Lucene search
K

4775 matches found

VulnCheck KEV
VulnCheck KEV
added 2017/06/20 12:0 a.m.2 views

VulnCheck KEV: CVE-2002-1689

Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow...

10CVSS6.2AI score0.02099EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.171 views

Ubuntu 14.04 LTS / 16.04 LTS : GNU C Library vulnerability (USN-3323-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3323-1 advisory. It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker...

7.8CVSS7.1AI score0.02733EPSS
Exploits14References2
RedHat Linux
RedHat Linux
added 2017/06/19 8:12 p.m.5 views

glibc: heap/stack gap jumping via unbounded stack allocations

A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...

7.8CVSS7AI score0.02733EPSS
Exploits14References6
OSV
OSV
added 2017/06/19 3:33 p.m.3 views

USN-3323-1 eglibc, glibc vulnerability

It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges...

7.8CVSS7.1AI score0.02733EPSS
Exploits14References2
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.37 views

EulerOS 2.0 SP1 : bash (EulerOS-SA-2017-1031)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variablesCVE-2016-7543...

8.4CVSS6.7AI score0.00576EPSS
Exploits0References2
seebug.org
seebug.org
added 2017/04/19 12:0 a.m.43 views

VirtualBox: unprivileged host user -> host kernel privesc via environment and ioctl (CVE-2017-3561)

This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualBox is installed to gain code execution in the kernel. Since I'm not sure which one of these issues crosses something you consider to be a privilege boundary, I'm reporting the...

4.6CVSS8.9AI score0.01543EPSS
Exploits2
Prion
Prion
added 2017/04/17 3:59 p.m.16 views

Session fixation

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

4.3CVSS6.8AI score0.02023EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2017/04/17 3:59 p.m.17 views

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

6.5CVSS6.3AI score0.02023EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/04/17 3:0 p.m.23 views

CVE-2016-4869

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed...

6.3AI score0.02023EPSS
Exploits0References4
CVE
CVE
added 2017/04/17 3:0 p.m.47 views

CVE-2016-4869

CVE-2016-4869 (Cybozu Office) : Cybozu Office versions 9.0.0–10.4.0 contain an information disclosure vulnerability where a page displaying CGI environment variables can leak session information. An unauthenticated remote attacker may obtain a user’s session data via that page. The issue’s impact...

6.5CVSS6.2AI score0.02023EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2017/04/14 12:0 a.m.50 views

PonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation

!/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for local root exploitation through manipulated...

0.5AI score
Exploits0
NVD
NVD
added 2017/04/13 2:59 p.m.12 views

CVE-2016-10122

Firejail does not properly clean environment variables, which allows local users to gain privileges...

7.8CVSS7.7AI score0.00394EPSS
Exploits0References2
OSV
OSV
added 2017/04/13 2:59 p.m.1 views

DEBIAN-CVE-2016-10122

Firejail does not properly clean environment variables, which allows local users to gain privileges...

7.8CVSS6.9AI score0.00394EPSS
Exploits0References1
Prion
Prion
added 2017/04/13 2:59 p.m.12 views

Code injection

Firejail does not properly clean environment variables, which allows local users to gain privileges...

7.2CVSS7AI score0.00394EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/04/13 2:59 p.m.20 views

CVE-2016-10122

Firejail does not properly clean environment variables, which allows local users to gain privileges...

7.8CVSS7.1AI score0.00394EPSS
Exploits0References4
OSV
OSV
added 2017/04/13 2:59 p.m.2 views

UBUNTU-CVE-2016-10122

Firejail does not properly clean environment variables, which allows local users to gain privileges...

7.8CVSS5.8AI score0.00394EPSS
Exploits0References5
Cvelist
Cvelist
added 2017/04/13 2:0 p.m.21 views

CVE-2016-10122

Firejail does not properly clean environment variables, which allows local users to gain privileges...

7.7AI score0.00394EPSS
Exploits0References2
CVE
CVE
added 2017/04/13 2:0 p.m.42 views

CVE-2016-10122

Summary of CVE-2016-10122 : The vulnerability affects the Firejail project, where the software does not properly clean environment variables. The underlying root cause is the incomplete sanitization of environment variables, enabling local users to gain privileges. The issue is described consiste...

7.8CVSS7.6AI score0.00394EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2017/04/13 2:0 p.m.17 views

CVE-2016-10122

Firejail does not properly clean environment variables, which allows local users to gain privileges...

7.8CVSS7.7AI score0.00394EPSS
Exploits0
0day.today
0day.today
added 2017/04/13 12:0 a.m.22 views

PonyOS 4.0 - fluttershy LD_LIBRARY_PATH Local Kernel Exploit

Exploit for linux platform in category local exploits !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for...

6.8AI score
Exploits0
Rows per page
Query Builder