CVE-2013-3434

Untrusted search path vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242...

Apple iOS ‘openSharedCacheFile’函数基于栈的缓冲区溢出漏洞

CVE-2013-3950 Apple iOS是美国苹果（Apple）公司为移动设备所开发的操作系统。支持的设备包括iPhone、iPod Touch、iPad、Apple TV。 Apple iOS 5.1.x版本和6.x至6.1.3版本中的dyld中的dyld.cpp中的‘openSharedCacheFile’函数中存在基于栈的缓冲区溢出漏洞。攻击者可通过DYLDSHAREDCACHEDIR环境变量中较长的字符串利用该漏洞实施越狱攻击。 0 Apple iOS 5.1.x Apple iOS 6.x Apple iOS 6.1.3...

Stack overflow

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLDSHAREDCACHEDIR environment variable...

CVE-2013-3950

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLDSHAREDCACHEDIR environment variable...

Design/Logic Flaw

Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable...

CVE-2013-0133

Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable...

CVE-2013-1052

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo...

Design/Logic Flaw

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo...

CVE-2013-1052

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo...

USN-1766-1: pam-xdg-support vulnerability

Zbigniew Tenerowicz and Sebastian Krzyszkowiak discovered that pam-xdg-support incorrectly handled the PATH environment variable. A local attacker could use this issue in combination with sudo to possibly escalate privileges...

CVE-2013-1052

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo...

Scientific Linux Security Update : Core X11 clients on SL6.x i386/x86_64 (20130221)

It was found that the x11perfcomp utility included the current working directory in its PATH environment variable. Running x11perfcomp in an attacker- controlled directory would cause arbitrary code execution with the privileges of the user running x11perfcomp. CVE-2011-2504 Also with this update...

CVE-2012-5659

Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool ABRT 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python modu...

Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)

USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel ARM architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel ARM architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache...

openssl security update

1.0.0-27.2 - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 - DoS in OCSP signatures checking 908052 - enable compression only if explicitly asked for or OPENSSLDEFAULTZLIB environment variable is set fixes CVE-2012-4929 857051 - use securegetenv everywhere inste...

AIX 5.3 TL 0 : nddstat (IZ17058)

The nddstat family of commands contains an environment variable handling error. A local attacker may exploit this error to execute arbitrary code with root privileges because the commands are setuid root. The following files are vulnerable : /usr/sbin/atmstat /usr/sbin/entstat /usr/sbin/fddistat...

SuSE 11.2 Security Update : libproxy (SAT Patch Number 7092)

This update for libproxy fixes a heap-based buffer overflow that could have allowed remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request. CVE-2012-4505 Additionally, it fixes parsing of the $noproxy environment...

AIX 5.2 TL 0 : lsmcode (IZ15276)

The lsmcode command contains an environment variable handling error. A local attacker may exploit this error to execute arbitrary code with root privileges because the command is setuid root. The following files are vulnerable : /usr/sbin/lsmcode. %NASLMINLEVEL 70300 C Tenable Network Security,...

AIX 5.3 TL 0 : lsmcode (IZ15100)

The lsmcode command contains an environment variable handling error. A local attacker may exploit this error to execute arbitrary code with root privileges because the command is setuid root. The following files are vulnerable : /usr/sbin/lsmcode. %NASLMINLEVEL 70300 C Tenable Network Security,...

AIX 6.1 TL 0 : iostat (IZ22349)

The iostat command contains an environment variable handling error. A local attacker may exploit this error to execute arbitrary code with root privileges because the command is setuid root. The following files are vulnerable : /usr/bin/iostat. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...