Design/Logic Flaw

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an...

CVE-2016-1000108

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound...

CVE-2019-19520

xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGLDRIVERSPATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen...

CVE-2019-19520

OpenBSD 6.6 is affected by CVE-2019-19520 (xlock) where local attackers can escalate to the auth group by manipulating LIBGL_DRIVERS_PATH. Root cause: xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. Impact, per sources, is local privilege escalation; OpenBSD patches exist via syspatch/Op...

GNU C Library ASLR Bypass Vulnerability

The GNU C Library glibc is an open-source, free, easy-to-download C compiler released under the LGPL license. An ASLR bypass vulnerability exists in GNU C Library glibc versions prior to 2.31 on the x86-64 architecture. The vulnerability stems from GNU C Library failing to ignore the...

DEBIAN-CVE-2019-19126

On the x86-64 architecture, the GNU C Library aka glibc before 2.31 fails to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for...

CVE-2011-2922

ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTKMODULES" environment variable to possibly execute arbitrary code...

Micro Focus (HPE) Data Protector SUID Privilege Escalation Exploit

This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus HPE Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attack...

CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

Design/Logic Flaw

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

EulerOS Virtualization for ARM 64 3.0.2.0 : bash (EulerOS-SA-2019-1942)

According to the version of the bash package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A heap-based buffer overflow was discovered in bash when wide characters, not supported by the current locale set in LCCTYPE...

EulerOS 2.0 SP5 : bash (EulerOS-SA-2019-1911)

According to the version of the bash package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A heap-based buffer overflow was discovered in bash when wide characters, not supported by the current locale set in LCCTYPE environment variable, are...

CVE-2019-4447

CVE-2019-4447 affects IBM DB2 High Performance Unload on LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2. The db2hpum_debug binary is setuid root and trusts PATH; a low-privilege user can hijack PATH to execute arbitrary commands as root, with a crash potentially tri...

EulerOS 2.0 SP5 : systemd (EulerOS-SA-2019-1808)

According to the versions of the systemd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It has been discovered that systemd-tmpfiles mishandles symbolic links present in non-terminal path components. In some configurations a local...

CVE-2019-14257

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765...

Privilege escalation

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765...

Debian DLA-1883-1 : tomcat8 security update (httpoxy)

Several minor issues have been fixed in tomcat8, a Java Servlet and JSP engine. CVE-2016-5388 Apache Tomcat, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variabl...

CVE-2017-18415

cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering SEC-302...