CVE-2001-0170

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

Publication date: Mon, 26 Mar 2001 11:00:00 +0000


Cyber News related to CVE-2001-0170

CVE-2021-47146 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2001-0170 - glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files. ...
7 years ago
CVE-2001-1492 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1460. Reason: This candidate is a refinement duplicate of CVE-2001-1460. Notes: All CVE users should reference CVE-2001-1460 instead of this candidate. All references and ...
54 years ago Tenable.com
CVE-2001-1121 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1084. Reason: This candidate is a duplicate of CVE-2001-1084. Notes: All CVE users should reference CVE-2001-1084 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com
CVE-2001-1167 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-0976. Reason: This candidate is a duplicate of CVE-2001-0976. Notes: CVE-2001-0976 should be used instead of this candidate. All references and descriptions in this candidate ...
54 years ago Tenable.com
CVE-2006-0170 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0035. Reason: This candidate is a duplicate of CVE-2006-0035. Notes: All CVE users should reference CVE-2006-0035 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com
CVE-2011-2999 - Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, ...
7 years ago
CVE-2022-0170 - peertube is vulnerable to Improper Access Control ...
2 years ago
CVE-2000-0170 - Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. ...
16 years ago
CVE-2015-0170 - IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data. ...
9 years ago
CVE-2002-0170 - Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. ...
8 years ago
CVE-2003-0170 - Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors. ...
7 years ago
CVE-2014-0170 - Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. <a ...
7 years ago
CVE-2010-0170 - Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are ...
7 years ago
CVE-2011-0170 - Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile ...
7 years ago
CVE-2017-0170 - Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability ...
7 years ago
CVE-2007-0170 - PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter. ...
7 years ago
CVE-2016-0170 - GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted ...
6 years ago
CVE-2009-0170 - Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in ...
6 years ago
CVE-2019-0170 - Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. ...
5 years ago
CVE-2018-0170 - A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic ...
4 years ago
CVE-2020-0170 - In IMY_Event of eas_imelody.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: ...
3 years ago
CVE-2012-0170 - Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." ...
3 years ago
CVE-2021-0170 - Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable ...
2 years ago
CVE-1999-0170 - Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list. ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)