CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9039
https://notcve.org/view.php?id=CVE-2016-9039
31 Jan 2017 — An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service. Existe una denegación de servicio explotable en el sistema de archivos Hyprlofs de Joyent SmartOS 20161110T013148Z. • http://www.securityfocus.com/bid/95916 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9031
https://notcve.org/view.php?id=CVE-2016-9031
14 Dec 2016 — An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733. Existe un desbordamiento de entero explotable en el sistema de archivo Joyent SmartOS 201611... • http://www.securityfocus.com/bid/94921 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-8733
https://notcve.org/view.php?id=CVE-2016-8733
14 Dec 2016 — An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031. Existe un desbordamiento de entero explotable en el sistema de archivo Joyent SmartOS 201611... • http://www.securityfocus.com/bid/94920 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9032
https://notcve.org/view.php?id=CVE-2016-9032
14 Dec 2016 — An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9034. Existe un desbordamiento de búfer explotable en el sis... • http://www.securityfocus.com/bid/94923 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9035
https://notcve.org/view.php?id=CVE-2016-9035
14 Dec 2016 — An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9033. Existe un desbordamiento de búfer explotable en el s... • http://www.securityfocus.com/bid/94926 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9034
https://notcve.org/view.php?id=CVE-2016-9034
14 Dec 2016 — An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032. Existe un desbordamiento de búfer explotable en el sis... • http://www.securityfocus.com/bid/94930 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9033
https://notcve.org/view.php?id=CVE-2016-9033
14 Dec 2016 — An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9035. Existe un desbordamiento de búfer explotable en el s... • http://www.securityfocus.com/bid/94928 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 43%CPEs: 1EXPL: 2CVE-2014-7192 – Node Browserify 4.2.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7192
11 Dec 2014 — Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file. Vulnerabilidad de inyección Eval en index.js en el paquete de errores de sintaxis anterior a 1.1.1 para Node.js 0.10.x, utilizado en IBM Rational Application Developer y otros productos, permite a atacantes remotos ejecutar código arbitrario a través de un fichero manipulad... • https://www.exploit-db.com/exploits/34090 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 1CVE-2014-6394 – Apple Security Advisory 2015-09-16-2
https://notcve.org/view.php?id=CVE-2014-6394
08 Oct 2014 — visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. visionmedia send anterior a 0.8.4 para Node.js utiliza una comparación parcial para verificar si un directorio está dentro del root del documento, lo que permite a atacantes remotos acceder a directorios restringidos, tal y como fue demostrado med... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.9EPSS: 88%CPEs: 20EXPL: 4CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •