Joyent Smartos vulnerabilities
14 known vulnerabilities affecting joyent/smartos.
Total CVEs
14
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH10MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-43395MEDIUMCVSS 5.5v202109232022-12-26
CVE-2021-43395 [MEDIUM] CWE-667 CVE-2021-43395: An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community
An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.
nvd
CVE-2020-27678CRITICALCVSS 9.8fixed in 202010222020-10-26
CVE-2020-27678 [CRITICAL] CWE-120 CVE-2020-27678: An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay,
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.
nvd
CVE-2016-9040MEDIUMCVSS 5.5v20161110t013148zv20161110T013148Z2018-09-07
CVE-2016-9040 [MEDIUM] CWE-400 CVE-2016-9040: An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion
cvelistv5nvd
CVE-2018-1171HIGHCVSS 7.0v20170803-20170803t064301z2018-03-19
CVE-2018-1171 [HIGH] CWE-787 CVE-2018-1171: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joye
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results fro
nvd
CVE-2018-1166HIGHCVSS 7.8v201708032018-02-21
CVE-2018-1166 [HIGH] CWE-416 CVE-2018-1166: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joye
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue resul
nvd
CVE-2018-1165HIGHCVSS 7.0v201708032018-02-21
CVE-2018-1165 [HIGH] CWE-122 CVE-2018-1165: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joye
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue result
nvd
CVE-2016-9039MEDIUMCVSS 5.5v20161110t013148zvOS 20161110T013148Z2017-01-31
CVE-2016-9039 [MEDIUM] CWE-400 CVE-2016-9039: An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.
An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system den
cvelistv5nvd
CVE-2016-9034HIGHCVSS 7.0≤ 20161110t013148z2016-12-14
CVE-2016-9034 [HIGH] CVE-2016-9034: An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. T
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and coul
cvelistv5nvd
CVE-2016-9035HIGHCVSS 7.0v20161110t013148z2016-12-14
CVE-2016-9035 [HIGH] CVE-2016-9035: An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. T
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and co
cvelistv5nvd
CVE-2016-9033HIGHCVSS 7.0v20161110t013148zvOS 20161110T013148Z2016-12-14
CVE-2016-9033 [HIGH] CWE-120 CVE-2016-9033: An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. T
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory acces
cvelistv5nvd
CVE-2016-9032HIGHCVSS 7.0v20161110t013148zvOS 20161110T013148Z2016-12-14
CVE-2016-9032 [HIGH] CWE-120 CVE-2016-9032: An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. T
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access
cvelistv5nvd
CVE-2016-8733HIGHCVSS 8.8≤ 20161110t013148zvOS 20161110T013148Z2016-12-14
CVE-2016-8733 [HIGH] CWE-190 CVE-2016-8733: An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vu
cvelistv5nvd
CVE-2016-9031HIGHCVSS 7.8v20161110t013148z2016-12-14
CVE-2016-9031 [HIGH] CVE-2016-9031: An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerabil
cvelistv5nvd
CVE-2012-0217HIGHCVSS 7.2PoC≤ 201206142012-06-12
CVE-2012-0217 [HIGH] CWE-119 CVE-2012-0217: The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold an
nvd