MiracleLinux 4 : openssh-5.3p1-122.AXS4 (AXSA:2017-1374:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1374:01 advisory. SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure...

MiracleLinux 3 : sudo-1.7.2p1-29.AXS3 (AXSA:2014-229:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-229:01 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

EUVD-2016-4058

Malware in sbrugna...

EUVD-2012-3434

Malware in sbrugna...

SUSE CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

SUSE CVE-2016-7543

Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables...

CVE-2021-4034

A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters coun...

CVE-2016-2985

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System GPFS 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program...

CVE-2016-2985

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System GPFS 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program...

Code injection

Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables...

Apple OS X Application Firewall Denial of Service Vulnerability

Apple OS X is the United States Apple Apple company for the Mac computer developed a set of specialized operating systems. application Firewall is one of the application firewall component. A denial of service vulnerability exists in Application Firewall in Apple OS X versions prior to 10.12, whi...

CVE-2016-4748

Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable...

Code injection

Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SOEXECPATH environment variable...

CVE-2016-4748

CVE-2016-4748 describes a localPrivilege bypass in Perl on macOS OS X before 10.12, where taint-mode protection can be bypassed via a crafted environment variable. The vulnerability affects Perl within macOS/OS X and is documented in Apple’s security content for macOS Sierra 10.12. The connected ...

ALPINE-CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

DEBIAN-CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

CVE-2014-6278

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and...

CVE-2014-6278

CVE-2014-6278 affects GNU Bash up to 4.3 bash43-026, where parsing of function definitions inside environment variable values is flawed, enabling remote arbitrary command execution across privilege boundaries. Documented vectors include ForceCommand in OpenSSH sshd, mod_cgi/mod_cgid in Apache, an...

CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...