Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Product filter

Glibc Subscribe

Filter

112 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-3075 5 Gnu, Fedoraproject, Canonical and 2 more 5 Ubuntu Linux, Glibc, Fedora and 2 more 2018-10-30 5.0
Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.
CVE-2013-7423 5 Novell, Gnu, Canonical and 2 more 5 Ubuntu Linux, Enterprise Linux Server Aus, Glibc and 2 more 2018-10-30 5.0
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that...
CVE-2016-6323 4 Fedoraproject, Gnu, Novell and 1 more 4 Glibc, Fedora, Opensuse and 1 more 2018-10-30 5.0
The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service...
CVE-2016-3706 3 Novell, Gnu, Opensuse 3 Glibc, Opensuse, Opensuse 2018-10-30 5.0
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this...
CVE-2003-0028 10 Freebsd, Sgi, Ibm and 7 more 13 Hp-ux, Hp-ux Series 700, Aix and 10 more 2018-10-30 7.5
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code...
CVE-2014-8121 4 Gnu, Novell, Canonical and 1 more 6 Ubuntu Linux, Glibc, Suse Linux Enterprise Desktop and 3 more 2018-10-17 5.0
DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by...
CVE-2010-4052 1 Gnu 1 Glibc 2018-10-10 5.0
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular...
CVE-2010-4051 1 Gnu 1 Glibc 2018-10-10 5.0
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent...
CVE-2010-3847 1 Gnu 1 Glibc 2018-10-10 6.9
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a...
CVE-2011-1659 1 Gnu 1 Glibc 2018-10-09 5.0
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a...
CVE-2011-1658 1 Gnu 1 Glibc 2018-10-09 3.7
ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary...
CVE-2011-1095 1 Gnu 1 Glibc 2018-10-09 6.2
locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program...
CVE-2011-1071 1 Gnu 2 Glibc, Eglibc 2018-10-09 5.1
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call,...
CVE-2011-0536 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2018-10-09 6.9
Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to...
CVE-2017-18269 1 Gnu 1 Glibc 2018-06-20 7.5
An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory...
CVE-2017-15804 1 Gnu 1 Glibc 2018-06-20 7.5
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
CVE-2017-15670 1 Gnu 1 Glibc 2018-06-20 7.5
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
CVE-2017-12132 1 Gnu 1 Glibc 2018-05-04 4.3
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.
CVE-2017-12133 1 Gnu 1 Glibc 2018-04-13 4.3
Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.
CVE-2015-5180 2 Canonical, Gnu 2 Ubuntu Linux, Glibc 2018-04-12 5.0
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).