Lucene search
K

111 matches found

CNVD
CNVD
added 2019/12/03 12:0 a.m.3 views

Shadowsocks-libev Access Control Error Vulnerability (CNVD-2020-00259)

Shadowsocks-libev is a lightweight secure SOCKS5 agent for embedded devices. An access control error vulnerability exists in the ss-manager binary in Shadowsocks-libev version 3.3.2, which can be exploited by an attacker to elevate privileges and execute arbitrary code...

7.8CVSS7.9AI score0.00734EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/03 12:0 a.m.3 views

Shadowsocks-libev Information Disclosure Vulnerability

Shadowsocks-libev is a lightweight secure SOCKS5 agent for embedded devices. An information disclosure vulnerability exists in the network packet handling feature in Shadowsocks-libev version 3.3.2, which can be exploited by an attacker to disclose information with the help of specially crafted...

7.4CVSS6.2AI score0.01379EPSS
Exploits1References1
Talos
Talos
added 2019/12/03 12:0 a.m.194 views

Shadowsocks-libev ss-manager add_server Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to...

7.8CVSS7.9AI score0.00734EPSS
Exploits1
Talos
Talos
added 2019/12/03 12:0 a.m.289 views

Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.6AI score0.02289EPSS
Exploits1
Talos
Talos
added 2019/12/03 12:0 a.m.36 views

Shadowsocks-libev ss-server Stream Cipher Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information...

7.4CVSS7.3AI score0.01379EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/02/05 12:0 a.m.25 views

FreeBSD : shadowsocks-libev -- command injection via shell metacharacters (3746de31-0a1a-11e8-83e7-485b3931c969)

MITRE reports : Improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

7.8CVSS7.3AI score0.01274EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2017/12/14 12:0 a.m.6 views

The vulnerability of the ss-manager component (manager.c) of the shadowsocks-libev proxy server allows a hacker to inject any command or execute any code.

The vulnerability of the ss-manager component manager.c of the shadowsock-libev proxy server is related to insufficient cleaning of special elements used in the command. Exploiting this vulnerability allows a local attacker to inject arbitrary commands or execute arbitrary code by sending a...

7.8CVSS6AI score0.01274EPSS
Exploits1References7Affected Software1
Mageia
Mageia
added 2017/12/01 11:13 p.m.22 views

Updated shadowsocks-libev packages fix security vulnerability

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS5.6AI score0.01274EPSS
Exploits1References3
OSV
OSV
added 2017/12/01 11:13 p.m.7 views

MGASA-2017-0436 Updated shadowsocks-libev packages fix security vulnerability

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS7.8AI score0.01274EPSS
Exploits1References4
ArchLinux
ArchLinux
added 2017/11/30 12:0 a.m.21 views

[ASA-201711-40] shadowsocks-libev: arbitrary command execution

Arch Linux Security Advisory ASA-201711-40 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-15924 Package : shadowsocks-libev Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-474 Summary ======= The package...

7.8CVSS2.4AI score0.01274EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2017/11/16 12:0 a.m.33 views

openSUSE Security Update : shadowsocks-libev (openSUSE-2017-1274)

This update for shadowsocks-libev fixes the following issues : Security issue fixed : - CVE-2017-15924: In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic,...

7.8CVSS7.2AI score0.01274EPSS
Exploits1References2
CNVD
CNVD
added 2017/11/01 12:0 a.m.1 views

shadowsocks-libev command execution vulnerability

shadowsocks-libev is a SOCKS5 proxy for embedded devices written in C. ss-manager is one of the ss management tools. A security vulnerability exists in the manager.c file of ss-manager in shadowsocks-libev version 3.1.0. An attacker can exploit this vulnerability to execute commands...

7.8CVSS7.1AI score0.01274EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/10/30 12:0 a.m.167 views

Debian DSA-4009-1 : shadowsocks-libev - security update

Niklas Abel discovered that insufficient input sanitising in the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

7.8CVSS7.5AI score0.01274EPSS
Exploits1References3
Debian
Debian
added 2017/10/29 9:44 p.m.22 views

[SECURITY] [DSA 4009-1] shadowsocks-libev security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4009-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2017 https://www.debian.org/security/faq -...

7.8CVSS7.6AI score0.01274EPSS
Exploits1
OSV
OSV
added 2017/10/29 12:0 a.m.16 views

DSA-4009-1 shadowsocks-libev - security update

Bulletin has no description...

7.8CVSS7.4AI score0.01274EPSS
Exploits1
OpenVAS
OpenVAS
added 2017/10/28 12:0 a.m.15 views

Debian: Security Advisory (DSA-4009-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.01274EPSS
Exploits1References3
Prion
Prion
added 2017/10/27 4:29 p.m.13 views

Command injection

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.2CVSS7.8AI score0.01274EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2017/10/27 4:29 p.m.4 views

UBUNTU-CVE-2017-15924

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS5.8AI score0.01274EPSS
Exploits1References6
OSV
OSV
added 2017/10/27 4:29 p.m.20 views

CVE-2017-15924

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS7.8AI score
Exploits0References5
OSV
OSV
added 2017/10/27 4:29 p.m.1 views

DEBIAN-CVE-2017-15924

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS7.6AI score0.01274EPSS
Exploits1References1
Rows per page
Query Builder