Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-0235 | 10.0 |
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
|
14-02-2024 - 01:17 | 28-01-2015 - 19:59 | |
CVE-2010-3856 | 7.2 |
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain
|
20-07-2023 - 18:15 | 07-01-2011 - 19:00 | |
CVE-2013-4332 | 4.3 |
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_mema
|
13-02-2023 - 04:46 | 09-10-2013 - 22:55 | |
CVE-2012-3480 | 4.6 |
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and
|
13-02-2023 - 03:28 | 25-08-2012 - 10:29 | |
CVE-2012-0864 | 6.8 |
Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory v
|
13-02-2023 - 03:28 | 02-05-2013 - 14:55 | |
CVE-2015-1781 | 6.8 |
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS respo
|
13-02-2023 - 00:46 | 28-09-2015 - 20:59 | |
CVE-2014-8121 | 5.0 |
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by perfor
|
13-02-2023 - 00:43 | 27-03-2015 - 14:59 | |
CVE-2014-7817 | 4.6 |
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
|
13-02-2023 - 00:42 | 24-11-2014 - 15:59 | |
CVE-2014-5119 | 7.5 |
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment vari
|
13-02-2023 - 00:42 | 29-08-2014 - 16:55 | |
CVE-2015-7547 | 6.8 |
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrar
|
12-02-2023 - 23:15 | 18-02-2016 - 21:59 | |
CVE-2015-5277 | 7.2 |
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS
|
12-02-2023 - 23:15 | 17-12-2015 - 19:59 | |
CVE-2019-19126 | 2.1 |
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping ad
|
08-11-2022 - 03:16 | 19-11-2019 - 22:15 | |
CVE-2020-1752 | 3.7 |
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker
|
28-10-2022 - 20:06 | 30-04-2020 - 17:15 | |
CVE-2017-1000366 | 7.2 |
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made t
|
15-10-2020 - 13:28 | 19-06-2017 - 16:29 | |
CVE-2018-6485 | 7.5 |
An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to
|
24-08-2020 - 17:37 | 01-02-2018 - 14:29 | |
CVE-2012-6686 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-4357. Reason: This candidate is a duplicate of CVE-2013-4357. Notes: All CVE users should reference CVE-2013-4357 instead of this candidate. All references and descriptions in this c
|
07-02-2020 - 21:15 | 07-02-2020 - 21:15 | |
CVE-2018-1000001 | 7.2 |
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
|
03-10-2019 - 00:03 | 31-01-2018 - 14:29 | |
CVE-2016-10739 | 4.6 |
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume tha
|
06-08-2019 - 17:15 | 21-01-2019 - 19:29 | |
CVE-2012-3406 | 6.8 |
The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers
|
22-04-2019 - 17:48 | 10-02-2014 - 18:15 | |
CVE-2015-8779 | 7.5 |
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
|
30-10-2018 - 16:27 | 19-04-2016 - 21:59 | |
CVE-2016-3075 | 5.0 |
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
|
30-10-2018 - 16:27 | 01-06-2016 - 20:59 | |
CVE-2011-1659 | 5.0 |
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted p
|
09-10-2018 - 19:31 | 08-04-2011 - 15:17 | |
CVE-2017-15804 | 7.5 |
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
|
20-06-2018 - 01:29 | 22-10-2017 - 20:29 | |
CVE-2011-1089 | 3.3 |
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonst
|
07-12-2016 - 18:15 | 10-04-2011 - 02:55 | |
CVE-2015-5229 | 5.0 |
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
|
28-11-2016 - 19:32 | 08-04-2016 - 15:59 | |
CVE-2013-7424 | 5.1 |
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demon
|
28-11-2016 - 19:10 | 26-08-2015 - 19:59 | |
CVE-2011-4609 | 5.0 |
The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
|
03-05-2013 - 04:00 | 02-05-2013 - 14:55 |