Lucene search
+L

110 matches found

BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.6 views

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the xorg-x11-xauth-6.8.2 package in the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

9.3CVSS5.4AI score0.05781EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.5 views

The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the xorg-x11-xauth package in the SUSE Linux Enterprise operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

9.3CVSS5.4AI score0.05781EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.5 views

Vulnerabilities of the Red Hat Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The XFree86-xauth-4.2.1-21 package of the Red Hat Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

7.5CVSS5.8AI score0.03403EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.30 views

openSUSE Security Update : strongswan (openSUSE-SU-2013:1332-1)

This update of strongswan fixed a denial-of-service vulnerability, that could be triggered by special XAuth usernames and EAP identities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

4.3CVSS8.1AI score0.02985EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.26 views

openSUSE Security Update : strongswan (openSUSE-SU-2013:1333-1)

This update of strongswan fixed a denial-of-service vulnerability, that could be triggered by special XAuth usernames and EAP identities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

4.3CVSS8.1AI score0.02985EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/01/28 12:0 a.m.35 views

FreeBSD : strongswan -- multiple DoS vulnerabilities (efa663eb-8754-11e3-9a47-00163e1ed244)

strongSwan Project reports : A DoS vulnerability triggered by crafted IKEv1 fragmentation payloads was discovered in strongSwan's IKE daemon charon. All versions since 5.0.2 are affected. A DoS vulnerability and potential authorization bypass triggered by a crafted IDDERASN1DN ID payload was...

5CVSS8.2AI score0.02985EPSS
Exploits1References7
FreeBSD
FreeBSD
added 2013/11/01 12:0 a.m.28 views

strongswan -- multiple DoS vulnerabilities

strongSwan Project reports: A DoS vulnerability triggered by crafted IKEv1 fragmentation payloads was discovered in strongSwan's IKE daemon charon. All versions since 5.0.2 are affected. A DoS vulnerability and potential authorization bypass triggered by a crafted IDDERASN1DN ID payload was...

5CVSS6.4AI score0.02985EPSS
Exploits1References3
NVD
NVD
added 2013/08/28 11:55 p.m.26 views

CVE-2013-5018

The isasn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1length function, which allows remote attackers to cause a denial of service segmentation fault via a 1 XAuth username, 2 EAP identity, or 3 PEM encoded file that starts with a 0x04, 0x30,...

4.3CVSS6.4AI score0.02985EPSS
Exploits1References9
OSV
OSV
added 2013/08/28 11:55 p.m.4 views

UBUNTU-CVE-2013-5018

The isasn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1length function, which allows remote attackers to cause a denial of service segmentation fault via a 1 XAuth username, 2 EAP identity, or 3 PEM encoded file that starts with a 0x04, 0x30,...

4.3CVSS5.9AI score0.02985EPSS
Exploits1References2
Cvelist
Cvelist
added 2013/08/28 5:18 p.m.32 views

CVE-2013-5018

The isasn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1length function, which allows remote attackers to cause a denial of service segmentation fault via a 1 XAuth username, 2 EAP identity, or 3 PEM encoded file that starts with a 0x04, 0x30,...

6.3AI score0.02985EPSS
Exploits1References9
exploitpack
exploitpack
added 2013/01/29 12:0 a.m.34 views

pfSense UTM Platform 2.0.1 - Cross-Site Scripting

pfSense UTM Platform 2.0.1 - Cross-Site Scripting ┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link: www.pfsense.or...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2013/01/29 12:0 a.m.42 views

pfSense UTM Platform 2.0.1 - Cross-Site Scripting

┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link: www.pfsense.org │ Version: = 2.0.1 │ Category: Semi-Persistent...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.29 views

Scientific Linux Security Update : pam on SL5.x i386/x86_64

It was discovered that the pamnamespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted for example, when pamnamespace was configured for setuid applications such as su or...

6.9CVSS5.8AI score0.00416EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2011/10/04 12:0 a.m.30 views

OpenSSH < 1.2.3 xauth Session Highjacking

According to its banner, the remote host is running a version of OpenSSH earlier than 1.2.3. Such versions are affected by a session highjacking vulnerability. By default, ssh clients negotiate to forward X connections by using the xauth program to place cookies in the authorization cache of the...

5.1CVSS7.6AI score0.00972EPSS
Exploits0References4
OSV
OSV
added 2011/01/24 7:0 p.m.2 views

DEBIAN-CVE-2010-4706

The pamsmclosesession function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pamxauth PAM check...

4.9CVSS6.2AI score0.00368EPSS
Exploits0References1
OSV
OSV
added 2011/01/24 7:0 p.m.2 views

DEBIAN-CVE-2010-4707

The checkacl function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service resource consumption via a special file...

4.9CVSS6.4AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2011/01/24 6:0 p.m.2 views

DEBIAN-CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

3.3CVSS6.5AI score0.00366EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2010/11/16 6:16 p.m.10 views

Openswan cisco banner option handling vulnerability

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long ciscobanner aka serverbanner field...

6.5CVSS6.3AI score0.04034EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/16 6:16 p.m.5 views

Openswan: Gateway arbitrary execution via shell metacharacters in the cisco_banner

programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the ciscobanner aka serverbanner field, a different vulnerability than CVE-2010-3308...

6.5CVSS6.1AI score0.02409EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/16 6:16 p.m.13 views

openswan: buffer overflow vulnerability in XAUTH client-side support

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet...

6.5CVSS6.3AI score0.03892EPSS
Exploits0References4
Rows per page
Query Builder