Lucene search
K

71 matches found

Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.3 views

PT-2023-13512 · Facebook · Hhvm

Name of the Vulnerable Software and Affected Versions: HHVM versions 4.172.0 and all prior versions Description: The issue arises from HHVM using TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS 1.0 has numerous published vulnerabilities and is deprecated...

9.8CVSS7.5AI score0.00527EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: ip: Fix data-races around sysctl_ip_prot_sock.

In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctlipprotsock. sysctlipprotsock is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing...

4.7CVSS6.3AI score0.0018EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/04/19 5:25 p.m.5 views

CVE-2023-30612 Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily...

4CVSS6.8AI score0.0036EPSS
Exploits0References5
OSV
OSV
added 2022/11/11 11:4 a.m.8 views

OESA-2022-2083 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

7.1CVSS7.2AI score0.03422EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.3 views

PT-2022-19432 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.9.16 Cilium versions prior to 1.10.11 Cilium versions prior to 1.11.5 Description: Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. It...

8.8CVSS6.8AI score0.00285EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2021/03/19 12:0 a.m.88 views

FreeBSD : OpenSSH -- Double-free memory corruption in ssh-agent (76b5068c-8436-11eb-9469-080027f515ea)

OpenBSD Project reports : ssh-agent1: fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket. On modern operating systems where the OS can provi...

7.1CVSS7.3AI score0.03422EPSS
Exploits1References3
ArchLinux
ArchLinux
added 2021/03/13 12:0 a.m.305 views

[ASA-202103-6] openssh: arbitrary code execution

Arch Linux Security Advisory ASA-202103-6 ========================================= Severity: Medium Date : 2021-03-13 CVE-ID : CVE-2021-28041 Package : openssh Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1657 Summary ======= The package openssh before...

7.1CVSS2.3AI score0.03422EPSS
Exploits1References5
OSV
OSV
added 2021/03/05 9:15 p.m.6 views

DEBIAN-CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7.3AI score0.03422EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/03/05 9:15 p.m.330 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7AI score0.03422EPSS
Exploits1References5
OSV
OSV
added 2021/03/05 9:15 p.m.4 views

UBUNTU-CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7.1AI score0.03422EPSS
Exploits1References6
CVE
CVE
added 2021/03/05 7:7 p.m.12894 views

CVE-2021-28041

The CVE refers to OpenSSH ssh-agent before 8.5, where a double-free vulnerability may be triggered in rare scenarios (unconstrained agent-socket access on legacy OS or forwarding to an attacker-controlled host). Affected component: ssh-agent in OpenSSH prior to 8.5. Root cause: double free descri...

7.1CVSS6.8AI score0.03422EPSS
Exploits1References9Affected Software1
AlpineLinux
AlpineLinux
added 2021/03/05 7:7 p.m.92 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7.1AI score0.03422EPSS
Exploits1
Debian CVE
Debian CVE
added 2021/03/05 7:7 p.m.1405 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.1CVSS7.6AI score0.03422EPSS
Exploits1
Cvelist
Cvelist
added 2021/03/05 7:7 p.m.137 views

CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

7.2AI score0.03422EPSS
Exploits1References9
CNNVD
CNNVD
added 2021/03/05 12:0 a.m.12 views

OpenSSH 资源管理错误漏洞

OpenSSH OpenBSD Secure Shell is a set of connection tools from the OpenBSD Project Group for secure access to remote computers. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection hijacking, an...

7.1CVSS7.4AI score0.03422EPSS
Exploits1References15
FreeBSD
FreeBSD
added 2021/03/03 12:0 a.m.341 views

OpenSSH -- Double-free memory corruption in ssh-agent

OpenBSD Project reports: ssh-agent1: fixed a double-free memory corruption that was introduced in OpenSSH 8.2 . We treat all such memory faults as potentially exploitable. This bug could be reached by an attacker with access to the agent socket. On modern operating systems where the OS can provid...

7.1CVSS1.1AI score0.03422EPSS
Exploits1References1
OSV
OSV
added 2020/11/25 3:15 p.m.9 views

AZL-7362 CVE-2020-25650 affecting package spice-vdagent for versions less than 0.22.1-1

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service f...

5.5CVSS6AI score0.0049EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/11/04 1:55 a.m.6 views

dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOSTUSERGETINFLIGHTFD messages, causing a resource leak file descriptors and virtual memory, which may result in a denial of service...

6CVSS7.1AI score0.00473EPSS
Exploits0References6
Cvelist
Cvelist
added 2020/06/22 7:10 a.m.28 views

CVE-2020-3628

Improper access due to socket opened by the logging application without specifying localhost address in Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, Rennell, SDX20...

9.4AI score0.00958EPSS
Exploits0References1
OSV
OSV
added 2020/05/20 2:15 p.m.2 views

DEBIAN-CVE-2020-10726

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOSTUSERGETINFLIGHTFD messages, causing a resource leak file descriptors and virtual memory, which may result in a denial of service...

4.4CVSS6.1AI score0.00473EPSS
Exploits0References1
Rows per page
Query Builder