Lucene search
+L

491 matches found

UbuntuCve
UbuntuCve
added 2017/05/26 12:0 a.m.18 views

CVE-2017-9232

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root...

10CVSS6.9AI score0.48501EPSS
Exploits5References2
OSV
OSV
added 2017/05/26 12:0 a.m.4 views

UBUNTU-CVE-2017-9232

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root...

9.8CVSS6.9AI score0.48501EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2017/05/26 12:0 a.m.3 views

PT-2017-18797 · Canonical · Juju +1

Name of the Vulnerable Software and Affected Versions: Juju versions prior to 1.25.12 Juju versions 2.0.x prior to 2.0.4 Juju versions 2.1.x prior to 2.1.3 Description: The issue allows for privilege escalation by users on the system to root due to the use of a UNIX domain socket without...

10CVSS7.5AI score0.48501EPSS
Exploits5References24
exploitpack
exploitpack
added 2017/05/23 12:0 a.m.27 views

Apple macOSiOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization

Apple macOSiOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1123 unpexternalize is responsible for externalizing the file descriptors carried within a unix domain socket message...

7.3AI score
Exploits0
0day.today
0day.today
added 2017/05/23 12:0 a.m.65 views

Apple iOS / macOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor E

Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1123 unpexternalize is responsible for externalizing the file descriptors carried within a unix domain socket message. That means allocating new fd table entries in the receiver...

7.6CVSS8.4AI score0.04189EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/05/23 12:0 a.m.48 views

Apple macOS/iOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1123 unpexternalize is responsible for externalizing the file descriptors carried within a unix domain socket message. That means allocating new fd table entries in the receiver and recreating a file which looks looks to userspac...

7AI score
Exploits0
Prion
Prion
added 2017/03/27 5:59 p.m.15 views

Buffer overflow

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

7.5CVSS9.5AI score0.21816EPSS
Exploits4References8Affected Software2
UbuntuCve
UbuntuCve
added 2017/03/27 5:59 p.m.29 views

CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS7.2AI score0.21816EPSS
Exploits4References3
OSV
OSV
added 2017/03/27 5:59 p.m.3 views

ALPINE-CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS7.6AI score0.21816EPSS
Exploits4References1
OSV
OSV
added 2017/03/27 5:59 p.m.2 views

DEBIAN-CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS7.6AI score0.21816EPSS
Exploits4References1
OSV
OSV
added 2017/03/27 5:59 p.m.4 views

UBUNTU-CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS7.8AI score0.21816EPSS
Exploits4References4
Debian CVE
Debian CVE
added 2017/03/27 5:0 p.m.62 views

CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS9.8AI score0.21816EPSS
Exploits4
Cvelist
Cvelist
added 2017/03/27 5:0 p.m.28 views

CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.7AI score0.21816EPSS
Exploits4References8
AlpineLinux
AlpineLinux
added 2017/03/27 5:0 p.m.73 views

CVE-2017-6542

The sshagentchanneldata function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overfl...

9.8CVSS9.8AI score0.21816EPSS
Exploits4
Hacker One
Hacker One
added 2017/02/09 12:4 a.m.24 views

Uber: pam-ussh may be tricked into using another logged in user's ssh-agent

Summary https://github.com/uber/pam-ussh was open-sourced today kudos! and is presumably used within Uber's infrastructure. This is a PAM module written a Go that "will authenticate a user based on them having an ssh certificate in their ssh-agent signed by a specified ssh CA." A cursory look at...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2016/04/12 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-2948-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.2AI score0.14546EPSS
Exploits11References3
Tenable Nessus
Tenable Nessus
added 2016/04/07 12:0 a.m.63 views

Ubuntu 15.10 : linux vulnerabilities (USN-2947-1)

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14546EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2016/04/07 12:0 a.m.50 views

Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2947-3)

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14546EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2016/04/07 12:0 a.m.35 views

Ubuntu: Security Advisory (USN-2947-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.9AI score0.14546EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2016/04/07 12:0 a.m.239 views

Ubuntu: Security Advisory (USN-2949-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.2AI score0.14546EPSS
Exploits0References2
Rows per page
Query Builder