301 matches found
Linux: SSH Ciphers
Ciphers: Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. Note: This check fails if any algorithms are found that are not specified in the VT preferences. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a...
Linux: SSH Subsystem
Subsystem: Configures an external subsystem e.g. file transfer daemon. Arguments should be a subsystem name and a command with optional arguments to execute upon subsystem request. The command sftp-server implements the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be...
Linux: SSH PubkeyAuthentication
sshd reads configuration data from /etc/ssh/sshdconfig or the file specified with -f on the command line. The file contains keyword-argument pairs, one per line. Lines starting with SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...
HTTP/2: request for large response leads to denial of service
A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...
HTTP/2: flood using SETTINGS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using SETTINGS frames and queuing of SETTINGS ACK frames, a flood could occur resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
The vulnerability of IPv6 network protocol implementations in the Linux operating system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of IPv6 network protocol implementations in the Linux operating system’s kernel is related to the lack of protection for data transmitted through the IPsec tunnel. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to...
The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server allows for uncontrolled resource consumption, enabling attackers to disclose sensitive information.
The vulnerability of the HTTP/2 network protocol implementation in the Apache HTTP Server is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...
X.Org X Server 1.20.4 - Local Stack Overflow Exploit
Exploit Title: X.Org X Server 1.20.4 - Local Stack Overflow Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: https://www.x.org/ Version: = 1.20.4 Tested on: Linux CVE: CVE-2019-17624 !/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar X.Org X Server 1.20.4 / X Protocol...
X.Org X Server 1.20.4 - Local Stack Overflow
Exploit Title: X.Org X Server 1.20.4 - Local Stack Overflow Date: 2019-10-16 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: https://www.x.org/ Version: = 1.20.4 Tested on: Linux CVE: CVE-2019-17624 !/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar X.Org X Server...
CVE-2019-0063
When an MX Series Broadband Remote Access Server BRAS is configured as a Broadband Network Gateway BNG with DHCPv6 enabled, jdhcpd might crash when receiving a specific crafted DHCP response message on a subscriber interface. The daemon automatically restarts without intervention, but continuous...
HTTP/2: large amount of data requests leads to denial of service
A flaw was found in HTTP/2. An attacker can request a large amount of data by manipulating window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this queue can consume excess CPU, memory, or both, leading to a...
HTTP/2: flood using HEADERS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
HTTP/2: flood using HEADERS frames results in unbounded memory growth
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RSTSTREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest threat from this vulnerability is to system availability...
TP-Link SR20 router 0 day vulnerability-a vulnerability warning-the black bar safety net
Google security developer Matthew Garrett found the TP-Link SR20 smart home router There 0 day arbitrary code execution vulnerability in the same network an attacker can exploit the vulnerability to root access to execute arbitrary commands. Garrett said public vulnerability is due from him to th...
Omron CX-One CX-Protocol
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Protocol within CX-One Vulnerabilities: Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the...
Xorg X11 Server (AIX) - Local Privilege Escalation
Xorg X11 Server AIX - Local Privilege Escalation Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Filese...
systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling
It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may...
CVE-2018-0055
Receipt of a specially crafted DHCPv6 message destined to a Junos OS device configured as a DHCP server in a Broadband Edge BBE environment may result in a jdhcpd daemon crash. The daemon automatically restarts without intervention, but a continuous receipt of crafted DHCPv6 packets could leaded ...
nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack...
DEBIAN-CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol...