CVE-2017-7476

Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the saveabbr function in timerz.c...

CVE-2017-7476

Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the saveabbr function in timerz.c...

CVE-2017-7476

Gnulib before 2017-04-26 contains a heap-based buffer overflow in the save_abbr function in time_rz.c triggered by the TZ environment variable. This vulnerability can lead to arbitrary code execution or crash conditions, as described in multiple sources (e.g., CNVD-2017-06995; NVD CVE-2017-7476)....

EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in the diskseqfstop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privilege...

Man-in-the-Middle (MitM)

github.com/kubernetes/kubernetes is vulnerable to man-in-the-middle. The library uses the environment variable over DNS variable rather than the real kubernetes API URL. This allows a malicious user to conduct a MitM attacks by passing their own DNS variable to listen in...

Code injection

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...

CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...

Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation

Oracle VM VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1091 This bug report describes two separate issues that, when combined, allow any user on a Linux host system on which VirtualB...

Proxifier for Mac 2.18 - Multiple Vulnerabilities

Exploit for macOS platform in category local exploits Source: https://www.securify.nl/advisory/SFY20170401/multiplelocalprivilegeescalationvulnerabilitiesinproxifierformac.html Abstract Multiple local privileges escalation vulnerabilities were found in the KLoader binary that ships with Proxifier...

CVE-2017-6455

NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPIDLLS environment variable...

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

CVE-2016-10151

CVE-2016-10151 is tied to the Hesiod 3.2.1 package. The vulnerability arises in the hesiod_init function in lib/hesiod.c, which compares the effective user ID (EUID) with the real UID to decide whether to load configurations from environment variables. This logic can enable local users to elevate...

[SECURITY] Fedora 25 Update: sshrc-0.6.1-1.fc25

You can use this to set environment variables, define functions, and run post-login commands. This is quite useful when you have several servers that you don't want to configure independently...

ntfs-3g - Unsanitized modprobe Environment Privilege Escalation

ntfs-3g - Unsanitized modprobe Environment Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 ntfs-3g is installed by default e.g. on Ubuntu and comes with a setuid root program /bin/ntfs-3g. When this program is invoked on a system whose kernel does not...

BSA-2017-115

Security Advisory ID : BSA-2017-115 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow...

Design/Logic Flaw

The "http-client" egg always used a HTTPPROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests throu...

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

ghostscript: getenv and filenameforall ignore -dSAFER

It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, fro...

openSUSE Security Update : python-Twisted (openSUSE-2016-1482)

This update for python-Twisted fixes the following issues : - No longer automatically export the httpproxy environment variable to avoid the proxy being trusted by unaware applications, if a Proxy request header is supplied boo989997, CVE-2016-1000111 %NASLMINLEVEL 70300 C Tenable Network Securit...