Lucene search
K

70 matches found

Prion
Prion
added 2019/12/03 10:15 p.m.18 views

Remote code execution

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...

4.6CVSS7.8AI score0.00734EPSS
Exploits1References3Affected Software3
OSV
OSV
added 2019/12/03 10:15 p.m.2 views

UBUNTU-CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.7AI score0.02289EPSS
Exploits1References4
OSV
OSV
added 2019/12/03 10:15 p.m.2 views

UBUNTU-CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...

7.8CVSS7.6AI score0.00734EPSS
Exploits1References4
CVE
CVE
added 2019/12/03 9:56 p.m.179 views

CVE-2019-5164

CVE-2019-5164 affects shadowsocks-libev, specifically the ss-manager binary (version 3.3.2). A vulnerability in processing specially crafted network packets can lead to arbitrary code execution and privilege escalation on the host. The issue is tied to the ss-manager component and has been addres...

7.8CVSS7.6AI score0.00734EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/12/03 9:56 p.m.22 views

CVE-2019-5164

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger...

7.8CVSS7.7AI score0.00734EPSS
Exploits1References3
CVE
CVE
added 2019/12/03 9:55 p.m.187 views

CVE-2019-5163

CVE-2019-5163 affects Shadowsocks-libev 3.3.2’s UDPRelay when using a Stream Cipher and a local_address; sending arbitrary UDP packets can trigger a FATAL error path and exit, constituting a denial-of-service. The issue is mitigated by upgrading to Shadowsocks-libev 3.3.3, as referenced by severa...

7.5CVSS7.3AI score0.02289EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2019/12/03 9:55 p.m.19 views

CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.5AI score0.02289EPSS
Exploits1
Cvelist
Cvelist
added 2019/12/03 9:55 p.m.31 views

CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

5.9CVSS7.4AI score0.02289EPSS
Exploits1References3
CNVD
CNVD
added 2019/12/03 12:0 a.m.3 views

Shadowsocks-libev Access Control Error Vulnerability (CNVD-2020-00259)

Shadowsocks-libev is a lightweight secure SOCKS5 agent for embedded devices. An access control error vulnerability exists in the ss-manager binary in Shadowsocks-libev version 3.3.2, which can be exploited by an attacker to elevate privileges and execute arbitrary code...

7.8CVSS7.9AI score0.00734EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/03 12:0 a.m.3 views

Shadowsocks-libev Information Disclosure Vulnerability

Shadowsocks-libev is a lightweight secure SOCKS5 agent for embedded devices. An information disclosure vulnerability exists in the network packet handling feature in Shadowsocks-libev version 3.3.2, which can be exploited by an attacker to disclose information with the help of specially crafted...

7.4CVSS6.2AI score0.01379EPSS
Exploits1References1
Talos
Talos
added 2019/12/03 12:0 a.m.195 views

Shadowsocks-libev ss-manager add_server Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to...

7.8CVSS7.9AI score0.00734EPSS
Exploits1
Talos
Talos
added 2019/12/03 12:0 a.m.289 views

Shadowsocks-libev ss-server UdpRelay Denial-of-Service Vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.6AI score0.02289EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/02/05 12:0 a.m.25 views

FreeBSD : shadowsocks-libev -- command injection via shell metacharacters (3746de31-0a1a-11e8-83e7-485b3931c969)

MITRE reports : Improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright...

7.8CVSS7.3AI score0.01274EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2017/12/14 12:0 a.m.6 views

The vulnerability of the ss-manager component (manager.c) of the shadowsocks-libev proxy server allows a hacker to inject any command or execute any code.

The vulnerability of the ss-manager component manager.c of the shadowsock-libev proxy server is related to insufficient cleaning of special elements used in the command. Exploiting this vulnerability allows a local attacker to inject arbitrary commands or execute arbitrary code by sending a...

7.8CVSS6AI score0.01274EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2017/12/01 11:13 p.m.8 views

MGASA-2017-0436 Updated shadowsocks-libev packages fix security vulnerability

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS7.8AI score0.01274EPSS
Exploits1References4
Mageia
Mageia
added 2017/12/01 11:13 p.m.23 views

Updated shadowsocks-libev packages fix security vulnerability

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the addserver, buildconfig, and constructcommandline functions...

7.8CVSS5.6AI score0.01274EPSS
Exploits1References3
ArchLinux
ArchLinux
added 2017/11/30 12:0 a.m.21 views

[ASA-201711-40] shadowsocks-libev: arbitrary command execution

Arch Linux Security Advisory ASA-201711-40 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-15924 Package : shadowsocks-libev Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-474 Summary ======= The package...

7.8CVSS2.4AI score0.01274EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2017/11/16 12:0 a.m.33 views

openSUSE Security Update : shadowsocks-libev (openSUSE-2017-1274)

This update for shadowsocks-libev fixes the following issues : Security issue fixed : - CVE-2017-15924: In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic,...

7.8CVSS7.2AI score0.01274EPSS
Exploits1References2
CNVD
CNVD
added 2017/11/01 12:0 a.m.1 views

shadowsocks-libev command execution vulnerability

shadowsocks-libev is a SOCKS5 proxy for embedded devices written in C. ss-manager is one of the ss management tools. A security vulnerability exists in the manager.c file of ss-manager in shadowsocks-libev version 3.1.0. An attacker can exploit this vulnerability to execute commands...

7.8CVSS7.1AI score0.01274EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/10/30 12:0 a.m.167 views

Debian DSA-4009-1 : shadowsocks-libev - security update

Niklas Abel discovered that insufficient input sanitising in the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

7.8CVSS7.5AI score0.01274EPSS
Exploits1References3
Rows per page
Query Builder