PT-2017-3532

Name of the Vulnerable Software and Affected Versions: glibc version 2.1.1 Description: The issue is related to a memory leak in glibc that can be triggered and amplified through the LD HWCAP MASK environment variable. It is associated with errors in resource management in the dynamic loader ld.s...

global -- gozilla vulnerability

MITRE reports: gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

UBUNTU-CVE-2017-17512

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument...

CVE-2017-15566

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution...

CVE-2017-15566

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution...

CVE-2017-15566

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution...

CVE-2017-15566

Removed by vendor...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

Stack overflow

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

CVE-2017-12814

CVE-2017-12814 affects Windows builds of Perl prior to 5.24.3-RC1 and 5.26.x prior to 5.26.1-RC1, due to a stack-based overflow in CPerlHost::Add (win32/perlhost.h). An overly large ENV key can overflow a fixed stack buffer, enabling arbitrary code execution. Public details confirm affected versi...

CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2017:1916 An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2016-4456

The "GNUTLSKEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem...

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

CVE-2017-12479

CVE-2017-12479 – Unitrends Backup : Affects UB prior to 10.0.0. The issue is in session handling, where an attacker with existing low-privilege credentials can leverage the LOGDIR environment variable during a web session to elevate to root and execute arbitrary commands with root privileges. Thi...

glibc: LD_POINTER_GUARD in the environment is not sanitized

It was found that the dynamic loader did not sanitize the LDPOINTERGUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application...

Moderate: Red Hat Security Advisory: glibc security, bug fix, and enhancement update

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...