Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-7547 6.8
A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the pe
02-02-2023 - 21:15 18-02-2016 - 21:59
CVE-2015-1781 6.8
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misal
02-02-2023 - 20:20 28-09-2015 - 20:59
CVE-2014-8121 5.0
It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loo
02-02-2023 - 20:19 27-03-2015 - 14:59
CVE-2014-7817 4.6
It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input
02-02-2023 - 20:18 24-11-2014 - 15:59
CVE-2013-4332 4.3
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially
02-02-2023 - 20:15 09-10-2013 - 22:55
CVE-2010-3856 7.2
CVE-2010-3856 glibc: arbitrary DSO loading via LD_AUDIT in setuid/setgid programs
02-02-2023 - 17:17 07-01-2011 - 19:00
CVE-2015-5277 7.2
It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbit
02-02-2023 - 16:17 17-12-2015 - 19:59
CVE-2014-5119 7.5
An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to exe
02-02-2023 - 16:16 29-08-2014 - 16:55
CVE-2012-3480 4.6
CVE-2012-3480 glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines
02-02-2023 - 16:15 25-08-2012 - 10:29
CVE-2012-0864 6.8
CVE-2012-0864 glibc: FORTIFY_SOURCE format string protection bypass via "nargs" integer overflow
02-02-2023 - 15:15 02-05-2013 - 14:55
CVE-2019-19126 2.1
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping ad
08-11-2022 - 03:16 19-11-2019 - 22:15
CVE-2020-1752 3.7
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker
28-10-2022 - 20:06 30-04-2020 - 17:15
CVE-2015-0235 10.0
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
05-07-2022 - 18:42 28-01-2015 - 19:59
CVE-2017-1000366 7.2
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made t
15-10-2020 - 13:28 19-06-2017 - 16:29
CVE-2018-6485 7.5
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to
24-08-2020 - 17:37 01-02-2018 - 14:29
CVE-2012-6686 5.0
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4357. Reason: This candidate is a duplicate of CVE-2013-4357. Notes: All CVE users should reference CVE-2013-4357 instead of this candidate. All references and descriptions in this c
07-02-2020 - 21:15 07-02-2020 - 21:15
CVE-2018-1000001 7.2
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
03-10-2019 - 00:03 31-01-2018 - 14:29
CVE-2016-10739 4.6
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume tha
06-08-2019 - 17:15 21-01-2019 - 19:29
CVE-2012-3406 6.8
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers
22-04-2019 - 17:48 10-02-2014 - 18:15
CVE-2015-8779 7.5
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
30-10-2018 - 16:27 19-04-2016 - 21:59
CVE-2016-3075 5.0
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
30-10-2018 - 16:27 01-06-2016 - 20:59
CVE-2011-1659 5.0
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted p
09-10-2018 - 19:31 08-04-2011 - 15:17
CVE-2017-15804 7.5
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
20-06-2018 - 01:29 22-10-2017 - 20:29
CVE-2011-1089 3.3
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonst
07-12-2016 - 18:15 10-04-2011 - 02:55
CVE-2015-5229 5.0
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
28-11-2016 - 19:32 08-04-2016 - 15:59
CVE-2013-7424 5.1
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demon
28-11-2016 - 19:10 26-08-2015 - 19:59
CVE-2011-4609 5.0
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
03-05-2013 - 04:00 02-05-2013 - 14:55
Back to Top Mark selected
Back to Top