Approved changes feed: RSS · Atom
cpe:2.3:o:joyent:smartos:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Joyent (4431761b-e664-5a09-8d23-d61922dc65bc) |
|---|---|
| Product | Smartos (43d1d112-c6b8-52f1-b69c-e9e7462d6250) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-27678 |
vulnerable | 2026-06-08 05:23:52.939008 |
Details available
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.
Published: 2020-10-23T20:25:17.000Z
Updated: 2024-08-04T16:18:45.659Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-9034 |
vulnerable | 2026-06-08 05:08:22.444236 |
Details available
HIGH (7)
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032.
Published: 2016-12-14T17:00:00.000Z
Updated: 2024-08-06T02:42:09.764Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-8733 |
vulnerable | 2026-06-08 05:08:14.669480 |
Details available
HIGH (7.8)
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031.
Published: 2016-12-14T17:00:00.000Z
Updated: 2024-08-06T02:27:41.257Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2012-0217 |
vulnerable | 2026-06-08 05:00:40.054668 |
Details available
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Published: 2012-06-12T22:00:00.000Z
Updated: 2024-08-06T18:16:19.831Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.