Lucene search
K

559 matches found

openvas
openvas
added 2016/03/17 12:0 a.m.33 views

Ubuntu: Security Advisory (USN-2935-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7AI score0.04121EPSS
Exploits3References3
nessus
nessus
added 2016/03/17 12:0 a.m.32 views

Ubuntu 14.04 LTS : PAM vulnerabilities (USN-2935-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2935-1 advisory. It was discovered that the PAM pamuserdb module incorrectly used a case-insensitive method when comparing hashed passwords. A local attacker could possib...

6.5CVSS6.7AI score0.04121EPSS
Exploits3References4
redhat
redhat
added 2016/03/02 5:16 p.m.7 views

postgresql: case insensitive range handling integer overflow leading to buffer overflow

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code...

7.5CVSS7.9AI score0.06948EPSS
Exploits0References4
redhat
redhat
added 2016/03/02 4:46 p.m.9 views

postgresql: case insensitive range handling integer overflow leading to buffer overflow

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code...

7.5CVSS7.9AI score0.06948EPSS
Exploits0References4
nessus
nessus
added 2015/09/28 12:0 a.m.37 views

SUSE SLED12 / SLES12 Security Update : coreutils (SUSE-SU-2015:1637-1)

This update for coreutils provides the following fixes : - Fix memory handling error with case insensitive sort using UTF-8. CVE-2015-4041, CVE-2015-4042 - Ensure 'df -a' shows all remote file system entries. - Only suppress remote mounts of separate exports with 'df --total'. - Document that 'df...

9.8CVSS7.4AI score0.02323EPSS
Exploits2References12
nessus
nessus
added 2015/09/25 12:0 a.m.33 views

GLSA-201509-06 : Git: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-201509-06 Git: Arbitrary command execution A vulnerability in Git causing Git-compatible clients that access case-insensitive or case-normalizing filesystems to overwrite the .git/config when cloning or checking out a repository,...

9.8CVSS8.8AI score0.63178EPSS
Exploits5References2
gentoo
gentoo
added 2015/09/24 12:0 a.m.39 views

Git: Arbitrary command execution

Background Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Description A vulnerability in Git causing Git-compatible clients that access case-insensitive or case-normalizing filesystems to...

9.8CVSS9.6AI score0.63178EPSS
Exploits5
osv
osv
added 2015/09/14 5:5 p.m.6 views

SUSE-SU-2015:1637-1 Security update for coreutils

This update for coreutils provides the following fixes: - Fix memory handling error with case insensitive sort using UTF-8. CVE-2015-4041, CVE-2015-4042 - Ensure 'df -a' shows all remote file system entries. - Only suppress remote mounts of separate exports with 'df --total'. - Document that 'df...

9.8CVSS9.4AI score0.02323EPSS
Exploits2References10
openvas
openvas
added 2015/09/08 12:0 a.m.36 views

Amazon Linux: Security Advisory (ALAS-2014-354)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS6.5AI score0.04121EPSS
Exploits2References2
osv
osv
added 2015/06/04 12:0 a.m.33 views

DLA-237-1 mercurial - security update

Bulletin has no description...

9.8CVSS7.5AI score0.63178EPSS
Exploits6
osv
osv
added 2015/05/12 7:37 p.m.10 views

MGASA-2015-0213 Updated pam packages fix security vulnerabilities

Updated pam packages fix security vulnerabilities: The pamuserdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack CVE-2013-7041. Multiple directory traversal vulnerabilities in...

5.8CVSS7AI score0.04121EPSS
Exploits2References3
archlinux
archlinux
added 2015/04/14 12:0 a.m.43 views

ruby: permissive certificate verification

After reviewing RFC 6125 and RFC 5280, multiple violations were found of matching hostnames and particularly wildcard certificates. Rubys OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching ...

4.7CVSS1.6AI score0.02815EPSS
Exploits0References3
freebsd
freebsd
added 2015/04/13 12:0 a.m.54 views

Ruby -- OpenSSL Hostname Verification Vulnerability

Ruby Developers report: After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Ruby’s OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. I...

5.9CVSS6.4AI score0.02815EPSS
Exploits0References1
nessus
nessus
added 2015/04/08 12:0 a.m.42 views

openSUSE Security Update : libgit2 (openSUSE-2015-288)

libgit2 was updated to fix an arbitrary command execution vulnerability on case-insentitive file systems. The following vulnerability was fixed : - When using programs using libgit2 on case-insensitive filesystems, .git/config could be overwritten, which allowed execution of arbitrary commands...

9.8CVSS8.4AI score0.63178EPSS
Exploits5References2
nessus
nessus
added 2015/02/23 12:0 a.m.31 views

X2Engine < 4.2 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities : - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery SSRF attacks using specially crafted serializ...

7.5CVSS6.1AI score0.03002EPSS
Exploits4References6
nessus
nessus
added 2015/01/29 12:0 a.m.33 views

openSUSE Security Update : git (openSUSE-SU-2015:0159-1)

This update fixes the following security issue : - CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file system bnc910756 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

9.8CVSS8.5AI score0.63178EPSS
Exploits5References3
metasploit
metasploit
added 2015/01/01 7:3 p.m.66 views

Malicious Git and Mercurial HTTP Server For CVE-2014-9390

This module exploits CVE-2014-9390, which affects Git versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1 and Mercurial versions less than 3.2.3 and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be...

9.8CVSS9.7AI score0.63178EPSS
Exploits5
mageia
mageia
added 2014/12/23 8:35 p.m.41 views

Updated git packages fix security vulnerability

It was reported that git, when used as a client on a case-insensitive filesystem, could allow the overwrite of the .git/config file when the client performed a "git pull". Because git permitted committing .Git/config or any case variation, on the pull this would replace the user's .git/config. If...

9.8CVSS9.5AI score0.63178EPSS
Exploits5References3
nessus
nessus
added 2014/12/22 12:0 a.m.25 views

FreeBSD : git -- Arbitrary command execution on case-insensitive filesystems (1d567278-87a5-11e4-879c-000c292ee6b8)

The Git Project reports : When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...

9.8CVSS8.3AI score0.63178EPSS
Exploits5References4
freebsd
freebsd
added 2014/12/19 12:0 a.m.38 views

git -- Arbitrary command execution on case-insensitive filesystems

The Git Project reports: When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...

9.8CVSS9.3AI score0.63178EPSS
Exploits5References2
Rows per page
Query Builder