Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 6 : libxdmcp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libXdmcp: weak entropy usage for session keys CVE-2017-2625 Note that Nessus has not tested for this issue but has...

6.5CVSS6.6AI score0.00538EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2022/10/19 12:0 a.m.37 views

Ubuntu 16.04 ESM : libXdmcp vulnerability (USN-5690-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5690-1 advisory. It was discovered that libXdmcp was generating weak session keys. A local attacker could possibly use this issue to perform a brute force attack and obtain anothe...

6.5CVSS6.6AI score0.00538EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2017-0330)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS5.9AI score0.00538EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2017:1862-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.4AI score0.00538EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2020/09/29 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for libXdmcp (EulerOS-SA-2020-2034)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS5.9AI score0.00538EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for libXpm, libXdmcp, libICE (EulerOS-SA-2017-1212)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.3AI score0.07528EPSS
Exploits3References2
CVE
CVE
added 2018/07/27 6:0 p.m.214 views

CVE-2017-2625

CVE-2017-2625 concerns libXdmcp prior to 1.1.2, which used weak entropy to generate session keys. On multi-user systems using xdmcp, a local attacker could examine process-list information to brute-force the key and hijack other users’ sessions. The issue is limited to the key-generation path; no...

6.5CVSS5.3AI score0.00538EPSS
Exploits3References8Affected Software1
Debian CVE
Debian CVE
added 2018/07/27 6:0 p.m.28 views

CVE-2017-2625

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions...

6.5CVSS6.1AI score0.00538EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2018/02/02 12:0 a.m.49 views

SUSE SLED12 / SLES12 Security Update : libXdmcp (SUSE-SU-2018:0338-1)

This update for libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046 Note that Tenable Network Security has extracted the preceding description block directly from th...

6.5CVSS6.5AI score0.00538EPSS
Exploits3References4
OSV
OSV
added 2018/02/01 11:38 a.m.6 views

SUSE-SU-2018:0338-1 Security update for libXdmcp

This update for libXdmcp fixes the following issues: - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046...

6.5CVSS6.7AI score0.00538EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2017/09/11 12:0 a.m.30 views

EulerOS 2.0 SP1 : libXpm, libXdmcp, libICE (EulerOS-SA-2017-1211)

According to the versions of the libXpm, libXdmcp, libICE packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash...

9.8CVSS6.6AI score0.07528EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2017/09/11 12:0 a.m.38 views

EulerOS 2.0 SP2 : libXpm, libXdmcp, libICE (EulerOS-SA-2017-1212)

According to the versions of the libXpm, libXdmcp, libICE packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash...

9.8CVSS6.6AI score0.07528EPSS
Exploits3References4
Mageia
Mageia
added 2017/09/07 9:7 a.m.46 views

Updated libxdmcp packages fix security vulnerability

XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user CVE-2017-2625...

6.5CVSS1.7AI score0.00538EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2017/08/25 12:0 a.m.88 views

CentOS 7 : libICE / libX11 / libXaw / libXcursor / libXdmcp / libXfixes / libXfont / libXfont2 / etc (CESA-2017:1865)

An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links ...

9.8CVSS6.8AI score0.07528EPSS
Exploits3References36
Tenable Nessus
Tenable Nessus
added 2017/08/10 12:0 a.m.41 views

Oracle Linux 7 : X.org / X11 / libraries (ELSA-2017-1865)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1865 advisory. - Use libbsd for randoms CVE-2017-2626, rhbz1427715 - Use libbsd for randoms CVE-2017-2625, rhbz1427716 - fixes CVE-2016-5407 - fixes CVE-2016-7953...

9.8CVSS7.3AI score0.07528EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2017/08/04 12:0 a.m.63 views

RedHat Update for X.org X11 libraries RHSA-2017:1865-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.3AI score0.07528EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2017/08/03 12:0 a.m.132 views

RHEL 7 : X.org X11 libraries (RHSA-2017:1865)

An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links ...

9.8CVSS6.8AI score0.07528EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.24 views

SUSE SLED12 / SLES12 Security Update : libXdmcp (SUSE-SU-2017:1862-1)

This update for libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046 Note that Tenable Network Security has extracted the preceding description block directly from th...

6.5CVSS6.5AI score0.00538EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.32 views

SUSE SLES11 Security Update : xorg-x11-libXdmcp (SUSE-SU-2017:1868-1)

This update for xorg-x11-libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable bsc1025046 Note that Tenable Network Security has extracted the preceding description block directl...

6.5CVSS6.5AI score0.00538EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2017/07/07 12:0 a.m.33 views

openSUSE Security Update : libXdmcp (openSUSE-2017-789)

This update for libXdmcp fixes the following issues : - CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable boo1025046 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

6.5CVSS6.4AI score0.00538EPSS
Exploits3References2
Rows per page
Query Builder