Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Product filter

Glibc Subscribe

Filter

108 total CVE
CVE Vendors Products Updated CVSS
CVE-2014-8121 4 Gnu, Novell, Canonical and 1 more 6 Ubuntu Linux, Glibc, Suse Linux Enterprise Desktop and 3 more 2018-10-17 5.0
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by...
CVE-2010-4052 1 Gnu 1 Glibc 2018-10-10 5.0
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular...
CVE-2010-4051 1 Gnu 1 Glibc 2018-10-10 5.0
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent...
CVE-2010-3847 1 Gnu 1 Glibc 2018-10-10 6.9
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a...
CVE-2011-1659 1 Gnu 1 Glibc 2018-10-09 5.0
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a...
CVE-2011-1658 1 Gnu 1 Glibc 2018-10-09 3.7
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary...
CVE-2011-1095 1 Gnu 1 Glibc 2018-10-09 6.2
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program...
CVE-2011-1071 1 Gnu 2 Glibc, Eglibc 2018-10-09 5.1
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call,...
CVE-2011-0536 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2018-10-09 6.9
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to...
CVE-2017-18269 1 Gnu 1 Glibc 2018-06-20 7.5
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory...
CVE-2017-15804 1 Gnu 1 Glibc 2018-06-20 7.5
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
CVE-2017-15670 1 Gnu 1 Glibc 2018-06-20 7.5
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
CVE-2017-12132 1 Gnu 1 Glibc 2018-05-04 4.3
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
CVE-2017-12133 1 Gnu 1 Glibc 2018-04-13 4.3
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
CVE-2015-5180 2 Canonical, Gnu 2 Ubuntu Linux, Glibc 2018-04-12 5.0
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
CVE-2018-6551 1 Gnu 1 Glibc 2018-02-22 7.5
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a...
CVE-2017-1000409 1 Gnu 1 Glibc 2018-02-15 6.9
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
CVE-2017-1000408 1 Gnu 1 Glibc 2018-02-15 7.2
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
CVE-2015-8777 1 Gnu 1 Glibc 2018-01-05 2.1
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
CVE-2017-17426 1 Gnu 1 Glibc 2017-12-15 6.8
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This...