search for: cvss

Displaying 20 results from an estimated 95 matches for "cvss".

Did you mean: cvs
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
...en-MAC and do not support the strict key exchange countermeasures. It does not check for vulnerable software versions. See Also https://terrapin-attack.com/ Solution Contact the vendor for an update with the strict key exchange countermeasures or disable the affected algorithms. Risk Factor Medium CVSS v3.0 Base Score 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) CVSS v3.0 Temporal Score 5.3 (CVSS:3.0/E:P/RL:O/RC:C) VPR Score 6.9 CVSS v2.0 Base Score 5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N) CVSS v2.0 Temporal Score 4.2 (CVSS2#E:POC/RL:OF/RC:C) 187315 (10) - SSH Terrapin Prefix Truncation Weakn...
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Hi Team, Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. Arjit Kumar
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Thanks for the analysis of second bug. Please also share CVSSv3 score for first bug. Arjit Kumar On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org> wrote: > On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote: > > Hi Team, > > > > Please let me know the severity of CVE-2017-2619 and CVE-2017-74...
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
...termeasures. It does not check for > vulnerable software versions. > See Also > https://terrapin-attack.com/ > > Solution > Contact the vendor for an update with the strict key exchange > countermeasures or disable the affected > algorithms. > Risk Factor > Medium > CVSS v3.0 Base Score > 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) > CVSS v3.0 Temporal Score > 5.3 (CVSS:3.0/E:P/RL:O/RC:C) > VPR Score > 6.9 > CVSS v2.0 Base Score > 5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N) > CVSS v2.0 Temporal Score > 4.2 (CVSS2#E:POC/RL:OF/RC:C) >...
2020 May 18
0
Multiple vulnerabilities in Dovecot
...3.10 Vulnerable component: submission, lmtp Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.10.1 Researcher credits: Philippe Antoine (Catena Cyber) Vendor notification: 2020-03-24 Solution date: 2020-04-02 Public disclosure: 2020-05-18 CVE reference: CVE-2020-10957 CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Vulnerability Details: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk: Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglibl...
2020 May 18
0
Multiple vulnerabilities in Dovecot
...3.10 Vulnerable component: submission, lmtp Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.10.1 Researcher credits: Philippe Antoine (Catena Cyber) Vendor notification: 2020-03-24 Solution date: 2020-04-02 Public disclosure: 2020-05-18 CVE reference: CVE-2020-10957 CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Vulnerability Details: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk: Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglibl...
2023 Oct 03
0
Heads-up: Upcoming Samba security releases
Hi, this is a heads-up that there will be Samba security updates for 4.17, 4.18 and 4.19 on Tuesday October 10 2023. Please make sure that your Samba servers will be updated soon after the release! Impacted component: ?- Fileserver (CVSS 6.5, Medium) ?- DCE-RPCs and pipes (CVSS 6.8, Medium) ?- AD DC (CVSS 7.5, High; CVSS 6.5, Medium, and CVSS 6.5, Medium) Jule Anger -- Jule Anger Release Manager Samba Team samba.org SerNet Samba Team sernet.de
2023 Oct 03
0
Heads-up: Upcoming Samba security releases
Hi, this is a heads-up that there will be Samba security updates for 4.17, 4.18 and 4.19 on Tuesday October 10 2023. Please make sure that your Samba servers will be updated soon after the release! Impacted component: ?- Fileserver (CVSS 6.5, Medium) ?- DCE-RPCs and pipes (CVSS 6.8, Medium) ?- AD DC (CVSS 7.5, High; CVSS 6.5, Medium, and CVSS 6.5, Medium) Jule Anger -- Jule Anger Release Manager Samba Team samba.org SerNet Samba Team sernet.de
2017 May 26
0
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
...Gupta via samba wrote: > Hi Team, > > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. They are not unpublished: https://www.samba.org/samba/security/CVE-2017-2619.html https://www.samba.org/samba/security/CVE-2017-7494.html For this second bug, I did some work on CVSS scores: I've had a go at a CVSSv3 score for the normal case here (password required to write to shares): AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C (8.2) https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/P R:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C for the AD DC, assu...
2016 Dec 02
6
CVE-2016-8562 in dovecot
...39;t configured any auth_policy_* settings you are ok. This is fixed with https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae and https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc Important vulnerability in Dovecot (CVE-2016-8562) CVSS score: 7.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H) Affected version(s): 2.2.25.1 up to 2.2.26.1 Fixed in: 2.2.27.1rc1 Short summary: Dovecot auth component can be crashed by remote user when auth-policy component is activated. If auth-policy component has been activated in Dovecot, then re...
2020 Jun 25
1
Heads-up: Security Releases ahead!
Hi, This is a heads-up that there will be Samba security updates on Thursday, July 2 2020. Please make sure that your Samba servers will be updated soon after the release! Impacted components: - AD DC (CVSS 7.5, Medium) - File server (CVSS 7.5, Medium) Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
2020 Jun 25
1
Heads-up: Security Releases ahead!
Hi, This is a heads-up that there will be Samba security updates on Thursday, July 2 2020. Please make sure that your Samba servers will be updated soon after the release! Impacted components: - AD DC (CVSS 7.5, Medium) - File server (CVSS 7.5, Medium) Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
...t Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-05-21 Solution date: 2021-05-22 Public disclosure: 2021-06-21 CVE reference: CVE-2021-33515 CVSS: 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) Researcher credit: Fabian Ising and Damian Poddebniak of M?nster University of Applied Sciences Vulnerability Details: On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished wi...
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
...t Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-05-21 Solution date: 2021-05-22 Public disclosure: 2021-06-21 CVE reference: CVE-2021-33515 CVSS: 4.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N) Researcher credit: Fabian Ising and Damian Poddebniak of M?nster University of Applied Sciences Vulnerability Details: On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished wi...
2021 Jan 04
2
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
...Escape, Meta, or Control Sequences Vulnerable version: 2.2.26-2.3.11.3 Vulnerable component: imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-08-17 Solution date: 2020-08-27 Public disclosure: 2021-01-04 CVE reference: CVE-2020-24386 CVSS: 8.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N) Vulnerability Details: When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to acc...
2021 Jan 04
2
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
...Escape, Meta, or Control Sequences Vulnerable version: 2.2.26-2.3.11.3 Vulnerable component: imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-08-17 Solution date: 2020-08-27 Public disclosure: 2021-01-04 CVE reference: CVE-2020-24386 CVSS: 8.2 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N) Vulnerability Details: When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to acc...
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
...able component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael Stilkerich Vendor notification: 2019-12-10 Solution date: 2019-12-12 Public disclosure: 2019-12-13 CVE reference: CVE-2019-19722 CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C) ? Vulnerability Details: Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers. ? Risk: Repeated delivery attempts are made for the pro...
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
...able component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael Stilkerich Vendor notification: 2019-12-10 Solution date: 2019-12-12 Public disclosure: 2019-12-13 CVE reference: CVE-2019-19722 CVSS: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C) ? Vulnerability Details: Mail with group address as sender will cause a signal 11 crash in push notification drivers. Group address as recipient can cause crash in some drivers. ? Risk: Repeated delivery attempts are made for the pro...
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
...eference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) Vulnerability Details: When two passdb configuration entries exist in Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrec...
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
...eference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) Vulnerability Details: When two passdb configuration entries exist in Dovecot configuration, which have the same driver and args settings, the incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrec...