CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 2CVE-2011-5000 – openssh: post-authentication resource exhaustion bug via GSSAPI
https://notcve.org/view.php?id=CVE-2011-5000
04 Apr 2012 — The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant. La función de ssh_gssapi_parse_ename en GSS-serv.c en OpenSSH v5.8 y versiones anteriores, cuando gssapi-with-mic de autenticación está activada, permite a usuarios remotos autenticados p... • http://rhn.redhat.com/errata/RHSA-2012-0884.html • CWE-189: Numeric Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 78EXPL: 0CVE-2012-0814 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2012-0814
27 Jan 2012 — The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys fi... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 40EXPL: 0CVE-2011-2895 – BSD compress LZW decoder buffer overflow
https://notcve.org/view.php?id=CVE-2011-2895
19 Aug 2011 — The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possib... • http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 29EXPL: 0CVE-2011-2168
https://notcve.org/view.php?id=CVE-2011-2168
24 May 2011 — Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418. Múltiples desbordamientos de entero en la implementación de glob en libc en OpenBSD anterior a v4.9 podría permitir a atacantes dependientes de contexto tener un impacto no especificado a través de una cadena manipulada, relacionado con el GLOB_APP... • http://securityreason.com/achievement_securityalert/97 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 96%CPEs: 13EXPL: 3CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
16 May 2011 — Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamie... • https://www.exploit-db.com/exploits/35738 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1013 – kernel: drm_modeset_ctl signedness issue
https://notcve.org/view.php?id=CVE-2011-1013
09 May 2011 — Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument. Error de enteros sin signo en F... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1922756124ddd53846877416d92ba4a802bc658f • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 3CVE-2010-4754
https://notcve.org/view.php?id=CVE-2010-4754
02 Mar 2011 — The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. La implementación glob en libc en FreeBSD versiones 7.3 y 8.1, NetBSD versión 5.0.2 y OpenBSD versión 4.7, ... • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/gen/glob.3#rev1.30.12.1 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 84EXPL: 3CVE-2010-4755 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2010-4755
02 Mar 2011 — The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632. La (1) función remote_glob en sftp-glob... • http://cvsweb.netbsd.org/cgi-bin/cvsweb.cgi/src/crypto/dist/ssh/Attic/sftp-glob.c#rev1.13.12.1 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0539
https://notcve.org/view.php?id=CVE-2011-0539
10 Feb 2011 — The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. La función key_certify en usr.bin/ssh/key.c en OpenSSH v5.6 y v5.7 al generar los certificados de herencia con la opción de línea de comandos -t en ssh-keygen, no se inicializa el campo nonce... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 78EXPL: 1CVE-2010-4478 – Gentoo Linux Security Advisory 201405-06
https://notcve.org/view.php?id=CVE-2010-4478
06 Dec 2010 — OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252. OpenSSH v5.6 y versiones anteriores, si J-PAKE está activo, no valida apropiadamente los parámetros públicos en el protocolo J-PAKE, lo que permite a atacantes remotos evitar la neces... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 • CWE-287: Improper Authentication •