CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16005
https://notcve.org/view.php?id=CVE-2017-16005
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature. Http-signature es una "implementación de referencia del esquema de firmas HTTP de Joyent". • https://github.com/joyent/node-http-signature/issues/10 https://nodesecurity.io/advisories/318 • CWE-20: Improper Input Validation CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1171 – Joyent SmartOS DTrace DOF Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1171
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104799 http://www.securitytracker.com/id/1041303 https://help.joyent.com/hc/en-us/articles/360000608188 https://zerodayinitiative.com/advisories/ZDI-18-236 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1165 – Joyent SmartOS SMB_IOC_SVCENUM Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1165
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. • https://help.joyent.com/hc/en-us/articles/360000124928 https://www.oracle.com/security-alerts/cpuapr2020.html https://zerodayinitiative.com/advisories/ZDI-18-158 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1166 – Joyent SmartOS SMBIOC_TREE_RELE Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1166
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the host OS. • https://help.joyent.com/hc/en-us/articles/360000124928 https://zerodayinitiative.com/advisories/ZDI-18-159 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2017-10940 – Joyent Smart Data Center Docker API Zone Escape Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-10940
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. • http://www.securityfocus.com/bid/99510 https://help.joyent.com/hc/en-us/articles/115009649927-Security-Advisory-ZDI-CAN-3853-Docker-File-Overwrite-Vulnerability https://zerodayinitiative.com/advisories/ZDI-17-453 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •