Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Product filter

Glibc Subscribe

Filter

108 total CVE
CVE Vendors Products Updated CVSS
CVE-2005-3590 1 Gnu 1 Glibc 2019-04-11 7.5
The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers...
CVE-2006-7254 1 Gnu 1 Glibc 2019-04-11 2.1
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.
CVE-2009-5155 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2019-03-25 5.0
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by...
CVE-2016-4429 6 Novell, Gnu, Opensuse and 3 more 7 Glibc, Opensuse, Opensuse and 4 more 2019-03-22 7.5
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP...
CVE-2018-19591 2 Gnu, Fedoraproject 2 Glibc, Fedora 2019-03-21 5.0
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.
CVE-2018-1000001 3 Gnu, Redhat, Canonical 9 Glibc, Virtualization Host, Ubuntu Linux and 6 more 2019-03-19 7.2
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
CVE-2018-20796 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2019-03-15 5.0
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
CVE-2019-7309 1 Gnu 1 Glibc 2019-02-27 2.1
In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.
CVE-2019-9192 1 Gnu 1 Glibc 2019-02-27 5.0
** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software...
CVE-2019-6488 1 Gnu 1 Glibc 2019-02-05 4.6
The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly...
CVE-2015-7547 11 Sophos, Oracle, Canonical and 8 more 31 Big-ip Policy Enforcement Manager, Linux Enterprise Debuginfo, Helion Openstack and 28 more 2018-11-30 6.8
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute...
CVE-2015-8776 7 Canonical, Suse, Debian and 4 more 11 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 8 more 2018-10-30 6.4
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
CVE-2015-8778 7 Canonical, Suse, Debian and 4 more 11 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 8 more 2018-10-30 7.5
Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which...
CVE-2015-8779 7 Canonical, Suse, Debian and 4 more 11 Linux Enterprise Software Development Kit, Ubuntu Linux, Linux Enterprise Desktop and 8 more 2018-10-30 7.5
Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.
CVE-2016-3075 5 Gnu, Fedoraproject, Canonical and 2 more 5 Ubuntu Linux, Glibc, Fedora and 2 more 2018-10-30 5.0
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVE-2016-3706 3 Novell, Gnu, Opensuse 3 Glibc, Opensuse, Opensuse 2018-10-30 5.0
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this...
CVE-2014-7817 5 Gnu, Debian, Canonical and 2 more 5 Debian Linux, Ubuntu Linux, Glibc and 2 more 2018-10-30 4.6
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
CVE-2016-6323 4 Fedoraproject, Gnu, Novell and 1 more 4 Glibc, Fedora, Opensuse and 1 more 2018-10-30 5.0
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service...
CVE-2013-7423 5 Novell, Gnu, Canonical and 2 more 5 Ubuntu Linux, Enterprise Linux Server Aus, Glibc and 2 more 2018-10-30 5.0
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that...
CVE-2003-0028 10 Freebsd, Sgi, Ibm and 7 more 13 Hp-ux, Hp-ux Series 700, Aix and 10 more 2018-10-30 7.5
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code...