Lucene search
K

731 matches found

OSV
OSV
added 2021/04/26 2:15 p.m.2 views

ALPINE-CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

7.5CVSS6.9AI score0.05107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/04/26 2:15 p.m.5 views

CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

7.5CVSS7.1AI score0.05107EPSS
Exploits0References12
OSV
OSV
added 2021/04/26 2:15 p.m.1 views

UBUNTU-CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

7.5CVSS6.9AI score0.05107EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/04/26 1:19 p.m.29 views

CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

7.5CVSS7.1AI score0.05107EPSS
Exploits0
CNNVD
CNNVD
added 2021/04/26 12:0 a.m.2 views

OpenVPN 访问控制错误漏洞

Openvpn OpenVPN is an American OpenVPN package for creating virtual private network VPN encrypted tunnels that uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a username/password. A...

7.5CVSS5.7AI score0.05107EPSS
Exploits0References17
NCSC
NCSC
added 2021/04/26 12:0 a.m.4 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. A malicious party could exploit the vulnerability to bypass authentication on an OpenVPN server configured to use "deferred authentication." Also, the malicious party can gain access gain access to information about the VPN settings. See the page below f...

7.5CVSS7.1AI score0.05107EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/04/22 12:0 a.m.5 views

PT-2021-2690 · Openvpn +5 · Openvpn +5

Name of the Vulnerable Software and Affected Versions: OpenVPN versions 2.5.1 and earlier Description: The issue allows a remote attacker to bypass authentication and access control channel data on servers configured with deferred authentication. This can potentially be used to trigger further...

9.8CVSS7.8AI score0.05539EPSS
Exploits4References83
Tenable Nessus
Tenable Nessus
added 2021/04/22 12:0 a.m.44 views

FreeBSD : openvpn -- deferred authentication can be bypassed in specific circumstances (efb965be-a2c0-11eb-8956-1951a8617e30)

Gert Doring reports : OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. %NASLMINLEVEL 70300 C Tenable Network...

7.5CVSS7.2AI score0.05107EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2021/03/02 12:0 a.m.34 views

openvpn -- deferred authentication can be bypassed in specific circumstances

Gert Döring reports: OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

7.5CVSS5.6AI score0.05107EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/13 12:52 a.m.43 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oracle Jul 2020 CPU plus one additional vulnerability and Oracle deferred from Jan 2020

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP65 and Version 8 SR6-FP10 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates in Jul2020 and some were deferred from...

8.3CVSS1.3AI score0.04315EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2021/01/26 10:22 a.m.3 views

Command Injection

Overview deferred-exec is a tool to run exec commands. Lets you use exec, execFile and spawn in a sane way. Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 42 in lib/deferred-exec.js PoC var a = require"deferred-exec"; a" touch JHU ",;...

9.8CVSS7.2AI score0.01112EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/01/26 10:22 a.m.4 views

bear (=0.1.0), proud-badge (>=0.0.1 <=0.0.5) +1 more potentially affected by CVE-2020-28438 via deferred-exec (=0.3.1)

deferred-exec NPM version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on deferred-exec and may be impacted: - bear =0.1.0 - proud-badge =0.0.1, =0.0.1, =0.0.4 Source cves: CVE-2020-28438 Source advisory: SNYK:JS-DEFERREDEXEC-1050433...

9.8CVSS7.2AI score0.01112EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2020/07/21 11:24 a.m.8 views

kernel: kvm: Information leak within a KVM guest

A flaw was found in the way Linux kernel's KVM hypervisor handled deferred TLB flush requests from guest. A race condition may occur between the guest issuing a deferred TLB flush request to KVM, and then KVM handling and acknowledging it. This may result in invalid address translations from TLB...

6.2CVSS7.2AI score0.00619EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/07/21 11:9 a.m.5 views

kernel: kvm: Information leak within a KVM guest

A flaw was found in the way Linux kernel's KVM hypervisor handled deferred TLB flush requests from guest. A race condition may occur between the guest issuing a deferred TLB flush request to KVM, and then KVM handling and acknowledging it. This may result in invalid address translations from TLB...

6.2CVSS7.2AI score0.00619EPSS
Exploits0References5
OSV
OSV
added 2019/06/27 5:15 p.m.3 views

DEBIAN-CVE-2019-5784

Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.5CVSS7.5AI score0.01573EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/06/27 5:15 p.m.21 views

CVE-2019-5784

Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.5CVSS7AI score0.01573EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/02/26 12:0 a.m.58 views

CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...

5.9CVSS6.8AI score0.17139EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/07/08 12:0 a.m.29 views

CVE-2018-13440

The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert...

6.5CVSS6.6AI score0.03113EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2018/06/13 12:0 a.m.118 views

Microsoft Office 2016 Click-to-Run (C2R) Multiple Vulnerabilities (Jun 2018)

This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

9.3CVSS6AI score0.20088EPSS
Exploits0References1
OSV
OSV
added 2018/05/08 6:29 p.m.1 views

DEBIAN-CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

7.8CVSS6.9AI score0.18262EPSS
Exploits9References1
Rows per page
Query Builder