Lucene search
+L

101 matches found

Tenable Nessus
Tenable Nessus
added 2015/09/14 12:0 a.m.62 views

SUSE SLED12 / SLES12 Security Update : openssh (SUSE-SU-2015:1544-1) (Logjam)

openssh was updated to fix several security issues. These security issues were fixed : - CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote...

8.5CVSS7AI score0.9986EPSS
Exploits2References17
Tenable Nessus
Tenable Nessus
added 2015/09/14 12:0 a.m.64 views

SUSE SLES11 Security Update : openssh (SUSE-SU-2015:1547-1) (Logjam)

openssh was updated to fix several security issues and bugs. These security issues were fixed : - CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for...

8.5CVSS7AI score0.9986EPSS
Exploits2References21
OSV
OSV
added 2015/09/09 8:52 a.m.11 views

SUSE-SU-2015:1544-1 Security update for openssh

openssh was updated to fix several security issues. These security issues were fixed: CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote...

8.5CVSS7.1AI score0.9986EPSS
Exploits2References12
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.45 views

Amazon Linux: Security Advisory (ALAS-2015-592)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS7.1AI score0.00599EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/09/03 12:0 a.m.36 views

Amazon Linux AMI : openssh (ALAS-2015-592)

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...

7CVSS6.2AI score0.00599EPSS
Exploits0References3
Amazon
Amazon
added 2015/09/02 12:0 a.m.52 views

Medium: openssh

Issue Overview: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid ...

6.9CVSS6.8AI score0.00599EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/28 12:0 a.m.75 views

Fedora 21 : openssh-6.6.1p1-16.fc21 (2015-13469)

This update provides fixes for vulnerabilities published with openssh-7.0 Security fix for CVE-2015-5600 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much ...

8.5CVSS6.4AI score0.09302EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2015/08/28 12:0 a.m.48 views

Fedora Update for openssh FEDORA-2015-13469

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS6.7AI score0.09302EPSS
Exploits1References2
OSV
OSV
added 2015/08/24 1:59 a.m.3 views

CVE-2015-6563

The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITORREQPAMINITCTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafte...

4.1AI score
Exploits0References18
CVE
CVE
added 2015/08/24 12:0 a.m.1758 views

CVE-2015-6563

CVE-2015-6563 affects the OpenSSH sshd monitor component (monitor.c/monitor_wrap.c). The vulnerability allows a local attacker who has any SSH login access and can control the sshd uid to send a crafted MONITOR_REQ_PAM_INIT_CTX, enabling impersonation by leaking extraneous username data. Public a...

6.4CVSS5.4AI score0.00378EPSS
Exploits0References18Affected Software1
CVE
CVE
added 2014/10/15 10:3 p.m.67 views

CVE-2014-6563

CVE-2014-6563 is described as an unspecified vulnerability in the Java VM component of Oracle Database Server versions 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 that could allow remote authenticated users to affect confidentiality via unknown vectors. The provided documents do not incl...

4CVSS5.5AI score0.01454EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/10/15 10:3 p.m.34 views

CVE-2014-6563

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538...

5.4AI score0.01454EPSS
Exploits0References2
NVD
NVD
added 2014/10/15 3:55 p.m.21 views

CVE-2014-4294

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4295, CVE-2014-6538, and CVE-2014-6563...

4CVSS5.5AI score0.01454EPSS
Exploits0References2
CVE
CVE
added 2013/05/23 3:0 p.m.39 views

CVE-2012-6563

CVE-2012-6563 affects Elgg prior to 1.8.5. The issue is in engine/lib/access.php where cached access lists are not properly cleared during plugin boot, allowing remote attackers to read private entities via unspecified vectors. Impact is read access to private data; no exploit vectors are detaile...

4.3CVSS6.8AI score0.01231EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2009/03/31 5:0 p.m.48 views

CVE-2008-6563

CVE-2008-6563 describes a buffer overflow in the XML parser of Trillian, affected as of version 3.1.9.0 (and possibly earlier). A crafted DTD file can be used by a remote attacker to cause a crash and potentially execute arbitrary code. Public references consistently name Trillian Buffer Overflow...

9.3CVSS8.1AI score0.05631EPSS
Exploits1References4Affected Software1
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.13 views

Gentoo Security Advisory GLSA 200702-02 (proftpd)

The remote host is missing updates announced in advisory GLSA 200702-02. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6CVSS7.1AI score0.02315EPSS
Exploits1References2
CVE
CVE
added 2007/12/28 12:0 a.m.44 views

CVE-2007-6563

WinAce (by e-merge GmbH) is vulnerable to a heap-based buffer overflow in 2.65 and earlier (and possibly other versions before 2.69). A specially crafted long filename in a compressed UUE archive can cause a user-assisted remote attacker to execute arbitrary code with the user’s privileges. The J...

10CVSS8.1AI score0.05531EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2006/12/15 11:28 a.m.35 views

CVE-2006-6563

Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...

6.6CVSS6.5AI score0.02315EPSS
Exploits1References1
OSV
OSV
added 2006/12/15 11:28 a.m.6 views

CVE-2006-6563

Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...

7.7AI score
Exploits0References21
CVE
CVE
added 2006/12/15 11:0 a.m.98 views

CVE-2006-6563

ProFTPD is affected by a local, stack-based buffer overflow in the mod_ctrls component. The vulnerability resides in the pr_ctrls_recv_request function (ctrls.c) of ProFTPD before 1.3.1rc1, where handling of a large reqarglen length value can allow a local attacker to execute arbitrary code. Affe...

6.6CVSS7.3AI score0.02315EPSS
Exploits1References17Affected Software1
Rows per page
Query Builder