CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 2CVE-2021-43395
https://notcve.org/view.php?id=CVE-2021-43395
26 Dec 2022 — An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected. Se descubrió un problema en illumos antes de f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04 y SmartOS 20210923. Un usuario... • http://www.tribblix.org/relnotes.html • CWE-667: Improper Locking •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27678
https://notcve.org/view.php?id=CVE-2020-27678
23 Oct 2020 — An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c. Se detectó un problema en illumos antes del 22-10-2020, como es usado en OmniOS versiones anteriores a r151030by, r151032ay y r151034y y SmartOS versiones anteriores a 20201022. Se presenta un desbordamiento de búfer en la función parse_user_name en la biblioteca lib/libpam/pam_framework.c • https://github.com/illumos/illumos-gate/commit/1d276e0b382cf066dae93640746d8b4c54d15452 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 3CVE-2020-7712 – Command Injection
https://notcve.org/view.php?id=CVE-2020-7712
30 Aug 2020 — This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. Esto afecta al paquete json versiones anteriores a 10.0.0. Es posible inyectar comandos arbitrarios usando la función parseLookup • https://github.com/trentm/json/issues/144 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9040
https://notcve.org/view.php?id=CVE-2016-9040
07 Sep 2018 — An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service. Existe una denegación de servicio (DoS) explotable en el sistema de archivos Hyprlofs de Joyent SmartOS OS 201... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0258 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-3737 – nodejs-sshpk: ReDoS when parsing crafted invalid public keys in lib/formats/ssh.js
https://notcve.org/view.php?id=CVE-2018-3737
07 Jun 2018 — sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. sshpk es vulnerable a una denegación de servicio con expresiones regulares (ReDoS) cuando se parsean claves públicas manipuladas no válidas. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability. • https://github.com/ossf-cve-benchmark/CVE-2018-3737 • CWE-185: Incorrect Regular Expression CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16005
https://notcve.org/view.php?id=CVE-2017-16005
04 Jun 2018 — Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature. Http-signature es una "implementación de referencia del esquema de firmas HTTP de Joyent". • https://github.com/joyent/node-http-signature/issues/10 • CWE-20: Improper Input Validation CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1171 – Joyent SmartOS DTrace DOF Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1171
07 Mar 2018 — This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnera... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1165 – Joyent SmartOS SMB_IOC_SVCENUM Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1165
12 Feb 2018 — This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage t... • https://help.joyent.com/hc/en-us/articles/360000124928 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1166 – Joyent SmartOS SMBIOC_TREE_RELE Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-1166
12 Feb 2018 — This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execut... • https://help.joyent.com/hc/en-us/articles/360000124928 • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 9.0EPSS: 14%CPEs: 1EXPL: 0CVE-2017-10940 – Joyent Smart Data Center Docker API Zone Escape Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2017-10940
07 Jul 2017 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbi... • http://www.securityfocus.com/bid/99510 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •