Lucene search
K

4775 matches found

Vulnrichment
Vulnrichment
added 2018/04/13 3:0 p.m.2 views

CVE-2017-0358 ntfs-3g: Modprobe influence vulnerability via environment variables

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation...

6.4AI score0.02277EPSS
Exploits9References7
OSV
OSV
added 2018/03/22 12:29 p.m.3 views

CVE-2018-1427

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072...

5.5CVSS5.8AI score0.00452EPSS
Exploits0References4
NVD
NVD
added 2018/03/22 12:29 p.m.14 views

CVE-2018-1427

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072...

6.2CVSS5.9AI score0.00452EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/03/22 12:0 p.m.17 views

CVE-2018-1427

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072...

6.2CVSS5.6AI score0.00452EPSS
Exploits0References4
OSV
OSV
added 2018/03/08 2:27 p.m.3 views

USN-3593-1 zsh vulnerabilities

It was discovered that Zsh incorrectly handled certain enviroment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. CVE-2014-10070 It was discovered that Zsh incorrectly handled certain inputs. An attacker coul...

9.8CVSS7AI score0.03223EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2018/03/02 6:49 a.m.29 views

CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

7.8CVSS3.6AI score0.00504EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2018/03/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2014-6277

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access, and untrusted-pointer read and write operations via a crafted...

10CVSS7.1AI score0.64326EPSS
Exploits16References1
NVD
NVD
added 2018/02/27 10:29 p.m.13 views

CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

7.8CVSS6.3AI score0.00504EPSS
Exploits0References3
OSV
OSV
added 2018/02/27 10:29 p.m.6 views

CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

7.8CVSS9.3AI score
Exploits0References4
OSV
OSV
added 2018/02/27 10:29 p.m.1 views

DEBIAN-CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

7.8CVSS6.7AI score0.00504EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/02/27 12:0 a.m.26 views

CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

7.8CVSS7.1AI score0.00504EPSS
Exploits0References4
OSV
OSV
added 2018/02/27 12:0 a.m.3 views

UBUNTU-CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

7.8CVSS7.1AI score0.00504EPSS
Exploits0References5
Kitploit
Kitploit
added 2018/02/07 1:0 p.m.26 views

Grouper - A PowerShell script for helping to find vulnerable settings in AD Group Policy

Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft's Group Policy module and identifies all the settings defined in...

6.6AI score
Exploits0References1
NVD
NVD
added 2018/02/06 6:29 p.m.11 views

CVE-2016-3952

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

7.8CVSS7.8AI score0.01079EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2018/02/06 12:0 a.m.19 views

CVE-2016-3952

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

7.8CVSS7.1AI score0.01079EPSS
Exploits1References4
OSV
OSV
added 2018/02/06 12:0 a.m.8 views

UBUNTU-CVE-2016-3952

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

7.8CVSS6.8AI score0.0499EPSS
Exploits2References5
Prion
Prion
added 2018/02/05 3:29 a.m.18 views

Design/Logic Flaw

An issue was discovered in Cloudera Data Science Workbench CDSW 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain...

6.5CVSS8.9AI score0.00936EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/02/05 3:29 a.m.3 views

CVE-2017-15536

An issue was discovered in Cloudera Data Science Workbench CDSW 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDSW nodes, gain...

8.8CVSS5.8AI score0.00936EPSS
Exploits0References1
CVE
CVE
added 2018/02/05 3:0 a.m.51 views

CVE-2017-15536

CVE-2017-15536 affects Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. The CDSW web application contains multiple vulnerabilities that allow malicious authenticated users to escalate privileges within CDSW. By chaining these weaknesses, an attacker can achieve root access to CDSW nodes, ...

8.8CVSS8.8AI score0.00936EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/02/05 12:0 a.m.3 views

Cloudera Data Science Workbench Elevation of Privilege Vulnerability

Cloudera Data Science Workbench CDSW is a suite of data science platforms from US-based Cloudera. The platform provides fast, easy and secure self-service data science support for organizations. A security vulnerability exists in CDSW 1.2.0 prior to version 1.x. The vulnerability can be exploited...

8.8CVSS6.7AI score0.00936EPSS
Exploits0References1
Rows per page
Query Builder