Denial Of Service (DoS) Through Memory Consumption
OpenSSL is vulnerable to denial of service (DoS) attacks. These attacks are possible because there is a memory leak in the tls_decrypt_ticket function which can be triggered through a session...
4.2AI Score
0.937EPSS
OpenSSL is vulnerable to access restriction bypass. This is possible because OpenSSL does not enforce the no-ssl3 build option, which then allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and...
4.5AI Score
0.005EPSS
Denial Of Service (DoS) Through Null Pointer Dereference
OpenSSL is vulnerable to denial of service (DoS) attacks. This is caused by the ssl_set_client_disabled function and triggered by a ServerHello message that includes an SRP ciphersuite but no negotiation of that suite with the...
4.3AI Score
0.05EPSS
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user...
7.8CVSS
7.3AI Score
0.001EPSS
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user...
7.8CVSS
7.4AI Score
0.001EPSS
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user...
7.8CVSS
6.8AI Score
0.001EPSS
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user...
7.5AI Score
0.001EPSS
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware...
9.8CVSS
8.2AI Score
0.016EPSS
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware...
9.8CVSS
9.8AI Score
0.016EPSS
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware...
9.8CVSS
9.6AI Score
0.016EPSS
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware...
9.7AI Score
0.016EPSS
CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware...
9.8CVSS
7AI Score
0.016EPSS
Buffer Overflow in BSD libc Library Patched
The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code. The library is part of the POSIX library, which is used in BSD operating systems, like FreeBSD, NetBSD, OpenBSD. The libc library is also used in...
1.7AI Score
BSD libc contains a buffer overflow vulnerability in link_ntoa()
Overview The BSD libc library'slink_ntoa() function may be vulnerable to a classic buffer overflow. It is currently unclear if this issue is exploitable. Description CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2016-6559 Improper bounds checking of the obuf....
9.8CVSS
0.1AI Score
0.008EPSS
ipsec-tools -- remotely exploitable computational-complexity attack
Robert Foggia via NetBSD GNATS reports: The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint ...
7.5CVSS
3.1AI Score
0.003EPSS
NTP.org ntpd contains multiple denial of service vulnerabilities
Overview NTP.org ntpd versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not including ntp-4.3.94 contain multiple denial of service vulnerabilities. Description NTP.org's ntpd, versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not...
7.5CVSS
0.6AI Score
0.965EPSS
tnftp: Arbitrary code execution
Background tnftp is a NetBSD FTP client with several advanced features. Description The fetch_url function in usr.bin/ftp/fetch.c allows remote attackers to execute arbitrary commands via a Impact A remote attacker could possibly execute arbitrary code with the privileges of the process. ...
5.8AI Score
0.959EPSS
Lynis 2.4.0 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...
7.2AI Score
MatrixSSL contains multiple vulnerabilities
Overview MatrixSSL, version 3.8.5 and earlier, contains heap overflow, out-of-bounds read, and unallocated memory free operation vulnerabilities. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-6890 The Subject Alt Name field of X.509 certificates is not properly parsed. A specially...
9.8CVSS
0.8AI Score
0.035EPSS
Lynis 2.3.4 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...
7.1AI Score
7.4AI Score
EPSS
NetBSD mail.local - Privilege Escalation (Metasploit)
Exploit for bsd platform in category local...
7.4AI Score
0.001EPSS
0.6AI Score
Lynis 2.3.3 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...
6.9AI Score
It was found that targets using gcc's libssp library for Stack Smashing Protection (among others: Cygwin, MinGW, newlib, RTEMS; but not Glibc, Bionic, NetBSD which provide SSP in libc), are missing the Object Size Checking feature, even when explicitly requested with _FORTIFY_SOURCE. Vulnerable...
7.8CVSS
2.6AI Score
0.0004EPSS
HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected
Overview HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally...
6.5CVSS
AI Score
0.006EPSS
Lynis 2.3.2 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...
7.2AI Score
-0.2AI Score
0.001EPSS
7.4AI Score
EPSS
NetBSD - mail.local(8) Local Privilege Escalation
NetBSD - mail.local(8) Local Privilege...
0.7AI Score
NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)
Exploit for bsd platform in category local...
7.4AI Score
0.001EPSS
Overview Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate...
8.1CVSS
0.4AI Score
0.948EPSS
Lynis 2.3.0 - Security Auditing Tool for Unix/Linux Systems
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...
6.9AI Score
mDNSResponder contains multiple memory-based vulnerabilities
Overview mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference. Description CWE-120:...
9.8CVSS
9.5AI Score
0.012EPSS
NTP.org ntpd is vulnerable to denial of service and other vulnerabilities
Overview NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. Description NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. A brief overview follows, but details may be found in NTP's security advisory listing and in...
7.5CVSS
AI Score
0.923EPSS
Debian DLA-491-1 : postgresql-9.1 bugfix update
The PostgreSQL project released a new version of the PostgreSQL 9.1 branch : Clear the OpenSSL error queue before OpenSSL calls, rather than assuming it's clear already; and make sure we leave it clear afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) This change prevents...
-0.1AI Score
[SECURITY] [DLA 491-1] postgresql-9.1 bugfix update
Package : postgresql-9.1 Version : 9.1.22-0+deb7u1 The PostgreSQL project released a new version of the PostgreSQL 9.1 branch: Clear the OpenSSL error queue before OpenSSL calls, rather than assuming it's clear already; and make sure we leave it clear afterwards (Peter Geoghegan,...
7.2AI Score
postgresql-9.1 - bugfix update
The PostgreSQL project released a new version of the PostgreSQL 9.1 branch: Clear the OpenSSL error queue before OpenSSL calls, rather than assuming it's clear already; and make sure we leave it clear afterwards (Peter Geoghegan, Dave Vitek, Peter Eisentraut) This change prevents problems when...
0.2AI Score
x86 software guest page walk PS bit handling flaw
ISSUE DESCRIPTION The Page Size (PS) page table entry bit exists at all page table levels other than L1. Its meaning is reserved in L4, and conditionally reserved in L3 and L2 (depending on hardware capabilities). The software page table walker in the hypervisor, however, so far ignored that bit...
8.4CVSS
0.5AI Score
0.002EPSS
Little CMS 2 DefaultICCintents double-free vulnerability
Overview Little CMS 2 contains a double-free vulnerability in the DefaultICCintents function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Little CMS is an open-source color management engine that supports the International Color.....
9.8CVSS
0.5AI Score
0.043EPSS
NTP.org ntpd contains multiple vulnerabilities
Overview The NTP.org reference implementation of ntpd contains multiple vulnerabilities. Description NTP.org's reference implementation of NTP server, ntpd, contains multiple vulnerabilities. CWE-294: Authentication Bypass by Capture-replay - CVE-2015-7973 An attacker on the network can record...
9.8CVSS
7.9AI Score
0.86EPSS
Transparent SSL TLS interception: SSLsplit
Transparent SSL TLS interception: SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis, web application security testing, network security auditing, penetration testing and...
-0.1AI Score
Nginx Web Application Firewall: NAXSI
NAXSI means Nginx Anti XSS & SQL Injection . Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website...
1.3AI Score
Lynis 2.2.0 - Security Auditing Tool for Unix/Linux Systems
Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems. It runs on the host itself, so it can perform very extensive security scans. Supported operating systems....
7.1AI Score
Debian DLA-444-1 : php5 security update
CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression.....
9.1AI Score
0.008EPSS
[SECURITY] [DLA 444-1] php5 security update
Package : php5 Version : 5.3.3.1-7+squeeze29 CVE ID : CVE-2015-2305 CVE-2015-2348 CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and...
8.8AI Score
0.008EPSS
IKE/IKEv2 protocol implementations may allow network amplification attacks
Overview Implementations of the IKEv2 protocol are vulnerable to network amplification attacks. Description CWE-406: Insufficient Control of Network Message Volume (Network Amplification) IKE/IKEv2 and other UDP-based protocols can be used to amplify denial-of-service attacks. In some scenarios,...
7.5CVSS
0.6AI Score
0.001EPSS
glibc vulnerable to stack buffer overflow in DNS resolver
Overview GNU glibc contains a buffer overflow vulnerability in the DNS resolver, which may allow a remote attacker to execute arbitrary code. Description CWE-121: Stack-based Buffer Overflow - CVE-2015-7547 According to a Google security blog post: "The glibc DNS client side resolver is...
8.1CVSS
8.7AI Score
0.974EPSS
ffmpeg and Libav cross-domain information disclosure vulnerability
Overview ffmpeg is a "cross-platform solution to record, convert and stream audio and video". ffmpeg is vulnerable to local file disclosure due to improper enforcement of domain restrictions when processing playlist files. Description CWE-201: Information Exposure Through Sent Data -...
5.5CVSS
0.5AI Score
0.005EPSS
OpenSSH Client contains a client information leak vulnerability and buffer overflow
Overview OpenSSH client code versions 5.4 through 7.1p1 contains a client information leak vulnerability that could allow an OpenSSH client to leak information not limited to but including private keys, as well as a buffer overflow in certain non-default configurations. Description CWE-200:...
8.1CVSS
0.2AI Score
0.003EPSS