Lucene search
K

60 matches found

RedHat Linux
RedHat Linux
added 2019/03/28 3:35 p.m.4 views

libssh2: Integer overflow in transport read resulting in out of bounds write

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

9.3CVSS7.6AI score0.09219EPSS
Exploits0References5
OSV
OSV
added 2019/03/25 7:29 p.m.25 views

CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

8.8CVSS9.4AI score0.06131EPSS
Exploits0References16
OSV
OSV
added 2019/03/25 7:29 p.m.3 views

UBUNTU-CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

8.8CVSS7.2AI score0.06131EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2019/03/25 6:31 p.m.44 views

CVE-2019-3856

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

8.8CVSS9.2AI score0.06131EPSS
Exploits0
Prion
Prion
added 2018/04/24 4:29 p.m.18 views

Input validation

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...

9.3CVSS7.7AI score0.1765EPSS
Exploits5References9Affected Software2
OSV
OSV
added 2018/04/24 4:29 p.m.25 views

CVE-2016-9587

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...

8.1CVSS8.4AI score0.1765EPSS
Exploits5References9
OSV
OSV
added 2018/04/24 4:29 p.m.28 views

PYSEC-2018-39

Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute...

9.3CVSS6AI score0.1765EPSS
Exploits5References10
RedHat Linux
RedHat Linux
added 2017/06/15 10:27 p.m.4 views

ansible: Arbitrary code execution on control node (incomplete fix for CVE-2016-9587)

An input validation vulnerability was found in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server...

9.3CVSS7.7AI score0.1765EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2017/02/01 12:0 a.m.60 views

GLSA-201701-77 : Ansible: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201701-77 Ansible: Remote execution of arbitrary code An input validation vulnerability was found in Ansibles handling of data sent from client systems. Impact : An attacker with control over a client system being managed by Ansib...

9.3CVSS8AI score0.1765EPSS
Exploits5References2
Prion
Prion
added 2015/01/21 3:17 p.m.16 views

Design/Logic Flaw

The Agent Control Interface in the management server in Symantec Critical System Protection SCSP 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced SDCS:SA 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to...

9CVSS7.7AI score0.03306EPSS
Exploits0References3Affected Software2
Exploit DB
Exploit DB
added 2014/11/17 12:0 a.m.38 views

WebsiteBaker 2.8.3 - Multiple Vulnerabilities

============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score ============================================= I. VULNERABILITY...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Yahoo! Messenger 5.6 File Transfer Buffer Overrun Vulnerability

No description provided by source. source: Yahoo! Messenger File Transfer Buffer Overrun Vulnerability Yahoo! Messenger is prone to a remotely exploitable buffer overrun vulnerability. An attacker may trigger this condition by initiating a malformed 'sendfile' request, which the victim user must...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10344/info A vulnerability has been reported that may potentially permit HTML documents to gain unauthorized access to local resources by using specific syntax when referencing said resource as a value for the CODEBASE...

7.1AI score
Exploits0
NVD
NVD
added 2013/07/17 1:41 p.m.24 views

CVE-2013-3747

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Client System Analyzer...

4CVSS5.1AI score0.01113EPSS
Exploits0References3
Prion
Prion
added 2013/07/17 1:41 p.m.21 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Client System Analyzer...

4CVSS5.4AI score0.01113EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/07/17 10:0 a.m.29 views

CVE-2013-3747

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Client System Analyzer...

5.1AI score0.01113EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2013/07/09 12:0 a.m.46 views

MS13-054: Vulnerability in GDI+ could allow remote code execution: July 9, 2013

Resolves a vulnerability that could allow remote code execution on a client system if a user opens a specially crafted document or visits a specially crafted webpage that embeds TrueType font files.View products that this article applies to.IntroductionThis update resolves a vulnerability that...

9.3CVSS6.7AI score0.32378EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2013/07/09 12:0 a.m.64 views

MS13-052: Vulnerabilities in .NET Framework and Silverlight could allow remote code execution: July 9, 2013

Resolves a vulnerability in the .NET Framework and Silverlight that could allow remote code execution or elevation of privilege on a client system if a user views a specially crafted webpage by using a web browser that can run Silverlight applications or XAML Browser Applications XBAPs.View...

9.3CVSS6.7AI score0.32378EPSS
Exploits0
NVD
NVD
added 2013/01/17 1:55 a.m.17 views

CVE-2013-0377

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer...

4.3CVSS5.7AI score0.00985EPSS
Exploits0References2
Prion
Prion
added 2013/01/17 1:55 a.m.17 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer...

4.3CVSS6.3AI score0.00985EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder