Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2016-1050)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries

A tiny framework for easily manipulate the tty and create fake binaries. How it works? The framework has three main functions, tasexecv, tasforkpty, and tasttyloop. tasexecv: It is a function similar to execv, but it doesn't re-execute the current binary, something very useful for creating fake...

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

CVE-2019-18670

In the Quick Access Service QAAdminAgent.exe in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability...

Design/Logic Flaw

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

CVE-2019-19520

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGLDRIVERSPATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...

CVE-2019-19520

OpenBSD 6.6 is affected by CVE-2019-19520 (xlock) where local attackers can escalate to the auth group by manipulating LIBGL_DRIVERS_PATH. Root cause: xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. Impact, per sources, is local privilege escalation; OpenBSD patches exist via syspatch/Op...

GNU C Library ASLR Bypass Vulnerability

The GNU C Library glibc is an open-source, free, easy-to-download C compiler released under the LGPL license. An ASLR bypass vulnerability exists in GNU C Library glibc versions prior to 2.31 on the x86-64 architecture. The vulnerability stems from GNU C Library failing to ignore the...

DEBIAN-CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

CVE-2011-2922

ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTKMODULES" environment variable to possibly execute arbitrary code...

Micro Focus (HPE) Data Protector SUID Privilege Escalation Exploit

This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus HPE Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attack...

CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

Design/Logic Flaw

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

EulerOS Virtualization for ARM 64 3.0.2.0 : bash (EulerOS-SA-2019-1942)

According to the version of the bash package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A heap-based buffer overflow was discovered in bash when wide characters, not supported by the current locale set in LCCTYPE...

EulerOS 2.0 SP5 : bash (EulerOS-SA-2019-1911)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap-based buffer overflow was discovered in bash when wide characters, not supported by the current locale set in LCCTYPE environment variable, are...

CVE-2019-4447

CVE-2019-4447 affects IBM DB2 High Performance Unload on LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2. The db2hpum_debug binary is setuid root and trusts PATH; a low-privilege user can hijack PATH to execute arbitrary commands as root, with a crash potentially tri...

EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-1808)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local...