6 matches found
Mageia: Security Advisory (MGASA-2017-0436)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[ASA-201711-40] shadowsocks-libev: arbitrary command execution
Arch Linux Security Advisory ASA-201711-40 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-15924 Package : shadowsocks-libev Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-474 Summary ======= The package...
openSUSE Security Update : shadowsocks-libev (openSUSE-2017-1274)
This update for shadowsocks-libev fixes the following issues : Security issue fixed : - CVE-2017-15924: In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic,...
Debian DSA-4009-1 : shadowsocks-libev - security update
Niklas Abel discovered that insufficient input sanitising in the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...
[SECURITY] [DSA 4009-1] shadowsocks-libev security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4009-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 29, 2017 https://www.debian.org/security/faq -...
CVE-2017-15924
CVE-2017-15924 affects shadowsocks-libev (ss-manager) on version 3.1.0. Improper parsing of a JSON configuration request received via 127.0.0.1 UDP traffic enables local command injection through shell metacharacters in add_server, build_config, and construct_command_line pathways, potentially al...