Lucene search
K

9 matches found

OSV
OSV
added 2025/12/16 4:16 p.m.4 views

UBUNTU-CVE-2025-68284

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

5.9AI score0.00173EPSS
Exploits0References35
OSV
OSV
added 2025/12/16 3:6 p.m.5 views

CVE-2025-68284 libceph: prevent potential out-of-bounds writes in handle_auth_session_key()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

6.5AI score0.00173EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/12/16 3:6 p.m.25 views

CVE-2025-68284 libceph: prevent potential out-of-bounds writes in handle_auth_session_key()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

0.00173EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.4 views

PT-2025-51688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the libceph component, specifically in the handle auth session key function. This issue could lead to potential out-of-bounds writes due to...

6CVSS5.4AI score0.00173EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/01/02 6:44 p.m.4 views

libreswan: Missing PreSharedKey for connection can cause crash

A flaw was found in Libreswan. This issue causes Libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret, and the connection cannot find a matching configured secret. When automatically added on startup using the auto= keyword,...

6.5CVSS5.7AI score0.00944EPSS
Exploits0References6
OSV
OSV
added 2022/05/24 5:7 p.m.3 views

GHSA-W7JR-WQW6-54XC Non-constant time comparison of inbound TCP agent connection secret

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier does not use a constant-time comparison validating the connection secret when an inbound TCP agent connection is initiated. This could potentially allow attackers to use statistical methods to obtain the connection secret. Jenkins 2.219, LTS...

5.3CVSS6.1AI score0.01368EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2020/01/31 9:9 p.m.20 views

CVE-2020-2101

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret...

5.3CVSS4.3AI score0.01368EPSS
Exploits0References3
Prion
Prion
added 2020/01/29 4:15 p.m.17 views

Design/Logic Flaw

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret...

3.5CVSS5.4AI score0.01368EPSS
Exploits0References6Affected Software1
FreeBSD
FreeBSD
added 2020/01/29 12:0 a.m.69 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-1682 / CVE-2020-2099 Inbound TCP Agent Protocol/3 authentication bypass Medium SECURITY-1641 / CVE-2020-2100 Jenkins vulnerable to UDP amplification reflection attack Medium SECURITY-1659 / CVE-2020-2101 Non-constant time comparison of inbound...

8.6CVSS0.8AI score0.07044EPSS
Exploits0References1
Rows per page
Query Builder