Lucene search
K

462 matches found

OSV
OSV
added 2017/03/27 5:59 p.m.3 views

ALPINE-CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS7.6AI score0.21816EPSS
Exploits4References1
OSV
OSV
added 2017/03/27 5:59 p.m.4 views

UBUNTU-CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS7.8AI score0.21816EPSS
Exploits4References4
Cvelist
Cvelist
added 2017/03/27 5:0 p.m.27 views

CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.7AI score0.21816EPSS
Exploits4References8
AlpineLinux
AlpineLinux
added 2017/03/27 5:0 p.m.66 views

CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS9.8AI score0.21816EPSS
Exploits4
Debian CVE
Debian CVE
added 2017/03/27 5:0 p.m.41 views

CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS9.8AI score0.21816EPSS
Exploits4
Hacker One
Hacker One
added 2017/02/09 12:4 a.m.23 views

Uber: pam-ussh may be tricked into using another logged in user's ssh-agent

Summary https://github.com/uber/pam-ussh was open-sourced today kudos! and is presumably used within Uber's infrastructure. This is a PAM module written a Go that "will authenticate a user based on them having an ssh certificate in their ssh-agent signed by a specified ssh CA." A cursory look at...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2016/04/12 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-2948-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.2AI score0.14281EPSS
Exploits11References3
OpenVAS
OpenVAS
added 2016/04/07 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-2947-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.9AI score0.14281EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2016/04/07 12:0 a.m.238 views

Ubuntu: Security Advisory (USN-2949-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.2AI score0.14281EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/04/07 12:0 a.m.49 views

Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2947-3)

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14281EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2016/04/07 12:0 a.m.63 views

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-2949-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2949-1 advisory. Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of servi...

10CVSS7.2AI score0.14281EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/04/07 12:0 a.m.60 views

Ubuntu 15.10 : linux vulnerabilities (USN-2947-1)

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14281EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2016/04/06 7:10 a.m.82 views

USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14281EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/04/06 6:49 a.m.83 views

USN-2947-1: Linux kernel vulnerabilities

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14281EPSS
Exploits1
Ubuntu
Ubuntu
added 2016/04/06 6:38 a.m.73 views

USN-2946-1: Linux kernel vulnerabilities

Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2015-8812 Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux...

10CVSS7.4AI score0.14281EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/17 12:0 a.m.63 views

Amazon Linux AMI : kernel (ALAS-2016-669)

When running as a Xen 64-bit PV guest, user mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes Denial of Service, or in-guest information leaks. CVE-2016-3157 In some cases...

7.8CVSS6.6AI score0.00561EPSS
Exploits0References5
Amazon
Amazon
added 2016/03/16 12:0 a.m.59 views

Medium: kernel

Issue Overview: When running as a Xen 64-bit PV guest, user mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes Denial of Service, or in-guest information leaks. CVE-2016-31...

7.8CVSS7.1AI score0.00561EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2015/10/30 10:14 a.m.20 views

CVE-2013-1958

The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval durin...

1.9CVSS6.9AI score0.0034EPSS
Exploits1References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

SSH Communications Security SSH 1.2.27 Authentication Socket File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/660/info A vulnerability in SSH's creation of the authentication agent UNIX domain socket allows local users to create a UNIX domain socket with an arbitrary file name in the system. SSH has the concept of authentication...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

FreeBSD <= 3.1,Solaris <= 2.6 Domain Socket Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/456/info Solaris 2.6 and many other unices/clones have a serious problem with their unix domain socket implementation that has it's origins in old BSD code. Any unix socket created by any application is set mode 4777. In...

7.1AI score
Exploits0
Rows per page
Query Builder