment_concourse_tasks *
pivotal metric_registrar_release *
pivotal cloud_foundry_smoke_test *
anynines logme *
wavefront wavefront_by_vmware_nozzle *
snyk service_broker *
contrastsecurity service_broker *
appdynamics platform_montioring *
yugabyte db_enterprise *
samba volume_service *
apigee edge_service_broker *
datastax enterprise_service_broker *
newrelic nozzle *
pivotal cloud_foundry_notifications *
pivotal cloud_foundry_event_alerts *
anynines mysql *
pivotal cloud_foundry_deployment *
anynines mongodb *
datadoghq application_monitoring *
synopsys seeker_iast_service_broker *
pivotal cloud_foundry_routing_release *
ibm websphere_liberty_ *
anynines elasticsearch *
tibco businessworks_buildpack *
google google_cloud_platform_service_broker *
microsoft azure_log_analytics_nozzle *
pivotal cloud_foundry_command_line_interface_release *
signalsciences service_broker *
sumologic nozzle *
anynines redis *
cyberark conjur_service_broker *