Lucene search
K

55 matches found

OSV
OSV
added 2019/06/04 9:29 p.m.3 views

UBUNTU-CVE-2019-12209

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

7.5CVSS7.2AI score0.02885EPSS
Exploits1References4
NVD
NVD
added 2019/06/04 9:29 p.m.15 views

CVE-2019-12209

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

7.5CVSS7.7AI score0.02885EPSS
Exploits1References7
OSV
OSV
added 2019/06/04 9:29 p.m.1 views

DEBIAN-CVE-2019-12209

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

7.5CVSS6.3AI score0.02885EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2017/07/19 10:42 p.m.7 views

collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions

collectd contains an infinite loop due to how the parsepacket and parsepartsignsha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of...

7.5CVSS5.8AI score0.03997EPSS
Exploits0References4
Broadcom
Broadcom
added 2017/05/17 12:0 a.m.6 views

BSA-2017-274

Security Advisory ID : BSA-2017-274 Component : Authfile.c in sshd in OpenSSH before 7.4 Revision : 3.0: Final authfile.cinsshdinOpenSSHbefore 7.4 does not properly consider the effects ofreallocon buffer contents, which might allow local users to obtain sensitive private-key information by...

6.2CVSS8.7AI score0.01101EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.75 views

EulerOS 2.0 SP2 : openssh (EulerOS-SA-2017-1054)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11...

7.5CVSS7.1AI score0.37431EPSS
Exploits5References3
NVD
NVD
added 2017/04/03 2:59 p.m.14 views

CVE-2017-7401

Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...

7.5CVSS7.2AI score0.03997EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2017/04/03 2:59 p.m.18 views

CVE-2017-7401

Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...

7.5CVSS6.8AI score0.03997EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/04/03 2:0 p.m.18 views

CVE-2017-7401

Incorrect interaction of the parsepacket and parsepartsignsha256 functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service infinite loop of a collectd instance configured with "SecurityLevel None" and with empty "AuthFile" options via a crafted UDP...

7.1AI score0.03997EPSS
Exploits0References5
OSV
OSV
added 2017/01/05 2:59 a.m.38 views

CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

5.5CVSS2.9AI score
Exploits0References12
Vulnrichment
Vulnrichment
added 2017/01/05 12:0 a.m.5 views

CVE-2016-10011

authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process...

6.9AI score0.01101EPSS
Exploits1References12
OSV
OSV
added 2013/12/07 8:55 p.m.1 views

DEBIAN-CVE-2013-6410

nbd-server in Network Block Device nbd before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file...

7.5CVSS6.6AI score0.02542EPSS
Exploits0References1
Prion
Prion
added 2013/12/07 8:55 p.m.17 views

Design/Logic Flaw

nbd-server in Network Block Device nbd before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file...

7.5CVSS6.8AI score0.02542EPSS
Exploits0References5Affected Software3
UbuntuCve
UbuntuCve
added 2013/12/07 12:0 a.m.20 views

CVE-2013-6410

nbd-server in Network Block Device nbd before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file...

7.5CVSS5.9AI score0.02542EPSS
Exploits0References3
OSV
OSV
added 2013/12/07 12:0 a.m.8 views

UBUNTU-CVE-2013-6410

nbd-server in Network Block Device nbd before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partial match in the authfile configuration file...

7.5CVSS5.8AI score0.02542EPSS
Exploits0References4
Rows per page
Query Builder