Lucene search
K

289 matches found

Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.26 views

EulerOS Virtualization 2.5.3 : glibc (EulerOS-SA-2019-1257)

According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a...

9.3CVSS7.7AI score0.02698EPSS
Exploits0References2
Veracode
Veracode
added 2019/01/15 9:25 a.m.35 views

Privilege Escalation

glibc is vulnerable to privilege escalation attacks. The vulnerability exists as elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a...

7.8CVSS8.4AI score0.02698EPSS
Exploits0References29Affected Software1
Amazon
Amazon
added 2018/12/06 12:0 a.m.131 views

Medium: glibc

Issue Overview: A buffer overflow has been discovered in the GNU C Library aka glibc or libc6 in the mempcpyavx512novzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.CVE-2018-11237 elf/dl-load....

9.8CVSS8.8AI score0.074EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2018/11/16 12:0 a.m.234 views

CentOS 7 : glibc (CESA-2018:3092)

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS8AI score0.074EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.173 views

RHEL 7 : glibc (RHSA-2018:3092)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3092 advisory. - glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries CVE-2017-16997 - glibc:...

9.8CVSS7.9AI score0.074EPSS
Exploits3References33
Tenable Nessus
Tenable Nessus
added 2018/10/22 12:0 a.m.27 views

SUSE SLES12 Security Update : samba (SUSE-SU-2018:2320-2)

This update for samba fixes the following issues : The following security vulnerability was fixed : CVE-2018-10858: smbcurlencode helper function is a subject to buffer overflow bsc1103411 The following other bugs were fixed: Fix libnsswins.so.2 link libreplace with rpath bsc1054849 Note that...

8.8CVSS6.5AI score0.04302EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/08/15 12:0 a.m.31 views

SUSE SLES12 Security Update : samba (SUSE-SU-2018:2320-1)

This update for samba fixes the following issues: The following security vulnerability was fixed : - CVE-2018-10858: smbcurlencode helper function is a subject to buffer overflow bsc1103411 The following other bugs were fixed : - Fix libnsswins.so.2 link libreplace with rpath bsc1054849 Note that...

8.8CVSS6.9AI score0.04302EPSS
Exploits0References5
OSV
OSV
added 2018/01/25 12:47 p.m.8 views

MGASA-2018-0096 Updated glibc packages fix security vulnerabilities

Updated glibc packages fix security vulnerabilities: An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries CVE-2017-16997. A privilege escalation bug in the realpath function when the getcwd system call doesn't...

9.3CVSS9AI score0.13614EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2018/01/18 12:0 a.m.184 views

Ubuntu 14.04 LTS / 16.04 LTS : GNU C Library vulnerabilities (USN-3534-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3534-1 advisory. It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local...

9.8CVSS8.3AI score0.13614EPSS
Exploits16References8
OpenVAS
OpenVAS
added 2018/01/18 12:0 a.m.72 views

Ubuntu: Security Advisory (USN-3534-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.13614EPSS
Exploits16References2
OSV
OSV
added 2018/01/17 12:57 p.m.4 views

USN-3534-1 eglibc, glibc vulnerabilities

It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd2 syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. CVE-2018-1000001 A memory leak was...

9.8CVSS7.9AI score0.13614EPSS
Exploits16References8
RedhatCVE
RedhatCVE
added 2017/12/18 5:20 a.m.34 views

CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

9.3CVSS5.1AI score0.02698EPSS
Exploits0References1
OSV
OSV
added 2017/12/18 1:29 a.m.22 views

CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

7.8CVSS6.5AI score
Exploits0References6
Prion
Prion
added 2017/12/18 1:29 a.m.32 views

Design/Logic Flaw

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

9.3CVSS7.8AI score0.02698EPSS
Exploits0References6Affected Software4
NVD
NVD
added 2017/12/18 1:29 a.m.18 views

CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

9.3CVSS7.5AI score0.02698EPSS
Exploits0References6
OSV
OSV
added 2017/12/18 1:29 a.m.2 views

DEBIAN-CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

7.8CVSS8.6AI score0.02698EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/12/18 1:0 a.m.43 views

CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

9.3CVSS8.2AI score0.02698EPSS
Exploits0
CVE
CVE
added 2017/12/18 1:0 a.m.213 views

CVE-2017-16997

Summary: CVE-2017-16997 affects the GNU C Library (glibc) versions 2.19–2.26, where elf/dl-load.c mishandles RPATH/RUNPATH containing $ORIGIN for privileged (setuid/AT_SECURE) programs, allowing local privilege escalation via a Trojan horse library in the current working directory. The root cause...

9.3CVSS7.4AI score0.02698EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2017/12/18 12:0 a.m.2 views

GNU C Library Elevation of Privilege Vulnerability

The GNU C Library is an open-source, free, easy-to-download C compiler released under the LGPL license. An elevation of privilege vulnerability exists in GNU C Library. The vulnerability arises because elf/dl-load.c in the GNU C Library fails to properly handle RPATH and RUNPATH containing $ORIGI...

9.3CVSS7.6AI score0.02698EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/12/17 12:0 a.m.39 views

CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

9.3CVSS7.1AI score0.02698EPSS
Exploits0References5
Rows per page
Query Builder