Categories
NVD NVD Nist GOV

NVD – CVE-2012-0785

Awaiting Analysis


This vulnerability is currently awaiting analysis.

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka “the Hash DoS attack.”

Categories
NVD NVD Nist GOV

NVD – CVE-2015-0565

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2015-5201

Awaiting Analysis


This vulnerability is currently awaiting analysis.

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.

Categories
NVD NVD Nist GOV

NVD – CVE-2015-9542

CVE-2015-9542 Detail

Current Description

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.

Source:  MITRE
View Analysis Description

Analysis Description

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors.

Source:  MITRE

Severity

CVSS 3.x Severity and Metrics:

CVSS 2.0 Severity and Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID CWE Name Source
CWE-787 Out-of-bounds Write NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
Configuration 2 ( hide )

Change History

1 change record found – show changes

Initial Analysis2/25/2020 11:20:56 AM

Action Type Old Value New Value
Added CPE Configuration
OR
     *cpe:2.3:a:freeradius:pam_radius:1.4.0:*:*:*:*:*:*:*
Added CPE Configuration
OR
     *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Added CVSS V2
NIST (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Added CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE
NIST CWE-787
Changed Reference Type
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542 No Types Assigned
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9542 Issue Tracking, Patch, Third Party Advisory
Changed Reference Type
https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0 No Types Assigned
https://github.com/FreeRADIUS/pam_radius/commit/01173ec2426627dbb1e0d96c06c3ffa0b14d36d0 Patch, Third Party Advisory
Changed Reference Type
https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html No Types Assigned
https://lists.debian.org/debian-lts-announce/2020/02/msg00023.html Mailing List, Third Party Advisory

Quick Info

CVE Dictionary Entry:
CVE-2015-9542
NVD Published Date:
02/24/2020
NVD Last Modified:
02/25/2020

Categories
NVD NVD Nist GOV

NVD – CVE-2016-11020

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2018-13313

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2018-14705

Undergoing Analysis


This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary.

In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself.

Categories
NVD NVD Nist GOV

NVD – CVE-2019-10796

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2019-10798

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2019-10799

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].