Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Product filter

Glibc Subscribe

Filter

108 total CVE
CVE Vendors Products Updated CVSS
CVE-2012-4424 1 Gnu 1 Glibc 2017-07-01 5.1
Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that...
CVE-2012-3480 1 Gnu 1 Glibc 2017-07-01 4.6
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash)...
CVE-2017-8804 1 Gnu 1 Glibc 2017-05-16 7.8
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an...
CVE-2015-8985 1 Gnu 1 Glibc 2017-03-23 4.3
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
CVE-2015-8984 1 Gnu 1 Glibc 2017-03-22 4.3
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
CVE-2015-8983 1 Gnu 1 Glibc 2017-03-22 6.8
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via...
CVE-2015-8982 1 Gnu 1 Glibc 2017-03-17 6.8
Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a...
CVE-2016-10228 1 Gnu 1 Glibc 2017-03-04 4.3
The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVE-2016-5417 1 Gnu 1 Glibc 2017-02-17 5.0
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial...
CVE-2014-5119 1 Gnu 1 Glibc 2017-01-07 7.5
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment...
CVE-2014-6040 1 Gnu 1 Glibc 2017-01-03 5.0
GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3)...
CVE-2011-1089 1 Gnu 1 Glibc 2016-12-07 3.3
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as...
CVE-2010-0015 1 Gnu 1 Glibc 2016-12-07 7.5
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted...
CVE-2015-1781 2 Suse, Gnu 4 Linux Enterprise Server, Glibc, Linux Enterprise Desktop and 1 more 2016-12-06 6.8
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS...
CVE-2015-1473 2 Canonical, Gnu 2 Ubuntu Linux, Glibc 2016-11-28 6.4
The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent...
CVE-2014-0475 1 Gnu 1 Glibc 2016-11-28 6.8
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2)...
CVE-2013-7424 1 Gnu 1 Glibc 2016-11-28 5.1
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as...
CVE-2004-1382 1 Gnu 1 Glibc 2016-10-18 2.1
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
CVE-2002-0684 2 Isc, Gnu 2 Glibc, Bind 2016-10-18 7.5
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by...
CVE-2011-2702 1 Gnu 2 Glibc, Eglibc 2014-10-31 6.8
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1)...