Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: gssntlmssp (CVE-2023-25566)

The version of gssntlmssp installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25566 advisory. - GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to...

7.5CVSS5.7AI score0.01103EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-1399

Malware in sbrugna...

10CVSS6.1AI score0.03878EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2025/03/14 7:0 a.m.4 views

GSS-NTLMSSP vulnerable to memory leak when parsing usernames

...

7.5CVSS7.2AI score0.01103EPSS
Exploits0
OSV
OSV
added 2024/02/19 7:4 a.m.9 views

SUSE-SU-2024:0525-1 Security update for libssh

This update for libssh fixes the following issues: Update to version 0.9.8 jscPED-7719: Fix CVE-2023-6004: Command injection using proxycommand bsc1218209 Fix CVE-2023-48795: Potential downgrade attack using strict kex bsc1218126 Fix CVE-2023-6918: Missing checks for return values of MD functions...

9.3CVSS7.6AI score0.93305EPSS
Exploits7References19
RedHat Linux
RedHat Linux
added 2023/05/16 10:7 a.m.5 views

gssntlmssp: memory leak when parsing usernames

A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. A memory leak can be triggered when parsing usernames, triggering a denial of service. The domain portion of a username may be overridden, causing an allocated memory area the size of th...

7.5CVSS5.6AI score0.01103EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/03/27 8:20 p.m.3 views

CVE-2023-28628

lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority-regex allows an attacker to send malicious URLs to be parsed by the lambdaisland/uri and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in questio...

6.1CVSS6.3AI score0.00553EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/16 3:2 a.m.4 views

SUSE CVE-2023-25566

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the...

7.5CVSS6.8AI score0.01103EPSS
Exploits0References4
OSV
OSV
added 2023/02/14 6:15 p.m.5 views

AZL-44997 CVE-2023-25566 affecting package gssntlmssp for versions less than 1.3.1-1

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the...

7.5CVSS5.7AI score0.01103EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.2 views

PT-2023-20164 · Unknown +3 · Gss-Ntlmssp +3

Name of the Vulnerable Software and Affected Versions: GSS-NTLMSSP versions prior to 1.2.0 Description: GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. A memory leak can be triggered when parsing usernames, potentially causing a denial-of-service. The...

8.2CVSS7.5AI score0.01942EPSS
Exploits0References44
ATTACKERKB
ATTACKERKB
added 2022/08/03 4:15 p.m.3 views

CVE-2022-2272

This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element,...

9.8CVSS6AI score0.02379EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/07/28 5:15 p.m.4 views

CVE-2020-15625

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxaddmailbox.php. When parsing the username parameter, the...

7.5CVSS7.1AI score0.0383EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/12/04 12:0 a.m.36 views

Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication RCE (cisco-sa-20180606-aaa)

According to its self-reported version, Cisco IOS XE Software is affected by a remote code execution vulnerability in the authentication, authorization, and accounting AAA security services due to incorrect memory operations that the affected software performs when the software parses a username...

9.8CVSS9.4AI score0.08074EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/07/07 5:29 p.m.34 views

CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...

10CVSS6.7AI score0.03878EPSS
Exploits0References2
Prion
Prion
added 2017/07/07 5:29 p.m.27 views

Design/Logic Flaw

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...

10CVSS7.7AI score0.03878EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/07/07 5:29 p.m.30 views

CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...

9.8CVSS6.6AI score
Exploits0References4
CVE
CVE
added 2017/07/07 5:0 p.m.109 views

CVE-2017-1000082

Technical details about CVE-2017-1000082 are not provided in the connected documents. The available material only reiterates that systemd v233 and earlier mishandle usernames starting with digits, with no additional vendor/version or remediation specifics.

10CVSS7.6AI score0.03878EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/07/07 5:0 p.m.36 views

CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...

7.8AI score0.03878EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/07/07 4:48 a.m.36 views

CVE-2017-1000082

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit e.g. "0day", running the service in question with root privileges rather than the user intended...

10CVSS4.7AI score0.03878EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/07/07 12:0 a.m.2 views

PT-2017-2827 · Systemd +1 · Systemd +1

Name of the Vulnerable Software and Affected Versions: systemd versions prior to v233 Description: The issue arises from insufficient input validation in the systemd daemon's username parsing functionality, specifically when encountering usernames that start with a numeric digit. This can lead to...

10CVSS6.5AI score0.55116EPSS
Exploits1References25
Mageia
Mageia
added 2014/06/06 6:8 a.m.31 views

Updated mediawiki packages fix security vulnerability

XSS vulnerability in MediaWiki before 1.22.7, due to usernames on Special:PasswordReset being parsed as wikitext. The username on Special:PasswordReset can be supplied by anyone and will be parsed with wgRawHtml enabled. Since Special:PasswordReset is whitelisted by default on private wikis, this...

2.6CVSS5.9AI score0.02097EPSS
Exploits0References4
Rows per page
Query Builder