4775 matches found
VulnCheck KEV: CVE-2002-1689
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow...
Ubuntu 14.04 LTS / 16.04 LTS : GNU C Library vulnerability (USN-3323-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3323-1 advisory. It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker...
glibc: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
USN-3323-1 eglibc, glibc vulnerability
It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges...
EulerOS 2.0 SP1 : bash (EulerOS-SA-2017-1031)
According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variablesCVE-2016-7543...
VirtualBox: unprivileged host user -> host kernel privesc via environment and ioctl (CVE-2017-3561)
This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualBox is installed to gain code execution in the kernel. Since I'm not sure which one of these issues crosses something you consider to be a privilege boundary, I'm reporting the...
Session fixation
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...
CVE-2016-4869
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...
CVE-2016-4869
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...
CVE-2016-4869
CVE-2016-4869 (Cybozu Office) : Cybozu Office versions 9.0.0–10.4.0 contain an information disclosure vulnerability where a page displaying CGI environment variables can leak session information. An unauthenticated remote attacker may obtain a user’s session data via that page. The issue’s impact...
PonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation
!/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for local root exploitation through manipulated...
CVE-2016-10122
Firejail does not properly clean environment variables, which allows local users to gain privileges...
DEBIAN-CVE-2016-10122
Firejail does not properly clean environment variables, which allows local users to gain privileges...
Code injection
Firejail does not properly clean environment variables, which allows local users to gain privileges...
CVE-2016-10122
Firejail does not properly clean environment variables, which allows local users to gain privileges...
UBUNTU-CVE-2016-10122
Firejail does not properly clean environment variables, which allows local users to gain privileges...
CVE-2016-10122
Firejail does not properly clean environment variables, which allows local users to gain privileges...
CVE-2016-10122
Summary of CVE-2016-10122 : The vulnerability affects the Firejail project, where the software does not properly clean environment variables. The underlying root cause is the incomplete sanitization of environment variables, enabling local users to gain privileges. The issue is described consiste...
CVE-2016-10122
Firejail does not properly clean environment variables, which allows local users to gain privileges...
PonyOS 4.0 - fluttershy LD_LIBRARY_PATH Local Kernel Exploit
Exploit for linux platform in category local exploits !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for...