Lucene search
K

225 matches found

Prion
Prion
added 2017/03/02 6:59 a.m.31 views

Design/Logic Flaw

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

6.8CVSS6.8AI score0.02937EPSS
Exploits1References7Affected Software1
UbuntuCve
UbuntuCve
added 2017/03/02 12:0 a.m.35 views

CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

7.5CVSS7.1AI score0.02937EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2017/02/17 12:0 a.m.8 views

The vulnerability of the shared memory manager of the sshd daemon used in OpenSSH encryption protection allows a hacker to increase their privileges.

The vulnerability of the manager of shared memory in the sshd daemon of the OpenSSH cryptographic protection mechanism arises from the execution of an operation beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor, operating locally, to enhance their privileges by...

7.8CVSS7.3AI score0.01281EPSS
Exploits1References9Affected Software3
BDU FSTEC
BDU FSTEC
added 2017/02/17 12:0 a.m.5 views

The vulnerability of the OpenSSH cryptographic protection mechanism, which allows a hacker to gain access to the protected information

The vulnerability in authfile.c of the sshd component of the OpenSSH cryptographic protection mechanism is related to the improper handling of the effect of implementing block memory reallocation functions. Exploiting this vulnerability can allow an attacker, operating locally, to gain access to...

2.1CVSS6.6AI score0.01101EPSS
Exploits1References7
OSV
OSV
added 2017/02/13 6:59 p.m.3 views

DEBIAN-CVE-2016-8659

Bubblewrap before 0.1.3 sets the PRSETDUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket...

7CVSS7AI score0.00399EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/02/01 12:0 a.m.77 views

openSUSE Security Update : openssh (openSUSE-2017-184)

This update for openssh fixes several issues. These security issues were fixed : - CVE-2016-8858: The kexinputkexinit function in kex.c allowed remote attackers to cause a denial of service memory consumption by sending many duplicate KEXINIT requests bsc1005480. - CVE-2016-10012: The shared memo...

7.8CVSS7.2AI score0.37431EPSS
Exploits8References13
Tenable Nessus
Tenable Nessus
added 2017/01/12 12:0 a.m.82 views

FreeBSD : FreeBSD -- OpenSSH multiple vulnerabilities (2c948527-d823-11e6-9171-14dae9d210b8)

The ssh-agent1 agent supports loading a PKCS11 module from outside a trusted whitelist. An attacker can request loading of a PKCS11 module across forwarded agent-socket. CVE-2016-10009 When privilege separation is disabled, forwarded Unix domain sockets would be created by sshd8 with the privileg...

7.5CVSS7.5AI score0.37431EPSS
Exploits6References3
FreeBSD Advisory
FreeBSD Advisory
added 2017/01/11 12:0 a.m.28 views

FreeBSD-SA-17:01.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:01.openssh Security Advisory The FreeBSD Project Topic: OpenSSH multiple vulnerabilities Category: contrib Module: OpenSSH Announced: 2017-01-11 Affects: All...

7.5CVSS7.2AI score0.37431EPSS
Exploits6
FreeBSD
FreeBSD
added 2017/01/11 12:0 a.m.233 views

FreeBSD -- OpenSSH multiple vulnerabilities

Problem Description: The ssh-agent1 agent supports loading a PKCS11 module from outside a trusted whitelist. An attacker can request loading of a PKCS11 module across forwarded agent-socket. CVE-2016-10009 When privilege separation is disabled, forwarded Unix domain sockets would be created by...

7.5CVSS7.8AI score0.37431EPSS
Exploits6
NVD
NVD
added 2017/01/05 2:59 a.m.22 views

CVE-2016-10012

The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...

7.8CVSS6.2AI score0.01281EPSS
Exploits1References12
OSV
OSV
added 2017/01/05 2:59 a.m.3 views

ALPINE-CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

7CVSS7.2AI score0.0424EPSS
Exploits2References1
OSV
OSV
added 2017/01/05 2:59 a.m.2 views

DEBIAN-CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

5.5CVSS6.4AI score0.01101EPSS
Exploits1References1
OSV
OSV
added 2017/01/05 2:59 a.m.2 views

DEBIAN-CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

7CVSS7.2AI score0.0424EPSS
Exploits2References1
OSV
OSV
added 2017/01/05 2:59 a.m.44 views

CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

7CVSS6AI score
Exploits0References13
Prion
Prion
added 2017/01/05 2:59 a.m.82 views

Design/Logic Flaw

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

6.9CVSS6.9AI score0.0424EPSS
Exploits2References13Affected Software1
Vulnrichment
Vulnrichment
added 2017/01/05 12:0 a.m.4 views

CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

7.1AI score0.0424EPSS
Exploits2References13
Debian CVE
Debian CVE
added 2017/01/05 12:0 a.m.53 views

CVE-2016-10012

The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...

7.8CVSS8.1AI score0.01281EPSS
Exploits1
Cvelist
Cvelist
added 2017/01/05 12:0 a.m.63 views

CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

6.3AI score0.0424EPSS
Exploits2References13
Cvelist
Cvelist
added 2017/01/05 12:0 a.m.57 views

CVE-2016-10012

The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...

6.3AI score0.01281EPSS
Exploits1References12
AlpineLinux
AlpineLinux
added 2017/01/05 12:0 a.m.56 views

CVE-2016-10012

The shared memory manager associated with pre-authentication compression in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to t...

7.8CVSS6.5AI score0.01281EPSS
Exploits1
Rows per page
Query Builder