2 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. danfruehauf NetworkManager-ssh versiones anteriores a 1.2.11, permite una escalada de privilegios porque las opciones extra son manejadas inapropiadamente. • https://bugzilla.redhat.com/show_bug.cgi?id=1803499 https://github.com/danfruehauf/NetworkManager-ssh/pull/98 https://github.com/danfruehauf/NetworkManager-ssh/releases/tag/1.2.11 https://www.debian.org/security/2020/dsa-4637 •

CVSS: 3.3EPSS: 1%CPEs: 1EXPL: 0

The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. La función receive_ra en rdisc/nm-lndp-rdisc.c en la implementación del protocolo Neighbor Discovery (ND) en la pila IPv6 en NetworkManager 1.x permite a atacantes remotos reconfigurar un ajuste de límite de salto a través de un valor hop_limit pequeño en un mensaje Router Advertisement (RA), un problema similar a CVE-2015-2922. A flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158103.html http://openwall.com/lists/oss-security/2015/04/04/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76879 https://security.gentoo.org/glsa/201509-05 https://access.redhat.com/security/cve/CVE-2015-2924 https://bugzilla.redhat.com/show_bug.cgi?id=1209902 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •