-
CVE-2011-5000 openssh: post-authentication resource exhaustion bug via GSSAPI
CVE ID CVE-2011-5000 DESCRIPTION The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios…
-
CVE-2018-5733 dhcp: Reference count overflow in dhcpd allows denial of service
CVE ID CVE-2018-5733 DESCRIPTION A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. A malicious DHCP client could use this flaw to trigger a reference count overflow on the server side, potentially causing dhcpd to crash, by sending large amounts of traffic.…
-
CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass
CVE ID CVE-2017-3167 DESCRIPTION It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used…
-
CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow
CVE ID CVE-2011-3607 DESCRIPTION Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a…
-
CVE-2017-12478: Unitrends api/storage authentication bypass RCE
CVE ID CVE-2017-12478 DESCRIPTION It was discovered that the Unitrends api/storage web interface has an issue in which one of its input parameters was not validated. A remote attacker could use this issue to bypass authentication and execute arbitrary commands with root privilege on the target system. RESOLUTION…
-
CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)
CVE ID CVE-2018-5390 DESCRIPTION A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets…
-
CVE-2017-7679 httpd: mod_mime buffer overread
CVE ID CVE-2017-7679 DESCRIPTION A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. Unitrends risk assessment: Medium, or None if current security update is applied RESOLUTION For CentOS6,…
-
CVE-2015-8325: openssh privilege escalation via LD_PRELOAD
SUMMARY Resolved with later openssh rpm in security update. CVE ID CVE-2015-8325 DESCRIPTION The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by…
-
CVE-2018-3615 kernel: L1 Terminal Fault: SGX
CVE ID CVE-2018-3615 DESCRIPTION Systems with microprocessors utilizing speculative execution and Intel® software guard extensions (Intel® SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. 7.9 High…
-
CVE-2016-2183: SWEET32 TLS/SSL Birthday attacks on 3DES ciphers
SUMMARY How to resolve the SWEET32 3DES cipher vulnerability. CVE ID CVE-2016-2183 DESCRIPTION A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL…