CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2017/06/19 7:21 p.m.•6 views

SUSE-SU-2017:1621-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. bsc1039357...

7.8CVSS8AI score0.08874EPSS

Exploits14References3

Exploit DB•added 2017/04/12 12:0 a.m.•65 views

Solaris 7 < 11 (SPARC/x86) - 'EXTREMEPARR' dtappgather Privilege Escalation

!/bin/ksh Exploit PoC reverse engineered from EXTREMEPARR which provides local root on Solaris 7 - 11 x86 & SPARC. Uses a environment variable of setuid binary dtappgather to manipulate file permissions and create a user owned directory anywhere on the system as root. Can then add a shared object...

7.4AI score

OSV•added 2017/03/01 8:59 p.m.•1 views

DEBIAN-CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

7CVSS7.1AI score0.00116EPSS

OSV•added 2016/11/25 3:59 a.m.•1 views

CVE-2016-2984

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System GPFS 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program...

7CVSS5.8AI score0.00039EPSS

OSV•added 2016/10/28 12:0 a.m.•33 views

DLA-680-2 bash - version number correction

Bulletin has no description...

6.5AI score

Debian•added 2016/10/26 7:27 p.m.•24 views

[SECURITY] [DLA 680-1] bash security update

Package : bash Version : 4.2+dfsg-0.1+deb7u3 CVE ID : CVE-2016-7543 An old attack vector has been corrected in bash, a sh-compatible command language interpreter. CVE-2016-7543 Specially crafted SHELLOPTS+PS4 environment variables in combination with insecure setuid binaries can result in root...

8.4CVSS7.3AI score0.00098EPSS

CNVD•added 2016/08/10 12:0 a.m.•1 views

Fontconfig Arbitrary Code Execution Vulnerability

fontconfig is a library of functions that provide system-wide font settings, customization and allow applications to access them. An arbitrary code execution vulnerability exists in fontconfig, which can be exploited to trigger an arbitrary free call, which can lead to a double free attack to...

7.8CVSS8.3AI score0.00264EPSS

exploitpack•added 2015/12/30 12:0 a.m.•28 views

DeleGate 9.9.13 - Local Privilege Escalation

DeleGate 9.9.13 - Local Privilege Escalation Title: Local root vulnerability in DeleGate v9.9.13 Author: Larry W. Cashdollar, @larry0 Date: 2015-12-17 Advisory: http://www.vapidlabs.com/advisory.php?v=159 Download Sites: http://delegate.hpcc.jp/delegate/ http://delegate.org/delegate/ Vendor:...

0.6AI score

OSV•added 2015/05/09 12:40 a.m.•2 views

USN-2599-2 linux-lts-utopic vulnerability

USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...

5.8AI score

Ubuntu•added 2015/05/08 11:56 p.m.•32 views

USN-2597-2: Linux kernel (Trusty HWE) regression

USN-2597-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. We apologize for the inconvenience. Original advisory...

5.4AI score

OSV•added 2015/05/05 10:20 p.m.•0 views

USN-2599-1 linux-lts-utopic vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00032EPSS

OSV•added 2015/05/05 10:17 p.m.•0 views

USN-2598-1 linux vulnerability

A race condition between chown and execve was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges...

6.2CVSS6.8AI score0.00032EPSS

seebug.org•added 2014/07/01 12:0 a.m.•15 views

S.u.S.E. Linux 6.3/6.4 Gnomelib Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1155/info A vulnerability exists in the handling of the DISPLAY variable, in versions of Gnomelib shipped with S.u.S.E. Linux, version 6.3. By supplying a long buffer containing machine executable code in the DISPLAY...

7.1AI score

securityvulns•added 2012/10/04 12:0 a.m.•59 views

[USN-1576-1] DBus vulnerability

========================================================================== Ubuntu Security Notice USN-1576-1 September 20, 2012 dbus vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6.9CVSS5.4AI score0.36149EPSS

Exploits4

Tenable Nessus•added 2012/09/21 12:0 a.m.•51 views

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : dbus vulnerability (USN-1576-1)

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges. Note that Tenable Network Security has extracted the preceding description block...

6.9CVSS6.9AI score0.36149EPSS

Exploits4References2

securityvulns•added 2011/03/15 12:0 a.m.•30 views

Medium severity flaw in QNX Neutrino RTOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Nth Dimension Security Advisory NDSA20110310 Date: 10th March 2011 Author: Tim Brown mailto:[email protected] URL: http://www.nth-dimension.org.uk/ / http://www.machine.org.uk/ Product: QNX Neutrino RTOS 6.5.0...

0.2AI score