Vulnerabilities (CVE)

Filtered by vendor Shadowsocks Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-27574 1 Shadowsocks 1 Shadowsocksx-ng 2024-11-21 N/A 9.8 CRITICAL
ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.
CVE-2019-5164 2 Opensuse, Shadowsocks 3 Backports Sle, Leap, Shadowsocks-libev 2024-11-21 4.6 MEDIUM 7.8 HIGH
An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.
CVE-2019-5163 2 Opensuse, Shadowsocks 3 Backports, Leap, Shadowsocks-libev 2024-11-21 4.3 MEDIUM 7.5 HIGH
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.
CVE-2019-5152 1 Shadowsocks 1 Shadowsocks-libev 2024-11-21 5.8 MEDIUM 7.4 HIGH
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.
CVE-2017-15924 2 Debian, Shadowsocks 2 Debian Linux, Shadowsocks-libev 2024-11-21 7.2 HIGH 7.8 HIGH
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.