55 matches found
UBUNTU-CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...
CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...
DEBIAN-CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...
collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions
collectd contains an infinite loop due to how the parsepacket and parsepartsignsha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of...
BSA-2017-274
Security Advisory ID : BSA-2017-274 Component : Authfile.c in sshd in OpenSSH before 7.4 Revision : 3.0: Final authfile.cinsshdinOpenSSHbefore 7.4 does not properly consider the effects ofreallocon buffer contents, which might allow local users to obtain sensitive private-key information by...
EulerOS 2.0 SP2 : openssh (EulerOS-SA-2017-1054)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11...
CVE-2017-7401
Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...
CVE-2017-7401
Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...
CVE-2017-7401
Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...
CVE-2016-10011
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...
CVE-2016-10011
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...
DEBIAN-CVE-2013-6410
nbd-server in Network Block Device nbd before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file...
Design/Logic Flaw
nbd-server in Network Block Device nbd before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file...
CVE-2013-6410
nbd-server in Network Block Device nbd before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file...
UBUNTU-CVE-2013-6410
nbd-server in Network Block Device nbd before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file...