Lucene search
K

2333 matches found

Prion
Prion
added 2021/03/22 8:15 a.m.17 views

Design/Logic Flaw

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5CVSS5.4AI score0.01294EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2021/03/22 7:2 a.m.34 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5.7AI score0.01294EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2021/03/22 7:2 a.m.24 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...

5.3CVSS5.4AI score0.01294EPSS
Exploits0
FreeBSD
FreeBSD
added 2021/03/22 12:0 a.m.44 views

dovecot -- multiple vulnerabilities

Dovecot team reports: CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. CVE-2021-33515: On-path attacker...

7.5CVSS1.8AI score0.02837EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/03/18 12:36 p.m.5 views

CVE-2021-23359

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

8.8CVSS5.8AI score0.01654EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2021/03/16 3:14 p.m.2 views

kernel: TOCTOU mismatch in the NFS client code

A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation...

7CVSS7.2AI score0.00275EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/03/11 10:15 p.m.37 views

CVE-2021-28153

An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...

5.3CVSS6.9AI score0.02622EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2021/03/11 12:0 a.m.42 views

Improper Link Resolution Before File Access

When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled...

5.3CVSS1.2AI score0.02622EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/03/05 9:15 p.m.33 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS6.6AI score
Exploits0References9
NVD
NVD
added 2021/03/05 9:15 p.m.42 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS0.03422EPSS
Exploits1References9
OSV
OSV
added 2021/03/05 9:15 p.m.6 views

ALPINE-CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7AI score0.03422EPSS
Exploits1References1
Prion
Prion
added 2021/03/05 9:15 p.m.2847 views

Double free

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

4.6CVSS6.7AI score0.03422EPSS
Exploits1References9Affected Software4
UbuntuCve
UbuntuCve
added 2021/03/05 9:15 p.m.330 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7AI score0.03422EPSS
Exploits1References5
CVE
CVE
added 2021/03/05 7:7 p.m.12901 views

CVE-2021-28041

The CVE refers to OpenSSH ssh-agent before 8.5, where a double-free vulnerability may be triggered in rare scenarios (unconstrained agent-socket access on legacy OS or forwarding to an attacker-controlled host). Affected component: ssh-agent in OpenSSH prior to 8.5. Root cause: double free descri...

7.1CVSS6.8AI score0.03422EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2021/03/05 7:7 p.m.1406 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7.6AI score0.03422EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/03/05 7:7 p.m.93 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7.1AI score0.03422EPSS
Exploits1
Cvelist
Cvelist
added 2021/03/05 7:7 p.m.152 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.2AI score0.03422EPSS
Exploits1References9
Prion
Prion
added 2021/02/22 9:15 p.m.20 views

Design/Logic Flaw

The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it...

4CVSS5AI score0.00975EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/02/08 10:22 p.m.57 views

CVE-2021-26917

PyBitmessage (versions up to 0.6.3.2) is affected by CVE-2021-26917. A crafted apinotifypath value can cause the application to write screen captures to potentially unwanted directories on the local host. The public descriptions note that there is no evidence these screen intercepts are transport...

5.5CVSS5.3AI score0.0055EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/02/08 5:58 p.m.10 views

MGASA-2021-0075 Updated wpa_supplicant packages fix a security vulnerability

A vulnerability was discovered in how wpasupplicant processing P2P Wi-Fi Direct group information from active group owners. The actual parsing of that information validates field lengths appropriately, but processing of the parsed information misses a length check when storing a copy of the...

7.9CVSS7.7AI score0.04707EPSS
Exploits1References3
Rows per page
Query Builder