Lucene search
K

225 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/04/19 12:17 p.m.46 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2022-24769)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to...

5.9CVSS6.5AI score0.00492EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/03/25 6:15 p.m.4 views

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

7.5CVSS7.4AI score0.01877EPSS
Exploits1References4
NVD
NVD
added 2022/03/25 6:15 p.m.13 views

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

7.5CVSS0.01877EPSS
Exploits1References4
Prion
Prion
added 2022/03/25 6:15 p.m.19 views

Buffer overflow

engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation...

5CVSS7.9AI score0.01869EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/03/25 6:15 p.m.23 views

Design/Logic Flaw

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

5CVSS7.8AI score0.01877EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/03/25 5:13 p.m.84 views

CVE-2022-27882

OpenBSD slaacd (CVE-2022-27882) in OpenBSD 6.9 and 7.0 before 2022-03-22 contains an integer signedness error that can trigger a heap-based buffer overflow when processing crafted IPv6 router advertisements. Impact is described as a denial-of-service; privilege separation and pledge can prevent e...

7.5CVSS7.7AI score0.01877EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/03/25 5:13 p.m.25 views

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

8AI score0.01877EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/03/24 12:0 a.m.45 views

CVE-2022-24769

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux...

5.9CVSS6AI score0.00492EPSS
Exploits0
NCSC
NCSC
added 2021/08/27 12:0 a.m.4 views

Vulnerability fixed in libssh

A vulnerability has been fixed in libssh. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause or execute arbitrary code with the privileges of application that uses libssh. It is good practice to apply the principle of "privilege separation" to this ty...

6.5CVSS7.1AI score0.04683EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.40 views

SUSE: Security Advisory (SUSE-SU-2017:0264-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.4AI score0.37431EPSS
Exploits8References10
Tenable Nessus
Tenable Nessus
added 2021/04/15 12:0 a.m.194 views

Juniper Junos OS Multiple Vulnerabilities (JSA11169)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA11169 advisory. - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by...

7.8CVSS7.1AI score0.37431EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2021/01/05 12:0 a.m.25 views

Debian DLA-2516-1 : gssproxy security update

It was discovered that there was an issue in the gssproxy privilege separation caused by gssproxy not unlocking condmutex prior to calling pthreadexit. For Debian 9 'Stretch', this problem has been fixed in version 0.5.1-2+deb9u1. We recommend that you upgrade your gssproxy packages. For the...

9.8CVSS7.9AI score0.01681EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/01/05 12:0 a.m.18 views

Debian: Security Advisory (DLA-2516-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.01681EPSS
Exploits0References3
Debian
Debian
added 2021/01/04 5:18 p.m.60 views

[SECURITY] [DLA 2516-1] gssproxy security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2516-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 04, 2021 https://wiki.debian.org/LTS -...

9.8CVSS9.5AI score0.01681EPSS
Exploits0
Hacker One
Hacker One
added 2020/11/01 6:54 p.m.44 views

Mail.ru: SDC bypass on calendar.mail.ru

SDCS cookie was not properly checked for few calendar.mail.ru endpoints, allowing to bypass SDC secure domain cookies protection for privilege separation between projects...

4.3AI score
Exploits0
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.47 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1138)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.01281EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1139)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.01281EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/08/21 12:0 a.m.79 views

OpenSSH < 3.8p1 Multiple Vulnerabilities

Binary data 701169.prm...

5CVSS9.7AI score0.03366EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.67 views

NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...

9.8CVSS7.7AI score0.88944EPSS
Exploits38References16
Broadcom
Broadcom
added 2019/03/21 12:0 a.m.18 views

BSA-2019-766

Security Advisory ID : BSA-2019-766 Component : OpenSSH Revision : 1.0: Final A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process...

6.4CVSS7AI score0.00378EPSS
Exploits0
Rows per page
Query Builder