CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27678
https://notcve.org/view.php?id=CVE-2020-27678
23 Oct 2020 — An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c. Se detectó un problema en illumos antes del 22-10-2020, como es usado en OmniOS versiones anteriores a r151030by, r151032ay y r151034y y SmartOS versiones anteriores a 20201022. Se presenta un desbordamiento de búfer en la función parse_user_name en la biblioteca lib/libpam/pam_framework.c • https://github.com/illumos/illumos-gate/commit/1d276e0b382cf066dae93640746d8b4c54d15452 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-8733
https://notcve.org/view.php?id=CVE-2016-8733
14 Dec 2016 — An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031. Existe un desbordamiento de entero explotable en el sistema de archivo Joyent SmartOS 201611... • http://www.securityfocus.com/bid/94920 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9034
https://notcve.org/view.php?id=CVE-2016-9034
14 Dec 2016 — An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032. Existe un desbordamiento de búfer explotable en el sis... • http://www.securityfocus.com/bid/94930 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.9EPSS: 88%CPEs: 20EXPL: 4CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •