6 matches found
CVE-2018-15473
OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...
CVE-2019-11815
The CVE-2019-11815 issue affects Linux kernels with net/rds/tcp.c: rds_tcp_kill_sock contains a race that can cause a use-after-free during net namespace cleanup (pre-5.0.8). A fix was committed and released in 5.0.8; upgrading to 5.0.8+ (or applying the patch) is the advised remediation. The Uni...
CVE-2018-6485
CVE-2018-6485 is an integer overflow in posix_memalign within glibc (memalign implementation) for versions 2.26 and earlier, which could cause a heap area to be too small and lead to heap corruption. The NVD CVSSv3/base score is 9.8 (CRITICAL) with network attack vector, no user interaction. Affe...
CVE-2020-27216
CVE-2020-27216 affects Eclipse Jetty in Unix-like environments across versions 1.0–9.4.32.v20200930, 10.0.0.alpha1–10.0.0.beta2, and 11.0.0.alpha1–11.0.0.beta2O. It describes a race condition where the system temporary directory is shared among users, allowing a collocated user to observe the cre...
CVE-2018-2826
CVE-2018-2826 affects Oracle Java SE Libraries in Java SE 10. The vulnerability allows an unauthenticated network-based attacker to compromise Java SE, with potential takeover of the Java Runtime, per the description. CVSS 3.1 indicates HIGH impact (C, I, A HIGH) with NETWORK attack vector and re...
CVE-2018-2825
CVE-2018-2825 concerns Oracle Java SE Libraries with affected Java SE 10, allowing network-based attacks that may compromise confidentiality, integrity, and availability; the exploitation requires user interaction. The connected documents largely discuss IBM-specific advisories (IBM i, Netcool Ag...